FTC, NIST to Host E-mail Authentication Summit

Adoption of Technology Could Help Thwart Spam

For Release

The Federal Trade Commission and National Institute of Standards and Technology (NIST) will co-host a two-day “summit” November 9-10 to explore the development and deployment of technology that could reduce spam. The E-mail Authentication Summit will focus on challenges in the development, testing, evaluation, and deployment of domain-level authentication systems.

A Federal Register Notice to be published today notes that the FTC’s National Do Not
E-mail Registry Report to Congress stated that “significant security, enforcement, practical and technical challenges rendered a registry an ineffective solution to the spam problem.” The report identified domain-level authentication as a promising technology that would enable Internet Service Providers (ISPs) and others to better filter spam, and would provide law enforcers a tool to locate and identify spammers.

The Notice states that the Simple Mail Transfer Protocol (SMTP) currently in use for
e-mail allows spammers to use techniques like “spoofing,” open relays, open proxies, and “zombie drones” to remain anonymous, evade spam filters, and elude law enforcers. “To remove this cloak of anonymity, ISPs and others involved with the e-mail system have proposed domain-level authentication systems that would enable a receiving mail server to verify that an e-mail message actually came from the sender’s purported domain,” the notice says.

The FTC is seeking public comment on:

  • Whether any of the proposed authentication standards (either alone or in conjunction with other existing technologies) would result in a significant decrease in the amount of spam received by consumers;

  • Whether ISPs that do not participate in an authentication regime would face any challenges providing e-mail services. If so, what types of challenges these ISPs would face and whether these challenges would in any way prevent them from continuing to be able to provide e-mail services;

  • Whether an Internet-wide authentication system could be adopted within a reasonable amount of time. Description of industry and standard-setting efforts, whether there is an implementation schedule in place and, if so, the time frames of the implementation schedule;

and 27 other questions listed in the Federal Register Notice that will be discussed or addressed at the summit.

Parties who wish to participate in the Summit must send a statement to the FTC and NIST setting forth their expertise in, or knowledge of, the issues by September 30, 2004. The FTC and NIST will select participants who submitted timely responses that demonstrate expertise in or knowledge of the issues, and whose participation would promote the representation of a balance of interests at the Summit.

The Commission vote to publish the Federal Register Notice was 4-0-1 with Commissioner Jon Leibowitz not participating.

Written comments should be identified as “E-mail Authentication Summit-Comments,” and written requests to participate in the E-mail Authentication Summit should be identified as “E-mail Authentication Summit-Request to Participate.” Written comments and requests to participate should be submitted to: Secretary, Federal Trade Commission, Room 159-H (Annex V), 600 Pennsylvania Ave., N.W., Washington, DC 20580. If submitting in paper form, parties must submit an original and three copies of each document. The FTC requests that any comment filed in paper form be sent by courier or overnight service, since U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions. In the alternative, parties may e-mail comments and requests to participate to authenticationsummit@ftc.gov. To ensure that the Commission considers an electronic comment, you must file it with the FTC at this e-mail address. For further requirements concerning the filing of comments and requests to participate, please consult the Request for Comments and Requests to Participate sections of the Federal Register Notice for the E-mail Authentication Summit (linked to this news release on the FTC Web site: www.ftc.gov.

Copies of the Federal Register Notice are available from the FTC’s Web site at http://www.ftc.gov and also from the FTC’s Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint in English or Spanish (bilingual counselors are available to take complaints), or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357), or use the complaint form at http://www.ftc.gov. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

Contact Information

Media Contact:
Claudia Bourne Farrell
Office of Public Affairs
202-326-2181
Staff Contact:
Sana Coleman
Bureau of Consumer Protection
202-326-2249