Whitelists for UK commercial email
Is the DMA about to start endorsing a DNSDB approach to filtering email?
From a recent NMA article:
Head of the Direct Marketing Association's interactive media division, Robert Dirskovski, said its Email Marketing Council had been discussing the possibility of introducing a white list solution.
This would list those who are entitled to send email, and would be regulated by ISPs and/or a government agency.
Now obviously the juicy combination of "government agency" and "those who are entitled to send email" tends to set-off whatever the libertarian version of spider-sense is. But more likely, it's going to be another piece of "industry self-regulation" designed to avoid government intervention.
Now, I don't know what the Email Marketing Council have been discussing, but I'd speculate that most practical and likely approach is going to be running a public DNSDB. I imagine the plan would work like this:
- The DMA sets up their own whitelist zone, in a similar fashion to any DNSBL/RBL. But the zone lists approved IP addresses.
- DMA members who agree to a specific code-of-practice have their outgoing IP addresses added to this zone. In theory, you could use the domain of the envelope sender, but at the moment that approach invites forgeries.
- ISPs in the UK are persuaded to configure mail filtering (if such filtering exists) to use the zone as a whitelist. (I believe configuration for whitelist DNSDB is possible in most of the major MTA systems, at least the Unix ones, as well as some personal filtering software such as SpamAssassin.)
- Rather than being subject to instant fines as with the Bonded Sender system, they would likely be subjected to some DMA internal wrist-slapping procedure. Of course abusers would still be subject to the relevant government regulations, so hopefully it'll still be in the best interests of the DMA to be seen to be keeping it's own house clean.
- Remaining UK ISPs that continue to block "legitimate" mail from whitelisted IP addresses can be targeted by charm before they start making complaints (unfair restraint of trade?).
If this is what happens then I'd view it as a broadly positive move. Believe it or not, there are lists (commercial or not) who despite being careful in ensuring confirmed opt-in subscriptions still get accused of spamming by (usually) automated systems. While it doesn't stop the non-stop spew of common-variety spam it does attempt to cover a major issue caused by spam: false-positive blocking of legitimate commercial email, and a provides stick-shaped carrot to deter legitimate organisations from adopting illegitimate marketing practices.
The main danger may come from putting to much control in the hands of those administrating the lists (a problem that has tarnished the reputations of blacklists when abuse of this power is perceived to have occurred). But, providing there's no government-mandated use of the lists, the ability of ISPs to boycott the list, or use alternatives, should keep it useful.
At the very least, it might provide a catalyst for further DNSDB whitelist use. Shared whitelists are the the yang to the shared blacklist yin, in my opinion only a combination of the two can provide the right balance.
spam: posted at 18:01, link