Review of the FTC Spam Summit

Anyway, I thought I would be remiss without taking a few minutes to discuss some of my thoughts from this conference.

The first FTC Spam Summit took place in 2003 in the same location that thisyear's conference did; in the FTC Satellite Building in DC. I wasn't at the previous conference, but apparently a couple of folks almost got into a fist fight. Anything to make it more exciting, I guess. Nothing like that this time around though.

My first impression as I looked around the room (which was smaller than I had anticipated) was that it appeared that the event was not very well publicized. The only place that I had actively heard the conference mentioned was by Sana Coleman Chriss of the FTC (obviously she had a vested interest) at the AOTA Conference in Boston in April. In speaking with some other people they had also heard Sana announce the Summit at a local DC conference within the two weeks leading up to the event. That isn't to say that there wasn't an active push towards getting the word out on this conference. I just hadn't seen it, and I think those results showed in the attendance.

My second observation was that industry attendance was quite low. Some of the usual suspects that I see at most industry events such as MAAWG and the like were there, and some of those folks also participated in panel discussions. Overall though I expected a better industry presence to spur some better dialog.

There were a few items of note that I thought were worthy of mention here:

-- One particularly well known spammer was on the first panel discussion of the conference. I am not quite sure I understand what the reasoning was behind this, but I waffled between feelings of amusement and confusion. I felt amused because I was almost wondering whether or not his participation on the panel was a move by the FTC akin to starting any speech off with a joke. I felt similarly confused because I was trying to figure out what his goal was by sitting on this panel. He sat there talking about the challenges facing legitimate email marketers. Although I can certainly sympathize with the plight of legitimate email marketers, I failed to see how he was the most appropriate representative to discuss the issue.

-- The other item that caught my attention was the use of compromised web servers to send out spam. Why a compromised web server? Many web applications today utilize email as a vehicle for communication (transactional receipts, confirmation of opt-in, etc). As such, these web servers generally have permission from the corporate MTA to channel mail through. This has the potential to cause serious issues for legitimate MTAs that sit next to compromised web servers which are turned into bots and is a potential threat worth watching!

-- I didn't write down who noted this statistic but it was reported by a panelist that 15-20% of new phishing attacks every month are against targets that hadn't been targetted previously. This illustrates a trend that has been spoken about here as well as being reported across the industry of spammers shifting their tactics toward smaller targets.

-- According to an FBI survey of 639 companies (no mention was made as to the size of these organizations), 80% had experienced losses as a result of cyber crime. The total loss sustained by those companies was approximately $130M. The highest of which was $42M by one company.

Overall, I felt that the conference was a productive meeting, but there was neither enough representation by the industry nor the government in order for it to generate any significant, ground breaking takeaways. I certainly applaud the FTC for putting on this conference and hope that they do so again. As widely known and understood as the problem is, it was somewhat telling to me by the smaller attendance numbers that there is only a select few who really want to take strides to do something about it.