FBI about to punish spammers

May 21, 2004

It's been about six months since the first federal spam law with criminal sanctions was signed in USA, but none of those bulk unsolicited e-mailer senders have been criminally charged under it so far. The situation is about to radically change within this year: FBI told Congress on Thursday that it has "identified over 100 significant spammers", and "is targeting 50 of the most noxious for potential prosecution".

"Such cases may be investigated and prosecuted as computer intrusion matters, or as online cyber frauds which may lend themselves to a variety of existing state or federal statutes, including the recently passed Can-Spam Act," said Jana Monroe, the FBI's assistant director of the cyber division.

Monroe didn't say much about any details, except that an "initiative is being projected for later this year in which it is anticipated that criminal and civil actions under the Can-Spam Act of 2003 will be included."

Monroe was among of witnesses to appear before the Senate Commerce Committee in its first look at how the Can-Spam Act has worked since it took effect this January. "Since our review of this issue last May, the volume of spam received by American consumers has risen unabatedly," said committee Chairman John McCain, R-Ariz. "Spam now accounts for anywhere up to more than 80 percent of all e-mail traffic on the Internet."

Instead of banning spam outright, Can-Spam requires that spammers follow certain guidelines and honor unsubscribe requests. The Act only does outlaw the use of so-known "zombies", i.e. computers that have been taken over and used as bridgehead to further send unsolicited mails and act as so called "spam-bots", and punishes such an act with up to three to five years in prison. Such behavior could also be illegal under the Computer Fraud and Abuse Act, which has long been on the books.

However, not everything is going smooth when it comes to real life. The major problem is that not everybody who sends bulk e-mails is an unsolicited e-mail sender. Many companies do send bulk mail to communicate with their customers and partners.

An illustrating example is Ronald Scelson, who testified that he is being discriminated against for abiding by Can-Spam. Scelson claims that even though his outgoing e-mail complies with the Can-Spam Act, Internet Service Providers are still banning him. "When we mail under the new law, the major ISPs focus on our From: addresses, Subject: lines, our company information, and our disclaimers on the bottom of the e-mail as well as our IP address. They use this information to block our e-mails," Scelson said. A law designed "to curtail fraud, is in fact curtailing our ability to engage in free enterprise."

Singling out America Online as having some of the most annoying e-mail filtering policies, Scelson said: "They don't care the law is. We cannot send bulk mail...Destroying people's private e-mail is wrong."

"He's misinformed," AOL Vice Chairman Ted Leonsis said in response, adding that Scelson would not abide by AOL's rules for "white listing," which would mean his outgoing e-mail would not be filtered as spam.