Without a new system to verify an e-mail's origins, a national do-not-spam list would do nothing to cut the volume of spam in the inbox, the Federal Trade Commission told Congress June 15. And it would probably get no one to even bother signing up for such a registry without such verification and other security measures.
Filed in a report mandated by federal law, the FTC said spam-fighting efforts "should focus on creating a robust e-mail identification system that would prevent spammers from hiding their tracks and thereby evading Internet service providers' anti-spam filters and law enforcement."
The FTC also said it would sponsor a summit on the authentication issue during the fall, hoping to encourage thorough analyses of possible systems and their swift deployment.
The controversial CAN-SPAM law, which took effect at the beginning of January, included a mandate to develop a do-not-spam plan and timetable, and to explain any practical, technical, security, privacy, enforcement, or other concerns about such a program.
The FTC report said a national do-not-email registry with individual e-mail addresses would have significant security weaknesses "that would enable spammers to treat the registry as the National Do-Spam Registry, causing more spam, such as pornographic messages, to clog consumers' inboxes and degrade their privacy.
"This security weakness – the risk that spammers will use the registry to determine valid e-mail addresses – exists regardless of whether the Registry is distributed to marketers or centrally scrubbed by the Commission," the report continued. "The risk that spammers would misuse a registry is so high that Consumers Unionhas stated that, if the Commission were to adopt an individual e-mail address registry and distribute the registry to marketers, it 'would emphatically tell all 42 million subscribers [to Consumer Reports] not to sign up for it."
