The FTC and more than 30 of its counterparts abroad are planning to contact Internet service providers and urge them to pay more attention to what their customers are doing online. Among the requests: identifying customers with suspicious e-mailing patterns, quarantining those computers and offering help in cleaning theoff the hapless PCs.
To be sure, computers infected by zombie programs and used to churn out spam are a real threat to the future of e-mail. Oneby security company Sophos found that compromised PCs are responsible for 40 percent of the world's spam--and that number seems to be heading up, not down.
But government pressure--even well-intentioned--on Internet providers to monitor their users raises some important questions.
Will ISPs merely count the number of outbound e-mail messages, or actually peruse the content of e-mail correspondence? E-mail eavesdropping is limited by the Electronic Communications Privacy Act in the United States, but what about other countries without such laws? If these steps don't stop zombie-bots, will the government come back with formal requirements instead of mere suggestions the next time around?
The FTC said that its advice should not be alarming. "I think our recommendations are intended to provide flexibility by ISPs to implement them to the extent they can," Markus Heyder, an FTC legal adviser, said on Friday. "We have vetted them extensively with other partners and industry members."
Heyder said the commission plans to send letters to ISPs outlining the suggested antispam steps: "This is intended to provide a range of possible measures that can be taken if appropriate."
, Verizon Communications' associate general counsel, said spam-fighting is "not an issue we're ignoring. It's something that we're extremely conscious of." Also, Deutsch said, "the ISP can help the customer but cannot be in the business of fixing their computer remotely. There are huge liability issues involved in that. What if we gave them some advice" that may not work?
Cordoning off "port 25"
The FTC also wants Internet providers to prevent e-mail from leaving their network unless it flows through their own internal servers. That makes spam zombies easier to catch. That technique is called , the port number used by the venerable Simple Mail Transport Protocol.
Many companies such asand do