While he said it is still too soon to tell how many organizations are at issue because the FTC is still looking up server owners, FTC Internet lab director Don Blumenthal told TechNewsWorld that the agency has found more than 1 million IP numbers suspected as open proxies or relays -- all of which, in theory, could be used by spammers.
In the face of criticism that any legislative efforts to curb spam will be limited by national boundaries, the Federal Trade Commission has announced collaboration with 36 agencies in 26 countries to inform ISPs and other organizations that their servers can be used to relay spam with spoofed Internet addresses.
The FTC said it and the other agencies have identified tens of thousands of open relays -- machines that allow any computer in the world to route e-mail -- around the world. The FTC's "Operation Secure Your Server" entails notifying organizations of holes in their servers and urging the organizations to close those holes.
"Government cannot solve the spam problem on its own," said Howard Beales, director of the FTC's Bureau of Consumer Protection. "Everyone with an Internet connection must do their part to make sure that they are part of the solution and not part of the problem."
Gartner (NYSE: IT) research director Maurene Caplan Gray told TechNewsWorld that the effort is good in that it has international reach, but she said she doubts it will have much impact on the growing volume of spam that makes its way to e-mail inboxes of both corporations and consumers.
"This is not going to eliminate spam," Caplan Gray said. "Is it going to make a dent in the spam that's out there? Not significantly. I look at this as good corporate citizen action, and that's all it is."
Contemplating Complicity
While he said it is still too soon to tell how many organizations are at issue because the FTC is still looking up server owners, FTC Internet lab director Don Blumenthal told TechNewsWorld that the agency has found more than 1 million IP numbers suspected as open proxies or relays -- all of which, in theory, could be used by spammers.
Notifying businesses and other organizations in Albania, Argentina, Australia, Denmark and the United Kingdom -- among other nations -- the FTC and equivalent agencies suggested several questions for organizations to ask themselves to determine whether their technology could be complicit in sending and spoofing of spam.
The notice from the FTC asks server owners to determine whether they are using the most current version of proxy software and hardware, whether they are applying the latest available patches and upgrades, and whether they have a dedicated e-mail address for reporting illegitimate proxy use.
Going Global
Regardless of the debate over the effectiveness of antispam legislation, there is agreement that U.S. law is limited in its impact on unwanted e-mail because spammers can easily work outside of the country -- or at least can send their spam messages using open relays that are outside the country.
"Legislation is tough because the Internet knows no boundaries," Caplan Gray said. "The good part of this is the fact that it's an international effort as opposed to a U.S.-only effort."
The FTC, which created the Secure Your Server Web site to advise on how to prevent becoming an unwitting spam distributor, said this year's operation comes on the heels of a similar effort last year.
Spam and Shame
The FTC's Blumenthal indicated the organizations contacted range from small to large companies and other groups that consist basically of "anybody who has a proxy server" in place. The agency said spammers often abuse such servers to flood the Internet with unwanted e-mail, overloading servers and also damaging the reputation of an unwitting business, which ends up appearing to have sent the spam.
Caplan Gray chastised ISPs and other companies or organizations that allow their mail servers to be used as third-party relays, calling such protection measures "very, very basic security."
Still, she said, the companies and other groups contacted by the FTC and foreign equivalents are likely to welcome the heads-up to the problem. "They're probably going to say, 'Oh gosh, we didn't know that,' and fix it," she said. "Why would they want to have spam appear as if it's from their domain? That's bad business."
Blumenthal said response to the last round of about 2,000 advisements was relatively small, but the feedback that did come in was positive.
MyDoom.B Variant Spreads, Blocks Access to Security Updates January 29, 2004
McAfee Avert virus research manager Craig Schmugar, who reported MyDoom.A had infected an estimated 400,000 to 500,000 machines as of Thursday, told TechNewsWorld that the motivation behind the worm and its variant is money. "Somebody's getting paid to do this," Schmugar said.
E-Business Legal Dilemmas Loom in 2004 January 23, 2004
Internet sales tax has been a muted issue for years, but the buzz about another form of online taxation may be about to burst into shouting. On November 1, 2003, Congress let the Internet Tax Freedom Act expire -- which could mean imposition of Internet access taxes after a five-year ban.
Bagle Worm Spreads Using Traditional Tactics January 19, 2004
"We have seen over 80,000 copies of Bagle, and this number is rising at an alarming rate," said MessageLabs chief information security analyst Paul Wood, whose company issued a high-level alert on the worm. "This is despite using unsophisticated social engineering techniques and clearly displaying an executable attachment."
Symantec CTO Rob Clyde on the Road Ahead January 14, 2004
"Ultimately, people are going to say, 'Why scan once for viruses, once for pornography, once for spam?' When you use Norton Internet as a consumer, it's all in the same tool," Symantec CTO Rob Clyde told the E-Commerce Times.
Xombe Trojan Spoofs Microsoft Patch To Steal Personal Info January 12, 2004
Once machines are compromised by a worm or Trojan, attackers no longer use them just for bragging rights and for DoS attacks to knock servers offline, but also for banking or identity theft, spamming or other financially motivated crimes.
Related News Alerts
More by Jay Lyman
Open Source Developer Dumps Novell Over Microsoft Deal December 26, 2006
A key open source developer, Jeremy Allison, who cofounded the Samba project, has resigned from Novell in protest over the company's recent agreement to enter a collaborative arrangement with Microsoft. The deal has created an uproar in the open source community because it does not treat all recipients of the GPL equally and thus violates the spirit of the license, critics say.
Financial Firms Tap Microsoft for Linux December 22, 2006
Three major financial institutions are among the first companies to go to Microsoft for Linux services, provided through an agreement the software giant struck with Novell. Although a recent survey showed customer approval of the collaboration, many members of the open source community view Novell's move as sleeping with the devil.
Mozilla Beefs Up Security in Firefox 2.0 December 21, 2006
Mozilla's latest update to its open source Firefox browser includes security measures targeting phishers. Phishing scams that use social engineering techniques to dupe Web surfers into revealing personal financial information have become an effective way for cybercriminals to conduct their nefarious activities on the Internet.
Headline Feeds
inboxes of both corporations and consumers.
Talkback: 
