Amazon, others lobby FTC for help fighting spam

The global war on junk e-mail has signed up some new supporters--an alliance of 35 companies and organizations that are uniting to make their concerns known to the Federal Trade Commission.

In an open letter to Deborah Majoras, chairwoman of the FTC, the signatories, which include Amazon.com, Cisco Systems, CipherTrust, EarthLink, eBay, Microsoft, Symantec and VeriSign, call for a more rapid rollout of e-mail authentication technologies.

The letter says spammers are "undermining users' trust and confidence" in e-mail and the Internet, and the letter calls upon the FTC to take action in order to protect Internet users and legitimate businesses.

"Despite our progress, spammers have become more creative and deceptive," the letter says. "Fraudulent practices such as phishing are increasingly robbing individuals of their security, privacy and financial assets. No one company can solve this problem alone. This is why we are working together to lead the adoption of e-mail authentication technologies."

"As industry leaders," the letter added, "we share a responsibility for protecting users from the blight of online threats. While many of us compete in the marketplace, we stand united in our fight against spam and phishing."

The letter, which is also endorsed by the Anti-Phishing Working Group and Truste, expresses support for Sender ID Framework and signature-based authentication, and it calls for greater involvement from Internet service providers.

"By deploying both IP- and signature-based solutions, we will ultimately have a more robust solution," the letter says. "As we speak, this technology is in early deployment and shows significant promise and, therefore, businesses and ISPs should initiate the implementation of (Sender ID Framework) and publish their records today."

While accepting that such technologies won't eliminate spam altogether, Paul Judge, CTO at CipherTrust, said, "It is encouraging to see many organizations rally around the importance of e-mail authentication protocols such as Sender ID Framework in order to eliminate spoofing and greatly affect the problems of phishing and spamming."

Judge added, "The industry's continued support throughout the adoption process is a critical step in eliminating the threat of spoofing and phishing, and this most recent collaboration is a means to that end."

Will Sturgeon of Silicon.com reported from London.

[ttul]

Sender authentication is first, then comes reputation

As the article states, sender authentication is one way to mitigate fraud and impersonation. The next step is reputation management -- and this is a big challenge.

Meng Wong, inventor of SPF (what is now called SenderID), is working with a group of industry leaders on the next step after sender authentication: reputation. His site (inbox.mengmail.com) describes in detail how a combination of reputation and sender authentication could be used to create a new email system that sidesteps the problem of spam.

Well, I don't believe spam will ever go away -- it's a social problem after all. But Meng's group is actually doing something about the problem and I think they should get a bit more press for their efforts.

[ttul]

Testing

http://inbox.mengmail.com
MengMail

[ttul]

Who the participants are in Meng's group

Someone asked me who the participants are, so for everyone's benefit I'll post some links here.

Earthlink: http://www.earthlink.com
Habeas: http://www.habeas.com
MailChannels: http://www.mailchannels.com
Port25: http://www.port25.com
StrongMail Systems: http://www.strongmail.com

[hadaso]

Spammers would hijack people's reputation

They're transforming email into IM. To get through to someone you'd need to be in their addressbook, or at least "have reputation".

Spam is not a real problem. It is only a problem if one insists on using an email adress as if it is a phone number. Phone numbers are limited, and very hard to change. Email addresses are dirt cheap, one can have an unlimited number of them, and dispose of any address that is spammed. Spammers rely on people having fixed addresses that don't change. They collect those and compile them into mailing lists. If addresses constantly stop working, spammers cannot spam.
Meng Wong's theoretical experiment is bound to fail in stopping spam. But not only will it fail if implemented widely. It would ruin the perfectly good and working solution of using disposable email addresses that right now eliminates spam almost completely for its users, by making it impossible to use more than very few addresses (after all, in that system you have to work to build reputation for any of your addresses.
Right now spammers hijack people's machines to relay spam. The only difference with the reputation system would be that spammers would use not only you machine but also your reputation to send their spam!