Feeds

The conspiracy against our in-boxes

Why trusted bulk email is an oxymoron

  • alert
  • submit to reddit

SANS - Survey on application security programs

Opinion Powerful forces in the IT industry and government are coming together to redefine unsolicited bulk email from mainstream organisations as legitimate, irrespective of whether the sender wants to receive it. Ultimately this move could even result in lawsuits against anti-spam developers by the Direct Marketing Association and its cronies.

Sounds paranoid? Read on, gentle reader.

Through parallel developments, the US government and IT heavyweights are working to redefine spam as fraudulent - and not just unwanted - bulk email.

This month the US Senate voted unanimously to support measures that would attempt to stop spammers remaining anonymous and providing false return email addresses. All well and good, but the measures also legalise opt-out spamming, so e-marketers don't need to ask permission before sending out commercial email.

UK politicians attempted to persuade the Senate that the US should adopt a more restrictive opt-in approach. They failed. Call us cynical, but comments from members of the All Party Parliamentary Internet Group that identical legislation on both sides of the Atlantic is not needed simply do not ring true.

Meanwhile we learn, via the Washington Post, that Microsoft, America Online, Yahoo and EarthLink are close to the completion of their trusted sender programme.

The project, set up in April this year, will allow "legitimate senders of emails to distinguish themselves from spammers," according to Harry Katz, a Microsoft program manager.

Last month, the Network Advertising Initiative announced a plan (called Project Lumos) to "certify email and to electronically measure the reputations of bulk mailers".

The aim of both schemes is to adapt email systems so that they recognise "good unsolicited bulk email" from fraudulent spam and discard only the latter.

ISPs would adjust their systems to block bulk email which omits certification that it comes from a bulk mailer. The bulk emailer would voluntarily agree to abide by a code of conduct.

Trusted spam – no thanks

We don't buy the idea that e-marketing groups are concerned about the nuisance value and time wasted dealing with unsolicited messages - if they did they would support the opt-in approach.

With opt-in, e-marketers need to seek permission of consumers before they send out commercial emails. By contrast, under an opt-out approach a person would have to ask to be removed from a particular mailing list. The latter more lax approach is favoured by the Direct Marketing Association and many of the most prolific bulk mailers currently in operation.

Instead their primary concern is that fear of fraud has a big effect on response levels to commercial mail.

Assuming that the trusted sender programme does what it says on the tin (a big question in itself) particularly given the resourcefulness of Dark Side spammers - then what next?

We fear they'll start to focus on why spam filters block these legitimate "marketing messages" from "trusted senders" from getting through to their intended recipients.

From there it's only a short step to restraint of trade lawsuits against filtering technology suppliers. Maybe it won’t come to this, but we’re heading for in-box meltdown so long as the interests of the Direct Marketing Association hold more sway than those of the consumer. ®

Related Stories

Web giants to declare war on spam
Microsoft declares war on spam
Trust me, I'm a spam message!
We hate Spam (email your friends)
US anti-spam laws 'will legalise spam'
US should follow EU lead on spam - MPs
MPs head to US on anti spam mission
UK Govt fouls up anti-spam plans, say experts
MP unleashes brilliant anti-spam plan

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.