A government-run do-not-spam registry would not only be ineffective, but could actually do more harm than good, according to a report issued by the Federal Trade Commission Tuesday.
"Any do not e-mail registry would be a waste of time, and worse, would probably be a 'do spam' registry," said Federal Trade Commission Chairman Tim Muris.
Muris argued that spammers would inevitably get a hold of such a list, which would be a powerful collection of valid e-mail addresses, and use it to send out unwanted messages.
Passing on the do-not-spam registry, the commission instead called for a conference this fall that would bring together representatives from private industry to study technologies that more clearly identify e-mail senders. Several Internet service providers have made proposals to better authenticate e-mail traffic.
The problem of unwanted e-mails continues to spiral out of control. Last year, for the first time, there were more spam messages than legitimate e-mails delivered across the Internet, according to industry groups. A recent study indicated that by this spring, spam accounted for a full two-thirds of all e-mails, and in the United States, 83 percent of all e-mail was spam.
Research into the feasibility of a dp-not-e-mail list was mandated by last year's CAN-SPAM Act, and followed on the heels of the successful launch of the do-not-call anti-telemarketing list in 2003. Muris was quick to throw cold water on the anti-spam list idea last year when Congress bandied about the idea, but the final version of the CAN-SPAM Act included provisions for one anyway.
Today's report, called "National Do Not Email Registry: A Report to Congress," says spammers are notorious for disobeying federal laws, so there's no reason they would abide by such a registry. And the cloak of anonymity permitted by the Internet means enforcement of such a list would be nearly impossible.
The do-not-call list works because telephone lines generally allow authorities to trace the origins of phone calls, permitting enforcement of that registry, Muris said. Verifying e-mail senders is a far more difficult task.
Spammers regularly use hijacked computers -- sometimes poorly defended university servers, sometimes consumers' home computers that have been vandalized -- to send out spam, making tracking the spammer even harder.
"There is an arms race between spammers and people trying to stop spam," Muris said.
The committee considered various options for implementing a list, including setting up government-controlled servers through which all e-mails would pass, allowing the government to filter out unwanted messages while keeping the do-not-spam registrants a secret. But such an arrangement was unrealistic, Muris said.
"That would create new choke points on the Internet, and create a whole new infrastructure through which all e-mail would have to pass," he said.
The commission report noted another downfall of creating a list of Internet users who didn't want to receive spam: it might be a tool that could be used against children.
"A Registry that identified accounts used by children, for example, could assist legitimate marketers to avoid sending inappropriate messages to children. At the same time, however, the Internet’s most dangerous users, including pedophiles, also could use this information to target children," the report said.
For now, the report urges private industry to come up with spam solutions. It did leave the door open, however, for a more activist government role if technology firms fail to reach consensus on their own.
"If, after allowing the private market sufficient time to develop, test, and widely implement an authentication standard, no single standard emerges, the Commission could begin the process of convening a Federal Advisory Committee to help it determine an appropriate email authentication system that could be federally required," the report said.
