FTC Slams the Spam List
By Cynthia L. Webb
washingtonpost.com Staff Writer
Wednesday, June 16, 2004; 9:47 AM
[Well, that's just swell. You get the attention of a cop on the corner while witnessing a couple of armed thugs mugging a citizen, and he tells you that he can't apprehend the assailants. The same thing's happening here, although I'll give it to the cop in this case, that I, too, wouldn't want to approach a couple of armed suspects without a backup. Go to the url location below for links to the many references cited in the article, The situation is actually pretty hilarious if you're in the right state of mind. What do you think? washingtonpost.com ]
The Federal Trade Commission yesterday said it rejects the idea of creating a national do-not-spam list, giving U.S. e-mail users a clear indication that even Uncle Sam is stumped at how to stop the rising tide of junk e-mail.
"Consumers will be spammed if we do a registry and spammed if we don't," said FTC chairman Timothy Muris, as quoted by The Washington Post. Muris's remarks came on the same day that the commission reported to Congress that creating a no-spam list would in fact lead to more spam in our e-mail queue, and could even help pedophiles target children. "I wouldn't put my e-mail address on such a list," Muris said, according to The Associated Press.
The Post wrote that "nderlying the no-spam registry question is a larger debate over whether the new federal anti-spam law, known as the CAN-SPAM Act, is working. Industry estimates vary, but spam accounts for between 60 and 80 percent of all e-mail traffic, an increase since the law took effect in January. In a survey of chief information officers at nearly 700 companies, 39 percent of 141 respondents said fighting spam will cost their firms more than $100,000 this year. The survey, sponsored by the Chief Information Officer Executive Council, concluded that the act was ineffective. A majority of respondents, 55 percent, favored a do-not-spam registry," the article said.
• The Washington Post: FTC Rejects Creation of No Spam Registry (Registration required)
• The Associated Press via The Washington Post: Feds Decline To Create 'Do-Not-Spam' List (Registration required)
• FTC report on spam (PDF)
A number of experts have soured on the list idea. "Jim Nail, an analyst with Forrester Research, said a 'do not e-mail' registry was a non-starter because the economics of telemarketing and spam were different. Sending out bulk e-mail is virtually free, and spammers are often paid by advertisers on the number of e-mails they send to verified addresses," The Financial Times reported. "You are dealing with a bunch of disreputable scofflaws who just don't care and who can't easily be tracked down. It just won't work," Nail told the paper.
• The Financial Times: Registry To Discourage Spam Put On Hold
Meanwhile, many tech heavyweights have been trying to hammer as many nails as possible into the list's coffin. "The major Internet e-mail providers, including Microsoft Corp., America Online Inc., Yahoo Inc. and EarthLink Inc., also oppose the registry and have been working on a unified approach to authentication for several months. The companies are hoping to announce a formal agreement soon," The Washington Post reported.
The Chicago Tribune noted "Tuesday's FTC decision was well received by industry players such as Microsoft Corp., which had opposed a do-not-spam registry. 'A "do not e-mail" list would be a lot like a "do not rob this house" list because the criminals would just take the list and run with it,' said Meng Wong, co-founder and chief technology officer of Pobox.com, a Philadelphia-based e-mail company. Pobox and Microsoft recently joined forces to merge their proposals for an industry standard aimed at stopping spoofing. Their proposal will be published next month."
• The Chicago Tribune: Don't Look For Do-Not Spam (Registration required)
Consumer rights groups want to make sure the FTC does not drop the ball on spam, despite its rejection of the list. The groups generally agreed with the trade commission's report but said regulators must also place a larger priority on catching and prosecuting spammers. Consumers Union, publisher of Consumer Reports magazine, said it supported a long-term solution that includes 'a combination of technological and legal action to fight unwanted e-mail,'" The Kansas City Star reported. "Jim Guest, president of Consumers Union, said the consumer group agreed that 'e-mail authentication is a critical step in the eradication of spam.' But, he said, 'in order to fully combat the problem, the FTC also needs to devote sufficient resources to tracking down and prosecuting violators of the law.'"
• The Kansas City Star: National No-Spam Listing? No Way (Registration required)
But Sen. Charles Schumer (D-N.Y.), one of the list's supporters, blasted the FTC. "We are very disappointed that the FTC is refusing to move forward on the... registry," Schumer said in a written statement, picked up by washingtonpost.com. "The registry is not the perfect solution but it is the best solution we have to the growing problem of spam and we will pursue congressional alternatives in light of the FTC's adamancy."
• Washingtonpost.com: FTC Says List Will Not Reduce Spam (Registration required)
• Reuters: 'Do Not Spam' List Will Not Work – FTC
So Now What Do We Do?
Well, don't fret -- that's what regulators and the industry tell us. "Instead of starting a registry, Muris said, the FTC would first push the private sector to agree on a method for electronically authenticating senders of e-mail, which would cut down on spammers' ability to hide their identities and locations. Muris said such authentication is a necessary precursor to any no-spam registry," The Washington Post reported. The AP wrote: "If new authentication plans fail to emerge, the FTC will convene a federal advisory committee to determine whether the government could require Internet providers to adopt one."
Right now, the mightiest weapons in the arsenal are technology, lawsuits and fines. Microsoft and Pobox's "proposal calls for participants to publish information about their outgoing mail servers, such as Internet protocol addresses, using a standard format. This effort will allow systems that receive e-mail to test for spoofing. ... Some 20,000 organizations, including Google, AOL, Amazon and Earthlink have registered to participate," the article said. "Yahoo Inc. is promoting another solution called DomainKeys, a draft of which it submitted to the task force. Wong predicts the Microsoft/Pobox approach will be the first wave of anti-spoofing technology, followed by Yahoo's method. 'We're a lot further along than we were a year ago,' Wong said," The Chicago Tribune reported.
And from the Journal: "But there is no quick fix from the private sector. The Anti-Spam Technology Alliance -- made up of Microsoft Corp., EarthLink Inc., Time Warner Inc.'s America Online unit, Yahoo Inc., British Telecom PLC and Comcast Corp. -- is moving forward with an authentication plan, said Marc Lallaman, a Microsoft spokesman. But he added that technology or federal regulation alone can't solve the spam problem. 'There is no single silver bullet,' he said."
From Wired News: "As a solution, the FTC report suggested Internet architects update the e-mail system to make it possible to verify the sender of e-mail messages. So-called authentication schemes are currently under development by AOL, Microsoft, Yahoo and other e-mail service providers. But it's unclear when the companies will finalize their proposals so that system administrators can begin updating their e-mail servers. At the Inbox e-mail technology conference earlier this month, Microsoft and Yahoo officials declined to offer specific dates for the rollout of their respective technologies, but predicted that the software could be available later this year or in 2005," the article said. "To help promote authentication technology, Muris said the FTC will hold a summit in the fall. Until then, the FTC recommended that consumers limit where they reveal their e-mail address, such as in chat rooms and on message boards -- advice that has so far done little to stop the tide of spam that just keeps coming."
• The Wall Street Journal: FTC Says Antispam Registry Could Increase Junk E-Mail (Subscription required)
• Wired News: FTC Says No To Antispam Registry
More government regulation could sprout in the end to try to mitigate the problem. "'If people can't come up with a solution, at some point the government would intervene,' said Frank Gorman, a Washington lawyer with the firm Bryan Cave who formerly worked in the FTC Bureau of Consumer Protection," The Los Angeles Times reported.
• The Los Angeles Times: FTC Stays Out of Spam's Way, Rejecting List Idea (Registration required)
Talk About Spam
The FTC's decision on spam will be the topic-du-jour in two online chats on washingtonpost.com today. Post.com reporter David McGuire will moderate both chats. At 11 a.m. ET, Jerry Cerasale, chief lobbyist for the Direct Marketing Association, will talk about the do-not-spam list, which the group opposes. At 1 p.m. ET McGuire will host Matthew Prince, co-founder of UnSpam.com and a supporter of a do-not-spam list.
============================================================
FAC
frank@fttx.org |
