letterhead logo


X-ASVP Provides alternative to a National Do Not E-mail Registry

SACRAMENTO (July 16, 2007)

Create an equivalent to the telephone "Do Not Call" registry for e-mail? The X-ASVP Controlling Committee (XCOM) today announced an effort to lobby Congress for legislation that would define the X-ASVP "UCE entity" as legally equivalent to a listing in a "National Do Not E-mail Registry".  

The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (the “CAN-SPAM Act”), 15 U.S.C. § 7708, called for the Federal Trade Commission to: (1) set forth a plan and timetable for establishing a National Do Not Email Registry; (2) explain any practical, technical, security, privacy, enforcement, or other concerns that the Commission has regarding such a Registry; and (3) explain how a Registry would be applied with respect to children with email accounts.

In June 2004, the FTC published a report in which they concluded that "under present conditions, a National Do Not Email Registry in any form would not have any beneficial impact on the spam problem. It is clear, based on spammers’abilities to exploit the structure of the email system, that the development of a practical and effective means of authentication is a necessary tool to fight spam. Therefore, the Commission encourages the private market to develop an authentication standard. Authentication is not only required to make a Registry effective, but may even substantially address the underlying problem that prompted Congress to consider the establishment of a Registry."

Gerald Klaas, CISSP, Chair of the X-ASVP Committee, believes that X-ASVP represents such a private market approach to develop an authentication standard, and a de-facto DNE Registry usable until such authentication standard and technical enforcement mechanisms are in place.   Klaas said, "there is no other technology available today that globally assigns a URL lookup for every possible e-mail address and effectively deals with the security issues that concerned the FTC when they wrote the DNE Registry report in June 2004".

The X-ASVP protocol defines a web location (URL) derived from e-mail addresses where an e-mail address owner can post publicly available preference settings.  For purposes of enforcing the provisions of the CAN-SPAM Act of 2003, XCOM recommends that Congress define a "NO" setting in the UCE entity as equivalent to an e-mail address listing in a "National Do Not E-mail Registry".  Such legislation would make it illegal under the provisions of CAN-SPAM to send unsolicited commercial e-mail (UCE), commonly known as "spam", to e-mail addresses where the owner had posted a "NO" setting [in the UCE entity defined by the X-ASVP protocol].

"Spam is the bane of e-mail communications," said Gerald Klaas, one of the experts who devised the system. "This plan would be easy to use, meet FTC concerns, and provide new tools to stop spammers from gaining unauthorized access to your Inbox."

While the term "National Do Not E-mail Registry" implies the creation of a large, central database run by the government, adoption of this legislation would allow the legal equivalent of the DNE Registry without actually creating a large, central database.  The recommendation to use a specific feature of the X-ASVP protocol as the legal equivalent to registration in a "National Do Not E-mail Registry", would instantly create the "database" in a virtual sense.  Since X-ASVP is a distributed peer-to-peer protocol, the "database" would be maintained in a peer-to-peer network using existing web-based technology, where no one entity has control of the data records.  Using X-ASVP, "DNE Registry" records would be hosted by individual address owners and ISP's who maintain complete control over their "database record" since it is physically located on their own web server.

Klaas said, "the X-ASVP protocol is not subject to the dictionary attacks or the "Fort Knox" vulnerability that concerned the FTC, nor is it a centralized database where people have to submit their e-mail address to the government.  X-ASVP represents a distributed, peer-to-peer system, where individuals maintain control of their own UCE setting, meaning they can "register" or "deregister" their address at any time simply by editing their X-ASVP meta-document page."

The X-ASVP Committee encourages you to write your representatives, and ask them to amend the CAN-SPAM Act to recognize publishing of a X-ASVP meta-document displaying the "UCE entity" ( <BULKMAIL><UCE>NO</UCE></BULKMAIL> ) to be equivalent to registration in a National Do Not E-mail Registry, and for the provisions of The CAN-SPAM Act of 2003, to indicate that this e-mail address has "opted-out" of receiving unsolicited commercial e-mail.  Congress should specifically amend the definition of "commercial electronic mail message" in the CAN-SPAM Act of 2003, to remove the term "primary" as thus far the FTC has failed to define the term "primary purpose" as it appears in The Act.  This minor amendment to the CAN-SPAM Act would thus make it illegal to send Unsolicited Commercial E-mail ("spam") to any e-mail address that has this UCE entity posted in the standard method [defined by the X-ASVP protocol].

You will find more information on the X-ASVP protocol online at http://www.x-asvp.org/

The X-ASVP controlling committee organization is a non-profit, non-governmental, international, professional membership group working to build, support and encourage the use of X-ASVP and the common infrastructure required for reliability, redundancy, and universality.

Descriptions of X-ASVP meta-document entities, including the "UCE entity" can be found on page

An example constituent letter, ready to edit for mailing to your representative can be found at