[June 16, 2004]

FTC: "Do-Not-Spam" Has Potential To Become "Do-Spam"

BY DAVID R. BUTCHER

The U.S. Federal Trade Commission (news - alert) yesterday declined to endorse a national Do-Not-Spam registry modeled after the emphatically popular June 2003 Do-Not-Call list, saying it would only generate more unwanted e-mail using present technology. Unscrupulous marketers according to the FTC would not simply ignore the list but would treat it as a source of leads for solicitation.

Typically, an e-mail spammer buys a list of e-mail addresses from a list broker who compiles it by "harvesting" addresses from the Internet. If someone�s e-mail address appears on a Web site in a newsgroup posting, in a chat room, or in an online service's membership directory, it may find its way onto a spam list. He or she then uses special software that can send up to millions of e-mail messages to the addresses in one mouse-click.

The FTC�s report focused on three types of possible registries:

1. A registry containing individual e-mail addresses

2. A registry with the names of domains that did not wish to receive spam

3. A registry of individual names that required all unsolicited commercial e-mail to be sent via an independent third party that would deliver messages only to those e-mail addresses not on the registry.

The consumer protection agency unanimously concluded that none of the three possible models could be effectively enforced.

Although FTC officials were vocally skeptical last year that the list rejected on Tuesday would not work, the commission was obligated to consider the proposal under a national anti-spam legislation called Can-Spam (news - alert) that was signed by Bush with administration support in December. Despite the commission's report, the six-month-old national law requires the FTC to lay out a procedure for how to create the e-mail registry.

A particular worry of the FTC involves security/privacy risks. A registry of individual e-mail addresses would likely result in registered addresses receiving more spam because spammers would use such a registry as a directory of valid e-mail addresses. Inevitably, it would become the national Do-Spam list. And if children�s accounts are included on the registry, the commission said, children likely receive the same types of offers as adults (e.g. pharmaceutical products, online dating services, Viagra and porn Web site links, etc.) because spammers currently have no way of knowing the ages of the users of the particular e-mails. And if the spammers do become able to identify children�s e-mail, then the Internet�s dangerous users, including pedophiles, could put the children at more risk.

After telling Congress of the powerlessness of the list, the FTC then proposed an adoption of a system of new authentication technology which would make it more difficult to cover the tracks of unwanted e-mails. Spammers are not as easy to track down as for instance, telephone marketers. Hence, many spammers don't care about adhering to the laws. Their confidence lies in that they cannot be tracked down. Without the authentication according to the report, any registry would be worthless because the spam would be unable to be traced back to the original source. In not being able to track the path, and therefore not finding the source because of frequently fraudulent e-mail addresses and locations all over the world, neither law enforcement nor Internet service providers� anti-spam filters occlude the unwanted e-mail.

According to the FTC, the aforementioned�and, as of yet, solely theoretical�authentication system is the only way to eliminate or even reduce the quantity of spam.

If the FTC fails to develop a method, a federal advisory committee will take place to determine if Internet providers could be required by the government to adopt one. Presently, several leading technology companies� proposals are under industry consideration.

For everyday e-mail users, below are some simple notions to ponder in terms of what one can do on his or her own part to protect from spam:

• Check the privacy policy when submitting an address to a Web site. Can the company sell your address?

• Abate or completely eliminate the use of your e-mail address in online service's membership directories or in chat rooms, on Web sites or on newsgroup postings.

• Use a spam filter, which many free e-mail services offer as a tool to filter out potential spam or channel it into a bulk folder. However, spam filters can also catch legitimate e-mail so users of spam filters often complain they have to mine through the spam anyway to make sure nothing legitimate was "filtered out.�

• Scams occur frequently in spam. So, be fastidious�suppress the inclination to check e-mail that offers free anything, including loans, credit repair, weight loss and, no matter how lonely you might feel, adult entertainment.

If your inbox contains spam, report it to the FTC, sending a copy of the unwanted or deceptive messages to [email protected]. The FTC uses the unsolicited e-mails stored in this database to pursue law enforcement actions against people who send deceptive spam e-mail.

David R. Butcher is the Assistant Editor for TMC's Customer Inter@ction Solutions Magazine.