NordVPN Promotion

Home / Blogs

DMA Requires Email Authentication, Do We Care?

Last week the DMA announced with considerable fanfare that their members should all use e-mail authentication.

DMA members send a lot of bulk e-mail, but not much that would be considered spam by any normal metric. (Altria’s Gevalia Kaffee is one of the few exceptions.) Their main problem is their legitimate bulk mail, sent in large quantities from fixed sources, getting caught by ISPs spam filters. That happens to be one problem for which path authentication schemes like SPF and Sender ID are useful, since they make it easier to add known fixed source mailers to a recipient ISP’s whitelist, and that’s just what AOL and probably other big ISPs use it for. While the DMA may be implying that this is a virtuous move, in reality it’s something that their members are doing anyway for straightforward business purposes.

In the bigger picture, one of the big open questions in the spam wars is what the long term e-mail behavior of big companies will be. For now, they stay away from spamming because they quite correctly fear that they will be lumped in with the spammers who sell fake v1@gra and the like. But if we somehow get the crooked spammers under control, then what?

List sales and opt-out mailing have long been standard practices in the paper junk mail business, and advertisers would probably do it in e-mail if they thought they could get away with it. Bob Wientzen, then head of the DMA, said as much at the DMA spam meeting in about 1996, telling us that he’d like to put a coupon for Tide detergent in every consumer’s inbox in the country. With that in mind, I do worry that fixed source big company bulk mailers will try and define their practices, authentication and all, as the standard for acceptable mail behavior, then once the coast is clear, their practices will get a lot worse. I don’t think it’s any coincidence that the limits enshrined in CAN SPAM are the current standards for bulk paper mail, not for bulk e-mail.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Matthew Elvey  –  Nov 9, 2005 12:10 AM

I’m happy to see them promote Email Authentication, but it’s not a big deal because it’s not a hard requirement.  Plus, there’s no effective enforcement mechanism. The DMA is just saying that members SHOULD (not MUST) use Email Authentication, in the actual DMA board-approved language, so I think this article’s title is inaccurate.


“DMA members send a lot of bulk e-mail, but not much that would be considered spam by any normal metric.” - John

What’s the factual basis for this claim?  Since their membership list is (Oh, the irony!) secret, how do you know whether they spam?  The top 10 ROKSO spammers could be members, directly, or via an innocuous-sounding front. Do you have access to the membership list?  (And if anyone does, please update http://en.wikipedia.org/wiki/DMA_members)

John Levine  –  Nov 9, 2005 12:46 AM

It’s true, the DMA’s membership list is secret, but it’s not hard to get a pretty good idea who their members are. Membership is expensive enough that shadowy little companies are extremely unlikely to join, even if there were some reason they thought it would be in their interest to do so.

Like I said, the amount of spam you get from companies you’ve heard of is vanishingly small, with the exceptions being noticable by how unusual it is.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

NordVPN Promotion