solving spam by establishing a platform for sender accountability the email service provider...
TRANSCRIPT
Solving Spam By Establishing Solving Spam By Establishing A Platform ForA Platform For
Sender AccountabilitySender Accountability
The Email Service Provider The Email Service Provider PerspectivePerspective
__________________________________________Hans Peter BrøndmoHans Peter Brøndmo
SVP Strategy and Corp DevelopmentSVP Strategy and Corp Development
Digital ImpactDigital Impact
NAI Email Service Provider CoalitionNAI Email Service Provider Coalition
NAI ESP Coalition Formed to NAI ESP Coalition Formed to Combat Spam and Protect Combat Spam and Protect Legitimate Email MarketingLegitimate Email Marketing
Coalition – 30 members and countingCoalition – 30 members and countingRepresenting ~200k businessesRepresenting ~200k businesses
Active since December ‘02Active since December ‘02
3 sub-committees:3 sub-committees:LegislativeLegislative
CommunicationsCommunications
Technological solutionsTechnological solutions
Email Marketing:Email Marketing:From Spam to SteakFrom Spam to Steak
Spam
Value to R
ecipient
PermissionAcquisition
PermissionRetention
Relational Messages:Transactional, personal, paid service,
newsletters, alerts, notifications…
Adopted from: “The Engaged Customer”© HP Brondmo, 2000
Why Consent?Why Consent?It has become generally accepted that legitimate
e-mail marketing must be based on consent based
customer communicationsTraditional Offline DM: Forgiveness
Only “push” communication High fixed cost of communication Implicit company “right” to
choose who to communicate to Physical address and phone
number separate from personal identity
Level of intrusiveness = “annoyance”
Cost of “annoyance” borne by sender (communicating company)
Limited legal recourse
Today’s (Online) DM: Permission
Combo “push/pull” communication
Low fixed cost of communication Implicit consumer “right” to
choose who to receive communication from
Cyber address part of personal identity
Level of intrusiveness = “frustration, invasion of privacy”
Cost of delivery & “frustration” borne by recipient (ISP & consumer)
Expanding legal recourseSource: Digital Impact Strategic Analysis Group
Problem with Permission - Problem with Permission - DefinitionDefinition
Does her consent on Product A extend to Product B?
Does an Info Request mean I can add him to my mailing list?
Is he still a customer if he hasn’t bought
recently?
If she opts-out from one newsletter, can I
still send others to her?
Maybe . . . it all depends.
Mail Gateway ViewMail Gateway View
MailGateways
Whitelisted senders
Blacklisted senders
RECIPIENTS
Unknown sender
SPAM
ESP ViewESP View
MailGateway
ESPs
Known B2B Senders
Known B2C SendersRECIPIENTS
Known RelationshipSenders
CONSENTCONSENT
Technology Solutions Proliferating (11/02)Technology Solutions Proliferating (11/02)1.1. ActiveEmailMonitor ActiveEmailMonitor 2.2. ActivatorMailActivatorMail3.3. ApocgraphyApocgraphy4.4. AssuranceSystemsAssuranceSystems5.5. Aura Aura 6.6. AvirMailAvirMail7.7. BigFishBigFish8.8. BlackmailBlackmail9.9. BlueBottleBlueBottle10.10. BondedSender BondedSender 11.11. BrightMail BrightMail 12.12. CerberCerber13.13. Choicemail (digiportal) Choicemail (digiportal) 14.14. CloudMarkCloudMark15.15. DecludeDeclude16.16. DCCDCC17.17. Despammed Despammed 18.18. De-Spammer De-Spammer 19.19. ElronElron20.20. EmailAddressEncoderEmailAddressEncoder21.21. Emailias Emailias 22.22. EmailInspector EmailInspector 23.23. EmailRemoverEmailRemover24.24. EradoErado25.25. F-SecureF-Secure26.26. GarbageManGarbageMan27.27. GFiMailEssentials GFiMailEssentials 28.28. Habeas Habeas 29.29. iHateSpamiHateSpam
30.30. InboxDoctorInboxDoctor31.31. InboxProtector InboxProtector 32.32. JBMailJBMail33.33. JOC Emai CheckerJOC Emai Checker34.34. JunkFilterJunkFilter35.35. JunkJam JunkJam 36.36. JunkSpyJunkSpy37.37. JustFilteringJustFiltering38.38. MailBoxFilter MailBoxFilter 39.39. MailCircuit MailCircuit 40.40. MailExpire MailExpire 41.41. MailFilters MailFilters 42.42. MailFrontierMailFrontier43.43. MailMarshalMailMarshal44.44. MailScan MailScan 45.45. MailShell MailShell 46.46. MailShield (Lyris )MailShield (Lyris )47.47. MailSnoop MailSnoop 48.48. MailSweepMailSweep49.49. MailTalkXMailTalkX50.50. MailWasher MailWasher 51.51. messagecontrolmessagecontrol52.52. MessageLabsMessageLabs53.53. Messagewall.orgMessagewall.org54.54. MXLogicMXLogic55.55. MyGuard.netMyGuard.net56.56. NucemNucem57.57. OsirusoftOsirusoft58.58. PerlMXPerlMX59.59. POP3GatewayPOP3Gateway
60.60. PostiniPostini
61.61. PostivaPostiva
62.62. PraetorPraetor
63.63. QueriaQueria
64.64. QuarantineMailQuarantineMail
65.65. RemoveMeNow RemoveMeNow
66.66. RoadBlock RoadBlock
67.67. SaveMailSaveMail
68.68. Sendmail Sendmail
69.69. Singlefin Singlefin
70.70. SmartShield SmartShield
71.71. Sneakemail Sneakemail
72.72. SpamArrest SpamArrest
73.73. SpamAssassinSpamAssassin
74.74. SpamBamSpamBam
75.75. SpamBusterSpamBuster
76.76. SpamButcher SpamButcher
77.77. SpamCopSpamCop
78.78. SpamEater ProSpamEater Pro
79.79. SpamEraseSpamErase
80.80. SpamEx SpamEx
81.81. SpamGourmet SpamGourmet
82.82. SpamInspector SpamInspector
83.83. SpamKiller(McAfee)SpamKiller(McAfee)
84.84. SpamLion SpamLion
85.85. SpamMotel SpamMotel
86.86. SpamSlammer SpamSlammer
87.87. SpamSpade SpamSpade
88.88. SpamStopperSpamStopper
89.89. SpamThingSpamThing
90.90. SpamSubtract (Intermute)SpamSubtract (Intermute)
91.91. SpamWeasel SpamWeasel
92.92. SurfControl SurfControl
93.93. SymantecSymantec
94.94. TMDATMDA
95.95. TumbleWeedTumbleWeed
96.96. USOptUSOpt
97.97. VanquishVanquish
98.98. Vipul's RazorVipul's Razor
99.99. VircomVircom
100.100. Vote4Mail Vote4Mail
101.101. WebSense WebSense
102.102. WhiteICEWhiteICE
Existing “Solutions” To Spam Existing “Solutions” To Spam Are IneffectiveAre Ineffective
Major ISPsMajor ISPs Proprietary FilteringProprietary Filtering
Send volumeSend volumeBounce volumeBounce volumeSubscriber reportingSubscriber reporting
Detection networks (Brightmail)Detection networks (Brightmail) BlacklistsBlacklists WhitelistsWhitelists Consumer ToolsConsumer Tools
Secondary ISPs, .EDUs, .ORGsSecondary ISPs, .EDUs, .ORGs BlacklistsBlacklists Consumer toolsConsumer tools
Organizational (Corporate)Organizational (Corporate) Content filters (edge & desktop)Content filters (edge & desktop) Blacklists Blacklists
Throwing the Baby out with Throwing the Baby out with the Bathwater:the Bathwater:
Current solutions penalize Current solutions penalize legitimate senders/ESPs by legitimate senders/ESPs by generating false positivesgenerating false positives
We are guessing at what We are guessing at what constitutes spam by the nature constitutes spam by the nature of the message and delivery of the message and delivery characteristicscharacteristics
ISP and blacklists processes ISP and blacklists processes are opaqueare opaque
““Spam-Guessing” Resulting In Spam-Guessing” Resulting In Growing False Positives ProblemGrowing False Positives Problem
NetZ
ero 27%
Yahoo 22%
AO
L 18%
Com
puserve 14%
Hotm
ail 8%
Mall.com
MS
N
US
A.net
Earthlink
BellS
outhAverage Non-Delivery
for Top ISPs: 15%
Assurance Systems, Feb. 2003
The Solution: Our ViewThe Solution: Our View
Legislation / Standards
TechnologyConsumer Education
Best Practices
Consumer EducationConsumer Education
Consumer control and choice must be at the Consumer control and choice must be at the center of any solutioncenter of any solutionConsumers must understand and embrace good Consumers must understand and embrace good email “security”email “security” (really, really difficult...)(really, really difficult...)
We (ISPs, ESPs and solutions providers) need We (ISPs, ESPs and solutions providers) need to understand consumer concerns related to to understand consumer concerns related to deliverability:deliverability: I_did_not_get_my_email forumI_did_not_get_my_email forum
Best PracticesBest Practices
Consent/Permission/Opt-InConsent/Permission/Opt-In Are consent standards attainable? (Many failed efforts Are consent standards attainable? (Many failed efforts
in this area)in this area) We may not have a choice! (MonsterHut)We may not have a choice! (MonsterHut) Varying legal standards will demand varying solutions Varying legal standards will demand varying solutions
anywaysanyways
It Just Makes $enseIt Just Makes $ense Better practices results in higher returns for legitimate Better practices results in higher returns for legitimate
email marketingemail marketing
LegislationLegislation
We need Federal, preemptive legislation!We need Federal, preemptive legislation! Senator Burns: Can Spam ActSenator Burns: Can Spam Act House bill?House bill?
State “crazy quilt” hurts us allState “crazy quilt” hurts us all 26 and counting26 and counting Differing standards – impossible complianceDiffering standards – impossible compliance ““do not email” proposals will only penalize do not email” proposals will only penalize
legitimate senderslegitimate senders
TechnologyTechnology
Build ACCOUNTABILITY into the systemBuild ACCOUNTABILITY into the system ISPs accountable for deliveryISPs accountable for delivery Anti-spam solutions (blacklists, filters) accountable for their Anti-spam solutions (blacklists, filters) accountable for their
offeringsofferings Senders accountable for what they send and to whomSenders accountable for what they send and to whom ESPs accountable for creating transparencyESPs accountable for creating transparency
NAI effort:NAI effort: Verification and CertificationVerification and Certification AuthenticationAuthentication Objective compliance monitoringObjective compliance monitoring EnforcementEnforcement
Need for standards, broad consensus and “ownership” Need for standards, broad consensus and “ownership” among various constituentsamong various constituents
Four Steps To Eradicate The Four Steps To Eradicate The Spam PlagueSpam Plague
Implement a “platform” for accountabilityImplement a “platform” for accountability1.1. Verification and certificationVerification and certification2.2. AuthenticationAuthentication3.3. Objective compliance monitoringObjective compliance monitoring
Establish independent email trust authorityEstablish independent email trust authorityPass federal preemptive legislation prohibiting Pass federal preemptive legislation prohibiting falsified email headersfalsified email headersDemand full transparencyDemand full transparency
Sender transparency (origin of email, etc.)Sender transparency (origin of email, etc.)Receiver transparency (standards for delivery, etc.)Receiver transparency (standards for delivery, etc.)
The NAI ESP Coalition Is The NAI ESP Coalition Is Committed To Solving Spam Committed To Solving Spam
Through Sender AccountabilityThrough Sender Accountability
NAI Email Service Provider CoalitionNAI Email Service Provider CoalitionHans Peter BrondmoHans Peter BrondmoChair, NAI ESP Registry Working GroupChair, NAI ESP Registry Working [email protected]@digitalimpact.com650 356 3430650 356 3430
J. Trevor HughesJ. Trevor HughesExecutive Director, NAI ESPExecutive Director, NAI ESPnainai@@networkadvertisingnetworkadvertising.org.org207 351 1500207 351 1500