A second wave of attacks began midday Friday after much of the eastern United States was affected in the morning. Sites affected included Etsy, ...
A national Do Not E-mail registry intended to keep spam out of inboxes could, under existing e-mail authentication technology, result in more rather than less spam, the FTC reported to Congress.
A national Do Not E-mail registry intended to keep spam out of inboxes could, under existing e-mail authentication technology, result in more rather than less spam, the Federal Trade Commission reported to Congress. Because spammers would likely use the registry as a source of valid e-mail addresses, it would turn into a “National Do Spam List,” the FTC contended.
FTC commissioners, responding to a directive under the CAN-Spam Act to report on the feasibility of a Do Not E-mail registry, voted 5-0 to inform Congress yesterday that such a registry could not be effectively enforced under available tracking and enforcement methods. Instead, they recommended continued development of a standard method of authenticating the source of e-mail to support better enforcement under CAN-Spam.
Michael Sippey, managing director of Quris, an e-mail services provider, said the FTC is taking the right steps in emphasizing authentication over a registry plan. “The FTC is smart in identifying that there is no way that anyone could have operated a registry and made it secure,” he says.
But Sen. Charles Schumer of New York, who submitted the CAN-Spam provision that called on the FTC to report on the feasibility of a Do Not E-Mail registry, said the agency is overlooking what appears to be the best way to reduce spam. He added that Congress will continue to pursue other means to create a registry.
“We are very disappointed that the FTC is refusing to move forward on the Do Not Email Registry,” Schumer said. “The registry is not the perfect solution but it is the best solution we have to the growing problem of spam and we will pursue congressional alternatives in light of the FTC`s adamancy. The FTC should remember that they also resisted the Do Not Call Registry, but when they finally implemented it, it was an overwhelming success."
The agency, after gathering input from business and consumer groups, studied three types of possible registries intended to block unwanted e-mail: a registry that would contain the names of individual e-mail subscribers, a registry of Internet domains, and a registry of individual names that would require all unsolicited commercial e-mail to be sent via an independent third-party that would filter e-mail and forward it only to those addresses not in the registry.
“All three possible registry models could not be enforced effectively,” the FTC said. “A registry of individual e-mail addresses also suffers from severe security/privacy risks that would likely result in registered addresses receiving more spam because spammers would use such a registry as a directory of valid e-mail addresses.”
The FTC added that a registry of domain names that worked with a third-party e-mail forwarding service could create so much transmission volume as to “have a devastating impact on the e-mail system.”
The FTC recommended further development of an e-mail authentication standard, such as those under development by major Internet service providers. “Without effective authentication of e-mail, any registry is doomed to fail,” the FTC said. “With authentication, better CAN-Spam Act enforcement and better filtering by ISPs may even make a registry unnecessary.”