Two proposals last week hold great promise for ISPs, especially those that provide e-mail service for their customers—although, because spam affects all providers in one way or another, it should make things better all around.
The first proposal is for an e-mail authentication summit hosted by the Federal Trade Commission and the National Institute of Standards and Technology, planned for early November. The second is a limited endorsement of bounties for the arrest and conviction of spammers.
The e-mail authentication summit is intended to provide industry input to the FTC and NIST regarding the issues surrounding e-mail authentication. The agencies are trying to determine whether current or proposed authentication standards are likely to eliminate or reduce spam, whether such standards would pose a hardship for service providers that do not adopt them, and whether an Internet-wide authentication system can be adopted in time to be useful.
Currently, there are two leading standards, one the open standard Sender Policy Framework, or SPF, that's widely supported in the open-source community and also has broad support by leading ISPs including AOL. The second is Microsoft's proprietary Sender ID.
Last week, AOL announced that it was abandoning its plans to support Sender ID for its white-listed mailers, focusing instead on SPF. While SPF may be somewhat less capable than Sender ID, it has the advantage of not being tied to Windows, thus making it more likely to be supported across the Internet.
Either standard could significantly reduce spam if broadly accepted. And together they could reduce spam even more. If one of the standards is picked after the FTC/NIST summit in November, it's likely to be SPF. But that doesn't mean that service providers won't support both. Nothing the FTC is doing will prevent that. Either way, the government's plans could make it easier for service providers to block spam.
However, the FTC plans to go even farther. Last week the agency announced its support for a limited form of bounties on spammers.
The FTC's recommendation to Congress will be that legislation be passed to allow the government to offer rewards of up to a quarter-million dollars to insiders who provide information leading to the arrest and conviction of spammers. The FTC is suggesting that rewards only go to those inside the spam organizations because only they can provide the amount of detailed information the government needs to make a conviction, according to the announcement.
Sounds like very positive moves for ISPs. The government appears to be helping solve the problem of spam in areas where it can have the most effect—setting standards and providing backing through law enforcement.
But not everyone sees it that way. The ESPC (Email Service Provider Coalition), according to a spokesman, says that the group worries that such a bounty plan could put too much power into the hands of anti-spam forces. He worries that it could interfere with business.
This is one case in which the organization, normally very strongly anti-spam itself, has chosen the wrong side of the issue. The bounties, after all, would only be paid on the conviction of spammers.
Such a conviction would only take place after a thorough investigation, a trial at which the spammer would have the full opportunity to a defense, and a jury that agrees with the government. That's pretty good protection. Considering how bad the problem of spam has become, and considering the massive problem it is causing for legitimate businesses, it's hard to see how these moves could be taken in a negative light.
The ESPC's ill-considered position notwithstanding, the FTC's plans are indeed a very positive move in the fight against spam. And while they may take awhile to implement, they should eventually lead to a reduction of a problem that's strangling e-commerce. And that's a good thing and none too soon.
Commentary 
