David A. Wheeler's Blog

Thu, 02 Dec 2004

Comments on Email Authentication for Countering Spam

The Federal Trade Commission (FTC) and National Institute of Standards and Technology (NIST) are considering their options for email authentication as a technique to partially counter spam. I recommend that they make two fundamental decisions. First, FTC and NIST should urge lawmakers to make spam illegal, so that technological measures will have legal standing. Authentication has little anti-spam value without it. Second, FTC and NIST should insist that any anti-spam technical standard must be implementable by all suppliers of email infrastructure, both proprietary and open source software.

This essay responded to a Federal Register request supporting the “Email Authentication Summit” of November 9-10, 2004. I sent the original version of this essay on September 27, 2004. Although it was publicly posted, and quoted in places such as Groklaw’s FTC Email Authentication Summit article, it had various formatting problems, a few minor grammatical mistakes, and it mentioned only NIST and not the FTC. This version is much easier to read since I converted it to HTML and had these minor problems fixed.

So, for those of you who wanted a nicer copy of this essay — enjoy! It’s here, at:
Comments on Email Authentication for Countering Spam

path: /security | Current Weblog | permanent link to this entry