It's time for a little more stick and little less carrot
In light of the third Federal Trade Commission conference on spam, I met with the FTC attorneys to discuss possible conference topics. In this meeting, it became clear to me that the Commission, and possibly Congress, has a growing interest in why, despite the abundance of anti-spam technologies, the industry is not progressing more rapidly in the war on spam.
After cautiously answering the questions put to me, one of the attendees asked me a blunt question that really needs to be asked: Should Internet service providers block mail that is not properly authenticated?
My answer was yes. In fact, without hesitation, my answer was yes.
Over the last six years, I have witnessed once adversarial marketers and Internet service providers (ISP) work together to build a vision of e-mail free of spam. This vision puts forth a fairly clear and logical solution to the spam problem - first, you leverage authentication technologies to accurately identify senders and then you use reputation to determine whether or not a sender is a good net citizen.
Unfortunately, both sides have failed to take the step that truly kick starts the end of spam as we know it - blocking unauthenticated e-mail.
Do not get me wrong. Senders of e-mail have enjoyed an incentivized approach to authentication. ISPs, hoping to prompt adoption of authentication, offered improvements in deliverability for marketers adopting the specific ISP's form of authentication (most commonly DomainKeys, sender policy framework, or Sender ID). The legitimate marketers of the world, in an effort to both increase deliverability and cooperate with ISPs, have adopted the authentication technologies, and the carrot has had a deal of success thus far.
But the real problem lies in the fact that authentication is really just the necessary first step toward solving the problem. Once all the e-mail coming into the ISPs is authenticated, all we can truly say is that we know that sender is who they say they are. The real key to fighting spam is attaching some sort of "score" to that identification so we can start deciding what is spam and effectively reclaiming the inbox.
Given the above, let marketers and ISPs agree that authentication is no longer an option.
In short, it is time for less carrot and more stick. The move to reclaim the inbox - for marketers and ISPs - requires that both parties accept responsibility for the blocking of unauthenticated e-mail. Once that is done, we can truly get down to the business of ending spam.