Feds Consider Putting A Bounty On Spammers' Heads - InformationWeek
Software // Enterprise Applications
05:09 PM
Connect Directly
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Feds Consider Putting A Bounty On Spammers' Heads

The FTC weighs the advantages of rewarding people for identifying spammers. It's a more complex calculation than you might think.

Seeking a solution to the spam scourge, the Federal Trade Commission has turned to frontier justice of the Old West. In a report issued Thursday, the FTC explores whether bounties might aid in the enforcement of last year's Can-Spam Act.

The report, prepared as required by the spam law, takes a cautious approach. It warns of the difficulties of enlisting the public as spam fighters.

The major hurdles cited are locating the spammer, gathering evidence that will stand up in court, and implementing a reward program that offers enough money to justify the risks involved without creating burdensome administrative costs.

Provided those difficulties can be dealt with, the FTC offers a cautious endorsement of the idea, saying that a reward system "might improve the effectiveness of Can-Spam enforcement."

According to Allen Hile, an assistant director in the Division of Marketing Practices at the FTC, federal bounty programs have met with mixed success.

A companion report on the FTC's site, prepared by Marsha Ferziger Nagorsky, director of internal communications and a lecturer in law at the University of Chicago Law School, notes that the IRS bounty program has done particularly well.

"In the first 30 years of the program, more than 17,000 informants snitched for the IRS, collectively earning over $35.1 million," she writes. "The IRS benefits as well; it recovered more than $2.1 billion in unpaid taxes during those 30 years because of the program."

A reward program run by the Securities and Exchange Commission to nab inside traders has proven less effective, with only three bounties awarded in the decade it has been in existence.

The FTC report suggests that owing to the difficulties of accurately tracing spam messages, insiders represent those most likely to identify spam senders. The difficulty thus becomes making the reward more lucrative than the crime.

"The calculus has to be enough so that people come forward," says Hile, who adds that a bounty program won't become a reality without funding.

A second companion report on the FTC site, prepared by Dan Boneh, an associate professor in computer science at Stanford University, explores the problems with tracking spammers. In his conclusion, Boneh briefly mentions future anti-spam technologies that may have an impact on spammer identification, including Microsoft's Sender ID E-mail authentication scheme and Yahoo Inc.'s DomainKeys.

"At this point, it is not clear whether these technologies will eventually be deployed, nor is it known how they will affect spammer's [sic] behavior," he writes.

What is clear is that authentication isn't getting easier. America Online said Thursday that, in light of the open-source community's rejection of Sender ID, it would no longer fully deploy Sender ID. While AOL will publish Sender ID records for outbound mail, it will only check inbound mail for SPF records.

"AOL remains committed to testing authentication technology in the real-world environment of large-scale ISPs," the company said in a statement. "SPF is the 'low-hanging fruit' in the authentication debate and, given the momentum and common ground with the SPF protocol, is the logical first step in the journey to combat spam."

AOL notes that it started publishing SPF records in December and that with its support and advocacy, more than 100,000 domains now publish SPF records.

Avner Amram, executive VP of anti-spam company Commtouch Inc., says the majority of domains publishing SPF records belong to spammers.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll