Response to DMA Authentication Article

In a recent article in the San Francisco Chronicle, Chris Hoofnagle of EPIC, implies that the DMA’s recent requirement for members to use one of three authentication standards (SPF, Sender ID, DKIM) when sending commercial email messages was merely a ploy to get more spam into the inbox. The article states:

This isn’t about making consumers happy,” said Chris Hoofnagle, who runs the West Coast office of the Electronic Privacy Information Center. “It’s about making sure that marketers’ e-mail hits the target.”

He said authentication systems might indeed reduce some phishing and certain types of spam. But they don’t eliminate unsolicited marketing pitches that fill the typical Internet user’s inbox.

“Authentication can actually increase spam,” Hoofnagle said. “It makes sure some spammers’ messages are delivered.”

Mr. Hoffnagle shares a common misperception about authentication and how it is used. Authentication is about identity. It’s a way of knowing (more or less) for sure that the person sending email is who they say they are. This has very little to do with the decision about whether to put the mail into the inbox, to put it in a junk mail folder or simply to block it. Most ISPs use measures of good/bad behavior to determine how they will treat mail from a sender.

I can’t speak to the DMA’s intent on this, but the impact of the DMA’s requirement is that members will have a (mostly) non-spoofable identity so that their actions will be *more* likely to determine whether their email will be delivered or not. Generally, seems like a good thing to me.

Prev Next

minute read

Popular stories