Solving Spam By Establishing Solving Spam By Establishing A Platform ForA Platform For

Sender AccountabilitySender Accountability

The Email Service Provider The Email Service Provider PerspectivePerspective

__________________________________________Hans Peter BrøndmoHans Peter Brøndmo

SVP Strategy and Corp DevelopmentSVP Strategy and Corp Development

Digital ImpactDigital Impact

NAI Email Service Provider CoalitionNAI Email Service Provider Coalition

NAI ESP Coalition Formed to NAI ESP Coalition Formed to Combat Spam and Protect Combat Spam and Protect Legitimate Email MarketingLegitimate Email Marketing

Coalition – 30 members and countingCoalition – 30 members and countingRepresenting ~200k businessesRepresenting ~200k businesses

Active since December ‘02Active since December ‘02

3 sub-committees:3 sub-committees:LegislativeLegislative

CommunicationsCommunications

Technological solutionsTechnological solutions

Email Marketing:Email Marketing:From Spam to SteakFrom Spam to Steak

Spam

Value to R

ecipient

PermissionAcquisition

PermissionRetention

Relational Messages:Transactional, personal, paid service,

newsletters, alerts, notifications…

Adopted from: “The Engaged Customer”© HP Brondmo, 2000

Why Consent?Why Consent?It has become generally accepted that legitimate

e-mail marketing must be based on consent based

customer communicationsTraditional Offline DM: Forgiveness

Only “push” communication High fixed cost of communication Implicit company “right” to

choose who to communicate to Physical address and phone

number separate from personal identity

Level of intrusiveness = “annoyance”

Cost of “annoyance” borne by sender (communicating company)

Limited legal recourse

Today’s (Online) DM: Permission

Combo “push/pull” communication

Low fixed cost of communication Implicit consumer “right” to

choose who to receive communication from

Cyber address part of personal identity

Level of intrusiveness = “frustration, invasion of privacy”

Cost of delivery & “frustration” borne by recipient (ISP & consumer)

Expanding legal recourseSource: Digital Impact Strategic Analysis Group

Problem with Permission - Problem with Permission - DefinitionDefinition

Does her consent on Product A extend to Product B?

Does an Info Request mean I can add him to my mailing list?

Is he still a customer if he hasn’t bought

recently?

If she opts-out from one newsletter, can I

still send others to her?

Maybe . . . it all depends.

Mail Gateway ViewMail Gateway View

MailGateways

Whitelisted senders

Blacklisted senders

RECIPIENTS

Unknown sender

SPAM

ESP ViewESP View

MailGateway

ESPs

Known B2B Senders

Known B2C SendersRECIPIENTS

Known RelationshipSenders

CONSENTCONSENT

Technology Solutions Proliferating (11/02)Technology Solutions Proliferating (11/02)1.1. ActiveEmailMonitor ActiveEmailMonitor 2.2. ActivatorMailActivatorMail3.3. ApocgraphyApocgraphy4.4. AssuranceSystemsAssuranceSystems5.5. Aura   Aura   6.6. AvirMailAvirMail7.7. BigFishBigFish8.8. BlackmailBlackmail9.9. BlueBottleBlueBottle10.10. BondedSender     BondedSender     11.11. BrightMail     BrightMail     12.12. CerberCerber13.13. Choicemail (digiportal) Choicemail (digiportal) 14.14. CloudMarkCloudMark15.15. DecludeDeclude16.16. DCCDCC17.17. Despammed      Despammed      18.18. De-Spammer     De-Spammer     19.19. ElronElron20.20. EmailAddressEncoderEmailAddressEncoder21.21. Emailias Emailias 22.22. EmailInspector      EmailInspector      23.23. EmailRemoverEmailRemover24.24. EradoErado25.25. F-SecureF-Secure26.26. GarbageManGarbageMan27.27. GFiMailEssentials GFiMailEssentials 28.28. Habeas Habeas 29.29. iHateSpamiHateSpam

30.30. InboxDoctorInboxDoctor31.31. InboxProtector InboxProtector 32.32. JBMailJBMail33.33. JOC Emai CheckerJOC Emai Checker34.34. JunkFilterJunkFilter35.35. JunkJam   JunkJam   36.36. JunkSpyJunkSpy37.37. JustFilteringJustFiltering38.38. MailBoxFilter  MailBoxFilter  39.39. MailCircuit    MailCircuit    40.40. MailExpire     MailExpire     41.41. MailFilters    MailFilters    42.42. MailFrontierMailFrontier43.43. MailMarshalMailMarshal44.44. MailScan       MailScan       45.45. MailShell      MailShell      46.46. MailShield  (Lyris )MailShield  (Lyris )47.47. MailSnoop      MailSnoop      48.48. MailSweepMailSweep49.49. MailTalkXMailTalkX50.50. MailWasher     MailWasher     51.51. messagecontrolmessagecontrol52.52. MessageLabsMessageLabs53.53. Messagewall.orgMessagewall.org54.54. MXLogicMXLogic55.55. MyGuard.netMyGuard.net56.56. NucemNucem57.57. OsirusoftOsirusoft58.58. PerlMXPerlMX59.59. POP3GatewayPOP3Gateway

60.60. PostiniPostini

61.61. PostivaPostiva

62.62. PraetorPraetor

63.63. QueriaQueria

64.64. QuarantineMailQuarantineMail

65.65. RemoveMeNow    RemoveMeNow    

66.66. RoadBlock      RoadBlock      

67.67. SaveMailSaveMail              

68.68. Sendmail       Sendmail       

69.69. Singlefin      Singlefin      

70.70. SmartShield    SmartShield    

71.71. Sneakemail Sneakemail 

72.72. SpamArrest  SpamArrest  

73.73. SpamAssassinSpamAssassin

74.74. SpamBamSpamBam

75.75. SpamBusterSpamBuster

76.76. SpamButcher SpamButcher 

77.77. SpamCopSpamCop

78.78. SpamEater ProSpamEater Pro

79.79. SpamEraseSpamErase

80.80. SpamEx SpamEx 

81.81. SpamGourmet  SpamGourmet  

82.82. SpamInspector  SpamInspector  

83.83. SpamKiller(McAfee)SpamKiller(McAfee)

84.84. SpamLion  SpamLion  

85.85. SpamMotel      SpamMotel      

86.86. SpamSlammer SpamSlammer 

87.87. SpamSpade   SpamSpade   

88.88. SpamStopperSpamStopper

89.89. SpamThingSpamThing

90.90. SpamSubtract  (Intermute)SpamSubtract  (Intermute)

91.91. SpamWeasel  SpamWeasel  

92.92. SurfControl   SurfControl   

93.93. SymantecSymantec

94.94. TMDATMDA

95.95. TumbleWeedTumbleWeed

96.96. USOptUSOpt

97.97. VanquishVanquish

98.98. Vipul's RazorVipul's Razor

99.99. VircomVircom

100.100. Vote4Mail      Vote4Mail      

101.101. WebSense       WebSense       

102.102. WhiteICEWhiteICE

Existing “Solutions” To Spam Existing “Solutions” To Spam Are IneffectiveAre Ineffective

Major ISPsMajor ISPs Proprietary FilteringProprietary Filtering

Send volumeSend volumeBounce volumeBounce volumeSubscriber reportingSubscriber reporting

Detection networks (Brightmail)Detection networks (Brightmail) BlacklistsBlacklists WhitelistsWhitelists Consumer ToolsConsumer Tools

Secondary ISPs, .EDUs, .ORGsSecondary ISPs, .EDUs, .ORGs BlacklistsBlacklists Consumer toolsConsumer tools

Organizational (Corporate)Organizational (Corporate) Content filters (edge & desktop)Content filters (edge & desktop) Blacklists Blacklists

Throwing the Baby out with Throwing the Baby out with the Bathwater:the Bathwater:

Current solutions penalize Current solutions penalize legitimate senders/ESPs by legitimate senders/ESPs by generating false positivesgenerating false positives

We are guessing at what We are guessing at what constitutes spam by the nature constitutes spam by the nature of the message and delivery of the message and delivery characteristicscharacteristics

ISP and blacklists processes ISP and blacklists processes are opaqueare opaque

““Spam-Guessing” Resulting In Spam-Guessing” Resulting In Growing False Positives ProblemGrowing False Positives Problem

NetZ

ero 27%

Yahoo 22%

AO

L 18%

Com

puserve 14%

Hotm

ail 8%

Mall.com

MS

N

US

A.net

Earthlink

BellS

outhAverage Non-Delivery

for Top ISPs: 15%

Assurance Systems, Feb. 2003

The Solution: Our ViewThe Solution: Our View

Legislation / Standards

TechnologyConsumer Education

Best Practices

Consumer EducationConsumer Education

Consumer control and choice must be at the Consumer control and choice must be at the center of any solutioncenter of any solutionConsumers must understand and embrace good Consumers must understand and embrace good email “security”email “security” (really, really difficult...)(really, really difficult...)

We (ISPs, ESPs and solutions providers) need We (ISPs, ESPs and solutions providers) need to understand consumer concerns related to to understand consumer concerns related to deliverability:deliverability: I_did_not_get_my_email forumI_did_not_get_my_email forum

Best PracticesBest Practices

Consent/Permission/Opt-InConsent/Permission/Opt-In Are consent standards attainable? (Many failed efforts Are consent standards attainable? (Many failed efforts

in this area)in this area) We may not have a choice! (MonsterHut)We may not have a choice! (MonsterHut) Varying legal standards will demand varying solutions Varying legal standards will demand varying solutions

anywaysanyways

It Just Makes $enseIt Just Makes $ense Better practices results in higher returns for legitimate Better practices results in higher returns for legitimate

email marketingemail marketing

LegislationLegislation

We need Federal, preemptive legislation!We need Federal, preemptive legislation! Senator Burns: Can Spam ActSenator Burns: Can Spam Act House bill?House bill?

State “crazy quilt” hurts us allState “crazy quilt” hurts us all 26 and counting26 and counting Differing standards – impossible complianceDiffering standards – impossible compliance ““do not email” proposals will only penalize do not email” proposals will only penalize

legitimate senderslegitimate senders

TechnologyTechnology

Build ACCOUNTABILITY into the systemBuild ACCOUNTABILITY into the system ISPs accountable for deliveryISPs accountable for delivery Anti-spam solutions (blacklists, filters) accountable for their Anti-spam solutions (blacklists, filters) accountable for their

offeringsofferings Senders accountable for what they send and to whomSenders accountable for what they send and to whom ESPs accountable for creating transparencyESPs accountable for creating transparency

NAI effort:NAI effort: Verification and CertificationVerification and Certification AuthenticationAuthentication Objective compliance monitoringObjective compliance monitoring EnforcementEnforcement

Need for standards, broad consensus and “ownership” Need for standards, broad consensus and “ownership” among various constituentsamong various constituents

Four Steps To Eradicate The Four Steps To Eradicate The Spam PlagueSpam Plague

Implement a “platform” for accountabilityImplement a “platform” for accountability1.1. Verification and certificationVerification and certification2.2. AuthenticationAuthentication3.3. Objective compliance monitoringObjective compliance monitoring

Establish independent email trust authorityEstablish independent email trust authorityPass federal preemptive legislation prohibiting Pass federal preemptive legislation prohibiting falsified email headersfalsified email headersDemand full transparencyDemand full transparency

Sender transparency (origin of email, etc.)Sender transparency (origin of email, etc.)Receiver transparency (standards for delivery, etc.)Receiver transparency (standards for delivery, etc.)

The NAI ESP Coalition Is The NAI ESP Coalition Is Committed To Solving Spam Committed To Solving Spam

Through Sender AccountabilityThrough Sender Accountability

NAI Email Service Provider CoalitionNAI Email Service Provider CoalitionHans Peter BrondmoHans Peter BrondmoChair, NAI ESP Registry Working GroupChair, NAI ESP Registry Working Groupbrondmo@digitalimpact.combrondmo@digitalimpact.com650 356 3430650 356 3430

J. Trevor HughesJ. Trevor HughesExecutive Director, NAI ESPExecutive Director, NAI ESPnainai@@networkadvertisingnetworkadvertising.org.org207 351 1500207 351 1500