The Federal Trade Commission Wants Your Spam
August 28, 2001
"Since 1998, the FTC has invited consumers and Internet Service Providers to forward UCE to an e-mail box at uce@ftc.gov".
So says an April, 2001 FTC press release. However, the FTC doesn't really want copies of all the spam in the world.
Spamcop assists those complaining about spam by analyzing e-mail headers and routing complaints on behalf of consumers. Spamcop acted on that invitation from the FTC, and started sending a copy of every spam it received at a rate of well over 100,000 spams per week. For one week in late August, that would have included copies of about 15,000 complaints sent to Genuity, 8300 sent to Qwest, 7300 sent to ATT, and 6700 sent to Verio. That's ten times the number of complaints to the FTC that the FTC claimed to receive from all sources.
Even that wouldn't be the biggest source of data for the FTC. Gary Callison at Interaccess talked to an FTC representative at the "SpamCon" conference before setting up his filters to forward incoming spam to the FTC. "The response was 'How much volume?', and her eyes got wide when I told her that I bounce around a million pieces of spam on the average day".
So what does the FTC do with all this spam that they receive? Sometimes, they go after the spammer. In 1999, Robert Stout and Donald Lytle allegedly sent out spam claiming that under the Children's On-line Privacy Protection Act (COPPA), consumers had to provide them with credit card numbers and other information in order to prove that they were over 13 and could maintain their access to the Internet. That caught the attention of the FTC, and this spamming case was prosecuted as fraud. In August, 2001, the originators of the spam entered into a consent decree with the FTC.
Yet very little of the spam forwarded to the FTC actually results in action. According to Janet Evans, staff attorney for the FTC, the FTC focuses on fradulant content of spam, not on fradulant delivery. E-mails sent out using open relays or forged addresses generally do not result in prosecution. The problems caused by companies sending out thousands of unsolicited emails must be addressed by Congress, not the FTC, in the view of the FTC.
At the moment, the US Congress is considering several bills related to spam. HR1017, sponsored by Representative Goodlatte (R-VA) is in committee with no action scheduled. S630 by Senator Burns (R-MT) and HR 113 by Rep Holt (D-NJ) are also in committee. However, HR 718 by Rep Heather Wilson (R-NM) has made it through committee and got calendared for the floor of the House. AITP has not taken a stance on any of these pieces of legislation, preferring instead to rely on technical means to block spam. The Wilson bill, it should be noted, indemnifies Internet Service Providers against any liability based on implementing an technical or other measure whose purpose is to block the transmission or receipt of spam. That part of the bill makes it consistent with our past policies.
Spam Fighting Tips
1. Never respond to a spammer. Remove instructions at the bottom of a spam are almost always used by the spammer solely as a source of verified clean addresses for more spam. All you're telling the spammer when you comply with remove directions is that your address is valid, you read to the bottom of spams, and you're gullible enough to believe what they tell you. In other words, you're an ideal person to get more spam.
2. If you want to complain about spam, complain to the right place. Most spammers forge the originating email address in order to deflect complaints. You'll have to expand the headers to see where it really came from. If you aren't comfortable evaluating e-mail headers yourself, use spamcop.net. If you don't know how to expand headers, spamcop will show you how. And send a copy to uce@ftc.gov for their files.
3. Protect your email address. Never use your real address on Usenet. And when completing a web form, use me@privacy.net (it replies with an automated go away message to any email sent to it) unless you really need to hear back from the people on the other end of the form. In particular, never give your email address when registering software with Microsoft, Real Networks, or others who have a tendency to add your address to their marketing databases.
4. Don't do business with spammers. Never buy anything that you are offered in a spam. Besides identifying yourself as gullible, you're contributing to the spammer's revenue stream. Even if you actually get what you paid for, your purchase helps validate the spammer's anti-social behaviour.
Charles Oriez currently serves on the Editorial Advisory Board of the AITP Information Executive and he also chairs the AITP National Legislative Affairs Committee. Charles has a unique and important insight into spam, virus, security, and legislative issues.
Copyright © 2001, Charles Oriez, All Rights Reserved.
Charles Oriez's HomepagePlease share your thoughts and comments regarding this feature. You can do so by posting to our Hot Topics Forum.
