Spam sent from zombie computers--which looks to recipients as if it came from the hijacked computers rather than the true sender--is believed to account for between 50 percent and 90 percent of all unsolicited commercial e-mail, said Don Blumenthal, Internet lab coordinator at the FTC.
The FTC intends to send letters to more than 3,000 Internet service providers worldwide, recommending that they implement steps to limit spam zombies. The recommendations came about after months of work among the different domestic and international agencies, and consultation with e-mail administrators, Internet service providers, and anti-spam groups, Blumenthal said.
One suggestion is that service providers limit the number of e-mails that can be sent--although the FTC deliberately didn't propose a specific number because different users can be expected to send vastly different quantities of e-mail. "There are no hard-and-fast rules--it really depends on the situation," Blumenthal said. "The idea would be to have some limitations in there so that a large flow couldn't just pop up out of nowhere," he added.
The FTC also recommends that service providers identify computers sending "atypical" amounts of e-mail--and, if necessary, quarantine those computers until the problem is fixed. Another recommendation is that service providers block port 25, a common port, except for authenticated users. In addition, the FTC is advising Internet service providers to assist consumers with anti-virus tools.
Many Internet service providers already implement at least some of the FTC's proposals, Blumenthal said.