Modernizing Authentication — What It Takes to Transform Secure Access
E-mail marketers were rejoicing this week. Though things aren't necessarily getting better in the war against spam, on one front at least they're not getting worse.
Since when is "not worse" a cause for celebration?
It was less a surprise than a relief when the Federal Trade Commission (FTC) eighty-sixed the idea of a do-not-e-mail registry. Even before the FTC's Spam Forum in 2003, the agency's attorneys and commissioners were convinced a national database of e-mail addresses was a horrible idea on every level: enforcement, security, and efficacy.
The FTC should be applauded for saying publicly what its commissioners long acknowledged was a bad idea. But the agency's rejection of a federal do-not-e-mail registry is also an admission that though the volume of spam may be leveling off, the problem of spam has grown enormously in complexity. Spam is now inextricably linked with virtually every other Bad Thing that can happen to computers connected to the World Wide Web.
The FTC made its opinion formal with an exhaustive feasibility study, mandated by Congress. The report confirmed the obvious:
A National Do Not Email Registry in any form would not have any beneficial impact on the spam problem.... The development of a practical and effective means of authentication is a necessary tool to fight spam.
To this end, the agency plans to sponsor an authentication summit this fall. Progress is already being made toward developing an authentication standard, which would require modifications in SMTP, the transport protocol used by all e-mail servers. Proponents of various solutions are working together toward a common standard. Microsoft's Caller ID initiative recently joined forces with the private Sender Policy Framework (SPF) group to form the leading e-mail authentication effort. (Yahoo!, meanwhile, continues to develop DomainKeys independently.)
The FTC has concluded what anyone who's seriously studied the spam problem understands: A legislative solution cannot work without a technical fix, and vice versa. Certainly no one realistically expects e-mail to go away, any more than they expect e-mail marketing or spam to disappear. The challenge is to rapidly develop and deploy standardized, broadly adopted solutions on both ends of the spectrum before things get worse than they already are.
The CAN-SPAM Act is an imperfect and incomplete law. Eight future provisions (including the FTC recommendations for do not e-mail) are on a timetable ranging from now to January 2006. Even when the law is complete, it won't stop spam. Nobody every said it would. The exception, of course, is the mainstream media, which has been quick to dub the law anything from ineffective to an all-out failure.
That's because the numbers really are scary, and spammers' methods are getting scarier. Last month, for example, Brightmail rather optimistically reported the spam level had held steady between April and May, at 64 percent of all e-mail. Postini measured the monthly volume as unchanged as well, at 78 percent. MessageLabs, on the other hand, said the global spam ratio had risen to 76 percent.
Cold comfort to know spam isn't at 80 percent... yet.
Worse even than the rise in spam levels is the soaring rate of devious spam delivery methods. Much of spam isn't coming from spammers anymore, it's coming "from" family, friends, and colleagues whose computers have been silently hijacked to function as zombie drone e-mailers. In other words, e-mail deliverability solutions are being developed for and by spammers even faster and more prolifically than for legitimate marketers.
That's why the FTC has begun holding hearings on ad- and spyware, as lawsuits fly, as in Utah. Quick to pass one of the ill-conceived state anti-spam laws that helped get federal e-mail legislation through Congress, Utah's gone the same route with ad- and spyware legislation. California, as before, is close behind.
Knee-jerk legislation is easy to understand (if not justify) with the knowledge there's an estimated 28 pieces of devious monitoring software lurking invisibly on every PC. Technical spam solutions are in hurry-up-and-wait mode (and I haven't even gotten into phishing or spoofing). The FTC has its hands full.
Unfortunately, the mere suggestion of knee-jerk legislation begets knee-jerk consumer attitudes. Which, in turn, creates an optimal environment for spammers and scammers.
The agency's announced opposition to a do-not-e-mail registry wasn't a day old when bottom-feeders and scams crawled out of the woodwork. Both the FTC and Michigan's Attorney General have already targeted and issued consumer warnings against bogus do-not-e-mail registries, including Remove.org, Unsub.us, and Nationalantispamregistry.com.
Apparently undeterred, a company billing itself as "the public's only option" for a do-not-spam registry, Ethicalemail.com, announced Wednesday over 100,000 consumers had registered for its do-not-e-mail list, created by unnamed "top attorneys and software engineers." Founder Rocky Mosele (who did not return calls) plans to "drop the first batch of names off at bulk e-mail houses by July 5."
Drop off? Somehow, that term conjures images of the proverbial foundling left in a basket -- only in this version, not on the church steps.
The company, apparently launched two and a half weeks ago, bills itself as "the preeminent resource for analysis, reporting, news and elimination of spam or bulk e-mail on the Internet."
The depressing reality is just as online marketing is increasingly integrated into the overall marketing mix, so too have the lines between viruses, fraud, spam, deception, and duplicity blurred. E-mail and spyware can no longer be considered separate discussions, nor isolated from considerations surrounding IT infrastructure, security, and computer literacy.
As you'd suspect, ClickZ's staff is plenty geekier than your average user. Yet in the past month, we've had two PCs go down (one personal, one company) as a result of stealth software.
The war against spam has been called an arms race, and it is. It's also a contest growing in scope and complexity. Will legislators, federal agencies, and software engineers be fast and agile enough to create solutions before consumer confidence is too deeply eroded?
Or is it already? You have to wonder when people start turning down your invitations for free Gmail accounts (so very coveted just weeks ago) with, "Thanks. But Google? I don't trust 'em."
Want more e-mail marketing information? ClickZ E-Mail Reference is an archive of all our e-mail columns, organized by topic.
Nominations are open for the 2004 ClickZ Marketing Excellence Awards.