Date: 03/30/06 08:18:39
Subject: Junk E-mail: Here's
how 'Blue Security' will end your SPAM forever!
|
![]()
|
![]()
|
FINALLY,... RELIEF IS IN SIGHT! 'BLUE SECURITY' ALLOWS
YOU TO REDUCE
UNWANTED JUNK E-MAIL AND ALL OF THOSE ANNOYING VIAGRA
AND ROLEX WATCHES
JUNK E-MAILS! –
By Marcus J. Ranum, Thursday, March 30, 2006.
BlueSecurity at:
has embarked on a uniquely creative approach to
reducing the amount of
unsolicited bulk email ("spam") received by its
members. By maintaining
a "do not email" registry and then enabling the
complaints of tens of
thousands of members, Blue Security hopes to invert
the value
proposition of unsolicited bulk email so that
commercial email senders
have an incentive to respect the "do not email"
registry.
In the US CAN-SPAM Act of 2003, Congress required The
Federal Trade
Commission to report on the feasibility of a "national
do not email
registry." In its report [1] The FTC essentially
concludes that a do not
email registry would do more harm than good, since it
would potentially
serve instead as a "do email" registry.
The FTC's primary concern with the do not email
registry, however, is
that it would be difficult to make it anything other
than advisory -
junk email senders could simply ignore it, along with
the rest of
CAN-SPAM's provisions, and target recipients on the
list regardless.
This is a valid concern if you would be in the
position, as The FTC
would be, of taking action against those law-breakers.
After all, it is
easier to throw your hands up in the air and exclaim,
"it cannot be
done," than to have to deal with hundreds of thousands
of what would
then be provable instances where CAN-SPAM was being
violated.
Blue Security's approach to reducing unsolicited email
is to combine a
do not email registry with a mechanism that automates
and simplifies the
user's process of complaining about violations. If
messages are sent to
Blue Security members, in violation of Blue Security's
do not email
registry, Blue Security identifies the merchant
advertised in the
messages and issues an initial complaint.
The initial complaint is sent to the merchant, the
merchant's domain
registry technical contact, and the merchant's
Internet service
provider. If the initial complaints are not resolved
satisfactorily
within a ten day grace period, Blue Security writes a
script that guides
the member's desktop computer in submitting a
complaint via the
merchant's web site.
Each member who receives subsequent e-mail in
violation of the do not
e-mail registry may send an automated complaint. The
total number of
complaints sent will always be less than or equal to
the number of
messages received that violate the do not email
registry. The
fundamental economics of sending unsolicited emails
change when this
happens, because the sender now has to ensure that
their site has the
capacity to potentially handle hundreds of thousands
of simultaneous
complaints.
Many in the industry have complained that Blue
Security's approach may
be unethical, for various reasons such as:
– Concerns that the wrong web site might receive
complaints;
– Concerns that the flood of complaints amounts to a
"denial of
service attack";
– Belief that there are more effective ways of dealing
with
unsolicited E-mail;
– Concerns on the part of service providers that it
will drive up
their costs.
It is the author's belief that these
concerns, while worth taking into account, are
adequately addressed by
Blue Security's process. In this paper, we will
describe Blue Security's
process and comment on the ethics of and potential
effectiveness of
their approach...
------------------------------------------
COMPLETE ARTICLE:
Blue Security Web site:
____________________________________________________________