Those who spam feds may be worse than nuisances








Are you facing e-mail madness? Have you been getting unwanted electronic mail
lately? Does your in-box greet you each day with a collection of unsolicited electronic
advertisements for everything from get-rich schemes to porno site pointers? What right do
these strangers have to insult your morals or your intelligence at your own desk?


Well, perhaps they have every right as citizens to communicate their commercial offers
to government officials.


If you believe you’re getting too much unwanted e-mail, ask yourself:


Does your agency hand out lists of employee e-mail addresses? Do you put your name and
e-mail address on your agency’s Web sites? Do you comment on network newsgroups? Do
you sign up for free stuff on cool Web sites?


In other words, are you inviting spam?


These are all list-building sources for spammers, electronic junk mail artists.
It’s easy to write, buy or get free software that collects e-mail address from Web
sites, newsgroup archives and any other electronic medium.


Recently I received spam advertising a spam-making software package. Think you can
punish these guys with threatening replies? This product allows for unlimited fillers for
“from,” “to,” “subject” and “reply to” fields.
They rotate automatically.


You’ll complain to their Internet service provider? This product sends spam
directly from the spammer’s computer to the recipient’s mailbox, bypassing an
ISP’s mail server. A built-in dialer keeps multiple ISPs and their user names and
passwords for easy dial-up access. You can complain to your provider, but it may not be
the originating point of the unwanted e-mail.


Perhaps you think you can send them a letter to cease their messages. Think again,
because so-called advanced personalization enables this package to automatically replace
variables, including user name, time, date, domain and much more, before the spam message
is sent. Spam filters won’t be able to keep up. Real messages will be trashed because
the spammers will use valid domain names. The spammer’s target won’t know what
hit it.


Many agencies and companies have highly volatile ex-customers who voice their
dissatisfaction in network newsgroups. A not-so-sophisticated Internet terrorist could
mine the newsgroup for addresses and the organization’s Web site for employee e-mail
addresses, then send untraceable messages to the former, ostensibly from the latter.


My spam software offer promises mail at speeds of up to 100,000 messages per hour. Pick
your agency and make it electronic toast.


The General Services Administration is sponsoring a project called the Federal White
Pages to publish every federal employee’s name and e-mail address. With a tool like
that, the Iraqis, Serbs and other enemies will be able to bring the federal government to
a halt.


And we thought the year 2000 problem was a challenge.


Agencies should resist handing out employees’ e-mail addresses. Refer any requests
to your general counsel’s office. Encourage your lawyers to use the Privacy Act, the
foreseeable harm test and anything else you can think of to withhold the addresses. One
exemption to the Freedom of Information Act covers information related solely to internal
personnel rules and practices. They may be withheld in a FOIA request.


Management and employees use e-mail for official business. Patiently explain to the
lawyers that the release of all the agency e-mail addresses may result in a large amount
of unsolicited mail that could jam the system or, at least, waste people’s time.


Agencies should replace the names of employees on Web pages with a generic e-mail box
that employees can monitor and respond to. This should be sufficient for effective e-mail
customer service.


Don’t advertise the names of your scarce technical talent for any headhunter to
contact and woo away. Don’t expose employees to harassing e-mail that can make them
reluctant to read even legitimate messages from colleagues and managers. Don’t ask
technical webmasters to handle explosive public relations situations.


The Federal White Pages project offers more threats than benefits. If I were a federal
employee coincidentally named, say, Jodie Foster, I would not want my agency or GSA
publicizing my e-mail address so John Hinckley could get in touch. Agency management needs
to realize that just because something can be done does not mean it should be done.  


Walter R. Houser, who has more than two decades of experience in federal
information management, is webmaster for a Cabinet agency. His own Web home page is at http://www.cpcug.org/user/houser.
 


inside gcn

  • abstract view of data (agsandrew/Shutterstock.com)

    Can quantum computing prevent an encryption meltdown?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above