Hey Folks:
Greetings from Washington DC, where today (May 1) is more reminiscent of
August 1 in terms of temp.
Yesterday's FTC anti-spam conference was interesting to say the least.
Highlights? Not many.
The first session ('intro to spam') featured spammers from Empire Towers and
the head of the DMA Robert Wientzen, who was least well received for stating
that some commercial email was perfectly acceptable. See the DM News
(www.dmnews.com <http://www.dmnews.com/> ) for Ken Magill's story about it.
Senators Burns and Wyden also spoke, introducing and explaining their bill
to the audience.
The second session was more interesting ('email address gathering') and
featured presentations from Matthew Steele of Brightmail and Doug Mclean of
Postini. Steele's presentation (the better of the two for being less
marketing and more technical) was a practical how to on how to collect email
addresses using harvesting tools such as "Power Email Verifier 2.1". If I
were a novice spammer and wanted to learn the rudiments of directory
harvesting, this was a good presentation. Also on the panel was a gentleman
named William Waggoner of AAW (who has heard of them?), who claimed that
Google sells traffic and generates pop-up ads. The Google guy on the panel
(David DesJardins) and the audience got a kick out of that. Despite
vigorous talk for 1.5 hours about Directory Harvesting, there were no
recommendations for what to do about it, other than coding email addresses
on sites with HTML or javascript and not 'mailto:' links. No discussions of
legality of the process of harvesting. Directory attacks also came up with
the sole recommendation that you should make your email address longer than
6 characters and not post it on Usenet. Duh! One panel member defended the
practice of using bounces for list cleaning purposes.
The third session was titled 'Falsity in sending of spam' concerned the
intricacies - and to a very minor extent the legality - of falsifying
headers and other information. This panel was led off by a presentation
from AOL's Margot Koschier (mgr antispam analysis and prevention) who
performed a demo using Telnet on how to falsify a message header. Another
excellent how-to for the aspiring spammer. Again in this panel, no
recommendations for action. However, much wasted time spent discussing the
urban myth of not hitting unsubscribe within spam messages. The panel had
apparently never heard of web beacons within HTML email.
Right before the fourth session, NY's Senior Senator Chuck Schumer had an
impromptu news conference for his announcement of his anti-spam bill. The
Senator's solution was to force all mailers of commercial mail (and no
distinction was made between spam and legitimate business communications) to
put 'ADV:' before the subject line. Another cornerstone of his legislative
approach was extensive fines and even - gasp - jail time for spammers. He
wants to establish a national 'Do Not Email' list as well. And stated that
it would have 'military-quality encryption'. No details on who would manage
this and how it would be utilized. He also spoke out against directory
harvesting, fake subject line and reply addresses and non-functioning
unsubscribe links. As anti-spam as everyone on this list is, from what I
heard in the Senator's brief presentation this is not practical nor likely
to be supported by either marketers or technically sophisticated anti-spam
zealots.
The fourth session was titled 'Open Relays/Open Proxies/Form mail Scripts'.
This was an interesting session as it also offered some more how to's on how
to locate and exploit open proxies and relays. Matt Sergeant of MessageLabs
put together a good presentation that described open proxies. The consensus
if I remember correctly was that there are 400 new open relays each day and
many of these are outside of the US, especially in Korea. Another
demonstration and explanation was given on setting up Zombie netblocks. A
question was asked whether the government should get involved to close all
of the open relays and the answer was no.
So far no solution to end spam. However, the free cookies and bottled water
were a nice touch.
Dave Hendricks
Permission Technology
Suite 100
1261 Post Road
Fairfield CT, 06430
203 254 7222 (voice)
203 254 9222 (fax)
917 833 2242 (mobile)
mailto:dave(_at_)permissiontechnology(_dot_)com
www.permissiontechnology.com