Ken Magill was right: The recent FTC Spam Summit was a real snoozer. Maybe it was the oppressively humid weather in D.C. this time of year that’s conducive to snoozing. More likely, it was due to our own misplaced expectations that such an event could ever be more than a big “show ‘n tell.” Never mind that we’d heard all the speeches and solutions before and that not much had changed since the last Summit. This simply wasn’t the forum for examining the truly systemic issues or questioning the wisdom of the industry’s strategies and tactics. Debating those things in front of a regulatory body simply wasn’t on the agenda, and it was probably unrealistic to ever think it could be.
Nonetheless, those are precisely the things we should be debating in our industry. Trevor Hughes of the ESPC set the stage by arguing that there are really two classes of spam—spam that is malicious and spam that is annoying. His point was that today’s real problem is with the malicious spam that comes from the bad players, not legitimate companies. The inescapable conclusion was that the answer isn’t further legislation since the bad players operate outside of the law anyway. While it’s a good message for the FTC to hear as it considers further rule making under CAN-SPAM, it didn’t go far enough.
After acknowledging those two classes of spam, we should be talking about how to deal with them. No one disputes that both are undesirable, but applying the same tactics used to combat the malicious spam to that which is annoying is what produces “false positives” and endangers the reliability of the medium for legitimate commerce. In my mind, reconciling email security with legitimate commerce—balancing the scales—is the critical challenge facing our industry today. Admittedly, my attempt to address this challenge at the FTC Summit fell flat. (Right message, wrong forum.) Yet, I’m convinced this is the real debate we need to have. And we do need some new thinking about the roles that different stakeholders (consumers, ISPs and senders) can and should play.
If the FTC Summit isn’t the right forum, what is? We need a new blueprint for email. Where can we come together to debate the systemic issues and arrive at more coherent, comprehensive solutions that satisfy both our security and commercial concerns? We can’t continually parade into Washington, D.C., with nothing new to tell and nothing new to show. At some point, the FTC’s patience will wear thin…as it should. If industry wants to retain the latitude of self-regulation, industry must have more to show for its efforts. We’ll invite government intervention if we don’t.