Feeds

The conspiracy against our in-boxes

Why trusted bulk email is an oxymoron

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Opinion Powerful forces in the IT industry and government are coming together to redefine unsolicited bulk email from mainstream organisations as legitimate, irrespective of whether the sender wants to receive it. Ultimately this move could even result in lawsuits against anti-spam developers by the Direct Marketing Association and its cronies.

Sounds paranoid? Read on, gentle reader.

Through parallel developments, the US government and IT heavyweights are working to redefine spam as fraudulent - and not just unwanted - bulk email.

This month the US Senate voted unanimously to support measures that would attempt to stop spammers remaining anonymous and providing false return email addresses. All well and good, but the measures also legalise opt-out spamming, so e-marketers don't need to ask permission before sending out commercial email.

UK politicians attempted to persuade the Senate that the US should adopt a more restrictive opt-in approach. They failed. Call us cynical, but comments from members of the All Party Parliamentary Internet Group that identical legislation on both sides of the Atlantic is not needed simply do not ring true.

Meanwhile we learn, via the Washington Post, that Microsoft, America Online, Yahoo and EarthLink are close to the completion of their trusted sender programme.

The project, set up in April this year, will allow "legitimate senders of emails to distinguish themselves from spammers," according to Harry Katz, a Microsoft program manager.

Last month, the Network Advertising Initiative announced a plan (called Project Lumos) to "certify email and to electronically measure the reputations of bulk mailers".

The aim of both schemes is to adapt email systems so that they recognise "good unsolicited bulk email" from fraudulent spam and discard only the latter.

ISPs would adjust their systems to block bulk email which omits certification that it comes from a bulk mailer. The bulk emailer would voluntarily agree to abide by a code of conduct.

Trusted spam – no thanks

We don't buy the idea that e-marketing groups are concerned about the nuisance value and time wasted dealing with unsolicited messages - if they did they would support the opt-in approach.

With opt-in, e-marketers need to seek permission of consumers before they send out commercial emails. By contrast, under an opt-out approach a person would have to ask to be removed from a particular mailing list. The latter more lax approach is favoured by the Direct Marketing Association and many of the most prolific bulk mailers currently in operation.

Instead their primary concern is that fear of fraud has a big effect on response levels to commercial mail.

Assuming that the trusted sender programme does what it says on the tin (a big question in itself) particularly given the resourcefulness of Dark Side spammers - then what next?

We fear they'll start to focus on why spam filters block these legitimate "marketing messages" from "trusted senders" from getting through to their intended recipients.

From there it's only a short step to restraint of trade lawsuits against filtering technology suppliers. Maybe it won’t come to this, but we’re heading for in-box meltdown so long as the interests of the Direct Marketing Association hold more sway than those of the consumer. ®

Related Stories

Web giants to declare war on spam
Microsoft declares war on spam
Trust me, I'm a spam message!
We hate Spam (email your friends)
US anti-spam laws 'will legalise spam'
US should follow EU lead on spam - MPs
MPs head to US on anti spam mission
UK Govt fouls up anti-spam plans, say experts
MP unleashes brilliant anti-spam plan

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.