Last week the DMA announced with considerable fanfare that their members should all use e-mail authentication.
DMA members send a lot of bulk e-mail, but not much that would be considered spam by any normal metric. (Altria's Gevalia Kaffee is one of the few exceptions.) Their main problem is their legitimate bulk mail, sent in large quantities from fixed sources, getting caught by ISPs spam filters. That happens to be one problem for which path authentication schemes like SPF and Sender ID are useful, since they make it easier to add known fixed source mailers to a recipient ISP's whitelist, and that's just what AOL and probably other big ISPs use it for. While the DMA may be implying that this is a virtuous move, in reality it's something that their members are doing anyway for straightforward business purposes.
In the bigger picture, one of the big open questions in the spam wars is what the long term e-mail behavior of big companies will be. For now, they stay away from spamming because they quite correctly fear that they will be lumped in with the spammers who sell fake v1@gra and the like. But if we somehow get the crooked spammers under control, then what?
List sales and opt-out mailing have long been standard practices in the paper junk mail business, and advertisers would probably do it in e-mail if they thought they could get away with it. Bob Wientzen, then head of the DMA, said as much at the DMA spam meeting in about 1996, telling us that he'd like to put a coupon for Tide detergent in every consumer's inbox in the country. With that in mind, I do worry that fixed source big company bulk mailers will try and define their practices, authentication and all, as the standard for acceptable mail behavior, then once the coast is clear, their practices will get a lot worse. I don't think it's any coincidence that the limits enshrined in CAN SPAM are the current standards for bulk paper mail, not for bulk e-mail.
By John Levine, Author, Consultant & Speaker. Visit the blog maintained by John Levine here.
To post comments, please login or create an account.
MobileSponsored bydotMobi | |
IPv6Sponsored byNominum | |
DNSSponsored byNeustar UltraDNS | |
SecuritySponsored byVerisign | |
Top-Level DomainsSponsored byMinds + Machines | |
DNS SecuritySponsored byAfilias |
I'm happy to see them promote Email Authentication, but it's not a big deal because it's not a hard requirement. Plus, there's no effective enforcement mechanism. The DMA is just saying that members SHOULD (not MUST) use Email Authentication, in the actual DMA board-approved language, so I think this article's title is inaccurate.
"DMA members send a lot of bulk e-mail, but not much that would be considered spam by any normal metric." - John
What's the factual basis for this claim? Since their membership list is (Oh, the irony!) secret, how do you know whether they spam? The top 10 ROKSO spammers could be members, directly, or via an innocuous-sounding front. Do you have access to the membership list? (And if anyone does, please update http://en.wikipedia.org/wiki/DMA_members)
It's true, the DMA's membership list is secret, but it's not hard to get a pretty good idea who their members are. Membership is expensive enough that shadowy little companies are extremely unlikely to join, even if there were some reason they thought it would be in their interest to do so.
Like I said, the amount of spam you get from companies you've heard of is vanishingly small, with the exceptions being noticable by how unusual it is.