Monday, Jul 23, 2007    Text size: 

When CAN-SPAM was passed in 2003, one of its provisions called for the Federal Trade Commission to set forth a “plan and timetable for establishing a nationwide marketing Do-Not-Email registry.” The FTC eventually concluded that establishing such a registry was impracticable, and put off the establishment of the registry pending the development of improved authentication protocols.

“It is clear, based on spammers’ abilities to exploit the structure of the email system, that the development of a practical and effective means of authentication is a necessary tool to fight spam,” the FTC stated in its 2004 report. “Therefore, the commission encourages the private market to develop an authentication standard. Authentication is not only required to make a registry effective, but may even substantially address the underlying problem that prompted Congress to consider the establishment of a registry.”

Gerald Klaas, chair of the X-ASVP Committee, told XBIZ that his organization believes it has created an authentication standard sufficient to answer the concerns the FTC stated in its 2004 report.

In layman’s terms, Klass said, the X-ASVP protocol is “a way for someone to post a ‘no trespassing’ sign on their in-box.”

Under the X-ASVP protocol, a URL is derived from each individual email address where the owner of the address can post publicly available preference settings. The user can simply reject all incoming spam, or unsolicited commercial e-mail (UCE), or set their preferences to accept mail from specific senders and/or domains while rejecting others.

“You can get as granular [with the preferences] as you want,” Klaas said.

Asked about the potential impact of the X-ASVP system on the online adult industry, Klaas noted that the level of specificity users can employ in their email preferences would allow customers of adult sites to tailor their preferences such that they could still receive the legitimate messages sent by adult websites or email lists they have signed up for, while locking out other forms of spam.

A more obvious and direct benefit to the industry, Klaas said, is that the system would serve to clean up adult industry in-boxes, as well.

“You [the adult industry] have the same issues with spam consuming your server resources and reducing efficiency as everybody else,” Klaas said.

Klaas noted that one of the primary differences between the X-ASVP system and other email registry proposals is that the X-ASVP does not involve a central database of email addresses.

“I hate to even use the term ‘registry’ because that implies a big database,” Klaas said.

Under the X-ASVP system, the file that contains preferences for each email recipient is stored at a unique URL which resides with the end-user’s ISP. Among other advantages, Klaas noted that the distributed nature of the X-ASVP system avoids creating a centralized database — an inviting target for spammers, phishers and hackers of all sorts.

Another advantage to the system proposed by X-ASVP, Klaas said, is that there is no cost to the end-user, or to the advertisers that send out email.

In Utah and Michigan, where UnSpam Technologies operates child protective email registries, “they run a database, and the ‘cleansing’ is something that you have to pay for,” Klaas said. Such is not the case with the not-for-profit X-ASVP protocol.

Although X-ASVP has begun a lobbying effort to get Congress to declare the system the equivalent of a national do-not-email registry, Klaas told XBIZ that he doesn’t think that an act of Congress is needed, technically, to establish the registry.

“Since CAN-SPAM already has a provision directing the FTC to create a national registry, I think all this would require is a finding from the FTC,” Klaas said.

Specifically, what X-ASVP would like to see is for Congress to define a “no” setting in a user’s publicly available X-ASVP profile as equivalent to a listing in a national do-not-email registry for the purposes of CAN-SPAM enforcement.

According to X-ASVP, such a legislative finding would make it illegal to send UCE to email addresses where the owner of the address has posted a blanket “no” setting with regards to UCE.

Klaas acknowledged that the X-ASVP system only marks the beginning of a solution to the spam problem, as it will take some time for the peer-supported X-ASVP protocol to be widely distributed. Nonetheless, Klaas said that adopting would be an all-important first step.

“For years, the question with the solution to the spam problem has been ‘how do you get there from here’ — and very little progress has been made in the last 10 years,” Klaas said. “This [X-ASVP] doesn’t alleviate the need for spam filtering for a very long time, but it does put us on the path to a real solution.”