A national registry of consumer e-mail addresses would make things easier for spammers and could actually increase the total amount of spam, the Federal Trade Commission has concluded.
As part of the federal CAN-SPAM Act, which became law in January, the FTC was mandated to report on the feasibility of establishing a National Do Not E-Mail Registry, similar to the wildly successful Do-Not-Call registry. Today, the FTC published its report, which concluded the idea is a wash.
”We learned that when it comes down to it, consumers will be spammed if we do a registry and spammed if we do not,” FTC Chairman Timothy Muris told reporters at a press conference today. ”Spammers would ignore the law,” Muris said. ”Even worse, they’d use the registry as a source of valid — and spammable — addresses. It would be virtually impossible to stop them.”
According to the report, a national registry would fail to reduce the amount of spam consumers receive, might increase it, and could not be enforced effectively.
Instead, the FTC recommended that private industry, including ISPs, e-mail marketers, e-mail service providers and software companies, should work together to form a standard for e-mail authentication that would prevent spammers from hiding their tracks and evading Internet service providers’ anti-spam filters and law enforcement.
To jump-start these efforts, the FTC will sponsor a Fall 2004 Authentication Summit.
”Without an effective system for authenticating the source of e-mail,” Muris said, ”any registry will fail.”
In February 2004, the Commission issued a Request for Information from businesses with the technical sophistication to design and manage a National Do Not Email Registry of about 300 million to 450 million addresses.
They then culled the 13 responses into three models: a centralized database for individuals similar to the Do-Not-Call Registry; letting ISPs and domain name holders refuse spam to their entire domains; and the establishment of an FTC-approved forwarding service to which all commercial e-mails — or even every e-mail — would be sent. The forwarding service would deliver messages only to those e-mail addresses not on the registry
However, e-mail marketers would need to receive a copy of the registry so that they could remove the addresses from their own lists; spammers would simply e-mail to the list. In effect, the Do Not E-mail Registry would become the first extant list of good e-mail addresses. The report quotes the Association of National Advertisers as stating, ”[The] Registry would truly be the ‘Fort Knox’ list of e-mail addresses for a criminal spammer.”
Domain-level registration, the FTC concluded, ”would merely put the government’s imprimatur on ISPs’ existing anti-spam policies without reducing the scope of spam.”