Spoutin' Off: All the Web's citizens must join spam fight

By Michael E. Rau

April 18, 2005

You may have read something in the last few days about the conviction and sentencing of a guy named Jeremy Jaynes for crimes associated with spamming. Now don't get me wrong. Anything which might legally attack this scourge is a blessing. But can you actually expect any impact on how much spam you receive?

The sad truth is no.

Before his arrest, authorities said Jaynes and his operation were pumping out up to 10 million emails a day and grossing as much as $750,000.00 per month. Prosecutors said thousands of people fell for their scams.

You have to give credit to Virgina Attorney General's office for taking the most aggressive steps yet towards combating spam. No other law enforcement agency at any level has been as engaged in addressing the problem. But in the scheme of things, what does this apparently successful prosecution of Jaynes actually represent?

The presiding judge decided not to order Jaynes to begin serving his 9 year sentence because of his concern that either the law under which Jaynes was convicted or the conviction itself might be overturned on appeal. The appeals process will likely take up to another four years.

Regarding the two associates of Jaynes who were also prosecuted, one was found guilty and fined $7,500 (or 1% of what they grossed in a month) and the other was acquitted.

Considering the time and money expended to prosecute Jaynes, it seems unreasonable to expect that the Virginia Attorney General's office will be motivated to go after other spammers until they're sure, based on the results of the appeal, they can do so successfully.

Other states' anti-spam laws aren't nearly as strong as Virginia's, and I can find nothing which would indicate that the federal government has successfully prosecuted a violator under the “CAN-Spam Act”, a federal statute which closely mirrors the state law in Virginia.

The bottom line is that we cannot rely on government to provide any relief anytime soon.

So what can you do to protect yourself while putting a dent in spam?

Spam is only successful when the recipient responds. So NEVER, EVER respond to spam. If you must illegally buy drugs online, or a cable descrambler, or bootleg software, at least have the courtesy of doing so through a Web search or some other method so the rest of us aren't victimized by your spurious activities.

For the rest of us, always remember that there is NO deal available through an offer received via spam which is worth responding to.

I reiterate... NEVER, EVER respond to spam.

The same rule applies to exploits. These include phishing (trying to gain your personal information by making you believe your financial institution or some other entity needs you to reply and provide your login and /or other personal information) and viruses.

If you receive a request for personal or financial data, NEVER respond. If you're concerned that it's valid, contact the institution directly and ask them if they really need this information.

In the case of viruses, anti-virus software is the best way to catch it, but most importantly, NEVER open an attachment unless you're absolutely sure what it is and who it's from.

Now, we've talked about spam from the spammer's perspective, as well as he recipient's. But what about the middlemen?

Aggressive interdiction by internet service providers (ISPs) can make all the difference in the world. However, I think most ISPs hesitate to be aggressive because of fear of retaliation by the ISPs which they block. This mentality has to change. After all, spammers and exploiters are grifters of the worst type and any ISP which gives spammers aid and comfort deserves no sanctuary. Any ISP which claims they can't identify spammers on their system is lying through their teeth.

The Spamhaus Project (http://www,spamhaus.org) is an international non-profit organization which maintains a dynamic database of known spammers and exploiters (they're really not all that hard to track... It just takes a little bit of time and effort.). Spamhaus has a very high threshold for placing a spammer or exploiter on their lists and the people or operations on those lists are responsible for more than 80% of spam.

Spamhaus provides their SBL (spam blocker list) and XBL (exploits blocker list) to anyone for free. ISPs in turn can install software on their systems which use these lists to block spam and exploits. Spamhaus also offers a subscription to a dynamic database updating system which an ISP with appropriate software installed can set to query and update their lists automatically every 30 minutes.

I want to identify ISPs which utilize the Spamhaus SBL and XBL to block spam. If you are one, or know of one, please let me know. I'd also like to identify any third-party filtering service which uses SBLs and XBLs.

Only when ISP's which enable spammers and exploiters are held accountable by being exiled from the World Wide Web, will this plague be brought under control. SBLs and XBLs accomplish this.

I challenge all the Web's citizens to do their part.

Michael E. Rau is a mass-communications consultant in Virginia Beach. To send feedback or view past columns, visit: http://dailypress.asoundidea.com.

Copyright © 2005, Daily Press