The law gives states attorneys general and ISPs the ability to take action against offenders, and there is a good deal of recent case activity. Overall, this has produced positive action in the industry.
Technical: Authentication Systems
Authentication technology identifies the sender of an e-mail and verifies the identity. This may be the industry’s best chance to defeat spam and fraudulent e-mail. Authentication technology uses coding, encryption and other IT-based methods to eliminate the ease with which spammers can forge their identity under current e-mail protocols.
There are two e-mail authentication systems currently in development: Sender ID and Domain Keys.
Sender ID is the combination of AOL’s Sender Policy Framework (SPF) and Microsoft’s Caller ID. Sender ID authenticates e-mail senders and blocks e-mail forgeries and faked addresses. AOL already is testing its version of Sender ID and will move to full use of this system in the fall.
Marketers should register each IP address used to send e-mail at http://spf.pobox.com/. It’s important to think about all the e-mail a company sends out including promotions, newsletters and service announcements. Those marketers who use an outside service bureau should consult with their vendors.
Today, AOL uses the Domain Name System (DNS) listing of servers or IP addresses to verify that e-mail it receives has been sent from the domain it claims to come from. AOL compares the sending IP address with a listing of IP addresses authorized to send from that domain. If the numbers don’t match, the mail doesn’t get through. Expect wider adoption in the fall by other ISPs.
Next year we’ll see implementation of a more complex solution being developed by Yahoo called Domain Keys. It uses a combination of public and private “keys” to authenticate the sender’s domain and reduce the chance that a spammer or hacker will fake the domain sending address. Each message will contain a digital signature in the header that contains a private key representing the sending domain. ISPs will match up the private key with a public key registered with the Internet’s DNS listing of servers to determine whether an incoming message is valid.