The ‘Duh’ Report
The Federal Trade Commission finally made its report to Congress today on a proposed do-not-spam registry.
The Federal Trade Commission today told Congress that, at the present time, a National Do Not Email Registry would fail to reduce the amount of spam consumers receive, might increase it, and could not be enforced effectively. In a report filed in response to a statutory mandate, the FTC also said that anti-spam efforts should focus on creating a robust e-mail authentication system that would prevent spammers from hiding their tracks and thereby evading Internet service providers’ anti-spam filters and law enforcement. To help focus these efforts, the FTC today announced that it will be sponsoring a Fall 2004 Authentication Summit to encourage a thorough analysis of possible authentication systems and their swift deployment.
…
The FTC’s report analyzed three types of possible registries: a registry containing individual e-mail addresses; a registry containing the names of domains that did not wish to receive spam; and a registry of individual names that required all unsolicited commercial e-mail to be sent via an independent third party that would deliver messages only to those email addresses not on the registry.
The FTC studied these three possible registry models by reviewing registry proposals from some of the nation’s largest Internet, computer, and database management firms; consulted with more than 80 individuals representing more than 50 organizations including consumer groups, e-mail marketers, anti-spam advocates, and others; demanded information from the seven ISPs that control over 50 percent of the market for consumer e-mail accounts; and retained the services of three of the nation�s preeminent computer scientists.
The Report concludes that all three possible registry models could not be enforced effectively. A registry of individual email addresses also suffers from severe security/privacy risks that would likely result in registered addresses receiving more spam because spammers would use such a registry as a directory of valid email addresses. It ultimately would become the National Do Spam List. Furthermore, a registry of domains would have no impact on spam and a third-party forwarding service model could have a devastating impact on the e-mail system.
It seems kind of silly that they had to waste all this time figuring this out. Anyone with any knowledge of the unscruplous practices of spammers could have told them that any kind of registry would just turn into a list of validated email addresses that the spammers would hit harder than ever.
I know that Microsoft and a number of other big companies are behind the idea of an authenticated sender system. The only problem I see is that given time the spammers will likely find some way to corrupt the system or work around it. Perhaps it’s time for the real spam solution: find some of the spammers and kill them slowly and painfully as examples to the others.
Congress and the FTC must not have had any pressing business this week. It would be a prize worth a lot of money to spammers though.