Solving Spam By Establishing A Platform For Sender Accountability

Solving Spam By Establishing A Platform For Sender Accountability The Email Service Provider Perspective Hans Peter Brøndmo SVP Strategy and Corp Development Digital Impact NAI Email Service Provider Coalition

NAI ESP Coalition Formed to Combat Spam and Protect Legitimate Email Marketing Coalition – 30 members and counting Representing 200k businesses Active since December ‘02 3 sub-committees: Legislative Communications Technological solutions

Email Marketing: From Spam to Steak Value to Recipient Relational Messages: Transactional, personal, paid service, newsletters, alerts, notifications Permission Retention Permission Acquisition Spam Adopted from: “The Engaged Customer” HP Brondmo, 2000

Why Consent? It has become generally accepted that legitimate e-mail marketing must be based on consent based customer Traditional Offline DM: communications Today’s (Online) DM: Forgiveness Only “push” communication High fixed cost of communication Implicit company “right” to choose who to communicate to Physical address and phone number separate from personal identity Level of intrusiveness “annoyance” Cost of “annoyance” borne by sender (communicating company) Limited legal recourse Permission Combo “push/pull” communication Low fixed cost of communication Implicit consumer “right” to choose who to receive communication from Cyber address part of personal identity Level of intrusiveness “frustration, invasion of privacy” Cost of delivery & “frustration” borne by recipient (ISP & consumer) Source: Digital Impact Strategic Analysis Group Expanding legal recourse

Problem with Permission Definition If she opts-out from one newsletter, can I still send others to her? Does an Info Request mean I can add him to my mailing list? Does her consent on Product A extend to Product B? Is he still a customer if he hasn’t bought recently? Maybe . . . it all depends.

Mail Gateway View Bl RECIPIENTS Mail Gateways list k c a ed rs e d se n SPAM Whitelisted senders Un kno wn s end e r

ESP View CONSENT CONSENT Known B2B Senders RECIPIENTS Mail Gateway ESPs Known B2C Senders Known Relationship Senders

Technology Solutions Proliferating (11/02) 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. ActiveEmailMonitor ActivatorMail Apocgraphy AssuranceSystems Aura AvirMail BigFish Blackmail BlueBottle BondedSender BrightMail Cerber Choicemail (digiportal) CloudMark Declude DCC Despammed De-Spammer Elron EmailAddressEncoder Emailias EmailInspector EmailRemover Erado F-Secure GarbageMan GFiMailEssentials Habeas iHateSpam 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. InboxDoctor InboxProtector JBMail JOC Emai Checker JunkFilter JunkJam JunkSpy JustFiltering MailBoxFilter MailCircuit MailExpire MailFilters MailFrontier MailMarshal MailScan MailShell MailShield (Lyris ) MailSnoop MailSweep MailTalkX MailWasher messagecontrol MessageLabs Messagewall.org MXLogic MyGuard.net Nucem Osirusoft PerlMX POP3Gateway 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. Postini Postiva Praetor Queria QuarantineMail RemoveMeNow RoadBlock SaveMail Sendmail Singlefin SmartShield Sneakemail SpamArrest SpamAssassin SpamBam SpamBuster SpamButcher SpamCop SpamEater Pro SpamErase SpamEx SpamGourmet SpamInspector SpamKiller(McAfee) SpamLion SpamMotel SpamSlammer 87. 88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100. 101. 102. SpamSpade SpamStopper SpamThing SpamSubtract (Intermute) SpamWeasel SurfControl Symantec TMDA TumbleWeed USOpt Vanquish Vipul's Razor Vircom Vote4Mail WebSense WhiteICE

Existing “Solutions” To Spam Are Ineffective Major ISPs Proprietary Filtering Send volume Bounce volume Subscriber reporting Detection networks (Brightmail) Blacklists Whitelists Consumer Tools Secondary ISPs, .EDUs, .ORGs Blacklists Consumer tools Organizational (Corporate) Content filters (edge & desktop) Blacklists Throwing the Baby out with the Bathwater: Current solutions penalize legitimate senders/ESPs by generating false positives We are guessing at what constitutes spam by the nature of the message and delivery characteristics ISP and blacklists processes are opaque

“Spam-Guessing” Resulting In Growing False Positives Problem Average Non-Delivery for Top ISPs: 15% BellSouth Earthlink USA.net MSN Mall.com Hotmail 8% Compuserve 14% AOL 18% Yahoo 22% NetZero 27% Assurance Systems, Feb. 2003

The Solution: Our View Best Practices Consumer Education Legislation / Standards Technology

Consumer Education Consumer control and choice must be at the center of any solution Consumers must understand and embrace good email “security” (really, really difficult.) We (ISPs, ESPs and solutions providers) need to understand consumer concerns related to deliverability: I did not get my email forum

Best Practices Consent/Permission/Opt-In Are consent standards attainable? (Many failed efforts in this area) We may not have a choice! (MonsterHut) Varying legal standards will demand varying solutions anyways It Just Makes ense Better practices results in higher returns for legitimate email marketing

Legislation We need Federal, preemptive legislation! Senator Burns: Can Spam Act House bill? State “crazy quilt” hurts us all 26 and counting Differing standards – impossible compliance “do not email” proposals will only penalize legitimate senders

Technology Build ACCOUNTABILITY into the system ISPs accountable for delivery Anti-spam solutions (blacklists, filters) accountable for their offerings Senders accountable for what they send and to whom ESPs accountable for creating transparency NAI effort: Verification and Certification Authentication Objective compliance monitoring Enforcement Need for standards, broad consensus and “ownership” among various constituents

Four Steps To Eradicate The Spam Plague Implement a “platform” for accountability 1. 2. 3. Verification and certification Authentication Objective compliance monitoring Establish independent email trust authority Pass federal preemptive legislation prohibiting falsified email headers Demand full transparency Sender transparency (origin of email, etc.) Receiver transparency (standards for delivery, etc.)

The NAI ESP Coalition Is Committed To Solving Spam Through Sender Accountability NAI Email Service Provider Coalition Hans Peter Brondmo Chair, NAI ESP Registry Working Group [email protected] 650 356 3430 J. Trevor Hughes Executive Director, NAI ESP [email protected] 207 351 1500