FTC Takes on SPAM Zombies

The great thing about this initiative announced by the FTC is that it goes beyond "awareness training". It is a program that reaches out to ISP's and gives them advice on how to help curtail the use of end user machines for sending out SPAM.

The great thing about this initiative announced by the FTC is that it goes beyond "awareness training". It is a program that reaches out to ISP's and gives them advice on how to help curtail the use of end user machines for sending out SPAM.

A couple of good suggestions:

# block port 25 except for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic. Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers. # apply rate-limiting controls for email relays. # identify computers that are sending atypical amounts of email, and take steps to determine if the computer is acting as a spam zombie. When necessary, quarantine the affected computer until the source of the problem is removed.

This will help. It is interesting that even with dozens of technical solutions and legislation in place (the CAN-SPAM Act) SPAM is still a major burden.

I predict that spyware that shares the same economic model and motivations with SPAM will be equally hard to counter over the long term. Didn't Microsoft say that SPAM would no longer be a problem by 2006?