Should spam whistleblowers be rewarded? Sophos comments on FTC report to US Congress

Sophos Press Release
The Federal Trade Commission is proposing there should be financial rewards for informing on spammers
The Federal Trade Commission is proposing there should be financial rewards for informing on spammers

The Federal Trade Commission in the US has submitted a report to Congress, stating that the information provided by the vast majority of consumers who are forwarding spam emails to the FTC's database, is not helping to identify spammers. Instead, it is examining whether it would be appropriate to initiate a "reward scheme" for information leading to the conviction of spammers.

The report reveals that the FTC believes that substantial financial rewards could tempt "whisteblowers" or insiders within spam gangs to provide the necessary evidence and high-value information required to secure a conviction. It suggests that rewards would need to be approximately $100,000, but sometimes as much as $250,000.

"Although there have been some convictions of US spammers, these have been few and far between, and have done little to slow the tidal wave of unsolicited emails - it's therefore unsurprising that the FTC is proposing a bounty for the heads of spammers," said Graham Cluley, senior technology consultant for Sophos. "Making the decision to inform upon your criminal spamming colleagues may not be an easy one for many whistleblowers. The FTC believes that substantial rewards will overcome an individual's concern about losing their revenue stream and the very real fear that losing their anonymity may lead to personal retaliation."

The FTC was required to submit the report to Congress as part of the CAN-SPAM Act which became active in the USA on 1 January 2004, in an attempt to discover whether financial rewards would assist in the capture and sentencing of spammers.

"It's a sad reflection on society that people can not question their own behaviour, but need a financial incentive to break up criminal gangs engaged in spamming," continued Cluley. "However, if this is what is necessary to make the spammers sleep uneasily in their beds at night, it's probably the right step."

In the last year, software companies such as Microsoft and SCO have offered substantial rewards for information leading to the successful conviction of virus writers who have launched attacks against their websites or customers.

The full report by the FTC can be found on its website.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at