Transcript Solving Spam By Establishing A Platform For Sender Accountability The Email Service Provider Perspective _____________________ Hans Peter Brøndmo SVP Strategy and Corp Development Digital Impact NAI Email Service Provider.

Solving Spam By Establishing
A Platform For
Sender Accountability
The Email Service Provider
Perspective
_____________________
Hans Peter Brøndmo
SVP Strategy and Corp Development
Digital Impact
NAI Email Service Provider Coalition
NAI ESP Coalition Formed to
Combat Spam and Protect
Legitimate Email Marketing
Coalition – 30 members and counting
Representing ~200k businesses
Active since December ‘02
3 sub-committees:
Legislative
Communications
Technological solutions
Email Marketing:
From Spam to Steak
Value to Recipient
Relational Messages:
Transactional, personal, paid service,
newsletters, alerts, notifications…
Permission
Retention
Permission
Acquisition
Spam
Adopted from: “The Engaged Customer”
© HP Brondmo, 2000
Why Consent?
It has become generally accepted that legitimate
e-mail marketing must be based on consent based
customer communications
Traditional Offline DM:
Forgiveness
Today’s (Online) DM:
Permission
 Only “push” communication
 High fixed cost of communication
 Implicit company “right” to choose
 Combo “push/pull” communication
 Low fixed cost of communication
 Implicit consumer “right” to choose




who to communicate to
Physical address and phone
number separate from personal
identity
Level of intrusiveness =
“annoyance”
Cost of “annoyance” borne by
sender (communicating company)
Limited legal recourse




who to receive communication
from
Cyber address part of personal
identity
Level of intrusiveness =
“frustration, invasion of privacy”
Cost of delivery & “frustration”
borne by recipient (ISP & consumer)
Expanding legal recourse
Source: Digital Impact Strategic Analysis Group
Problem with Permission Definition
If she opts-out from one
newsletter, can I still
send others to her?
Does an Info Request
mean I can add him to
my mailing list?
Does her consent
on Product A
extend to
Product B?
Is he still a
customer if he
hasn’t bought
recently?
Maybe . . . it all depends.
Mail Gateway View
RECIPIENTS
Mail
Gateways
SPAM
Whitelisted senders
ESP View
CONSENT
Known B2B Senders
RECIPIENTS
Mail
Gateway
ESPs
Known B2C Senders
Known Relationship
Senders
Technology Solutions Proliferating (11/02)
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
ActiveEmailMonitor
ActivatorMail
Apocgraphy
AssuranceSystems
Aura
AvirMail
BigFish
Blackmail
BlueBottle
BondedSender
BrightMail
Cerber
Choicemail (digiportal)
CloudMark
Declude
DCC
Despammed
De-Spammer
Elron
EmailAddressEncoder
Emailias
EmailInspector
EmailRemover
Erado
F-Secure
GarbageMan
GFiMailEssentials
Habeas
iHateSpam
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
InboxDoctor
InboxProtector
JBMail
JOC Emai Checker
JunkFilter
JunkJam
JunkSpy
JustFiltering
MailBoxFilter
MailCircuit
MailExpire
MailFilters
MailFrontier
MailMarshal
MailScan
MailShell
MailShield (Lyris )
MailSnoop
MailSweep
MailTalkX
MailWasher
messagecontrol
MessageLabs
Messagewall.org
MXLogic
MyGuard.net
Nucem
Osirusoft
PerlMX
POP3Gateway
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
Postini
88.
Postiva
89.
Praetor
90.
Queria
91.
QuarantineMail
92.
RemoveMeNow
93.
RoadBlock
94.
SaveMail
95.
Sendmail
96.
Singlefin
97.
SmartShield
98.
Sneakemail
99.
SpamArrest
100.
SpamAssassin
101.
SpamBam
102.
SpamBuster
SpamButcher
SpamCop
SpamEater Pro
SpamErase
SpamEx
SpamGourmet
SpamInspector
SpamKiller(McAfee)
SpamLion
SpamMotel
SpamSlammer
SpamSpade
SpamStopper
SpamThing
SpamSubtract (Intermute)
SpamWeasel
SurfControl
Symantec
TMDA
TumbleWeed
USOpt
Vanquish
Vipul's Razor
Vircom
Vote4Mail
WebSense
WhiteICE
Existing “Solutions” To Spam
Are Ineffective
Major ISPs

Proprietary Filtering
Send volume
Bounce volume
Subscriber reporting




Detection networks (Brightmail)
Blacklists
Whitelists
Consumer Tools
Secondary ISPs, .EDUs, .ORGs


Blacklists
Consumer tools
Organizational (Corporate)


Content filters (edge & desktop)
Blacklists
Throwing the Baby out with
the Bathwater:



Current solutions penalize
legitimate senders/ESPs by
generating false positives
We are guessing at what
constitutes spam by the nature
of the message and delivery
characteristics
ISP and blacklists processes
are opaque
“Spam-Guessing” Resulting In
Growing False Positives Problem
Average Non-Delivery
for Top ISPs: 15%
BellSouth
Earthlink
USA.net
MSN
Mall.com
Hotmail 8%
Compuserve 14%
AOL 18%
Yahoo 22%
NetZero 27%
Assurance Systems, Feb. 2003
The Solution: Our View
Best Practices
Consumer
Education
Legislation /
Standards
Technology
Consumer Education
Consumer control and choice must be at the
center of any solution
Consumers must understand and embrace good
email “security”

(really, really difficult...)
We (ISPs, ESPs and solutions providers) need
to understand consumer concerns related to
deliverability:

I_did_not_get_my_email forum
Best Practices
Consent/Permission/Opt-In



Are consent standards attainable? (Many failed efforts
in this area)
We may not have a choice! (MonsterHut)
Varying legal standards will demand varying solutions
anyways
It Just Makes $ense

Better practices results in higher returns for legitimate
email marketing
Legislation
We need Federal, preemptive legislation!


Senator Burns: Can Spam Act
House bill?
State “crazy quilt” hurts us all



26 and counting
Differing standards – impossible compliance
“do not email” proposals will only penalize
legitimate senders
Technology
Build ACCOUNTABILITY into the system




ISPs accountable for delivery
Anti-spam solutions (blacklists, filters) accountable for their
offerings
Senders accountable for what they send and to whom
ESPs accountable for creating transparency
NAI effort:




Verification and Certification
Authentication
Objective compliance monitoring
Enforcement
Need for standards, broad consensus and “ownership”
among various constituents
Four Steps To Eradicate The
Spam Plague
1. Implement a “platform” for accountability
1.
2.
3.
Verification and certification
Authentication
Objective compliance monitoring
2. Establish independent email trust authority
3. Pass federal preemptive legislation
prohibiting falsified email headers
4. Demand full transparency
1.
2.
Sender transparency (origin of email, etc.)
Receiver transparency (standards for delivery,
etc.)
The NAI ESP Coalition Is
Committed To Solving Spam
Through Sender Accountability
NAI Email Service Provider Coalition
Hans Peter Brondmo
Chair, NAI ESP Registry Working Group
[email protected]
650 356 3430
J. Trevor Hughes
Executive Director, NAI ESP
[email protected]
207 351 1500