spam, spam, spam,  privacy, security & spam

Back to the main spam page, click here.

For those who want to go direct to the TEOS download page, click here.

For an explanation of why it is okay to say "EMAIL CAN BE SPAM" but it is dumb to say email can be SPAM™ or even Spam, click here .

For a direct link to our data privacy and computer security resources, click here.

The Trusted Email Open Standard

(In Ten Bullet Points or Less)

by Stephen Cobb, Spring 2003

For the better part of two years I have been working with my colleagues at ePrivacy Group to draft a roadmap towards a spam-free future (some of them have been working on the problem for even longer than that). We received input from a whole raft of concerned individuals, privacy activists, lobbyists, consumer advocates, regulators, industry associations, legislators, and companies, including marketers and some of the largest players in the Internet business.

The results are summed up in a white paper, released on 4.30.03, that describes something we call the Trusted Email Open Standard, or TEOS for short (we pronounce it tee-oss, because when you have lived with something this long, you get to say it how it is said).

Further down the page I have provided links to the whitepaper and a set of slides that illustrate the key concepts. The white paper is thorough and runs to 35 pages. There is a 3-page summary at the beginning, but I thought it would be helpful to see if I could spell out the TEOS roadmap in just ten short bullet points. I think I have succeeded, so here they are:

1. Spam is possible because SMTP, the technology used to transmit email, does indeed stand for Simple Mail Transport Protocol, which does not bother to verify the identity of email senders.

2. Spam happens because people are human and prone to do sleazy things, particularly when there is money to be made and the chances of being caught are slim. SMTP allows these people to lie to the recipients of their messages, and the Internet Service Providers (ISPs) that deliver them, by "spoofing" the sender identity, making the message appear to be from some other person, real or imagined.

3. Any solution to the spam problem must address both technology and human behavior.

4. Any solution to the spam problem must account for the legitimate ways in which people use email today. You can't say all bulk mail is banned, because I have already given permission for numerous organizations to include me in bulk mailings (such as last minute air fares that I don't want to miss). And you can't say all unsolicited email is banned, because if someone is offering a big discount on a product I am about to buy, I am pleased to find out about it, even if I did not specifically ask that person to tell me.

5. Any immediate solution to the spam problem must work without replacing SMTP, which is just too big a task to happen any time soon. And it should offer several levels of fix, because one size is unlikely to fit all.

6. So TEOS takes three steps forward, starting with a simple enhancement to current email technology that enables senders to identify themselves more reliably. This allows ISPs and recipients to make better decisions about what to do with messages (e.g. those that come from senders who are prepared to identify themselves are more likely to be legitimate than those that don't).

7. The next step is to enable senders to says things about their messages that can be read by the computers that process them. We call these "assertions" and they are made in the part of the header of the message recipients don't see. A bank might assert that a message is a customer statement. A charity might assert that a message is a newsletter to which the recipient has subscribed. A marketing company might assert that its messages meet certain standards for permission-based offers. These assertions enable ISPs and recipient to make even better decisions about which message to accept and, because the sender's identity has been verified, there is a good chance the assertions are true (it is a lot riskier to lie about messages when people know who you are).

8. The last step goes beyond making assertions that are coded into message headers and gives those companies that want to display their commitment to the highest email standards a seal or trust stamp that they can place into their messages. These trust stamps are unique to each individual message and cryptographically protected to make them almost impossible to "spoof." They allow ISPs and recipients to immediately verify whether or not the sender is a member in good standing of a program designed to promote responsible email.

9. Oversight of the standard, and programs that promote responsible email (of which we think there will be quite a few, each with its own unique appeal) will be handled by an oversight board. The members of the board will represent all relevant interests, from recipients (consumers), to email providers (ISPs and web mail providers), to email senders (companies, government agencies, non-profits, and so on). The board will operate internationally, delegating authority to different regions, and certifying organizations that verify identities and assertions.

10. A vast improvement in email will occur if TEOS is adopted. The economic incentive to send spam will have been eroded because those senders who are not honest about who they are and what they are sending will find their email is not delivered. At the same time, TEOS preserves the ability of individuals to send email to each other, anonymously if they wish. TEOS embraces the best of email today and extends it, using platform agnostic technology that is low in cost and proven to work. ePrivacy Group will even donate some of its patent-pending technology to the Internet community to make this happen if the key players can commit to this roadmap.

To download the Trusted Email Open Standard whitepaper
click here.

Back to the main spam page, click here.

More information about Trusted Sender technology.

More information about Spam Squelcher technology.

Updated January, 2010, by webbloke at cobbsblog.com © Stephen Cobb, 1996-2010