April 23, 2009 16:30 ET

ESPC to Adopt Suppression File Encryption

KENNEBUNK, ME--(Marketwire - April 23, 2009) - The Email Sender & Provider Coalition, a cooperative of leading email marketing firms and email service providers, today announced a plan to require members to support suppression file encryption when those files are transferred to or from third parties or clients.

The ESPC is moving to require suppression file encryption both as a privacy protection and to contribute to the email industry's fight against spam.

Under CAN-SPAM, marketers are required to maintain lists of recipients that have unsubscribed from receiving messages from a particular sender. Marketers are further required to share those files any time they use a third party to conduct a commercial email marketing campaign, to ensure that unsubscribe requests are honored.

If suppression lists are not secured in some way, they become vulnerable to malicious parties who could misuse them as spam lists. Suppression file abuse of this sort is a significant source of spam. Encrypting suppression files using a one-way hash, such as the standard being adopted by the ESPC, can help prevent such abuse.

"Email is unique in that the law requires that personal information, in the form of email addresses, essentially must be shared on a regular basis," said Justin B. Weiss, Associate Counsel to the ESPC. "While we cannot eliminate the need to transfer suppression files, we can set a standard and encourage the industry to take steps to protect this data from abuse by promoting the use of encryption technologies."

The standard was developed through leadership by the ESPC's Technology co-chairs. Ellen Siegel, director of Technology and Standards at Constant Contact and committee co-chair, said, "We feel strongly that if industry moves to adopt this encryption standard, we could greatly reduce spam from compromised suppression lists." Co-chair Joshua Baer, chief evangelist of Datran Media, agreed, adding, "This standard also encourages the adoption of more privacy-friendly, secure data handling practices."

ESPC members are currently in the process of implementing the standard. "We have been pleased by the progress so far," said Siegel. "We are encouraging ESPC members to work on the implementation of the standard throughout the year, and know a number of companies are targeting a September 2009 adoption time frame."

The ESPC made the announcement in conjunction with the Online Trust Alliance (OTA) Town Hall Meeting. By announcing this encryption standard, the ESPC joins OTA in its call for businesses to adopt more stringent data protection practices, including the encryption of customer data. These data governance solutions and business principles help to protect both consumers and brands from potential data abuse.

Based on the recommendation of the ESPC Technology Committee, the ESPC Board has identified MD5 encryption as the minimum encryption standard that members should support. Other formats for encryption could also be used, based on client needs or regulatory requirements, provided that MD5 is, at a minimum, supported by the ESPC member platform.

About the Email Sender and Provider Coalition (ESPC)

Formed in November 2002, the ESPC boasts a membership comprising many of the brightest and most innovative minds in the email industry, including Email Service Providers, Mail Transfer Agents, Internet Service Providers, application and solution developers, and deliverability solutions providers. The ESPC is composed of almost 70 members including Acxiom Digital; Constant Contact; Datran Media; e-Dialog; and Protus IP Solutions. For more information, please visit

Contact Information

  • Press Contact:
    Morgan McDowell
    Blast! PR
    Email Contact
    P: 919-833-9975, x12