April 23, 2003 3:58 PM PDT
Marketers unite to cook spam's goose
Called Project Lumos, the plan offers a technological blueprint for establishing an e-mail registry and authentication system, the Email Service Provider Coalition (ESPC) said Wednesday. The group's 30 members include e-mail marketers DoubleClick and Digital Impact.
The system would require the close cooperation of Internet service providers to implement. In order to gain access to the system, large-volume e-mailers would be required to provide verified address information and to promise to abide by certain best practices.
Project Lumos relies on a central registry that would enroll, verify and track e-mail senders, then dole out performance ratings. Once ISPs have a method like this to identify quality e-mail senders, they will be better able to block spammers, according to ESPC. Small mailing-list operators will also be able to sign on to the ID system, but people who send only a few messages at a time would not be included.
"Today, the e-mail system is somewhat unintelligent--people can spoof identities (and) change them easily, and spammers can hide," said Trevor Hughes, executive director of ESPC. "Senders will now have to identify themselves and be held accountable for their sending practices over time, and that's a fundamental change to how we e-mail and manage e-mail."
Spam, or unsolicited bulk commercial e-mail, frequently includes misleading headers and return address information, effectively concealing the sender's identity and offering no chance of refusal. Spammers may also hijack network resources, sticking ISPs or their unsuspecting customers with the bandwidth costs associated with delivering millions of e-mail messages.
While the idea for an e-mail registry system has been bandied about for years, the ESPC's proposal is the first to be supported by a wide number of e-mail marketers. Members of ESPC, which is a part of the industry group Network Advertising Initiative, represent about 200,000 commercial marketing clients. The Project Lumos plan, however, requires wider support from the Internet and technology community to help develop e-mail guidelines, an authentication system and a registry, or federation of registries.
"The head start we have is that the legitimate sender community is behind this," Hughes said.
Meanwhile, another group is proposing similar open standards for e-mail protection. At the ISPCON conference this week in Baltimore, privacy consultancy the ePrivacy Group introduced an antispam approach that would require senders to identify themselves. The concept, Trusted Email Open Standard (TEOS), is based on ePrivacy's existing Trusted Sender technology, an industry self-regulation program that aims to separate legitimate e-mail from spam and prevents spoofing. Next week, at the Federal Trade Commission Spam Forum in Washington, the ePrivacy Group intends to propose contributing some its intellectual property to the public domain if a critical mass of support can be achieved for TEOS.
"The idea for a network of registries, or federated trust organizations, certifying their constituencies has been kicked around for a while, but it's a good one," said Ray Everett Church, privacy officer at ePrivacy Group.
"The challenges are that it's up to the registries to come up with standards methods for enforcement. The concept doesn't work without having those questions answered, such as how are you going to authenticate the e-mail."
The e-mail marketers behind Project Lumos are especially interested in saving their industry from the demise that could await it if spam continues on its current trajectory. More than 40 percent of e-mail traffic is reported as spam, according to the group, and that percentage is expected to grow. As the amount of spam has risen, the tactics used to fight it have gotten more drastic, and now often include throwing the good out with the bad. This is particularly irksome to the marketing industry, which sees e-mail at its best as a low-cost, effective way to communicate with consumers.
"Nothing is more important to the viability of e-mail as a medium and the survival of our industry than eradicating spam," said Hans Peter Brondmo, senior vice president of strategy for Digital Impact and chair of the ESPC technology working group.
The proposal is still only in the conceptual stage, Brondmo said, but it is up for review by the technical community over the next couple of months. He said to fully implement such a system would take about two years and would require at least 20 percent of ISP market to climb on board.
"The first step to make this happen is to create a well-lit, clean place for the legitimate guys to stand up (and) make changes to the infrastructure that allows for accountability."