The Federal Trade Commission yesterday gave limited endorsement to offering cash rewards to people who help track down e-mail spammers, suggesting that such bounties might work but in fewer circumstances than had been pushed by some anti-spam activists.
The agency said that although Internet-savvy sleuths often can crack the technical disguises used by spammers to hide their identities and locations, the amount of information they could gather that would lead to successful prosecutions would be limited.
Instead, the FTC said that if Congress decides to set up a bounty system, it should reward only whistle-blowers inside or close to spam operations, who could provide detailed evidence that would lead to the operations being shut down.
With spam continuing to bedevil businesses and consumers, Congress asked the FTC to study two possible techniques as part of the first federal anti-spam law passed late last year. In June, the FTC recommended against a do-not-spam registry that would have mirrored the popular do-not-call list for telemarketing, saying it would not work and might lead to more spam.
The idea of bounties for finding spammers has long been fodder for chatter on the Internet, where a loose corps of activists works to identify and disrupt spam operations. The notion drew particular credence when it was pushed by Lawrence Lessig, a Stanford University law professor and one of the country's foremost thinkers on cyberspace law and policy.
Lessig was so certain of the idea that in 2003 he said if Congress passed a law that provided for bounties and they did not work, he would quit his job.
But the major Internet providers, who have their own spam-fighting operations, counseled the FTC against the idea.
Microsoft Corp., for example, has made extensive use of rewards to help catch writers of computer viruses because it is nearly impossible to find them without inside information. But Sean Sundwall, a company spokesman, said rewards are less necessary to find spammers, especially if they sell products.
An America Online Inc. spokesman, Nicholas J. Graham, said the use of bounty hunters can create its own set of legal problems that could complicate prosecutions.
The FTC and corporate officials also acknowledged that because there is an extensive volunteer network of spam fighters on the Internet, such as the Spamhaus.org tracking group, there is less incentive to offer cash rewards.
The commission report said that to be effective, rewards to whistle-blowers must be lucrative enough to overcome the benefits they are likely reaping from being part of a spam operation. The commission estimates that rewards would need to be in the range of $100,000 to $250,000, which the report said Congress would need to fund because those amounts are unlikely to be covered by damages won in court.
Any system that seeks to reward others, the FTC said, risks burdening the agency and diverting resources from enforcement efforts.
"A poorly designed reward system," the report said, "would not only fail to achieve its purpose . . . but also result in significant costs to the commission."
Separately yesterday, a cooperative industry effort to create a single technical system for identifying legitimate e-mail fell apart, setting back what companies have said is an essential spam-fighting tool.
America Online said it would not implement a system proposed by Microsoft, citing concerns in the Internet community that the software giant's plan is not compatible with "open-source" operating systems that often compete with Microsoft.
For more than a year, Microsoft, AOL, Yahoo Inc. and EarthLink Inc. have been testing alternatives to the filters used to block spam.
Rather than trying to weed out spam and other illegitimate mail, the industry is experimenting with systems that automatically verify e-mail from legitimate senders and block spam sent from falsified or commandeered Internet addresses.
In an apparent breakthrough, Microsoft recently agreed to merge its "Sender ID" technology with another system that was on its way to being adopted by Internet standards bodies.
But last week the standards community all but rejected the plan because Microsoft is asserting it has patent rights to the technology. Microsoft is offering no-cost licenses to use Sender ID, but they conflict with a widely used open-source software license relied upon by providers of Linux and other operating systems that compete with Microsoft.
With Microsoft and the open-source community continuously battling, and the standards bodies backing away from Sender ID, AOL said it did not want to commit resources to implementing it.
AOL, Microsoft and other Internet providers are still pursuing and implementing various authentication systems, but a unified approach would have spurred more rapid adoption by the entire e-mail marketplace.
The Internet community's suspicions of Microsoft were heightened yesterday when a company application became public that appears to claim patent rights to many of the approaches taken by companies to authenticate e-mail.
Sundwall, the Microsoft spokesman, said the company believes its claims are novel and qualify for patent protection.