Quris' Kevin George explains that the industry needs more than CAN-SPAM legislation to turn the tide on this plague.

Nearly two years after Congress signed the CAN-SPAM Act into law, legislators, FTC, marketers and consumer advocates are still hard at work to combat spam, also known as junk email. The CAN-SPAM Act made headlines again recently when FTC announced that adding a new requirement for Subject Line Labeling (such as “ADV” noted on the subject line) on commercial emails would be ineffective in fighting spam because the vast majority of spammers would simply ignore it. So how does this bode for Fortune 1000 marketers who want to communicate with their customers through email?

For one thing, Fortune 1000 marketers can’t rely on legislation alone to contain the spam epidemic. By now, it should be clear to everyone that the CAN-SPAM Act isn’t enough to eradicate or even reduce spam. Adding more bells and whistles such as Subject Line Labeling certainly would not make CAN-SPAM Act any more effective. FTC cites three reasons for this. First, Subject Line Labeling helps neither ISPs nor consumers in filtering spam. Subject Line Labeling is actually less precise than the spam filters readily available to consumers at no or little cost. Furthermore, spammers will simply ignore the Subject Line Labeling requirement, and hence their emails will be sent to the inbox, while legitimate marketers will comply with the new requirement, and hence their emails will be sent to the junk email folder. Second, Subject Line Labeling poses practical and technological concerns. It will not help ISPs filter out spam but may actually increase their operating costs. And, third, Subject Line Labeling will do nothing to help law enforcement track down the violators.

While the CAN-SPAM Act couldn’t eradicate spam, and no one really expected it to, it was highly successful in increasing the awareness of the spam problem among the general public. It also allowed legitimate marketers to comply with one federal regulation as opposed to a patchwork of differing state regulations, and enabled law enforcement to successfully persecute several high-profile spammer cases. 

As recommended by FTC, ISPs and legitimate marketers are now largely focused on the development and implementation of 1) sender authentication standards and 2) sender reputation/accreditation services. At the most recent Email Authentication Implementation Summit held July 2005, two different sender authentication standards emerged -- Sender ID and DomainKeys Identified Mail (DKIM).

Sender ID, backed by Microsoft, validates the origin of email by verifying the IP address of the sender against the purported owner of the sending domain. For bulk email senders to pass through Hotmail, they must publish their Sender Policy Framework (SPF) in order to identify themselves. Microsoft reported that approximately 25 percent of Hotmail’s total inbound email has SPF records published today. Microsoft has also promised a change to its email application to easily determine if an incoming email has been authenticated via Sender ID.

DKIM, supported by Yahoo! and Cisco, takes a slightly different approach. DKIM uses public key cryptography to attach a digital signature to outgoing email so recipients can verify that the message comes from its claimed source. DKIM’s main benefit is it can detect emails containing falsified (spoofed) sender information, which is commonly associated with spam and phishing.

These types of sender authentication methods are an important step in the fight against spam. However, they are more or less ineffective when used without sender reputation/accreditation services. The idea is sender authentication will verify a sender’s identity and reputation/accreditation services will determine that sender’s reliability as a responsible marketer, similar to how sellers are rated on eBay. Some of the leading reputation/accreditation service providers are Return Path (Bonded Sender), Habeas and Goodmail Systems. 

While these are promising developments, there are immediate actions Fortune 1000 marketers can take to further the anti-spam cause. First, become engaged in the ongoing industry debates and voice your opinions. Vendors and service providers tend to dominate these types of discussions, but it is imperative to have direct input from marketers who represent major brands.

Second, adhere to email marketing best practices. Fortune 1000 marketers are trend setters, and it is simply not good enough to meet the minimum standards set forth by the CAN-SPAM Act and ISP policies. Fortune 1000 marketers need to avoid over-mailing, ensure every email contains targeted, relevant and timely information, and continuously test and analyze email campaigns to better understand customers' email communication needs.

Third, stay abreast of legislative and technology developments related to fighting spam because they continue to shape the future of email as a business communication medium. And, a good first step here is to ensure compliance to email authentication standards as soon as possible.

There isn’t a single solution to turn the tide on the spam epidemic. Rather, the combination of sensible legislation, ongoing success in law enforcement, technological advancements such as sender authentication standards and accreditation/reputation services, continued consumer education, and marketers adhering to best practices will create a “tipping point” at which we will begin to witness a rapid decline of email-borne fraud. We may not be there yet but we are very close. 

Kevin George is chief operating officer of Quris, Inc. a Denver-based full-service email marketing services firm serving Fortune 1000 companies.