Feds Consider Putting A Bounty On Spammers' Heads - InformationWeek
Software // Enterprise Applications
05:09 PM
Connect Directly

Feds Consider Putting A Bounty On Spammers' Heads

The FTC weighs the advantages of rewarding people for identifying spammers. It's a more complex calculation than you might think.

Seeking a solution to the spam scourge, the Federal Trade Commission has turned to frontier justice of the Old West. In a report issued Thursday, the FTC explores whether bounties might aid in the enforcement of last year's Can-Spam Act.

The report, prepared as required by the spam law, takes a cautious approach. It warns of the difficulties of enlisting the public as spam fighters.

The major hurdles cited are locating the spammer, gathering evidence that will stand up in court, and implementing a reward program that offers enough money to justify the risks involved without creating burdensome administrative costs.

Provided those difficulties can be dealt with, the FTC offers a cautious endorsement of the idea, saying that a reward system "might improve the effectiveness of Can-Spam enforcement."

According to Allen Hile, an assistant director in the Division of Marketing Practices at the FTC, federal bounty programs have met with mixed success.

A companion report on the FTC's site, prepared by Marsha Ferziger Nagorsky, director of internal communications and a lecturer in law at the University of Chicago Law School, notes that the IRS bounty program has done particularly well.

"In the first 30 years of the program, more than 17,000 informants snitched for the IRS, collectively earning over $35.1 million," she writes. "The IRS benefits as well; it recovered more than $2.1 billion in unpaid taxes during those 30 years because of the program."

A reward program run by the Securities and Exchange Commission to nab inside traders has proven less effective, with only three bounties awarded in the decade it has been in existence.

The FTC report suggests that owing to the difficulties of accurately tracing spam messages, insiders represent those most likely to identify spam senders. The difficulty thus becomes making the reward more lucrative than the crime.

"The calculus has to be enough so that people come forward," says Hile, who adds that a bounty program won't become a reality without funding.

A second companion report on the FTC site, prepared by Dan Boneh, an associate professor in computer science at Stanford University, explores the problems with tracking spammers. In his conclusion, Boneh briefly mentions future anti-spam technologies that may have an impact on spammer identification, including Microsoft's Sender ID E-mail authentication scheme and Yahoo Inc.'s DomainKeys.

"At this point, it is not clear whether these technologies will eventually be deployed, nor is it known how they will affect spammer's [sic] behavior," he writes.

What is clear is that authentication isn't getting easier. America Online said Thursday that, in light of the open-source community's rejection of Sender ID, it would no longer fully deploy Sender ID. While AOL will publish Sender ID records for outbound mail, it will only check inbound mail for SPF records.

"AOL remains committed to testing authentication technology in the real-world environment of large-scale ISPs," the company said in a statement. "SPF is the 'low-hanging fruit' in the authentication debate and, given the momentum and common ground with the SPF protocol, is the logical first step in the journey to combat spam."

AOL notes that it started publishing SPF records in December and that with its support and advocacy, more than 100,000 domains now publish SPF records.

Avner Amram, executive VP of anti-spam company Commtouch Inc., says the majority of domains publishing SPF records belong to spammers.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll