Shawn P. McCarthy | Internaut: FTC turns up the heat on spam

The hammer will be coming down a little harder on spammers in the next few months, thanks to renewed efforts by the Federal Trade Commission. FTC and its partners are focused mainly on commercial spam problems, but the program will also affect spam that makes its way to government mail servers.

In particular, FTC is targeting international spammers through its membership in the Organization for Economic Cooperation and Development, a group of 30 countries. OECD works to promote economic growth, trade, development and cross-border law enforcement, and its members have decided that spam is one threat that's worth targeting. (To read the full FTC announcement, go to GCN.com and enter 577 in the GCN.com/box.)

For some mail servers, over 50 percent of incoming messages are unwanted spam. This can spike much higher when government addresses are used as fake return addresses in spam batches, resulting in thousands of kicked-back error messages. And even though FTC's efforts will give agencies more power to contact and work with local authorities around the globe in order to shut down chronic spammers, agencies still need to stay vigilant in the war against spam.

Unlike some sites, government sites can't just block high-volume IP addresses that are sometimes used by spammers. That's because even though cheaper Internet service providers are favorite launching pads for spammers, they are also widely used by average citizens who may need to contact government agencies.

Here are some things to contemplate while waiting for the FTC and OECD initiatives to gain the teeth they need to bring down international spam rings.

Consider giving employees two e-mail addresses. Many government agencies prohibit this, but it could be a good tool in the war on spam. One address could be used for internal business and the other could be used when employees post their e-mail address to newsgroups, mail lists, Web pages and publications. The second address should be considered disposable and replaceable every six months or so.

Advise all employees not to post their e-mail addresses to any Web site that allows re-sale of that information (check the site's privacy policy to be sure). For government-hosted message boards, place metatags on those pages that tell search engine bots not to index the pages. This won't turn away all bots, so tell employees to insert extra spaces in their posted addresses. This will confuse many automated address-harvesting programs.

Don't be afraid to let FTC help you with enforcement. Spam violations can be reported to spam@uce.gov. The violations are stored in a central database called Consumer Sentinel, which is used for law enforcement against spammers. It's especially important to let FTC know when 'remove me' requests have not been honored. Make sure to always include the full e-mail header to help with tracking. There's also an online complaint form at www.ftc.gov/ftc/complaint.htm.

Don't use a standard naming convention for all employee e-mail addresses. Let workers choose a unique address (john.doe@agency.gov, jdoe@agency.gov, doej@agency.gov, etc.). Spammers often craft attacks that try multiple letter and name combinations. This defense makes it tougher for employees to figure out each other's e-mail, but it makes it much tougher on spammers.

Enable bulk e-mail folders and configurable filters for all users. In addition to a server-side filter, this enables users to establish their own second-line filters. And they can check and empty their own folders.

By working through the FTC, and working on their own, agencies should be able to make solid inroads in the war against spam.

Former GCN writer Shawn P. McCarthy is senior analyst and program manager for government IT opportunities at IDC of Framingham, Mass. E-mail him at smccarthy@idc.com.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above