Home / Blogs

DMA Requires Email Authentication, Do We Care?

John Levine

Last week the DMA announced with considerable fanfare that their members should all use e-mail authentication.

DMA members send a lot of bulk e-mail, but not much that would be considered spam by any normal metric. (Altria's Gevalia Kaffee is one of the few exceptions.) Their main problem is their legitimate bulk mail, sent in large quantities from fixed sources, getting caught by ISPs spam filters. That happens to be one problem for which path authentication schemes like SPF and Sender ID are useful, since they make it easier to add known fixed source mailers to a recipient ISP's whitelist, and that's just what AOL and probably other big ISPs use it for. While the DMA may be implying that this is a virtuous move, in reality it's something that their members are doing anyway for straightforward business purposes.

In the bigger picture, one of the big open questions in the spam wars is what the long term e-mail behavior of big companies will be. For now, they stay away from spamming because they quite correctly fear that they will be lumped in with the spammers who sell fake v1@gra and the like. But if we somehow get the crooked spammers under control, then what?

List sales and opt-out mailing have long been standard practices in the paper junk mail business, and advertisers would probably do it in e-mail if they thought they could get away with it. Bob Wientzen, then head of the DMA, said as much at the DMA spam meeting in about 1996, telling us that he'd like to put a coupon for Tide detergent in every consumer's inbox in the country. With that in mind, I do worry that fixed source big company bulk mailers will try and define their practices, authentication and all, as the standard for acceptable mail behavior, then once the coast is clear, their practices will get a lot worse. I don't think it's any coincidence that the limits enshrined in CAN SPAM are the current standards for bulk paper mail, not for bulk e-mail.

By John Levine, Author, Consultant & Speaker
Follow CircleID on
Related topics: Email, Spam
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Re: DMA Requires Email Authentication, Do We Care? Matthew Elvey  –  Nov 08, 2005 5:10 PM PDT

I'm happy to see them promote Email Authentication, but it's not a big deal because it's not a hard requirement.  Plus, there's no effective enforcement mechanism. The DMA is just saying that members SHOULD (not MUST) use Email Authentication, in the actual DMA board-approved language, so I think this article's title is inaccurate.

"DMA members send a lot of bulk e-mail, but not much that would be considered spam by any normal metric." - John

What's the factual basis for this claim?  Since their membership list is (Oh, the irony!) secret, how do you know whether they spam?  The top 10 ROKSO spammers could be members, directly, or via an innocuous-sounding front. Do you have access to the membership list?  (And if anyone does, please update http://en.wikipedia.org/wiki/DMA_members)

Re: DMA Requires Email Authentication, Do We Care? John Levine  –  Nov 08, 2005 5:46 PM PDT

It's true, the DMA's membership list is secret, but it's not hard to get a pretty good idea who their members are. Membership is expensive enough that shadowy little companies are extremely unlikely to join, even if there were some reason they thought it would be in their interest to do so.

Like I said, the amount of spam you get from companies you've heard of is vanishingly small, with the exceptions being noticable by how unusual it is.

To post comments, please login or create an account.

Related

Topics

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Whois

Sponsored byWhoisXML API

DNS Security

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform