The Federal Trade Commission Spam Summit finished yesterday. The second day's schedule included five panels:
- Deterring malicious spammers and cybercriminals.
- Keeping it out of the inbox.
- Putting customers back in control.
- Identifying best practices for businesses.
- Developing a plan for action.
I found the first session of the day to be the most interesting: a panel of legal types told us how the laws are helping them track down and prosecute spammers, what laws are still needed, and what sorts of cooperation they need among agencies, jurisdictions, and service providers. A few of them likened the community of spammers to organized crime, and described situations that seem very much like racketeering, so I asked how much help RICO is in their investigations and prosecutions. I was surprised at the answer: RICO doesn't really apply at all, since the sorts of violations we're talking about aren't covered.
The second session discussed technical solutions beyond content filtering, including, in particular, presentations about DKIM and Sender ID Framework. AOL's manager of AntiSpam Operations noted that they are generally, at least for now, not willing to delete unauthenticated mail, because of fear of “false positives”. Representatives from Habeas and Goodmail talked about reputation and accreditation services.
I was decidedly less happy with the afternoon sessions. There didn't seem to be much “meat” to most of it, largely stressing “consumer education”, which I think is both fruitless and the wrong approach. Presentations from Return Path and the Direct Marketing Association both stressed requirements for legitimate marketers to do things right and to meet certain standards, and their attempts to spread that information and to encourage compliance are welcome and appreciated.
The last session was a mostly good free-for-all with a six-person panel, but it suffered even more than the previous two from a problem that pervaded the afternoon: excessive control by the moderator and insufficient opportunity for audience participation (despite the FTC's introduction of the meeting as one that would include and encourage a lot of audience participation). During a discussion of DKIM, I tried to comment, as chair of the IETF DKIM working group, but was waved away by the moderator, and when the moderator had a question about Sender ID, Microsoft's Craig Spiezle was only able to comment because his colleague on the panel asked the moderator to allow it.
So the afternoon wound up as a conversation between the moderators and the panelists, with the moderators apparently over-eager to focus on their questions and with several audience members complaining that they had written questions and handed them in, and the pile of question cards was tossed, unused.
In general, though, it was a good two days, which seemed more designed for teaching the FTC about the current state of things than for any discussion of progress and future issues. But that's what I expected, so that didn't disappoint me, and there was some good networking to be had among the rest of us.