Meanwhile, few junk emailers are complying with the new regulations. One study declared that less than 3 percent of all spam is fully in compliance with CAN-SPAM. Another analysis found that even legitimate marketers are slow to adhere to the law. Only 36 percent of the email offers from mainstream companies meets CAN-SPAM's requirements.
Yet in Australia, a tougher, opt-in spam law seems to be making a difference. Just months after the enactment of Australia's Spam Act of 2003, several of the country's larger spam outfits appear to have closed up shop. (Failure to comply with the law, which prohibits spamming consumers without their consent, can result in penalties of up to AU$1.1 million per day for repeat offenders.) Admittedly, Australia isn't a significant source of junk email; the nation isn't even on Spamhaus's list of the top ten spam countries. But Spamhaus director Steve Linford and other spam opponents are taking heart.
"Governments looking to get it right and implement effective legislation need look in one direction only—follow Australia!" wrote Linford in a July 2004 statement at Spamhaus.org.
The first half of 2004 also saw a number of promising developments in defeating spam through technology. More consumers recognize that equipping their computers with spam-filtering programs is just as important to online hygiene as using anti-virus software. At the same time, several major ISPs and software manufacturers are looking to new technology in the fight against email forgery at the server level. Many have already taken steps to adopt systems designed to verify a message's true source. One solution, based on technology known as Sender Policy Framework (SPF), has the backing of Microsoft and AOL, among others. Another option, the Trusted Email Open Standard (TEOS), adds encoded data to message headers to help email users sort out incoming spam from legitimate email.
But the pernicious root of the spam crisis does not appear to be legislative or technological. It is human—in particular, the humans who buy from spammers.
The ability to move relatively incognito online may have created a perfect medium for surreptitious e-marketers such as Davis Hawke and the rest of the two-hundred-plus spammers listed on the Spamhaus Rokso list. But the Internet has also engendered a corresponding segment of consumers. Call them furtive shoppers.
Why does so much spam tout penis pills, pornography, black-market software, multilevel marketing schemes, and other illicit products and services not generally available in offline stores? It's not just because legitimate, ethical marketers have mostly eschewed email advertising or are having their messages drowned out by pitches from the likes of Amazing Internet Products. Blame it on junk email's customer base. After all, as Hawke's evolving product portfolio shows, spammers sell whatever people will buy from them.
The Internet didn't invent plain, brown-wrapper deliveries. But spam provides Internet users with new levels of anonymous access to the dodgiest of items. By double-clicking a hyperlink in a spam message, consumers can order cable descramblers, "free" government grants, and fake diplomas. Thanks to junk email, any consumer with an Internet connection and a credit card now has access to raunchy, and in some cases illegal, porn without the inconvenience of having to drive to the nearest adult bookstore. From the privacy of their homes or offices, spam recipients can get nonprescription access to controlled drugs via the web sites of fly-by-night apothecaries on servers in South America.
If email were around during the Prohibition, you can bet that spammers would have been selling moonshine.
In an effort to cut off junk emailers from their customers, an international trade group known as the Internet Industry Association (IIA) unveiled an unusual initiative in late 2003. Known as the "Hit Delete" campaign, the IIA's effort was essentially a boycott. According to the group, which included AOL, Yahoo!, Microsoft, and other major Internet firms, the best way to discourage spammers is not to buy from them.
"If enough users started hitting the delete key on questionable, unsolicited offers, the commercial case for spamming will soon erode," said an IIA press release. But less than a year later, the Hit Delete campaign's web site has been dismantled, its user education program apparently a bust.
Such efforts seem doomed to failure, as long as junk email successfully taps into consumers' private hopes and dreams for themselves. According to Latham & Watkins cyber lawyer Jennifer Archie, who has studied more than her share of junk email, spam reveals something profound about the American consumer psyche.
"People say, 'I can have a university degree overnight. The government is going to give me money, not take it away. I can be thinner and more virile. I can have better sex.' Something about email gives them hope it's all possible," said Archie.
Maybe Davis Hawke was right about one thing: some people are stupid.
As this book was going to press, Davis Hawke was still living somewhere in Rhode Island. He continues to frequent online spammer forums using a variety of aliases. He also persists in sending spam and selling mailing lists. A federal court has ruled Hawke in default on AOL's lawsuit against him. The ISP has asked the court to order Hawke to pay AOL in excess of $10 million in damages resulting from his spams.
Brad Bournival, also awaiting the resolution of the AOL litigation, is believed to be close to an out-of-court settlement. Currently unemployed, he is living off his savings and devoting more time to chess. He intends to move out of his 5,300-square-foot rented home into a smaller, less expensive place.
The whereabouts of Jacob Brown and Mauricio Ruiz are unknown. Both are in default on the spam lawsuits pending against them. In August 2004, a judge permanently enjoined Brown from spamming Verizon Wireless customers.
Susan "Shiksaa" Gunn remains a volunteer for the Spamhaus Project. She continues to be an infrequent contributor to the Nanae newsgroup.
Director Steve Linford announced in June 2004 that Spamhaus would begin charging its biggest customers a subscription fee for the previously free spam-blocking service. Earlier in 2004, Linford was honored by the British Internet Service Providers Association, which named him its "Internet Hero" of 2004.
In July 2004, the office of the New York Attorney General announced a settlement with Scott Richter. Under the deal, Richter agreed to pay the state $50,000 in fines and legal expenses and to allow state officials to regularly audit aspects of his business. Richter's suit from Microsoft is still pending. In April 2004, Richter sued the SpamCop spam-reporting service for $1 million, alleging trade libel and tortious interference. In September 2004, SpamCop announced it had settled the lawsuit, with neither party making any changes to its practices. In June, Richter announced he was abandoning plans to market a line of "Spam King" apparel after receiving warnings from Hormel, owners of the SPAM trademark.
George Alan "Dr. Fatburn" Moore settled litigation with AOL and Symantec in December 2003. He is currently buying and selling real estate, as well as running a multilevel marketing program for diet pills and other health products from his web site, UltimateDiets.com.
Jason Vale was sentenced to sixty-three months in federal prison in June 2004 for criminal contempt. Vale is currently serving his sentence in the Brooklyn Metropolitan Detention Center but has reportedly asked for a transfer to a penitentiary in Florida. Vale has said he will not accept traditional medical treatment, including surgery, for the tumor in his back.
Karen Hoffmann continues to serve as an email marketing and abuse desk consultant to several clients.
Thomas Cowles is awaiting a September 2004 retrial in Florida's Broward County Court. In June 2004, a hung jury was unable to come up with a verdict on the third-degree grand theft charges against him. Cowles and his firm, Empire Towers, remain on the Spamhaus Rokso list, a position they have held since October 2000.
David P. D'Amato (a.k.a. Terri Tickle) was released from prison in February 2002. He is believed to be living somewhere in New York State, where he holds a permanent teaching certificate, according to officials with the New York School Education Department.
Rob Mitchell is a full-time public school teacher in
Texas. Heno longer frequents Nanae or fights spam.
Rodona Garst was sued for stock fraud by the Securities and Exchange Commission in July 2002. In December of that year, she settled the lawsuit by agreeing to pay $15,673 to the U.S. Treasury, an amount representing her profits from the pump-and-dump scheme.
Ronnie Scelson claims he is sending out up to 40 million CAN-SPAM-compliant junk emails per day. He told members of the U.S. Congress in May 2004 that he was recently forced to move his office into a former nuclear fallout shelter due to threats and harassment from anti-spammers.
Andrew Brunner was removed from the Spamhaus Rokso list in late 2001. Brunner continues to sell Avalanche bulk email software from his site, CyberCreek.com.
For the past two years,Sanford Wallace has been operating Club Plum Crazy, a popular nightclub in Rochester, New Hampshire. In 2004, Wallace moved to Las Vegas, where he hopes to open the area's first chemical-free nightclub for people aged eighteen to twenty.
Glossary
Glossary
Affiliate
A spammer who sends junk email on behalf of a sponsor, usually on a commission basis.
AIM (AOL Instant Messenger)
A free computer program published by AOL that allows users to communicate instantly through text messages to other AIM users.
Anti
Short for anti-spammer. A term used by spammers to refer to people who fight junk email.
AUP (acceptable use policy)
A collection of rules set by an Internet service provider that restrict how customers may use the service. For example, many AUPs expressly prohibit users from sending spam.
Blackhole list
A list used to filter spam or cut off traffic to spam sites. Typically, such lists contain a collection of Internet protocol (IP) addresses or domains used by spammers.
Blacklist
See Blackhole list.
Blog
An online journal of short web postings, usually posted in reverse chronological order (most recent item first).
Brute-force attack
In spamming, a computerized attempt to deliver an email ad that involves randomly constructing possible valid addresses. For example, a brute-force attack might begin by sending spam to [email protected] and then try [email protected], etc. (See also Dictionary attack.)
Bulker
Used by spammers to refer to people who send spam.
Bulletproof hosting
A web server that stays accessible for long periods of time and is relatively immune to complaints from anti-spammers.
Caller ID
A telephone feature that displays the name and/or number of the calling party when an incoming call is received.
CAN-SPAM (The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003)
The first U.S. law governing junk email, which went into effect January 1, 2004.
CAUCE (Coalition Against Unsolicited Commercial Email)
A volunteer organization created in 1997 to advocate for a legislative solution to the spam problem (http://www.cauce.org/).
Chickenboner
A label given to small-time spammers. Anti-spammers stereotype chickenboners as living in mobile homes with a personal computer on the kitchen table, surrounded by empty beer cans and empty buckets of fried chicken.
Convert (v.)
Used by spammers to describe the act of a spam recipient responding positively to an email ad. A "high-converting list" contains email addresses likely to generate sales.
De-duped
Used by spammers to refer to mailing lists that have had duplicate email addresses removed.
Denial-of-service attack
Also known as a DOS attack. An incident in which a malicious Internet user attempts to prevent other users from using online resources such as the Web or email. In a distributed denial-of-service (DDOS) attack, a group of Internet users flood another computer on the network with so much data that it may crash or be unable to handle real network traffic.
Dictionary attack
In spamming, a computerized attempt to deliver an email ad that involves constructing possible valid addresses using common words or names. For example, a dictionary attack might begin by sending spam to [email protected] and then [email protected], etc. (See also Brute-force attack.)
DNS (domain name server)
A system used to route Internet traffic by translating alphanumeric domain names into numeric Internet protocol addresses. (See also Domain and IP address.)
Domain
A name, such as oreilly.com, that identifies one or more IP addresses. Domain names are used to identify particular web pages as well as email servers.
Drop box
A temporary email account, usually at a free, Web-based email provider such as Hotmail, used by a spammer to receive mailing-list removal requests, orders, or other communications. Drop boxes are used by spammers to protect their permanent email accounts.
DS3
A very high-speed, dedicated phone connection used mainly by Internet service providers to connect to the Internet backbone. DS3 lines are capable of sending data at rates up to forty-three megabits per second. (Also known as a T3 line.)
DSL (digital subscriber line)
A fast phone line used to connect a home or office to the telephone company's central switching station. Most residential DSL lines send data at rates around 128 kilobits per second, with download speeds of around one and a half megabits per second.
Extractor
A spam-related program designed to locate and compile email addresses from web pages, online discussion forums, and other Internet databases. (See also Harvesting.)
FBI (Federal Bureau of Investigation)
The United States law enforcement agency that is the principal investigative arm of the U.S. Department of Justice (http://www.fbi.gov/).
FDA (Food and Drug Administration)
The U.S. government agency established to regulate the release of new foods and health-related products (http://www.fda.gov/).
Flame war
An argument or fight that takes place in newsgroup articles or over email.
Forged
Used to describe a fraudulent email address or email headers.
Fresh
Used to describe proxies or email addresses that have been recently collected.
FTC (Federal Trade Commission)
The U.S. government agency charged with enforcing antitrust laws and prohibitions against false, deceptive, or unfair trade or advertising practices (http://www.ftc.gov/).
FTP (file transfer protocol)
A system for transferring files over the Internet from one computer to another.
GI (general Internet)
A mailing list composed of email addresses from a wide variety of ISPs.
Golden Mallet
An award given to elite anti-spammers to recognize "outstanding lifetime achievement in the spamfighting arts."
Harvesting
The act of compiling email addresses from web pages, online discussion forums, and other Internet databases, usually with the use of a special computer program. (See also Extractor.)
Headers
The part of an email message that includes the path the message took en route to its destination: a sort of electronic passport.
Home page
A web site. The term is also used to refer to the front page of a site.
Honey pot
An email server or proxy set up to attract spammers seeking open relays or proxies. Anti-spammers create honey pots to track the activities of spammers.
Host
A service that provides online systems for storing information, images, video, or any content accessible via the Web. Web hosts are companies that provide space on a server they own for use by their clients.
HTML (Hypertext Markup Language)
The computer language used to create documents on the World Wide Web.
ICC (Internet Chess Club)
/> One of the first online chess clubs, at chessclub.com.
ICQ ("I seek you")
A free instant-messaging program, such as AIM, that allows users to chat and send/receive files with other ICQ users.
IRC (Internet relay chat)
A chat system that enables people connected anywhere on the Internet to join in live, group discussions.
ISP (Internet service provider)
A company that provides access to the Internet.
IP (Internet Protocol) address
A unique number that is assigned to every computer connected to the Internet.
Joe-job
Spam designed to tarnish the reputation of an innocent third party. First used to describe such an attack on Joe Doll, webmaster of joes.com.
LART (Loser Attitude Readjustment Tool)
An email notifying an ISP that one of its customers is spamming. Also referred to as a mallet, since it is metaphorically used to clobber delinquent ISPs into action against spammers.
Leads
Sales prospects generated by spam. Leads are often sold by spammers to mortgage companies and other marketers.
List washing
Removing the addresses of complainers from spam mailing lists.
Spam Kings Page 32