Monday, October 15, 2007

.

Porn-spammers sentenced in CAN-SPAM conviction

Two men who were convicted in June under the CAN-SPAM Act of 2003, were sentenced on Friday:

Two men who sent millions of unsolicited pornographic e-mail messages have been sentenced to more than five years in federal prison as part of a prosecution under a federal antispam law, officials from the Department of Justice said Friday.

The men, Jeffrey A. Kilbride of Venice, Calif., and James R. Schaffer of Paradise Valley, Ariz., bought lists of e-mail addresses and sent the owners of those addresses links to pornographic Web sites, prosecutors said.

[...]

The two men were also ordered to forfeit $1.3 million.

A $1.3 million fine and “more than five years” in prison is a pretty good sentence for these guys. But I wonder where the forfeiture amounts come from. The news item says they made “more than $2 million in commissions,” so why didn’t they have to turn over that amount, rather than something approaching a million dollars less?

Still, it’s good to see convictions and decent sentences under CAN-SPAM, which has turned out to be a helpful, if flawed law.

Its major flaw is that it defines an “opt out” system, where spammers are allowed to send you mail until you tell them not to, as long as they follow certain rules, which include not lying about who sent it, and providing a working online mechanism for you to remove your address from future mailings. That sounds OK, but it means that you have to deal with the initial wave of spam, and you have to trust that when you click the “unsubscribe here” link, it doesn’t just get you into more trouble.

And that last is the trickiest bit. Conventional wisdom says that clicking on those will “confirm that they have a good address,” and that it “will only get you more spam.” While recent studies show that’s actually not the case as often as it used to be — that the opt-out links do, indeed, work much of the time — it’s true often enough that it deters people from using the very mechanism that the law puts there. And that’s probably just as well, because the unscrupulous ones not only won’t remove you from their lists, but they’ll also use the opt-out link to try to install zombie software on your computer.

CAN-SPAM should be changed to an opt-in system, as is the case with the European anti-spam laws, as well as the much-lauded Australian law. Under those systems, no one can advertise at you unless you sign up for it. That’s not to say that Europeans and Australians don’t get spam — only that what they do get is more clearly illegal, making the bar for prosecution easier to clear.

Of course, the marketing folks have lobbied strongly against opt-in systems, because they get a lot of benefit from the way things work today.

No comments: