Feds Hit Alleged Spammers in Sting

Officials at the Direct Marketing Association (DMA) confirmed Wednesday the
U.S. Department of Justice (DOJ) will announce arrests and indictments of
several alleged
American spammers at a press conference Thursday in Washington, D.C.

The DMA said some of those arrests were the result of
Operation Slam
Spam, a partnership between the DMA and the FBI, which launched in
August 2003. The New York-based industry organization
provides
funding, training for law enforcement officials and a database full of known
spammers.

“It’s about time, because the majority of spam that we get is just
egregiously illegal,” said John Levine, chairman of the Anti-Spam Research
Group (ASRG). “I’m glad to see they finally collected enough stuff that
they’re ready to move ahead and put these guys in jail where they belong.”

The DMA for years has been
working on ways to separate its organization, which promotes the legal
dissemination of commercial e-mails, from a spam community, which
blasts out millions of illegal unsolicited commercial e-mails (UCE)
monthly. Many of those use spoofed return e-mail
addresses, and they’re often
delivered through zombied computers to allow spammers to
avoid paying for
bandwidth fees.

In its statement, the DMA said its work with the FBI “helps engender greater
trust and comfort in legitimate commercial e-mail communications.”

It is likely the spammers will be charged
with violating provisions of the CAN-SPAM Act, legislation enacted
in January to respond to the growing threat of spam, which is
perpetuated many times by people located in the United States who host their
operations overseas where anti-spam laws aren’t as strictly enforced.

The CAN-SPAM Act says people and businesses can send e-mails, as long as
they abide by the constraints: They must include a valid IP address; contain
an electronics-based opt-out mechanism; indicate in the subject line that
it is an advertisement; and include a legitimate physical mailing address.

It’s likely the alleged perpetrators will also be charged under anti-fraud
laws that pre-dated CAN-SPAM. Before the legislation passed, the DMA had
long maintained that much spam was already illegal under existing federal
statutes.

In the past eight months, the new law has had little effect on spamming
activity. A recent report by security firm CipherTrust illustrates that 86
percent of the spam sent between May and July originated in the United States. A
Senate Commerce Committee hearing in May found wildly different
opinions on the effectiveness of the legislation, while only a few
arrests have actually been made since the bill’s passage. The first CAN-SPAM
cases didn’t occur until March and April.

It might be a little early to worry about the effectiveness of the fledgling
bill, however. Levine said that although it’s easy enough to see the
numbers of fraudulent spam, getting the FBI or DOJ to provide evidence of
guilt on a particular person or business is another thing entirely.

“It’s a very new part of law enforcement, and, as a result, building a case is
going to be difficult,” he said. “They’re going to have complicated,
technical evidence, and they’re going to have to educate the judges as to why
this evidence actually support the case and these guys are violating this
new law.”

A spokesman for the DOJ declined to comment. A spokesman at the FBI’s cybercrime division was not immediately available for comment.