Individuals such as online marketers who distribute spam. Email users receive spam for the same reason that people receive junk mail through regular mail: Marketers are trying to sell others their products or services. Because email is cheaper than regular mail, email users tend to get an abundance of spam. Spammers derive their mailing lists from many sources, including by scanning Usenet discussion groups, searching the Web for likely addresses, and guessing email addresses at random.
Fighting spammers is a difficult battle at the best of times. During March and April 2005, two legal cases showed both successes and failures in this regard.
The March 2005 case involved a North Carolina woman charged and then released from spamming charges. Jessica DeGroot, aged 28, was dismissed of spamming charges under the new Viriginia Antispam law because the jury apparently got buried in a heap of technological evidence that it could not understand. The charged woman allegedly flooded tens of thousands of AOL email accounts with unsolicited bulk advertisements. This case fuels pessimism about stopping spammers despite such efforts as the passage of the CAN-SPAM Act, blacklists, and Bayesian filters that try to differentiate between legitimate mail and spam by applying statistics.
The April 2005 case involved spammer Jeremy Jaynes of Raleigh, North Carolina, who went by the name Gaven Stubberfield and was described by prosecutors as being among the top 10 spammers in the world. Jaynes was sentenced to nine years in prison for his spamming exploits. This is considered to be a landmark case because it was the United States’ first successful felony prosecution for transmitting spam over the Internet.
The Virginia jury ruled that Jaynes should serve nine years for transmitting 10 million emails daily using 16 high-speed lines. Jaynes apparently earned as much as $750,000 a month on his spamming operation. The case is being appealed.
To move ahead in the fight against spammers, Meng Weng Wong, founder of the email forwarding service Pobox.com, is asking enterprises to join a movement to support proposed new standards for email sender authentication. The new services proposed by Pobox.com will rate email messages against thousands of criteria and then send spammers away by treating all email as “guilty” until proven “innocent.”
The proposed standards include the Sender Policy Framework (SPF) and Microsoft’s Sender ID Framework (SIDF). SPF is an SMTP extension rejecting messages when the “From” field domain sender names do not match authorized IP addresses for that domain. SIDF combines SPF with Microsoft’s Caller ID for email.
The challenge is that SIDF and SPF will be successful only if a critical mass of enterprises agrees to be part of the movement by registering records of their domain names and IP addresses at sites such as Pobox.com. At this early stage of the movement, some companies, such as Microsoft, Amazon, and eBay, are in favor; others, such as Yahoo!, are against the movement for a variety of reasons. In June 2005, an industry working group lead by Yahoo! and Cisco announced a new standard for mail authentication named “DomainKeys Identified Mail,” which was subsequently submitted to IETF for consideration as a standard. Yahoo! is using the standard for their mail systems, and, as of March 2006, claims to process hundreds of millions of messages signed with DomainKeys per day. No commonly used standard has emerged yet.
Associated Press. Spammer Sentenced to 9 Years in Prison in Landmark Case. The Globe and Mail, April 9, 2005, p. B7; Baard, M. In the Dark About Solutions for Spam? [Online, March 3, 2005.] TechTarget Website. http://searchsecurity.techtarget.com/original Content/0,289142,sid14_gci1064501,00.html; Demon Spam-Filtering Service. Frequently Asked Questions. [Online, 2004.] Demon Spam-Filtering Service Website. http://www.demon .nl/eng/products/services/spamfilterfaq1.html. Jordan, S. Email Authentication Myths and Misconceptions. [Online, 2006]. Messaging News Website. http://www.messagingnews.com/ magazine/2006/03/features/email_authentication_myths_misc.html.