The Federal Trade Commission yesterday rejected as unworkable a do-not-spam list to stop unwanted e-mail, despite the popularity and success of a similar registry for consumers who don't want telephone sales pitches.
After studying the issue for months, agency Chairman Timothy J. Muris said a do-not-spam list would be "a waste of time" because spammers would ignore it.
More dangerous, he said, was the possibility that spammers might get hold of the list, which would provide them with a gold mine of valid e-mail addresses that would be used for more spam.
"Consumers will be spammed if we do a registry and spammed if we don't," said Muris, who has long opposed the idea.
The report, which was endorsed by all five FTC commissioners, was required by Congress as part of a national anti-spam law passed late last year.
Instead of starting a registry, Muris said, the FTC would first push the private sector to agree on a method for electronically authenticating senders of e-mail, which would cut down on spammers' ability to hide their identities and locations. Muris said such authentication is a necessary precursor to any no-spam registry.
The major Internet e-mail providers, including Microsoft Corp., America Online Inc., Yahoo Inc. and EarthLink Inc., also oppose the registry and have been working on a unified approach to authentication for several months. The companies are hoping to announce a formal agreement soon.
But the FTC report was denounced by Sen. Charles E. Schumer (D-N.Y.), who last year urged Congress to require a registry. After his proposal failed to win broad congressional support, he pushed for the FTC study instead.
"We are very disappointed that the FTC is refusing to move forward on the do not email registry," Schumer said in a written statement. "The registry is not the perfect solution but it is the best solution we have to the growing problem of spam and we will pursue congressional alternatives in light of the FTC's adamancy."
As for the agency's concerns that the list would not work, Schumer said, the FTC had for years balked at a do-not-call list, "but when they finally implemented it, it was an overwhelming success."
Underlying the no-spam registry question is a larger debate over whether the new federal anti-spam law, known as the CAN-SPAM Act, is working. Industry estimates vary, but spam accounts for between 60 and 80 percent of all e-mail traffic, an increase since the law took effect in January.
In a survey of chief information officers at nearly 700 companies, 39 percent of 141 respondents said fighting spam will cost their firms more than $100,000 this year.
The survey, sponsored by the Chief Information Officer Executive Council, concluded that the act was ineffective. A majority of respondents, 55 percent, favored a do-not-spam registry.
Direct marketers and Internet companies, which supported CAN-SPAM, argue that the law needs time to work, in conjunction with technological tools.
"Today's FTC announcement reflects the widely held belief that a do-not-e-mail list would not be a do-not-spam list," said Jerry Cerasale, head of government affairs for the Direct Marketing Association.
"It is imperative that there will be an authentication system in place so that consumers and regulators can determine who sent the e-mail and take appropriate action."
But proponents of the registry said it could help address what they see as flaws in CAN-SPAM.
Most particularly, the federal law is based on a system known as opt-out, whereby users have to ask to be removed from marketing lists and bulk e-mailers must honor the requests.
Anti-spam activists and many consumer groups favor an opt-in system, meaning that marketers cannot send commercial e-mail without permission. That same philosophy underlies a 1991 law prohibiting junk faxes.
A registry would have the same effect by sparing consumers from having to opt out of every e-mail pitch they receive. That, proponents say, would simplify enforcement and avoid arguments over whether an opt-out request was made and whether it was honored in a timely way.
Under a registry system, consumers or organizations would send the FTC or a designated list manager the e-mail addresses they wanted to be free of unsolicited messages. Marketers would have to check their lists against the list, in a way that kept the list secure.
Ray Everett-Church, legal director of the Coalition Against Unsolicited Commercial E-mail, said that he supports a registry but is not surprised it was rejected.
The CAN-SPAM Act would have to be overhauled to allow proper enforcement of a registry, including allowing consumers to sue marketers that ignored the list. Under CAN-SPAM, consumers cannot sue.
But Church said the FTC could have started with a registry for all users at a certain Internet domain. In this system, for example, XYZ Inc. could state that all users with an xyz.com address were on the registry, thus avoiding a list containing individual addresses.
Muris said the FTC examined that option but determined it would simply be ignored by spammers, many of whom peddle fraudulent schemes or products. He said the national do-not-call list is effective in part because most telemarketers are legitimate businesses that abide by the law.
As for security of a list of individual addresses, the FTC said that even systems to encrypt the information to protect it from spammers would not necessarily be secure, based on the feedback it received from three cyber-security experts it hired as consultants.
Eric Castelli, chief technology officer of LashBack LLC, an e-mail security company, said he thinks a registry could be kept secure. But he said he agrees with the FTC's decision to wait until an authentication system can be used to more easily allow abusers to be tracked down and punished.