[Paleopsych] NYT: Law Barring Junk E-Mail Allows a Flood Instead
checker at panix.com
Tue Feb 1 15:49:29 UTC 2005
The New York Times > Technology > Law Barring Junk E-Mail Allows a Flood Instead
By TOM ZELLER Jr.
A year after a sweeping federal antispam law went into effect, there
is more junk e-mail on the Internet than ever, and Levon Gillespie,
according to Microsoft, is one reason.
Lawyers for the company seemed well on the way to shutting down Mr.
Gillespie last September after he agreed to meet them at a
Starbucks in Los Angeles near the University of Southern
California. There they served him a court summons and a lawsuit
accusing him, his Web site and 50 unnamed customers of violating state
and federal law - including the year-old federal Can Spam Act - by
flooding Microsoft's internal and customer e-mail networks with
illegal spam, among other charges.
But that was the last the company saw of the young entrepreneur.
Mr. Gillespie, who operated a service that gives bulk advertisers
off-shore shelter from the antispam crusade, did not show up last
month for a court hearing in King County, Wash. The judge issued a
default judgment against him in the amount of $1.4 million.
In a telephone interview yesterday from his home in Los Angeles, Mr.
Gillespie, 21, said he was unaware of the judgment and that no one
from Microsoft or the court had yet followed up. But he insisted that
he had done nothing wrong and vowed that lawsuits would not stop him -
nor any of the other players in the lucrative spam chain.
"There's way too much money involved," Mr. Gillespie said, noting that
his service, which is currently down, provided him with a six-figure
income at its peak. "And if there's money to be made, people are going
to go out and get it."
Since the Can Spam Act went into effect in January 2004, unsolicited
junk e-mail on the Internet has come to total perhaps 80 percent or
more of all e-mail sent, according to most measures. That is up from
50 percent to 60 percent of all e-mail before the law went into
To some antispam crusaders, the surge comes as no surprise. They had
long argued that the law would make the spam problem worse by
effectively giving bulk advertisers permission to send junk e-mail as
long as they followed certain rules.
"Can Spam legalized spamming itself," said Steve Linford, the founder
of the Spamhaus Project, a London organization that is one of the
leading groups intent on eliminating junk e-mail. And in making spam
legal, he said, the new rules also invited flouting by those intent on
Not everyone agrees that the Can Spam law is to blame, and lawsuits
invoking the new legislation - along with other suits using state laws
- have been mounted in the name of combating the problem. Besides
Microsoft, other large Internet companies like AOL and Yahoo have
used the federal law as the basis for suits.
Two prolific spam distributors, Jeremy D. Jaynes and Jessica DeGroot,
were convicted under a Virginia antispam law in November, and a $1
billion judgment was issued in an Iowa federal court against three
spam marketers in December.
The law's chief sponsor, Senator Conrad Burns, Republican of Montana,
said that it was too soon to judge the law's effectiveness, although
he indicated in an e-mail message that the Federal Trade Commission,
which oversees its enforcement, might simply need some nudging.
"As we progress into the next legislative session," Mr. Burns said,
"I'll be working to make sure the F.T.C. utilizes the tools now in
place to enforce the act and effectively stem the tide of this
The F.T.C. has made some recent moves that include winning a court
order in January to shut down illegal advertising from six companies
accused of profiting from thousands of X-rated spam e-mail messages.
But so far, the spam trade has foiled most efforts to bring it under
A growing number of so-called bulletproof Web host services like Mr.
Gillespie's offer spam-friendly merchants access to stable offshore
computer servers - most of them in China - where they can park their
Web sites, with the promise that they will not be shut down because of
Some bulk e-mailers have also teamed with writers of viruses to steal
lists of working e-mail addresses and quietly hijack the personal
computers of millions of unwitting Internet users, creating the
"zombie networks" that now serve, according to some specialists, as
the de facto circulatory system for spam.
"We've thrown everything but the kitchen sink at this problem," said
Chris Smith, the senior director of product marketing for Postini, a
company that filters e-mail for corporations. "And yet, all of these
efforts have yet to make a significant dent."
Mr. Smith was speaking in a conference call with reporters last week
to discuss Postini's 2005 e-mail security report, which echoed the
bleak findings of recent academic surveys and statistics from other
vendors that filter and monitor e-mail traffic.
A survey from Stanford University in December showed that a typical
Internet user now spends about 10 working days a year dealing with
incoming spam. Industry analysts estimate that the global cost of spam
to businesses in 2005, in terms of lost productivity and network
maintenance, will be about $50 billion ($17 billion in the United
States alone). And the Postini report concluded that most legislative
measures - in the United States, Europe and Australia - have had
little impact on the problem.
The American law requires solicitations to be identified as such in
the subject line and prohibits the use of fake return addresses, among
other restrictions. But the real soft spot in the American law,
critics have argued, is that it puts a burden on recipients to choose
to be removed from an e-mailers list - an "opt out" feature that bulk
mailers are obligated by the law to provide. (The European and
Australian systems requires bulk mailers, in most cases, to receive
"opt in" authorization from recipients.)
While a law-abiding bulk mailer under the American law might remove a
person from its list, critics say, the scofflaw spammer simply takes
an opt-out message as verification that the e-mail address is current
and has a live person behind it.
"Any spammer worth his salt is not going to follow Can Spam," said
Scott Petry, Postini's founder and senior vice president for products
and engineering, "because it would be filtered out immediately."
Defenders of the Can Spam Act say blaming any one law is far too
"Most people say it's a miserable failure," said Anne Mitchell, who
helped draft the legislation and is the chief executive of the
Institute for Spam and Internet Public Policy, a research group in
California. "But I see it as a lawyer would see it. To think that law
enforcement agencies can make spam stop right away is silly. There's
no such thing as an instant fix in the law."
She and others note that filtering software has become particularly
adept at catching the vast majority of spam before it ever gets to a
user's in-box. Legitimate e-mail messages do sometimes get caught in
such nets - a drawback that generates its own chorus of complaints.
But some specialists have also suggested that the overall success of
identifying and weeding out junk e-mail from in-boxes may actually
help explain the current surge in spam.
"The more effective the filtering technology," Ms. Mitchell said, "the
more spam they have to send to get the same dollar rate of return."
Those rates of return can be staggeringly high (and the costs of entry
into the market relatively low).
A spammer can often expect to receive anywhere from a 25 percent to a
50 percent commission on any sales of a product that result from a
spam campaign, according to a calculus developed by Richi Jennings, an
Internet security analyst with Ferris Research, a technology industry
Even if only 2,000 of 200 million recipients of a spam campaign - a
single day's response rate for some spammers - actually go to a
merchant's Web site to purchase a $50 bottle of an herbal supplement,
a spammer working at a 25 percent commission will take in $25,000. If
a spammer makes use of anonymous virus-enslaved computers to spread
the campaign, expenses like bandwidth payments to Internet service
providers are low - as is the likelihood of anyone's tracking down who
pushed the "send" button.
The overlapping and truly global networks of spam-friendly merchants,
e-mail list resellers, virus-writers and bulk e-mailing services have
made identifying targets for prosecution a daunting process. Merchants
whose links actually appear in junk e-mail are often dozens of steps
and numerous deals removed from the spammers, Mr. Jennings said, and
proving culpability "is just insanely difficult."
The new federal law does give prosecutors some leverage to go after
the merchants - but it must be proved that they knew, or should have
known, that their wares were being fed into the illegal spam chain.
"We wait to see a real test case of that," Mr. Jennings said.
In the meantime, analysts predict, more viruses will commandeer more
personal computers as zombie spam transmitters - which besides free
relays give spammers a thicker cloak of anonymity. Mr. Jennings
estimates that hijacked machines handle 50 percent of the spam stream,
and other analysts have put the percentage higher.
Analysts also expect more use of virus bombs - called directory
harvest attacks - to wrest working e-mail addresses from Internet
service providers. "It's the silent killer of e-mail servers," Mr.
Smith of Postini said.
And bulletproof services like Mr. Gillespie's and another,
Buprhost.com, are intent on continuing to offer spam-friendly
merchants a haven from antispam complaints, starting at $89 a month.
"If your Web site host receives complaints or discovers that your Web
site has been advertised in e-mail broadcasts, they may disconnect
your account and shut down your Web site," explains Buprhost.com,
which promises no such disruptions. "The reason we can do this is that
we put your Web site in our overseas server where the local law will
protect your Web sites."
"It's very simple," Mr. Petry of Postini said of the junk e-mail
scourge. "Spam is technically very easy to send."
Which is why, according to Aaron Kornblum, Microsoft's Internet safety
enforcement lawyer, suits against spam enablers like Mr. Gillespie are
an important, if incremental, new front to pursue.
"Microsoft's efforts in filing these lawsuits is to stop spammers -
and in this case hosting services that cater to spammers - from plying
their trade," said Mr. Kornblum, who noted that Microsoft was working
to enforce the $1.4 million judgment against Mr. Gillespie.
"Our objective with sustained enforcement activity is to change the
economics of spamming, making it a cost-prohibitive business model
rather than a profitable one."
More information about the paleopsych