• by Newswire Report , July 9, 2003

As the U.S. House of Representatives begins the process of trying to pass anti-spam legislation by the end of the year, the debate about the email "do-not-spam" list is heating up.

Experts in email and privacy at ePrivacy Group, an advisor to corporations and government agencies on spam and other electronic privacy and security issues, caution that creating an effective "do-not-spam" list to match the new national "do-not-call" list will require major changes to current email technology.

Consumers have enthusiastically endorsed the federal government's introduction of the list to combat unwanted phone calls from telemarketers; but unlike the phone system, email currently contains no mechanism for identifying the source of messages.

ePrivacy Group's Stephen Cobb, author of a recent book on privacy and email, says 'bad actors' can easily lie about their identity and the content of their messages using current email technology. "Before we can enforce a do-not-spam list, we have to start certifying the identity of email senders and the assertions they make about their messages."

"The technology to do this exists," says Cobb, "But many companies have yet to implement it."

According to Vincent Schiavone, president and CEO of ePrivacy Group, the challenges facing a do-not-spam list include enabling Internet Service Providers and consumers to make reliable decisions about messages based on factors such as the type of message being sent, the sender's permission basis for the mailing, and the status of their participation in the do-not-spam program.

Noting that over 80% of respondents in a recent Insight Express poll were in favor of a program to prevent spam modeled on the do-not-call list, Schiavone says this level of support will pressure the government and companies to act.

"There is little that consumers can do about spam in the near term," adds Schiavone, "But there is a lot that companies could be doing." In particular, he cites the need to help consumers distinguish so-called 'scam spam' from official company messages.

"Companies that rely on consumer email need to act before more of these attacks occur, further undermining consumer confidence in email as a communication channel."