U.S. Turns Down 'Do Not Spam' Registry for Now

The Federal Trade Commission told Congress today that, at the present time, a National Do Not E-Mail Registry would fail to reduce the amount of spam consumers receive, might increase it, and could not be enforced effectively. In a report filed in response to a statutory mandate, the FTC also said that anti-spam efforts should focus on creating a robust e-mail authentication system that would prevent spammers from hiding their tracks and thereby evading Internet service providers' anti-spam filters and law enforcement. To help focus these efforts, the FTC today announced that it will be sponsoring a Fall 2004 Authentication Summit to encourage a thorough analysis of possible authentication systems and their swift deployment.

In December 2003, Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) which called for the Commission to develop a plan and timetable for establishing a National Do Not E-mail Registry; explain any practical, technical, security, privacy, enforcement, or other concerns; and explain how a Registry would be applied with respect to children with e-mail accounts.

The FTC's report analyzed three types of possible registries: a registry containing individual e-mail addresses; a registry containing the names of domains that did not wish to receive spam; and a registry of individual names that required all unsolicited commercial e-mail to be sent via an independent third party that would deliver messages only to those e-mail addresses not on the registry.

The FTC studied these three possible registry models by reviewing registry proposals from some of the nation's largest Internet, computer, and database management firms; consulted with more than 80 individuals representing more than 50 organizations including consumer groups, e-mail marketers, anti-spam advocates, and others; demanded information from the seven ISPs that control over 50 percent of the market for consumer e-mail accounts; and retained the services of three of the nation's preeminent computer scientists.

The report concludes that all three possible registry models could not be enforced effectively. A registry of individual e-mail addresses also suffers from severe security/privacy risks that would likely result in registered addresses receiving more spam because spammers would use such a registry as a directory of valid e-mail addresses. It ultimately would become the National Do Spam List. Furthermore, a registry of domains would have no impact on spam and a third-party forwarding service model could have a devastating impact on the e-mail system.

Instead of implementing a registry that would, at best have no impact on spam and, at worst, cause it to increase, the FTC's plan recognizes the need for an authentication standard. The FTC's Report explains that "without effective authentication of e-mail, any registry is doomed to fail. With authentication, better CAN-SPAM Act enforcement and better filtering by ISPs may even make a registry unnecessary." The Commission vote to issue the report was 5-0.