FTC on Spam: More Work to Be Done

FTC vows to defeat spam with aggressive law enforcement and e-mail authentication schemes, but panelists at the E-mail Authentication Summit are doubtful.

WASHINGTON—The second day of meetings at the Federal Trade Commissions E-mail Authentication Summit began on a hopeful note Thursday, with FTC Commissioner Jon Leibowitz saying that, through a combination of new technologies and cooperation, spam can be defeated.

"This is a goal we all share, and one that is attainable through cooperation and creativity," Leibowitz said.

But by the end of the day the consensus was that the goal would not in fact be reached. Still, Leibowitz made it clear that the commission plans to take whatever steps it can in the effort to get spam and related problems, including phishing and the distribution of worms and viruses, under control.

"Obviously, we need a multifaceted approach to this serious problem," Leibowitz said. "Aggressive law enforcement is one part of that solution."

He noted that the FTC has already begun filing its first cases against purveyors of spyware and that major ISPs are banding together to file suit against spammers. Leibowitz said that an equally important part of the solution was to raise awareness of the problem, and to find ways to help businesses and consumers protect their computers against the threat from spam.

/zimages/3/28571.gifThe FTC has endorsed a plan that would reward insiders for information leading to the arrest and conviction of spammers. Click here to read more.

Leibowitz said that the next step was to find ways to authenticate e-mail so that spammers wouldnt be able to hide. He said that while spam is a global problem, it was also necessary to make sure that anti-span efforts didnt place an unnecessary burden on ordinary users.

The days panel discussions told another story, however. Speaker after speaker said that despite the hope behind such technologies as SPF and Sender ID, spammers were already finding ways to get around them. Adding to the problem, much of todays spam is sent out by home computers that have spam software installed and remotely controlled. The owners of those computers dont even know theyre sending out spam.

In addition, spammers are registering for SPF so that their e-mail will pass that test, and some are preparing to support sender ID, panelists reported. Adding to the confusion, backers of various e-mail authentication schemes brought forth their individual approaches, with little indication of how those approaches could be made to work with other efforts.

/zimages/3/28571.gifClick here to find out why the IETF shut down one group working to create an e-mail authentication standard.

Adding to the complexity of solving the spam problem is the lack of security in Internet e-mail systems and in operating systems. In Wednesdays sessions, panelists agreed that the underlying Internet e-mail system is insecure and easily taken advantage of by spammers. That, coupled with significant security problems with computer operating systems, especially Windows, means that even the best efforts of Internet users and ISPs are doomed to fail, they said.

In closing remarks, FTC Commissioner Orson Swindle asked the panelists to find ways to work together to solve the spam problem. He noted that a great deal of hard work has already been done, but that a great deal more is needed to maintain confidence in the Internet and in e-mail as a path for commerce.

/zimages/3/28571.gifCheck out eWEEK.coms for more on IM and other collaboration technologies.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...