Feds Consider Putting A Bounty On Spammers' Heads - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
05:09 PM
Connect Directly

Feds Consider Putting A Bounty On Spammers' Heads

The FTC weighs the advantages of rewarding people for identifying spammers. It's a more complex calculation than you might think.

Seeking a solution to the spam scourge, the Federal Trade Commission has turned to frontier justice of the Old West. In a report issued Thursday, the FTC explores whether bounties might aid in the enforcement of last year's Can-Spam Act.

The report, prepared as required by the spam law, takes a cautious approach. It warns of the difficulties of enlisting the public as spam fighters.

The major hurdles cited are locating the spammer, gathering evidence that will stand up in court, and implementing a reward program that offers enough money to justify the risks involved without creating burdensome administrative costs.

Provided those difficulties can be dealt with, the FTC offers a cautious endorsement of the idea, saying that a reward system "might improve the effectiveness of Can-Spam enforcement."

According to Allen Hile, an assistant director in the Division of Marketing Practices at the FTC, federal bounty programs have met with mixed success.

A companion report on the FTC's site, prepared by Marsha Ferziger Nagorsky, director of internal communications and a lecturer in law at the University of Chicago Law School, notes that the IRS bounty program has done particularly well.

"In the first 30 years of the program, more than 17,000 informants snitched for the IRS, collectively earning over $35.1 million," she writes. "The IRS benefits as well; it recovered more than $2.1 billion in unpaid taxes during those 30 years because of the program."

A reward program run by the Securities and Exchange Commission to nab inside traders has proven less effective, with only three bounties awarded in the decade it has been in existence.

The FTC report suggests that owing to the difficulties of accurately tracing spam messages, insiders represent those most likely to identify spam senders. The difficulty thus becomes making the reward more lucrative than the crime.

"The calculus has to be enough so that people come forward," says Hile, who adds that a bounty program won't become a reality without funding.

A second companion report on the FTC site, prepared by Dan Boneh, an associate professor in computer science at Stanford University, explores the problems with tracking spammers. In his conclusion, Boneh briefly mentions future anti-spam technologies that may have an impact on spammer identification, including Microsoft's Sender ID E-mail authentication scheme and Yahoo Inc.'s DomainKeys.

"At this point, it is not clear whether these technologies will eventually be deployed, nor is it known how they will affect spammer's [sic] behavior," he writes.

What is clear is that authentication isn't getting easier. America Online said Thursday that, in light of the open-source community's rejection of Sender ID, it would no longer fully deploy Sender ID. While AOL will publish Sender ID records for outbound mail, it will only check inbound mail for SPF records.

"AOL remains committed to testing authentication technology in the real-world environment of large-scale ISPs," the company said in a statement. "SPF is the 'low-hanging fruit' in the authentication debate and, given the momentum and common ground with the SPF protocol, is the logical first step in the journey to combat spam."

AOL notes that it started publishing SPF records in December and that with its support and advocacy, more than 100,000 domains now publish SPF records.

Avner Amram, executive VP of anti-spam company Commtouch Inc., says the majority of domains publishing SPF records belong to spammers.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Why IT Leaders Should Make Cloud Training a Top Priority
John Edwards, Technology Journalist & Author,  4/14/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Lessons I've Learned From My Career in Technology
Guest Commentary, Guest Commentary,  5/4/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll