Fred Showker reporting

Day One of the FTC Spam Forum

Washington, D.C., April 30, 2003

After braving the I-66 rush hour traffic into Washington, and dealing with downtown traffic, I finally made it to the Federal Trade Commission's Spam Forum site. The crowd was anxious and lively, representing every walk of internet life with a smattering of government thrown in for good measure. Security was high, and everyone emptied their pockets and waltzed through the menacing metal detectors under the watchful eyes of armed guards. Welcome to Washington D.C.

The program opened with introductions by FTC Chairman Timothy J. Muris, followed by the kick-off session "Introduction to Spam" chaired by Eileen Harrington, Associate Director, FTC Division of Marketing Practices. Celebrities amongst government officials on the panel were top officials from Microsoft, SpamCon Foundation, America Online and of course, spam "supporters" the Direct Marketing Association. This panel told us nothing we didn't already know other than the fact that the issues of spam had definitely come to the attention of the main stream media and big business. About time.

Email Address Gathering

The second session "Email Address Gathering" got a little more lively as the anti-spam proponents began to square off with the pro-spam direct marketers. Matthew Steele, Senior Director of Systems Engineering for Brightmail shared some statistics we all had suspected -- 8% of all email was spam in December of 2001, and 40% of all email was spam in December of 2002 -- and that Brightmail expects their revenues to increase in '03 by 100% over '02. (As opposed to merely doubling from '01 to '02!) Richard M. Smith, from Computerbytesman.com, (whom I often quote) related some of the stories from his web site pertaining to web bugs and other techniques for gathering email addresses. The 'pro' spam guy insisted they didn't "gather" email addresses. That everyone who gets spam, opted in at some point.

Operation Bidder Beware

At noon, when the attendees were hustled out of the room, leaving only the press, we were treated to a 'big time' press conference with FTC Director of the Bureau of Consumer Protection, J. Howard Beales, III, to the lights and cameras of CNN, ABC, and the other major networks, along with writers and reporters from the New York Times, Wall Street Journal, and too many others to name.

Beales announced the launch of the Commission's "Operation Bidder Beware" educational program, and the crackdown on Internet auction scams. He cited 57 successful criminal actions against auction fraud -- and promised "it's only the beginning." The commission is joined by the National Association of Attorneys General, and together they noted logging more than 51,000 auction complaints from consumers. Online Auction fraud reports have tripled in the past year, and of the 48,000 cases of online fraud, 22,000 are specifically auction rip-offs -- representing $32,000,000.00 in lost consumer dollars. They're predicting as many as 420,000 new victums in 2003.

To keep this report relatively short, I won't describe some of the truly insidious schemes the criminals use -- rather I'll save them for future articles here.

Meet the Spam Cop

The highlight of my day -- probably the whole trip -- was getting a few minutes of quality chat time with Julian Haight, inventor and proprietor of SpamCop. I have been a member of SpamCop since Julian first launched it, and since that time had looked forward to meeting him. We had a nice chat about the state of affairs, and he took the AACUG brochure, promising to visit the site and respond with his reactions. He'll be appearing tomorrow on the "Black Lists" panel. Everyone is looking forward to that one. Our chat was abruptly terminated when the reporter and camera crew from ABC TV's Nightly news team arrived to whisk him away for an interview.

Falsity in Sending of Spam

This session rocked. Bryan Bell, Senior Abuse Investigator for MCI told of the disastrous ramifications of spam in their system. The bounces alone are beginning to cripple their servers, leaving legitimate email unsent. Possibly 1,000% increase in the past three months, 70,000 complaints a day. Chris Jay Hoofnagle, Deputy Counsel, Electronic Privacy Information Center outlined just a few of the really insidious ploys used by spammers.

Margot Koschier, Manager, Anti-Spam Analysis and Prevention Team, America Online, did a superb presentation of just how easy it is to falsify email headers. She booted up the Yahoo email account she had opened just for the demonstration, then opened a telnet terminal and began typing. We watched as she quickly typed in false IP addresses, sending address and subject lines. After sending she returned to the Yahoo account to find the spam already arrived. The frightening aspect of this scenario is that they've automated it to the point that a relatively low-end server can write and send as many as 60,000 of these an hour. Scary.

William Plante, Symantec's Director of Worldwide Security & Brand Protection then related just how damaging the recent barrage of "Symantec" spam has been to his company. Thousands of spammers have 'coined' the Symantec brand offering their products at ridiculously low prices -- some just for identity theft of those who order, others actually selling a pirated copy of the software.

Of course, Scott Richter, President of Optinrealbig.com LLC, a direct-email marketing firm reassured everyone that his firm is not "one of those" and that much of the threats and fear of spam are really over exaggerated.

But the overwhelming impact of this panel was that the fraudulent aspects of spam is seriously undermining consumer confidence in the use of email. People are beginning to forsake it, because they can't deal with it nor trust it. Everyone agreed that the false "unsubscribe" syndrome has made getting off lists all but impossible even though maybe 40% of the unsubscribe addresses are legit, and will get you unsubscribed. But, how do you know which ones?

Open Relays Proxies Form Mail scripts

This session dug into the very technologies used by spammers.

The highlight was when Dr. Bill Hancock, Vice President of Security & Chief Security Officer for Cable & Wireless, stepped up to the podium with a PowerPoint on how technology has betrayed itself. How spammers can migrate all over the web in an ever increasing proliferation of UCE. He cited how "10 Bugs for every thousand lines of code" in an operating system can all be open invitations for the spammer to insert "Zombie" code that can set up independent "zombie" networks, all open gateways for yet more spam. Really scary stuff.

"Wireless is the next frontier" he chided "Every wireless device is a potential open proxy inviting exploitation."

There are 65,000 new, potentially exploitable, open proxies introduced per day. Every time a home user hooks up to a fast internet connection, then adds a second machine to the network there's a new proxy spammers can send thousands of spams through. Not a pretty sight.

Closing

By the end of the day, I was exhaused. I had made friends with some good anti-spam contacts in the industry and given away all of my stock of UCE Initiative brochures. Will have to get more printed in the morning. It seems to be well received -- and they seem to fly right out of my hands -- people now coming up requesting a copy.

I need to close now, will upload this in the morning before getting over to the conference center by 6 AM to stand in line.

And that's my report for April 30, 2003.

END

Continue to Day 2

We invite your comment

We urge you to contact your ISP to join this initiative by forwarding this link: http://www.UGNN.com/safenet/UCE/index.html

We shall begin a listing of those ISPs who pledge to conform and diligently practice this initiative.

Previously: UCE Definitions  |  Introduction & UCE Truths  |