FTC eyes network operators in spam battle

The Federal Trade Commission and its counterparts send out an e-mail to tens of thousands of network administrators, warning them "Secure your servers."

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
2 min read
The U.S. government is e-mailing out advice to network administrators: Secure your servers.

Starting Thursday, the Federal Trade Commission and its counterparts in 26 other nations began sending e-mail to tens of thousands of people believed to be responsible for open relays and open proxies that spammers use as broadcast points for massive amounts of junk mail.

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

This represents an escalation of the FTC's efforts to close open relays, which began last May with notices to operators of more than 1,000 servers.

The new campaign is more ambitious, FTC attorney Don Blumenthal said. "We're doing this on a much larger scale. The one last year was aimed more at open relays. This is much broader. It's open proxies and open relays."

An open relay is a mail server configured so that anyone can use it as a relay point for mail to any recipient. Until the late 1990s this was normal behavior for mail servers. But after spammers began to abuse open relays, they began to be viewed as a problem. Open proxies are similar--they're often misconfigured Web servers--and can permit spam to be sent anonymously.

The FTC's "Secure Your Server" warning, sent through e-mail, cautions that unless the recipient takes action, "your network connections may become clogged with traffic; your administrative costs may increase; or your Internet Service Provider may shut down your Internet service."

Servers identified in the campaign were collected from existing antispam blacklists such as the Open Relay Database and the Open Proxy Database. The notifications will be sent to owners of the range of Internet addresses that the open proxies or relays inhabit--and not, typically, to end users.

On Wednesday, Blumenthal posted an alert on the popular spam-l discussion list saying the information campaign was about to begin. Some people who responded worried that the FTC's unsolicited bulk e-mail resembled spam. "Sounds like a spam run," one person said.

"I think there are a lot of different definitions of spam out there," Blumenthal said in an interview Thursday. "Certainly (the Can-Spam Act) focuses on commercial mail. We feel very strongly these are educational pieces. They will hopefully eventually cut back on spam."

Other nations participating in the campaign include the United Kingdom, Canada, Australia, Singapore, Japan, Switzerland and South Korea.