NordVPN Promotion

Home / Blogs

DMA Requires Email Authentication, Do We Care?

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

Last week the DMA announced with considerable fanfare that their members should all use e-mail authentication.

DMA members send a lot of bulk e-mail, but not much that would be considered spam by any normal metric. (Altria’s Gevalia Kaffee is one of the few exceptions.) Their main problem is their legitimate bulk mail, sent in large quantities from fixed sources, getting caught by ISPs spam filters. That happens to be one problem for which path authentication schemes like SPF and Sender ID are useful, since they make it easier to add known fixed source mailers to a recipient ISP’s whitelist, and that’s just what AOL and probably other big ISPs use it for. While the DMA may be implying that this is a virtuous move, in reality it’s something that their members are doing anyway for straightforward business purposes.

In the bigger picture, one of the big open questions in the spam wars is what the long term e-mail behavior of big companies will be. For now, they stay away from spamming because they quite correctly fear that they will be lumped in with the spammers who sell fake v1@gra and the like. But if we somehow get the crooked spammers under control, then what?

List sales and opt-out mailing have long been standard practices in the paper junk mail business, and advertisers would probably do it in e-mail if they thought they could get away with it. Bob Wientzen, then head of the DMA, said as much at the DMA spam meeting in about 1996, telling us that he’d like to put a coupon for Tide detergent in every consumer’s inbox in the country. With that in mind, I do worry that fixed source big company bulk mailers will try and define their practices, authentication and all, as the standard for acceptable mail behavior, then once the coast is clear, their practices will get a lot worse. I don’t think it’s any coincidence that the limits enshrined in CAN SPAM are the current standards for bulk paper mail, not for bulk e-mail.

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Matthew Elvey  –  Nov 9, 2005 12:10 AM

I’m happy to see them promote Email Authentication, but it’s not a big deal because it’s not a hard requirement.  Plus, there’s no effective enforcement mechanism. The DMA is just saying that members SHOULD (not MUST) use Email Authentication, in the actual DMA board-approved language, so I think this article’s title is inaccurate.


“DMA members send a lot of bulk e-mail, but not much that would be considered spam by any normal metric.” - John

What’s the factual basis for this claim?  Since their membership list is (Oh, the irony!) secret, how do you know whether they spam?  The top 10 ROKSO spammers could be members, directly, or via an innocuous-sounding front. Do you have access to the membership list?  (And if anyone does, please update http://en.wikipedia.org/wiki/DMA_members)

John Levine  –  Nov 9, 2005 12:46 AM

It’s true, the DMA’s membership list is secret, but it’s not hard to get a pretty good idea who their members are. Membership is expensive enough that shadowy little companies are extremely unlikely to join, even if there were some reason they thought it would be in their interest to do so.

Like I said, the amount of spam you get from companies you’ve heard of is vanishingly small, with the exceptions being noticable by how unusual it is.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

NordVPN Promotion