FTC Wants Comments on Email Authentication
An anonymous reader writes "Groklaw has the scoop. The Federal Trade Commission and National Institute of Standards and Technology (NIST) will co-host a two-day 'summit' November 9-10 to explore the development and deployment of technology that could reduce spam. The E-mail Authentication Summit will focus on challenges in the development, testing, evaluation, and deployment of domain-level authentication systems. The FTC will be accepting public comments until Sept. 30, 2004 via snail-mail or email (authenticationsummit at ftc.gov). The FTC has a list of 30 questions they would like answers/comments to. The list available in this PDF of the Federal Register Notice." In a related subject, reader Fortunato_NC submits this writeup of the sequence of events that led to Sender-ID's abandonment.
These guys aren't going to be happy until we have to hand over our credit cards, photo ID and social security number just to send an email.
From Groklaw:
7. Whether any of the proposed authentication standards would have to be an open standard (i.e., a standard with specifications that are public).
Of course the standard would have to be open. This shouldn't even be up for discussion. No argument can make security by obscurity work and no argument can get me to change my thinking that we should all be using closed SMTP servers.
Spam is "horrific" and all (BTW I don't get more than 5 a year) but we certainly shouldn't even be considering ending it by choosing applications that will eliminate an open society.
I would be willing to wager a small sum that the only invitees to this meeting will be representative of large, commercial, for-profit software vendors and ISPs. That there will be no representation of/by the Free Software community. And that the FTC will reject any comment not from a commercial software vendor/ISP as having "no standing".
Just a guess.
sPh
That's what I envision.
"Today, we must fight a war, they clog our mail boxes, they offer us penis enhancements, drugs like v1ag|2a, stuff we don't need, they make our wives leave us for believing we go to porn sites and give out our e-mails to just anyone. Today we start the war against spam"
-[Insert head of newly formed organization here]
By the time the FTC's summit comes around, it's looking like SPF is going to be pretty well established.
PJRC: Electronic Projects, 8051 Microcontroller Tools
Let's face it: Email doesn't (and can't) fill the role it used to.
There was a time when you shared your email address with everyone. It was on your resume, it was on your web page (if you had one), it was in your sig. Email was the universal, simple, fast, reliable communication medium of the internet.
I used it to get my friends together on a weekend. I used it to organize events and meet people. I used it to share information.
Nowadays, IM fills that role. I've realized that nearly everything I used to use email for can be done just as easily over IM. It's reliable, fast, relatively secure, easily encrypted, etc... Furthermore, it is largely immune to spam for a number of reasons.
I find now that I only use email when registering for something (throwaway address), or for confirmation when I purchase something online. Everything email used to do, IM can do (if used properly... Staying online, logging, offline messages, confirmation, not using the AOL client, etc...)
IM is by-and-large safe from SPAM due to the numerous restrictions placed on its use. Rate limits, authentication, etc... These things provide a layer of security, but also a layer of inconvenience.
Were email to incorporate such restrictions, it would remove the last reason in the world to even be using it in the first place! Email is completely open. If email were to be restricted, it would become nothing more than a slower version of the current capabilities of IM.
GeekNights!
Late Night Radio for Geeks!
Last time I checked email was a global technology. Am I the only one that thinks it's strange that the (FTC an entirely US organization) is making decisions about something like this? Isn't there a more appropriate internation technology body that should be handling this? Ultimately this will have to become an ISO standard to get implemented across all mail serving platforms. Wouldn't it make sense to get a global consensus before the US starts making decisions about how best to deal with SPAM.
I live in the US, but if I didn't I wouldn't want the US government telling me how to handle SPAM.