Spammers use home computers to send bulk emails by the millions. They take advantage of security weaknesses to install hidden software that turns consumer computers into mail or proxy servers. They route bulk email through these "spam zombies," obscuring its true origin.
As part of a worldwide effort to prevent these abuses, the FTC announces "Operation Spam Zombies." In partnership with 20 members of the London Action Plan and 16 additional government agencies from around the world, the Commission is sending letters to more than 3000 Internet service providers (ISPs) internationally, encouraging them to take the following zombie-prevention measures:
- block port 25 except for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic. Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers.
- apply rate-limiting controls for email relays.
- identify computers that are sending atypical amounts of email, and take steps to determine if the computer is acting as a spam zombie. When necessary, quarantine the affected computer until the source of the problem is removed.
- give your customers plain-language advice on how to prevent their computers from being infected by worms, trojans, or other malware that turn PCs into spam zombies, and provide the appropriate tools and assistance.
- provide, or point your customers to, easy-to-use tools to remove zombie code if their computers have been infected, and provide the appropriate assistance.
In a later phase, the Operation plans to notify Internet providers worldwide that apparent spam zombies were identified on their systems, and urge them to implement measures to prevent that problem.
|