Protecting legitimate bulk e-mail

Part eight of our nine-part series on managing spam.

About the book

For many companies and individuals, spam is an annoyance and undesired expense. This series excerpt from Privacy: What Developers and IT Professionals Should Know offers advice on what we can do to fight spam, how we can protecting legitimate e-mail and develop e-mail-friendly solutions.

Author J.C. CANNON, privacy strategist at Microsoft's Corporate Privacy Group, specializes in implementing application technologies that maximize consumer control over privacy, and enable developers to create privacy-aware applications. Cannon organized Microsoft's Privacy Response Center, an automated resource for tracking privacy issues throughout Microsoft. He works closely with Microsoft product groups and external developers to help them build privacy into applications. He also contributed the chapter on privacy to Michael Howard's Writing Secure Code. Cannon has spent nearly twenty-five years in software development.

Sample Chapter is provided courtesy of Addison Wesley Professional.

Often companies send newsletters, monthly statements, airline specials, and security alerts using bulk e-mail to consumers who have subscribed to receive these mailings. Unfortunately, many of these mailings are blocked by spam filters and rejection lists. This has led to lost revenue, litigation, and the inconvenience of consumers who rely on the mailings.

Companies such as ePrivacy Group are creating solutions that block spam while permitting legitimate bulk e-mails to make it to their destination. ePrivacy's Trusted Sender Program requires that bulk e-mail companies register with them and adhere to certain practices in order to be accepted into the program. Subscribers to the service are able to add a trust stamp to their e-mail, informing users and e-mail servers that the e-mail can be trusted.

Bonded Sender is a similar program that is run by IronPort. Their program requires participants to pay a bond and agree to send e-mail only to users who have requested e-mail. Participants are added to an e-mail acceptance list. Companies that violate the agreement are placed on an e-mail rejection list and forfeit their bond.

Project Lumos, which is run by the E-mail Service Provider Coalition (ESPC), is an e-mail registry and authentication system that will help distinguish between valid and rogue bulk mailers. The 30 members of the ESPC represent more than 200,000 commercial marketing clients. Its success requires participation from ISPs.

Participating in programs such as these will help lower costs and ensure the delivery of legitimate e-mail.

The SpamCon Foundation has gone a step further than simple participation; they are helping to fund companies running e-mail validation lists that are defendants in lawsuits., which was being sued by a group of spammers, was SpamCon's first client. A Florida judge eventually vindicated's antispam tactics and dismissed the suit.
Next section: Conclusion

Index Page

This was last published in April 2005

Dig Deeper on Network Security Best Practices and Products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.