[Paleopsych] NYT: Law Barring Junk E-Mail Allows a Flood Instead

Premise Checker checker at panix.com
Tue Feb 1 15:49:29 UTC 2005

The New York Times > Technology > Law Barring Junk E-Mail Allows a Flood Instead


    A year after a sweeping federal antispam law went into effect, there
    is more junk e-mail on the Internet than ever, and Levon Gillespie,
    according to [1]Microsoft, is one reason.

    Lawyers for the company seemed well on the way to shutting down Mr.
    Gillespie last September after he agreed to meet them at a
    [2]Starbucks in Los Angeles near the University of Southern
    California. There they served him a court summons and a lawsuit
    accusing him, his Web site and 50 unnamed customers of violating state
    and federal law - including the year-old federal Can Spam Act - by
    flooding Microsoft's internal and customer e-mail networks with
    illegal spam, among other charges.

    But that was the last the company saw of the young entrepreneur.

    Mr. Gillespie, who operated a service that gives bulk advertisers
    off-shore shelter from the antispam crusade, did not show up last
    month for a court hearing in King County, Wash. The judge issued a
    default judgment against him in the amount of $1.4 million.

    In a telephone interview yesterday from his home in Los Angeles, Mr.
    Gillespie, 21, said he was unaware of the judgment and that no one
    from Microsoft or the court had yet followed up. But he insisted that
    he had done nothing wrong and vowed that lawsuits would not stop him -
    nor any of the other players in the lucrative spam chain.

    "There's way too much money involved," Mr. Gillespie said, noting that
    his service, which is currently down, provided him with a six-figure
    income at its peak. "And if there's money to be made, people are going
    to go out and get it."

    Since the Can Spam Act went into effect in January 2004, unsolicited
    junk e-mail on the Internet has come to total perhaps 80 percent or
    more of all e-mail sent, according to most measures. That is up from
    50 percent to 60 percent of all e-mail before the law went into

    To some antispam crusaders, the surge comes as no surprise. They had
    long argued that the law would make the spam problem worse by
    effectively giving bulk advertisers permission to send junk e-mail as
    long as they followed certain rules.

    "Can Spam legalized spamming itself," said Steve Linford, the founder
    of the Spamhaus Project, a London organization that is one of the
    leading groups intent on eliminating junk e-mail. And in making spam
    legal, he said, the new rules also invited flouting by those intent on
    being outlaws.

    Not everyone agrees that the Can Spam law is to blame, and lawsuits
    invoking the new legislation - along with other suits using state laws
    - have been mounted in the name of combating the problem. Besides
    Microsoft, other large Internet companies like AOL and [3]Yahoo have
    used the federal law as the basis for suits.

    Two prolific spam distributors, Jeremy D. Jaynes and Jessica DeGroot,
    were convicted under a Virginia antispam law in November, and a $1
    billion judgment was issued in an Iowa federal court against three
    spam marketers in December.

    The law's chief sponsor, Senator Conrad Burns, Republican of Montana,
    said that it was too soon to judge the law's effectiveness, although
    he indicated in an e-mail message that the Federal Trade Commission,
    which oversees its enforcement, might simply need some nudging.

    "As we progress into the next legislative session," Mr. Burns said,
    "I'll be working to make sure the F.T.C. utilizes the tools now in
    place to enforce the act and effectively stem the tide of this

    The F.T.C. has made some recent moves that include winning a court
    order in January to shut down illegal advertising from six companies
    accused of profiting from thousands of X-rated spam e-mail messages.
    But so far, the spam trade has foiled most efforts to bring it under

    A growing number of so-called bulletproof Web host services like Mr.
    Gillespie's offer spam-friendly merchants access to stable offshore
    computer servers - most of them in China - where they can park their
    Web sites, with the promise that they will not be shut down because of
    spam complaints.

    Some bulk e-mailers have also teamed with writers of viruses to steal
    lists of working e-mail addresses and quietly hijack the personal
    computers of millions of unwitting Internet users, creating the
    "zombie networks" that now serve, according to some specialists, as
    the de facto circulatory system for spam.

    "We've thrown everything but the kitchen sink at this problem," said
    Chris Smith, the senior director of product marketing for Postini, a
    company that filters e-mail for corporations. "And yet, all of these
    efforts have yet to make a significant dent."

    Mr. Smith was speaking in a conference call with reporters last week
    to discuss Postini's 2005 e-mail security report, which echoed the
    bleak findings of recent academic surveys and statistics from other
    vendors that filter and monitor e-mail traffic.

    A survey from Stanford University in December showed that a typical
    Internet user now spends about 10 working days a year dealing with
    incoming spam. Industry analysts estimate that the global cost of spam
    to businesses in 2005, in terms of lost productivity and network
    maintenance, will be about $50 billion ($17 billion in the United
    States alone). And the Postini report concluded that most legislative
    measures - in the United States, Europe and Australia - have had
    little impact on the problem.

    The American law requires solicitations to be identified as such in
    the subject line and prohibits the use of fake return addresses, among
    other restrictions. But the real soft spot in the American law,
    critics have argued, is that it puts a burden on recipients to choose
    to be removed from an e-mailers list - an "opt out" feature that bulk
    mailers are obligated by the law to provide. (The European and
    Australian systems requires bulk mailers, in most cases, to receive
    "opt in" authorization from recipients.)

    While a law-abiding bulk mailer under the American law might remove a
    person from its list, critics say, the scofflaw spammer simply takes
    an opt-out message as verification that the e-mail address is current
    and has a live person behind it.

    "Any spammer worth his salt is not going to follow Can Spam," said
    Scott Petry, Postini's founder and senior vice president for products
    and engineering, "because it would be filtered out immediately."

    Defenders of the Can Spam Act say blaming any one law is far too

    "Most people say it's a miserable failure," said Anne Mitchell, who
    helped draft the legislation and is the chief executive of the
    Institute for Spam and Internet Public Policy, a research group in
    California. "But I see it as a lawyer would see it. To think that law
    enforcement agencies can make spam stop right away is silly. There's
    no such thing as an instant fix in the law."

    She and others note that filtering software has become particularly
    adept at catching the vast majority of spam before it ever gets to a
    user's in-box. Legitimate e-mail messages do sometimes get caught in
    such nets - a drawback that generates its own chorus of complaints.
    But some specialists have also suggested that the overall success of
    identifying and weeding out junk e-mail from in-boxes may actually
    help explain the current surge in spam.

    "The more effective the filtering technology," Ms. Mitchell said, "the
    more spam they have to send to get the same dollar rate of return."

    Those rates of return can be staggeringly high (and the costs of entry
    into the market relatively low).

    A spammer can often expect to receive anywhere from a 25 percent to a
    50 percent commission on any sales of a product that result from a
    spam campaign, according to a calculus developed by Richi Jennings, an
    Internet security analyst with Ferris Research, a technology industry
    consulting firm.

    Even if only 2,000 of 200 million recipients of a spam campaign - a
    single day's response rate for some spammers - actually go to a
    merchant's Web site to purchase a $50 bottle of an herbal supplement,
    a spammer working at a 25 percent commission will take in $25,000. If
    a spammer makes use of anonymous virus-enslaved computers to spread
    the campaign, expenses like bandwidth payments to Internet service
    providers are low - as is the likelihood of anyone's tracking down who
    pushed the "send" button.

    The overlapping and truly global networks of spam-friendly merchants,
    e-mail list resellers, virus-writers and bulk e-mailing services have
    made identifying targets for prosecution a daunting process. Merchants
    whose links actually appear in junk e-mail are often dozens of steps
    and numerous deals removed from the spammers, Mr. Jennings said, and
    proving culpability "is just insanely difficult."

    The new federal law does give prosecutors some leverage to go after
    the merchants - but it must be proved that they knew, or should have
    known, that their wares were being fed into the illegal spam chain.

    "We wait to see a real test case of that," Mr. Jennings said.

    In the meantime, analysts predict, more viruses will commandeer more
    personal computers as zombie spam transmitters - which besides free
    relays give spammers a thicker cloak of anonymity. Mr. Jennings
    estimates that hijacked machines handle 50 percent of the spam stream,
    and other analysts have put the percentage higher.

    Analysts also expect more use of virus bombs - called directory
    harvest attacks - to wrest working e-mail addresses from Internet
    service providers. "It's the silent killer of e-mail servers," Mr.
    Smith of Postini said.

    And bulletproof services like Mr. Gillespie's and another,
    [4]Buprhost.com, are intent on continuing to offer spam-friendly
    merchants a haven from antispam complaints, starting at $89 a month.

    "If your Web site host receives complaints or discovers that your Web
    site has been advertised in e-mail broadcasts, they may disconnect
    your account and shut down your Web site," explains Buprhost.com,
    which promises no such disruptions. "The reason we can do this is that
    we put your Web site in our overseas server where the local law will
    protect your Web sites."

    "It's very simple," Mr. Petry of Postini said of the junk e-mail
    scourge. "Spam is technically very easy to send."

    Which is why, according to Aaron Kornblum, Microsoft's Internet safety
    enforcement lawyer, suits against spam enablers like Mr. Gillespie are
    an important, if incremental, new front to pursue.

    "Microsoft's efforts in filing these lawsuits is to stop spammers -
    and in this case hosting services that cater to spammers - from plying
    their trade," said Mr. Kornblum, who noted that Microsoft was working
    to enforce the $1.4 million judgment against Mr. Gillespie.

    "Our objective with sustained enforcement activity is to change the
    economics of spamming, making it a cost-prohibitive business model
    rather than a profitable one."


    1. http://www.nytimes.com/redirect/marketwatch/redirect.ctx?MW=http://custom.marketwatch.com/custom/nyt-com/html-companyprofile.asp&symb=MSFT
    2. http://www.nytimes.com/redirect/marketwatch/redirect.ctx?MW=http://custom.marketwatch.com/custom/nyt-com/html-companyprofile.asp&symb=SBUX
    3. http://www.nytimes.com/redirect/marketwatch/redirect.ctx?MW=http://custom.marketwatch.com/custom/nyt-com/html-companyprofile.asp&symb=YHOO
    4. http://Buprhost.com/

More information about the paleopsych mailing list