Security

FBI plans spammer smackdown

Not one bulk e-mailer has been criminally charged under the law so far, but the FBI says it's targeting 50 of the most noxious spammers for prosecution.

Stay on top of the latest tech news with our free IT News Digest e-newsletter, delivered each weekday. Automatically sign up today!

By Declan McCullagh
Staff Writer, CNET News.com

It's been nearly six months since President Bush signed the first federal spam law with criminal sanctions—and not one bulk e-mailer has been criminally charged under it so far.

But the FBI told Congress on Thursday that it has "identified over 100 " so far and is targeting 50 of the most noxious for potential prosecution later this year.

"Such cases may be investigated and prosecuted as computer intrusion matters, or as online cyberfrauds which may lend themselves to a variety of existing state or federal statutes, including the ," Jana Monroe, the FBI's assistant director of the cyber division, told the Senate Commerce Committee.

She didn't offer much in the way of details, except to say that an "initiative is being projected for later this year in which it is anticipated that criminal and civil actions under the will be included."

Monroe was among a handful of witnesses to appear before the Senate Commerce Committee in its first look at how the Can-Spam Act has worked since it took effect Jan. 1.

"Since our review of this issue last May, the volume of spam received by American consumers has risen unabatedly," said committee Chairman John McCain, R-Ariz. "Spam now accounts for anywhere from 64 percent to 83 percent of all e-mail traffic on the Internet."

So far, the impact of Can-Spam is unclear, but most witnesses suggested taking a long-term view and cautioned that it takes time to gather evidence in both civil and criminal cases.

Instead of banning spam outright, Can-Spam requires that spammers follow certain guidelines and honor unsubscribe requests. It does outlaw the use of so-called ""—computers running Windows that have been taken over and used as spam-bots—and punishes such an act with up to three to five years in prison. Such behavior could also be illegal under the Computer Fraud and Abuse Act, which has long been on the books.

One bulk e-mailer, Ronald Scelson, testified that he is being discriminated against for abiding by Can-Spam.

Scelson said that even though his torrent of outgoing e-mail complies with the Can-Spam Act, Internet providers are continuing to block him. "When we mail under the new law, the major ISPs focus on our From: addresses, Subject: lines, our company information, and our disclaimers on the bottom of the e-mail as well as our IP address. They use this information to block our e-mails," Scelson said. A law designed "to curtail fraud, is in fact curtailing our ability to engage in free enterprise."

Singling out America Online as having some of the most annoying e-mail filtering policies, Scelson said: "They don't care what your (Congress') law is. We cannot send bulk mail...Destroying people's private e-mail is wrong."

"He's misinformed," AOL Vice Chairman Ted Leonsis said in response, adding that Scelson would not abide by AOL's rules for "white listing," which would mean his outgoing e-mail would not be filtered as spam.

Editor's Picks