ARCHIVED—Assessment of Email Certification

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

Task Force on Spam
Industry Canada
May 2005

Executive Summary

Email has become one of the most important tools for Internet users both at home and at the office. It has also become an important tool for companies conducting their business. Email is fast, reliable and easy to use. The cost of sending an email is very low. All of this has lead to email's popularity increasing dramatically.

With the increase in the number of email accounts, businesses have realized that they can communicate with many of their clients through email, which lowers the costs of this communication. The popularity, ease, and low cost of email, have, unfortunately, fostered the growth of spam.

Email certification is a tool that has the potential to prevent legitimate (i.e. solicited) commercial email from being filtered out by spam filters. The end-user of certification is anyone who sends solicited commercial email (SCE) to a recipient. The sender may be emailing a marketing product, a newsletter, or any other commercial email that the recipient has asked to receive. The goal is to improve the deliverability of this email. This document is intended to describe the principles and methodologies of email certification. Further study is required to investigate whether certification is a viable option for controlling spam email on a national and international level.

The development of standards in this area should be led by the groups that have vested interests in combating spam. Some concerned parties, such as marketers or commercial emailers, have a vested interest in having their SCE arrive in a recipient's email. Other concerned parties, such as email service providers, have an interest in reducing the amount of spam complaints from their clients and reducing spam's effect on their network infrastructure. Government's role is to monitor the development of anti-spam standards, in order to ensure that the public is well represented when standards are being developed by these interested parties.

The Working Group on Validating Commercial Email believes that certification is worthy of further study as an evolving approach to improve the deliverability of legitimate email. Further investigation is required into the potential costs of a certification regime. Canadian industry will have to further investigate the various methodologies to determine which, if any, would be most suitable. Coordination with international standards-development organizations would be beneficial in the international implementation of a certification regime.

Commercial Email Certification Principles

Introduction

This section is intended to describe the principles of email certification. It puts forward a series of broad principles that should make up the framework of any certification methodology. Study is required to determine the related feasibility and implementation issues, including costs.

Understanding the Problem

Because of its volume and its sometimes offensive nature, spam, also known as unsolicited commercial email (UCE), has become a major problem for both Internet users and companies that provide Internet services.

UCE can be anything from annoying to destructive. For individual recipients, spam can be overwhelming and, depending on the sender's intent, deceptive, fraudulent, obscene, or illegal. For those companies involved in facilitating the sending, delivery and receipt of email, the costs of handling enormous quantities of unwanted email are potentially crippling.

If left unchallenged, spam will also continue to undermine public confidence in the reliability and value of email communications and the Internet.

While email for commercial purposes can be highly effective and cost-efficient, some organizations are concerned about the continued efficacy of the channel because of deliverability issues.

The current volume of spam email is creating direct or indirect extra costs for all players in the chain of Internet communications. For this reason, a certification regime may be one option worth exploring as a way of ensuring the unimpeded delivery of legitimate email.

Goal of Certification

As a side effect of the large volume of spam, a significant amount of SCE is being filtered out by email service providers' spam filters. The goal of using certification is to improve the deliverability of legitimate email. Certification will provide a way by which email messages can be identified as legitimate. The spam filter would recognize SCE by a certification assertion, and allow it to pass through to its intended recipient. All other email would be processed as it normally would by the email service provider. In this way, "sender-certified" email would bypass the spam filtering process and have a greater likelihood of being delivered.

Certification is intended to increase the deliverability of legitimate email. It should not block or impede legitimate email-marketing communications; it should not unduly increase direct or indirect costs for organizations or consumers; and it should be easy to adapt to the requirements of diverse organizations and individuals. International interoperability between certification assertions would be desirable.

Note that these principles only deal with certification, not authentication. Authentication is currently being discussed within other international standards bodies, such as the Internet Engineering Task Force.

Basic Principles

The basic principles of a certification process are as follows:

  1. A certified message should be distinguishable from a non-certified message, or a message should contain a certification assertion as proof of its certification.
  2. A certification assertion should affirm the legitimacy of the message, i.e. that the sender has undergone the necessary process to substantiate the message.
  3. The issuer of a certification assertion should be capable of validating that the assertion is in good standing.
  4. A certification assertion should be secured against fraudulent use.
  5. The certificate issuer should be able to revoke a certification assertion.

Email Certification Methodologies

Introduction

The purpose of this section is to describe some of the common certification methodologies that could enable an email service provider to recognize SCE and pass it on to its intended recipient, bypassing the spam filter. The methodologies described are not exhaustive, but are commonly referenced. Since the intended audience of this document is both technical and non-technical, the methodologies will be described in general and non-technical terms.

Unfortunately, some individuals and enterprises have gathered email addresses without users' permission. Emails sent to these addresses are, therefore, considered unsolicited. A process called "harvesting" automatically collects these addresses by scanning websites for email addresses. Some enterprises then sell these lists of unsolicited addresses. Because of the low cost of sending an email, it has become cost-effective for enterprises to buy these lists and send email to these addresses. Since the addresses on the list have not been solicited, email sent to them would be UCE, commonly known as spam.

Email service providers have started to use spam filters to block email that is deemed to be UCE. This has created the problem of some legitimate SCE also being filtered out.

Note that some of the following certification methodologies dealing with this problem have applications that are commercially available, while others are only theoretical.

Methodologies

White Lists / Black Lists

This is by far the most widely used system in the certification field, although not all white lists fall into the certification category. A white list is a list of senders who only send email to recipients who have requested it, but several different variations of white lists exist.

The basic premise behind white lists is quite simple. A list of known legitimate senders' network addresses is maintained by an email service provider. When a new email arrives, the sender's network address is compared to the list. If there is a match, then the email is deemed legitimate. The email is then rerouted to bypass the spam filter and is passed on to the intended recipient.

If the check fails, then the email is sent to the spam filter for further analysis. The filter then makes a determination as to the status of the email, which is either rejected as spam, or accepted as legitimate email and passed on to the recipient.

A black list is made up of email senders that are known to send UCE. Generally, email from senders on these lists is blocked or rejected by the recipient's email service provider. The black list is the opposite of the white list, in that it records illegitimate senders. Known network addresses of computers that send spam are put on a black list, and email sent from these addresses is usually blocked.

There are several variations on these methods, including reputation systems.

Reputation Systems

A reputation system is a rating of a sender's emailing practices. The details of what specifications are included in a reputation system depend on the particular company implementing the system. Normal rated attributes could include a history of reported UCE over a period of time, best practices implemented by the sender, and the certification or authentication practices they use.

Email service providers maintain reputation lists made up of valid network addresses from which they have previously received emails. When an email service provider receives emails from a new sender, it creates a reputation profile. If the service provider doesn't receive many complaints of UCE, then the sender's reputation improves and its network address is put on the white list. If complaints are received that the incoming emails from the sender are spam, then the sender's reputation deteriorates. When its reputation drops below a certain level, a sender is deemed to be sending excessive amounts of UCE and is placed on the black list.

Product Examples

Habeas

Habeas offers a white list-certification service. The certification process generally involves researching senders to ensure that they are not known to send spam, and verifying that senders are legitimate. Habeas then certifies that email originating from the particular sender is not spam, and adds the sender's network address to its white list. The white list is then distributed to email service providers.

The sender can then add a Habeas Warrant Mark to the header of its email. When an email contains this Warrant Mark, the sender is warranting that this is a Habeas-compliant message. The Warrant Mark also contains a haiku (poem) that is copyrighted by Habeas. As a result, if a sender puts a Habeas Warrant Mark into an email that is not Habeas-compliant, then they will be subject to both copyright and trademark violations.

When email service providers receive an email, the sender's network address is compared to the white list; if it matches, then it bypasses the spam filters and is delivered directly to its recipient. Users who believe they have received UCE can complain to their email service providers, which will forward the complaint to Habeas.

Bonded SenderTM Program

Another variation on the white list involves email senders putting up financial bonds ensuring the email they are sending is legitimate. For the purposes of this document, a bond is defined as a sum of money used to protect against a claim. The bond would be held by the certification company, and the sender's network address would be added to the certification company's white list. This white list would be made available to email service providers. IronPort's Bonded SenderTM Program uses this method. In order to be accepted into the Bonded SenderTM Program, a sender undergoes an audit and is verified.

Recipients who believe the email they have received is UCE can submit a complaint to their email service provider. The provider forwards the complaint to the Bonded SenderTM Program. If the Bonded SenderTM Program receives a significant number of complaints about a sender's UCE, money is deducted from that sender's bond. The sender would also be notified that those recipients don't want to receive messages from the sender.

The threshold for the number of complaints before deduction, and the reduction amount of the bond, are set out in the bond contract between the sender and the certification company. After a certain length of time, the bond is returned, less any penalties.

Cloudmark

Cloudmark uses a rating system feedback method that allows users to identify spam. When enough users complain about a particular message, Cloudmark filters the email as spam for all users. When Cloudmark receives an email, the likelihood of the message being spam is determined, and the email is given a rating. The higher a message's rating, the more likely it is spam.

Cloudmark also rates its users based on how accurate they are in identifying spam (versus identifying email they simply don't want as spam). When a user with a higher rating identifies an email as spam, more emphasis is placed on the spam report.

Solicited commercial emailers can register with Cloudmark to ensure delivery of their legitimate commercial email. The method is based on both a white list and the Cloudmark rating system. Emailers can also use Cloudmark to find out how Cloudmark recipients view their email. When SCE is sent, the sender can add Cloudmark to its recipients list. Cloudmark will then track, and provide statistics on, how the rating system rates the email, how many users identified the email as spam and the number of inboxes to which the message was delivered. This provides useful feedback for the sender.

The reputation generated by the Cloudmark rating system can also be used to validate the Sender ID authentication system.

Institute for Spam and Internet Public Policy

The Institute for Spam and Internet Public Policy (ISIPP) maintains the ISIPP Accreditation Database (IADB). The IADB is a list of senders' network addresses. The list has two types of senders listings: vouched and nonvouched. The vouched listing contains the network addresses of senders who are personally known to ISIPP and are known to have sound email practices, while nonvouched listings are based on reference checks of the senders.

ISIPP recommends that the IADB be used in conjunction with an authentication system to help its users make informed decisions about the validity of email.

Senders participating in the IADB must abide by a strict set of rules governing their email practices in order to be accepted into the program.

The IADB contains a code that describes the sender's email attributes, such as what anti-spam programs they subscribe to (e.g. Bonded SenderTM Program, Habeas, etc.), whether they are ISIPP-vouched, whether they use sender policy framework or Sender ID, and other anti-spam information.

E-Postage Stamps

The premise behind e-postage stamps is that if a sender believed a recipient would value an email, then the sender would be willing to pay to send it. A sender would probably not be willing to pay for a postage stamp for emailing UCE, so this spam would be eliminated from the recipient's mailbox.

A sender would purchase electronic stamps and attach them to outbound emails. The recipient's email application would only accept messages with a stamp attached. A recipient could create a list of known senders from whom they would accept email without stamps attached. Emails not read before a certain length of time would be returned to the sender who would be returned the value of the stamp.

Stamps would have to be issued by a recognized financial institution. Stamps inserted into emails would have to be secured against fraudulent use.

Variations on the e-postage concept include having recipients only accept messages from a sender when the stamp is greater than a certain monetary value.

The e-postage method is generally thought of as impractical, and would be extremely cost-prohibitive to roll out. Concerns surrounding this method include those about who would issue the certificate and who would receive the payments. Some proposed methods would have the recipients receiving the payments. This particular method would pose several problems, in that users could subscribe to SCE just to receive stamps.

The cost of the infrastructure required to issue, maintain and verify these stamps would be prohibitive in just one country. When international borders are taken into consideration, different currencies would become an issue, and the cost of collecting and verifying stamps would increase.

Computational Stamps

The concept behind computational stamps is that computer, or CPU, time costs money. Computational stamps are based on the premise that a user would be willing to have their personal computer run though a certain amount of complex computations before sending an email message. Since computing time costs money, anyone sending spam would have to pay more, through increased computation time, to send an email.

A certification assertion would be placed in the email to show what computations had been performed. The computations would have to be verifiable by the recipient. The amount of CPU time spent by a regular user receiving a nominal number of emails would be minimal. A sender that emails thousands of UCEs, however, would have to spend a great amount of resources to compute the stamp for each email.

The computational-stamp method has several flaws, however - the first being that the computational abilities of computers are increasing quickly; what takes four seconds to compute today might only take one second next year. Senders of UCE could just buy more powerful computers to run the calculations faster. Second, computational stamps would also put senders of SCE at a disadvantage, by raising their costs along with the spammers'.

Conclusion

The list of methodologies mentioned in this section has been for discussion purposes only. More study would be necessary to further analyze the existing products to determine whether they fully meet the requirements of an anti-spam certification program.

References