Spam is an ever-increasing annoyance for consumers, but it is far more than that for those serving on the front lines of the bruising battle over junk e-mail and — some would say — the future of the Internet. For them, it also is the root of the hardball legal tactics, hacking, harassment and death threats that are the hazards of their chosen vocation.
At the heart of the fight lies a deceptively simple two-part question: How much — if any — junk e-mail should Internet users have to tolerate in their in-boxes and how can the flow be controlled?
But with the rising tide of spam — or unsolicited commercial bulk e-mail, as it’s more accurately known — the search for a middle ground between “none” and “as much as we care to send” is growing ever more difficult.
“An absolutely guaranteed way to create an irreconcilable conflict is to have two different groups of people with conflicting memories of the good old days,” is how John Levine, a board member of the Coalition Against Unsolicited Commercial E-Mail and operator of the spam-reporting service abuse.net, sums up the dispute.
Starkly divergent views
“In this case, you have the marketers’ good old days, when they could send mail to anyone they wanted, and the online community’s good old days on Arpanet, when you couldn’t send any commercial e-mail,” said Levine, who also is the author of “The Internet for Dummies.”
The level of hostility — high to begin with — has escalated with the adoption of increasingly sophisticated tactics by nefarious spammers, including the use of hijacked computers to send spam and identity theft to evade detection.
Such actions have hardened the zero-tolerance attitude of some in the anti-spam community and fueled the development of what is considered by some to be the online equivalent of a weapon of mass destruction — the anonymously run SPEWS (Spam Prevention Early Warning System).
SPEWS lists swaths of Internet real estate (IP addresses) that are known to be sources of spam, belong to spam-friendly Internet service providers or host Web sites advertised in spam. The list is used by some ISPs and network administrators to block e-mail from would-be spammers before it is sent, which sometimes results in “inadvertent blocking” of messages from Internet users and ISPs that have nothing to do with spam.
‘Vigilantes of the Internet'
“The people who are blacklisting ... are enacting their own revenge against people they decide on their own are guilty of spamming,” said Mark Felstein, a Florida attorney who is suing the unidentified operators of SPEWS for allegedly damaging his also unidentified clients. “They’re the vigilantes of the Internet.”
It is against this backdrop of hostility and distrust that the virtual combat unfolds each day, as enemies assume their posts at computers around the world and launch rapid-strike ad campaigns and real-time counteroffensives. The fighting intensifies by night, when the roughly 200 big-time spammers said to be responsible for 90 percent of the world’s junk e-mail, often working together in loosely grouped “spam gangs,” send their junk e-mail flying around the globe in numbers that would make a Pentagon accountant blanch.
The battlefield is vast, confusing and rapidly changing, as spammers shift the locations from which they are carrying out their bombardments in order to foil efforts to trace them. This, in turn, triggers repeated scrambles among the trackers to find, filter and report the new spam in hopes of getting ISPs to quickly kick the spammers off their networks.
It is difficult to tell the players without a scorecard, as many are not who they appear to be.
Virtually every spammer claims to be a legitimate e-mail marketer who only sends ads to customers who have “opted in,” or agreed to receive them. But some who swear they follow such business practices are criminals and cons who use every ruse available — both technical and rhetorical — to mislead and obfuscate their true activities.
Who’s telling the truth?
The difficulty in determing who is telling the truth and who isn’t is clearly illustrated by Scott Richter, 31, who ran bars and restaurants and managed real estate before jumping into direct marketing four years ago.
Richter told MSNBC.com that his Colorado company, OptInRealBig.com, is frequently added to blacklists and other spam registries “not because we do anything wrong, but because the vigilantes have their own personal agenda against commercial e-mail.”
But Spamhaus.org, which maintains the Registry Of Known Spam Operations (ROKSO), a ledger of world’s most prodigious spammers, says that Richter is a “long-term professional ‘porn and pills’ spammer who operates opt-out spamming under the guise of opt-in.”
Ronnie Scelson, a 30-year-old resident of Slidell, La., known as the “Cajun Spammer,” is one of the few practitioners of the secretive trade to acknowledge that he uses a variety of dodgy techniques to get his spam out, but maintains that he does so because anti-spammers have forced him to take such steps so he can remain in business.
Long considered one of the world’s biggest spammers but currently in the midst of bankruptcy proceedings, Scelson said he views his battle with the anti-spam forces as a defense of the principles of freedom and the American dream and vows to continue speaking out no matter what the cost.
‘I'm willing to die'
“I’m willing to die for what I believe in,” he said. “Look at Martin Luther King (Jr.). When they assassinated him, that’s when everything changed.”
Others take a calmer view of the struggle, as they try to make a living either by e-mailing ads for products and services to consumers or by devising ways to stem or eliminate the rising tide of spam.
Mary Youngblood, 34, head of Earthlink’s abuse team, said she is able to put her training as a suicide prevention counselor to good use in talking to people who have had their accounts canceled for violating the ISP’s terms of service.
“Having that training helps me to appraise situations and not to start ticking off people before I know what’s going on,” she said.
Youngblood also said that while she loves the thrill of the chase — she and her team conducted the investigation that led to the indictment of “Buffalo spammer” Howard Carmack — she doesn’t go home angry.
“I don’t take it personal,” she said. “I don’t get outraged and upset, but it’s a sort of a game that I want to win and I play hard.”
It is much harder to maintain an even keel, however, when faced with the kind of abuse that members of both camps say they are subjected to on a more or less regular basis.
Julian Haight, 32, owner of Seattle-based SpamCop.net, had his resolve tested this summer when he spent many weeks fending off denial-of-service attacks aimed at crippling his Web site, which helps people trace and report the source of unwanted e-mail and — for a fee — download spam-filtering software.
One of the attacks is the result of what Haight described as a “trojan” virus that, when it is unwittingly installed on other computers by users who open the file, launches attacks against the SpamCop Domain Name Server.
“As long as that code is floating around out there, it’s going to keep attacking,” he said, adding that the virus apparently was circulated through spam.
Briton Steve Linford, the 45-year-old founder of Spamhaus.org and keeper of the ROKSO registry of notorious spammers, said that he is regularly threatened with another form of “mail bombing” — the kind that explode in your hands when you open them.
“They are so brazen that they’ll issue a death threat against you using their own e-mail address,” he said of the “professional scumbags” who end up on ROKSO.
Those on the other side of the fence say the retribution flows both ways.
Cal Smith, a 73-year-old Canadian who lists his occupation as “spam teacher” and claims to help “little people, old ladies on the web who are trying to supplement their income because they can’t make it on their pension,” said he turned to teaching the techniques of mass e-mailing because it was safer.
“As soon as I learned how to do it, then I started to teach it … because spam is dangerous,” he said. “It’s like walking along the street by a 7-Eleven in a ghetto. You’re going to get mugged all the time.”
Smith and other e-mailers who say they follow the rules set forth in a confusing patchwork of state spam laws complain that many anti-spammers make no distinction between law-abiding e-mail marketers and the notorious spammers who attempt to hide their identities and frequently market fraudulent products.
Anti-commerce ‘hate groups'
“I have a beef against what I consider hate groups that are trying to shut down commercial e-mail,” said Laura Betterly, 41, the president of Data Resource Consulting Inc., who said she was threatened and harassed after being dubbed the “Spam Queen” in an article last November in the Wall Street Journal.
In addition to the usual “I know where you live” threats and unwanted magazine and catalogue subscriptions, she said she was awakened early one Sunday morning by a phone call from an emergency help line manned by a volunteer at a national bed wetting association.
“Obviously there are a lot of people out there with a lot of time on their hands,” she said. “It’s shocking because I could be highly emotional about 9/11 and teenage pregnancy but, at the end of the day, we’re talking about e-mail.”
Such complaints draw little sympathy in the anti-spam community, even among those who calls such abuse counterproductive.
“They’ve poisoned the village well and now the villagers have gotten out their pitchforks, and deservedly so,” said Neil Schwartzman, head of CAUCE Canada and publisher of “Pete Moss’ SpamNews.”
While much of the abuse heaped on spammers amounts to teenage pranks, the vengeance occaisionally can be criminal and cruel.
Consider the case of Rodona Garst, a Clarksville, Tenn., spammer who allegedly had the misfortune to forge the domain of a network overseen by an administrator with the wherewithal to mount a forceful response. The administrator, who created a Web site detailing the case, said the forgery on a series of e-mailings to make it look as if they originated on his network resulted in “thousands of undeliverable emails flying back at my mail server.”
The administrator, who identifies himself on the Web site only as “Man In The Wilderness,” claimed he set a trap for Garst that enabled him to hack into her computer and those of numerous associates and download 100 megabytes of data. The assembled evidence made it clear, he said, that Garst and her company, Premier Services Inc., stole e-mail addresses and passwords from gullible AOL users for use in sending spam, touted stocks in violation of Securities and Exchange Commission rules and spammed a wide variety of products, including pornography sites.
To exact a measure of revenge, “Man In The Wilderness” posted the downloaded information on the Web site, including instant message logs detailing conversations among the spammers and, under the heading “Let’s Get Brutal,” partially nude photos of Garst that he said were found on her hard drive.
Some of the allegations on the Web site are unproven. But the SEC, in a settlement of a complaint against Garst in December 2002, verified many details of the “pump-and-dump” stock scam and ordered her to pay the government $15,673 — the amount she realized from stock sales and fees she earned for fraudulently touting four stocks in her e-mail campaigns.
Stock spammers executed
While Garst lost her privacy and her ill-gotten gains, spammers Alain Chalem and Mayir Lehmann may have paid the ultimate price for their stock-touting activities.
Chalem, 41, and Lehmann, 37, were found shot to death on Oct. 27, 1999, in the Colt’s Neck, N.J., estate that Chalem shared with his girlfriend and her 13-year-old son. Chalem had been shot in the chest and five times in the head; Lehmann was shot in the leg and once in the back of the head.
Sgt. Joe Whitehead of the Colt’s Neck Police Department declined to say whether the execution-style killings are believed to be linked to the men’s stock spamming activities, saying only that the case remains under investigation.
While such a connection remains unclear, Schwartzman, the Canadian anti-spammer, said the manner of the killings suggests the involvement of organized crime in the stock scam and underscores the rising stakes and emotions in the spam battle.
“If they’re killing their own, it’s only a matter of time before somebody in the anti-spam community gets killed,” he said.
Schwartzman said the Federal Trade Commission, which hosted a recent workshop on spam, took the level of animosity into account in preparing a list of speakers that did not include “frothing-at-the-mouth militants” from either side of the fence.
No ‘settlers,’ ‘suicide bombers'
Comparing the volatility of such a gathering to peace talks in the Israeli-Palestinian dispute, he quipped, “When you’re searching for common ground, you don’t invite the settlers and you don’t invite the suicide bombers.”
Despite attempts to focus the debate, the three-day FTC workshop did not break any new ground. Participants were unable to agree on a definition of spam, with some in the marketing community saying the term should be applied only to fraudulently sent e-mail or advertisements for bogus products and voices from the other end of the spectrum saying it should apply to any commercial e-mail not specifically authorized by the recipient.
The presentations by 87 panelists also underlined the widely held view that there is “no silver bullet” to solve the spam problem, as FTC officials told Congress several weeks later. Instead, it will take a combination of legislation, law enforcement, technology and consumer action to prevent e-mail from being rendered useless to both individuals and businesses, they said.
In fact, the workshop’s biggest contribution may have been bringing longtime foes face to face, said Richter, the Colorado e-mailer.
“It gave people a chance to see us in a different light … and realize that we’re not hiding behind closed doors,” he said. “You can find us. We’re in the phone book and we’re visible.”
But SpamCop’s Haight said the forum only underlined his sense of foreboding.
“The spammers are winning in that the legitimate use of e-mail is in decline,” he said. “It’s sort of like the loss of innocence of e-mail. And it’s going to get worse. I think it’s going to get to the point where you can’t send someone an e-mail unless you call them on the phone first and tell them it’s coming. A lot of people are at that point already.”