this August, when the organization meets in San Francisco.
AOL, as one of the publishers of the original SPF standard, is pleased with Sender ID. "We are glad the new standard is fully backwards compatible with the existing SPF, which is in use by tens of thousands of domains on the Internet already," said Carl Hutzler, director of Antispam Operations at AOL, in a statement.
A number of e-mail service providers have already adopted SPF and other authentication technologies. AOL has said it will require those on its whitelist to publish SPF records by the end of the summer.
The proposals issued by ASTA earlier this week are the result of more than a year of collaboration between the four founders and member ISPs to find common ground on the root causes of spam. The group has expertly hyped its efforts: Before April 2003, the four were relatively enclosed islands of anti-spam knowledge. Since then, they've dribbled out tidbits of information and held in the months following the U.S. Senate's passage of the CAN-SPAM Act in November 2003.
The results of the year-plus effort provide a good baseline for common knowledge but don't present any new facts or information, said Ray Everett Church, co-founder of the Coalition Against Unsolicited Commercial E-mail (CAUCE), a grass-roots organization created to find a way to stop spam.
"(ASTA) came together last year and announced they were working together to much fanfare. A year and a half later, we're still waiting for something really concrete to come out of that group, in terms of something that will make a real difference in the amount of spam the average consumer receives," he said.
What the group hasn't done, according to Church, is come up with a viable proposal to fight spam in the form of standards. Outside of Microsoft's merged proposal with SPF, each ASTA founder seems to favor its own brand of technology.
However, Nicholas Graham, an AOL spokesperson, said the alliance has met most of the guidelines that it set out in its April 2003 charter, and that getting information from disparate sources takes time. "We have opened our doors to conversation with as many groups as possible, like [Church's], in order to facilitate as much feedback as possible on the process," he said. "We felt that it was very important to deliberate as long as possible in order to -- I know this sounds trite -- get it right and to be as inclusive as possible."
Church, who is also chief privacy officer at the ePrivacy Group, is co-author of his own proposal before the IETF: the Trusted E-mail Open Standard (TEOS), which uses a cryptographic header in e-mail addresses to help end users sort out e-mail as it hits the inbox.
Naturally, he favors his technology over the others. TEOS is the result of consultation with the Federal Trade Commission, the Direct Marketing Association and the Network Advertising Initiative, as well as AOL, Earthlink and Microsoft.
"The SPF and Caller ID focus on, 'Does this server trust that server?'" Church said. "But that doesn't really help you when you get to an end user's inbox. We think that it's important that you have a technology that has greater security and cryptography, but also contains the sort of data that allows the end user to make the choices."
Representatives from Microsoft, Yahoo! and Earthlink did not return calls by press time.
Competing standards proposals and lots of meetings are signs of progress, according to Wong.
"We've never seen change on this scale, so quickly before," Wong said. "Over the next few months, it will be a period of experimentation, and we may still need to tweak to get it right. You never really get it right on the first release. But this is something we need to do, and there's no way to do it except by going out there and doing it."
Pamela Parker contributed to this story.
A Spec to Spike Spam?
