Spam King Pleads Guilty in Seattle

arbitraryaardvark writes "The Seattle Times reports that spammer Robert Soloway has pled guilty to mail fraud and tax evasion, in exchange for the state dropping multiple counts of identify theft. 'The electronic-mail fraud charge is punishable by up to five years in prison. The tax charge is a misdemeanor and carries a maximum one-year sentence. The law also allows for fines against Soloway and his business of up to $625,000 on all charges. Both sides agreed to let U.S. District Court Judge Marsha Pechman determine not just the amount of prison time Soloway, 28, might serve but also the number of his victims, the size of any fine and the amount of restitution he may be ordered to pay.' We've previously discussed his arrest and mention in the New Yorker. The wire fraud felony count is based on selling $500 packages to wannabe spammers."

For sending too much email?

[Brian Gordon (987471)]

Why would they drop the charges of identity theft and charge him with sending too much email? Who cares if someone spams, SMTP is an open system and it's designed to indiscriminately deliver messages- CAN-SPAM is a terrible idea. If you don't want spam, just don't accept email from every mail server on the internet. ID theft and tax evasion are the real charges here.

Re:

[liquidpele (663430)]

Usually the prosecutor will only agree to drop charges if there was at least about a 40% possibility that they wouldn't hold up in court. My guess is that the charges dropped were put there mainly as bargaining chips to get him to plead guilty. I can't say for sure though since I didn't follow the case. Anyone know what the evidence was regarding the ID theft?

Re:

[arbitraryaardvark (845916)]

Anyone know what the evidence was regarding the ID theft?

I don't actually. But TFA mentioned how the Washington ID theft statute had never been used in that way before. In my original draft of the summary I described the ID charges as "iffy".
The deal is for potentially a lot of jail time. Fines and restitution don't matter much because he's sheltered all his assets after having gotten sued by Microsoft. 90% of criminal charges are resolved with plea bargains, and that usually involves dropping most charges

Re:For sending too much email?

[thyrf (1059934)]

That's all fair and well if you're only expecting email from certain servers, but for most of us a deny-by-all service doesn't cut it.

Re:For sending too much email?

[by Anonymous Coward]

Your post advocates a

(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. your idea will not work. here is why it won't work. (one or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) spammers can easily use it to harvest email addresses
( ) mailing lists and other legitimate email uses would be affected
( ) no one will be able to find the guy or collect the money
( ) it is defenseless against brute force attacks
( ) it will stop spam for two weeks and then we'll be stuck with it
(X) users of email will not put up with it
( ) microsoft will not put up with it
( ) the police will not put up with it
( ) requires too much cooperation from spammers
(X) requires immediate total cooperation from everybody at once
(X) many email users cannot afford to lose business or alienate potential employers
( ) spammers don't care about invalid addresses in their lists
( ) anyone could anonymously destroy anyone else's career or business

specifically, your plan fails to account for

( ) laws expressly prohibiting it
(X) lack of centrally controlling authority for email
( ) open relays in foreign countries
( ) ease of searching tiny alphanumeric address space of all email addresses
( ) asshats
( ) jurisdictional problems
( ) unpopularity of weird new taxes
( ) public reluctance to accept weird new forms of money
(X) huge existing software investment in smtp
(X) susceptibility of protocols other than smtp to attack
(X) willingness of users to install os patches received by email
( ) armies of worm riddled broadband-connected windows boxes
( ) eternal arms race involved in all filtering approaches
( ) extreme profitability of spam
( ) joe jobs and/or identity theft
( ) technically illiterate politicians
( ) extreme stupidity on the part of people who do business with spammers
( ) dishonesty on the part of spammers themselves
( ) bandwidth costs that are unaffected by client filtering
( ) outlook
(X) botnets

and the following philosophical objections may also apply:

(X) ideas similar to yours are easy to come up with, yet none have ever been shown practical
(X) any scheme based on opt-out is unacceptable
( ) smtp headers should not be the subject of legislation
( ) blacklists suck
( ) whitelists suck
( ) we should be able to talk about viagra without being censored
( ) countermeasures should not involve wire fraud or credit card fraud
( ) countermeasures should not involve sabotage of public networks
( ) countermeasures must work if phased in gradually
( ) sending email should be free
( ) why should we have to trust you and your servers?
( ) incompatiblity with open source or open source licenses
( ) feel-good measures do nothing to solve the problem
( ) temporary/one-time email addresses are cumbersome
( ) i don't want the government reading my email
( ) killing them that way is not slow and painful enough

furthermore, this is what i think about you:

(X) sorry dude, but i don't think it would work.
( ) this is a stupid idea, and you're a stupid person for suggesting it.
( ) nice try, assh0le! i'm going to find out where you live and burn your house down!

Re:

[olman (127310)]

I think I do have a solution to spam.

It goes simply like this - As the spam volumes keep on climbing and climbing and ever-decreasing volume of email is actually legitimate, "huge investment in SMTP infrastructure" becomes slowly more of a liability than asset.

You already need heavy-duty spam filtering SOMEWHERE to be able to use business email. I just realized some of my colleagues "just hit delete" on something like 50 emails per day because they lack the know-how to make simple thunderbird/outlook filter

Re:

[darkpixel2k (623900)]

I hate these forms.
Let's go through it

(X) technical ( ) legislative ( ) market-based ( ) vigilante

What other way will there be of blocking spam? Legislative won't work because there is no one governing body that controls the entire world and can punish those that do wrong.

Market based...well, it might work, but the solution will probable be some sort of technical device like a barracuda appliance.

Vigilante would work if we just shot all the spammers, but then those people would go to jail for mur

Re:

[frdmfghtr (603968)]

So, how does this fail ?

It fails because your Aunt Mathilda doesn't know the first thing about email encryption, nor does she care. Businesses won't mandate its use with the buying public because most of those customers will go somewhere else instead of changing their email habits. "Public keys? How does a key protect anything if it is public?" "Cryptographic signature verification?" Good luck explaining that the John and Jane Public.

I don't expect to see widespread use of email signing (or encryption

Re:For sending too much email?

[jd (1658)]

And you'll identify these e-mail servers how? By hostname? (Domain stealing, DNS poisoning, DNS injection) By IP address? (Fake IP headers + source routing, Router table poisoning, Zombies on legit servers, Zombies on any machine between legit server and target) By mail headers? (Zombies anywhere)

And you guarantee inclusion of legit traffic from mobile sources, how? You don't know what IP address or ISP will be used. What about legit mailing lists, where the originator is indeterminate?

X.400 provides much better authentication, and offers an API for repudiation, but if that's what people really wanted, we'd be using it. Or maybe everyone would use SMTP-over-SSL where client-side and server-side certificates were validated. We don't use them because people need the privacy, anonymity and flexibility of the existing system, although I'd argue almost anything is technically superior to the existing system.

In the end, although a totally secure option should exist, an insecure option should also exist that is controlled by policy rather than technology, and that ultimately means laws.

Re:

[sleeponthemic (1253494)]

ID theft and tax evasion are the real charges here.

The "real charges" are based on which charges are politically most popular and Spam is charge that raises the most ire.

Re:

[FlyingGuy (989135)]

You sound liek a spammer to me. If you are I really do hope you go to a federal recreation facility and room with a guy named "Buba" who really likes you.

Re:

[Nashville Guy (585073)]

I suppose the real crimes committed depend on your perspective. As an IT Director for a state government agency, I have to deal with the problem of spam directly. We have to budget for equipment and manpower (both of which have real costs) to maintain email as a viable method of communication with the people we serve. Money that could be better spent elsewhere to make more of an impact on our clients and ease the burden on taxpayers. Identity theft is an egregious crime, but it affects a much smaller po

Re:

[Phroggy (441)]

You don't know a whole lot about how email actually works, do you? Yes, it's a pain in the ass. You sound like you're having more problems with it than a couple state universities I know of though. Read up on the RFC's and learn how to get rid of most of your spam rather than go 'Chicken Little' will ya?

I don't know whether you understand how e-mail works, but you certainly don't appear to understand spam at all. Sure, of course familiarizing yourself with the SMTP RFCs is a good first step, but since most spam is RFC compliant, where does that get you? If you're not 1) spending a lot of time working on blocking spam, 2) spending a lot of money on blocking spam, or 3) letting someone else spend a lot of time or money to block spam for you, then your e-mail address just hasn't gotten distributed to very

Re:For sending too much email?

[ZorbaTHut (126196)]

Who cares if someone sends junk faxes, the phone network is an open system and it's designed to indiscriminately deliver messages - making junk faxes illegal is a terrible idea. If you don't want wasted toner, just don't accept phone calls from every bozo on the phone system.

And yet, oddly, junk faxes are illegal, because they cause a significant amount of cost for the receiver. Just like junk email does.

The law won't [i]fix[/i] things, of course. Junk faxing still occurs. But it might help, if it's designed properly.

Re:

[grumbel (592662)]

Do you have a telephone? Do you mind if I call you around the clock to advertise some junk? It is in a open system after all...

Spam these days is nothing more then a denial of service attack on the SMTP network and should be punished as such. Just because it is on open system doesn't mean abuse shouldn't be punished, quite the opposite actually, since it is an option system abuse must be punished, since it is the only way to get rid of it.

The days where it was easy to filter it out by hand and spam was just

I hope...

[tqphan (1066234)]

He shares a jail cell with men who have enlarged their penises, taken Viagra, and are looking for a new relationship.

Re:I hope...

[Bored MPA (1202335)]

Because rape, HIV, and Hepatitis aren't cruel and unusual punishment in your book? Or is that just the line you toss out to get out of jury duty?

Your comedic take is about as funny as the drunk guy I saw yesterday that said "Ooops, you just knocked over your home" when he walked past a homeless guy that dropped a cardboard box yesterday.

No, correction.....

[www.sorehands.com (142825)]

It is delicious irony.

Re:

[j00r0m4nc3r (959816)]

And got burnt when they dumped their life savings into HXMP, the hottest most promising stock of the decade!

The rules he's charged under suck

[Artifakt (700173)]

The major charge in this case seems to be that he defrauded a bunch of other spammers. For that, he faces serious time - conning a bunch of nasty people who had every intent to spam a lot of genuinely innocent people if they could. He faces only much more minor time and fines for not paying his fair share of taxes or for spamming anybody who wasn't themselves out to con people. The guy's pond scum, and a few years in medium security looks reasonable, but isn't this all sort of like arresting Clyde Barrow and threatening him with 30 days for each murder, 180 days each for the robberies, and 20 years+ for shortening shotguns?

Best Seattle Sentence

[Foobar of Borg (690622)]

He should be sentenced to be taken to Pike Place Market and slapped in the face with a salmon for each email sent while being forced to drink cheap coffee. Of course, that would probably a horrible waste of salmon.

Calm down!

[xaxa (988988)]

There's too many comments suggesting he should be killed, raped, or otherwise hurt. If you seriously approve of that kind of punishment, either
a) move to a country with Sharia law
b) save it for the worst offenders, those that actually murder others, like some US states do
c) grow up. At worst he's annoyed you, and maybe cost you a bit of time or money.

just a hunch...

[toby (759)]

But I don't think the Qur'an has much to say about punishing spammers.

Re:

[clarkkent09 (1104833)]

I don't think he should be killed or raped, but he should be put away for more than a year. The cumulative damage he caused to many people in bandwidth costs alone is probably much more than the guy who vandalized a few SUVs as an environmental protest and got 10 years or whatever, too lazy to look up the details. If you want to deter a crime that is easy to commit and where those committing it are hard to catch (as with spam) you do it by imposing harsher sentences.

Re:

[mpe (36238)]

I don't think he should be killed or raped, but he should be put away for more than a year.

In which case the most appropriate US prison for him would probably be Camp X-Ray.

Re:

[edwardpickman (965122)]

Sorry but I loose hours a week to deleting spam even with filters. Times that by all the computer users affected and it's a massive loss of time. Why should we loose millions of hours a week so he can hawk crap no one needs and 99% never respond to, he's playing a numbers game. Where in Sharia Law does it mention being locked in a cage with a rabid grizzly bear with a belly full of Viagra? Yes it's rediculous to execute the guy for cyber crime but the fact it was all done on a computer doesn't make it okay.

Re:

[mpe (36238)]

Sorry but I loose hours a week to deleting spam even with filters.

The filters arn't free either

Times that by all the computer users affected and it's a massive loss of time.

In the process making email a much less useful communication tool. Especially if someone misses real email in amongst all the spam or the spammers attempts to evade filtering mean that legitimate email winds up being filtered.

Why should we loose millions of hours a week so he can hawk crap no one needs and 99% never respond to, h

Re:

[hairyfeet (841228)]

I agree that it is also not very just. For a truly just verdict,he should be forced for one week to run down the streets of his hometown naked,while those that were spammed by him get to pelt him with fake viagra and penis pumps while laughing at his small dick.Then of course the resulting video should be posted to Youtube for all of us who can't make the trip.That would be just AND funny,although I do like the salmon thing,but only if he got smacked by the salmon by people he spammed.Need to think of the p

Re:Calm down!

[dissy (172727)]

There's too many comments suggesting he should be killed, raped, or otherwise hurt.

Seriously.

For the people advocating death/rape for this guy: just wait until you are falsely imprisoned, or simply imprisoned for a minor infraction such as telling your mind verbally to someone who turns out to be on the 'good' side of the law. It happens very frequently in this country. And non zero odds that it will happen to you as well.

To everyone else: don't get me wrong, I'm not at all saying Soloway is innocent and should not be punished for his crimes. Just that wishing cruel and unusual punishments on him, which sadly are highly likely to happen to anyone that ends up in jail or prison, will also be forced on a small part of the innocent population as well, and that it's never right.

I also don't feel stupidity should be punished with nightly beatings, rape, disfigurement, torture, and potentially murder in the prison system either, despite the fact that the people wishing these things on others will probably never learn just how stupid such desires are until it happens to them.
But I sure do wish there was less stupid people in the world, such as those that cheer for this sort of treatment.

Re:

[JediLow (831100)]

I wish I read the article before. Here're the numbers which he's actively responsible for (at least):

His company made at least $300,000 last year at $495 a shot - so he sold at least 606 of his packages in a year. With a package lasting 15 days it means he had to sell 24.3 packages to cover 20,000,000 people for one year (since he also sold email addresses and the cumulative effect of that would cover enough to hit the 20 min/month ratio) that means he could cover 500 million people/addresses in a year. W

Re:

[Anne Thwacks (531696)]

Please forward copies of this e-mail to the court, you congress critter and all members of the senate. (By snail-mail on account of its quite clear none of them reads e-mail)

Re:

[milsoRgen (1016505)]

w00t!

I don't think w00t! is the appropriate response as FTA:

One thing is clear from the plea agreement: Soloway does not have a lot of assets for the government to seize. Among the items Pechman will be asked to consider for forfeiture are Soloway's collection of 24 pairs of sunglasses, valued at more than $3,700; 27 pairs of shoes, worth more than $7,400; and clothing worth about $14,200.

HAHA! seems much more appropriate... Even though the guy apparently dresses nicer then I do by leaps and bounds.

Re:

[techno-vampire (666512)]

It seems only appropriate to seize those assets and auction them off to pay part of his fines. After all, I doubt he'll be allowed to use any of them in the slammer.

Re:

[SanityInAnarchy (655584)]

Actually, filters have been remarkably good for me. At work (Gmail), a spam slips through every few days. At home, I have an "unsure" box, which gets mostly spam (maybe 10 a day) and the occasional innocent mail -- out of hundreds hitting the actual spam folder.

Also, just about any other system would have problems worse than spam -- but it's hard to talk about something abstract. What, exactly, did you have in mind?

Re:If only it were so good...

[liquidpele (663430)]

I always envision a system where a new protocol (say smtpx) simply adds to smtp, adding authentication of where the mail is actually being sent from, allowing rate limiting error codes for domains/addresses, and a relationship trust mechanism built between servers.

Basically, a server could implement smtpx, so that all emails sent using it must be authenticated (no more header spoofing), cannot send X number of emails per Y period (for instance, not more than 10 per minute), and the sending server must have a trust score of at least 50/100 with at least 3 other trusted servers (you can set static trusted servers, like gmail etc which are alwasy checked).

Regular smtp would still be accepted for the time being, but would be put on a 30 minute delay before being delivered (or has some other limitation as incentive to use smtpx - like maybe no attachments?). Sure, you're company might not implement the limitations, but others might, which is why you don't want to deal with smtp - and if you convert smtp to smtpx, you become the sender, so you're trust score would go down if you start forwarding spam (because other servers would see the spam rate go up via spam filters and rate you accordingly). Now of course you need some mechanism so that you can't poison or fake the trust relationships, but I believe problems like that are pretty well solved in modern p2p systems.

Just my 2 cents... now where is someone with that list of things they put X's in that say why such an idea would never work?

Re:If only it were so good...

[Telvin_3d (855514)]

The problem with this? The depressing number of office workers who use their accounts for personal type mail. A company uses your smtpx protocol and promptly sees their rating drop due to the dozen fifty year old ladies in accounting forwarding on every piece of cute spam and donate-to-save-the-children mail they get.

Re:

[liquidpele (663430)]

I would argue such emails aren't spam, just stupid. However, if you're office is sending out a lot of stuff that other domains see as spam... well that's your problem isn't it? You're score dropping is you're fault, so filter that shit before you send it! Now that I think about it, having the server score users of it's own domain would be useful too - for instance if a user sends 100 emails and 30 of them are rejected by other servers as spam, start applying harsh outbound filters to their account or som

Re:

[MrNaz (730548)]

Your post advocates a

(X) technical ( ) legislative ( ) market-based ( ) vigilante

See earlier posts for the rest of the response.

Re:

[nacturation (646836)]

A company uses your smtpx protocol and promptly sees their rating drop due to the dozen fifty year old ladies in accounting forwarding on every piece of cute spam and donate-to-save-the-children mail they get.

So you're saying the system would work as intended?
 

Re:

[SanityInAnarchy (655584)]

I always envision a system where a new protocol (say smtpx) simply adds to smtp, adding authentication of where the mail is actually being sent from, allowing rate limiting error codes for domains/addresses, and a relationship trust mechanism built between servers.

This could be built on top of SMTP. The only problem is that either way, you still have to accept mail from people who aren't using it.

Basically, a server could implement smtpx, so that all emails sent using it must be authenticated (no more hea

Re:

[liquidpele (663430)]

There it is!

How would this work beyond the server? Say AOL implements this -- how does it prevent me from claiming to send mail from someoneelse@aol.com?

You send the email to mydomain.com, my server then asks aol if they sent that email, they say no, I reject your email. This is similar to how sender-id and SPF already work.

What about people who travel around on a laptop, and thus borrow SMTP servers to send mail "from" their home email address?

So sorry, so sad. That practice has to be let go

Re:

[MrNaz (730548)]

What about people who travel around on a laptop, and thus borrow SMTP servers to send mail "from" their home email address?

So sorry, so sad. That practice has to be let go for the love of god!

Why? I travel a lot, are you telling me I need a different email address for every location I visit? Imagine if you needed a different email address every time you left the basement! Oh wait, you probably never have, which is why you think what you do.

Furthermore, this is what i think about you:
( ) sorry dude, but

Re:

[houghi (78078)]

30 minute time limit? Why would that stop spam? Mr. Spammer does not care wether it will be 30 minutes late . ASlso much spam is send from zombies.

I think the only solution is to start from scratch and abandon SMTP completely. If I would know how, I would already be using it and so would the rest of the world.

Re:

[Dan541 (1032000)]

I use RBLs and they are pretty good but over the weekend they seem to have suddenly failed
I think ive just been hit with a new wave that hasnt yet found its way into RBLs but overall I think solutions such as spamhaus are the way to go.

atleast for now

~Dan

Re:

[Brian Gordon (987471)]

Vigilante justice and torture are also no laughing matter, mod this guy down into oblivion.

Re:

[Nonillion (266505)]

"Riiiight. And lets disembowel they guy that lets his dog crap on your lawn...
Can you really read your own post and think you were adding constructively to the topic? Spamming is annoying, ID theft is a crime, but neither deserves more than fines and some jail time."

I guess no one here shares my sense of sadistic humor. Quite honestly, guys like him have ruined the Internet. I remember when the free exchange of ideas on the internet was free of spam and scammers wanting to steal my money. There was a time y

Re:

[liquidpele (663430)]

It's true that things like spam have in some ways hindered the internet, but they also create an immune system like reaction. Overall, the whole thing is a very interesting phenomenon. Essentially, by allowing anonymity and taking away cost as a barrier to entry, you set the system up for mass failure if there are no limitations in place to balance the freedoms given. It's a very new concept that was never imagined by the founders of many of the protocols and concepts in use today, but nonetheless it's o

Re:

[Dan541 (1032000)]

I realize you're just shooting off at the mouth, but you could be the one that ends up in jail with psychotic posts like that. My advice: See a shrink and figure out how to let it go. It's only junk mail.

ONLY?!?! there is no ONLY about Spam.

~Dan

Re:

[arbitraryaardvark (845916)]

Actually, he pled to failure to file, not quite the same thing as tax evasion.
I had written tax avoision, and zonk changed it.

Re:

[liquidpele (663430)]

Sure, but you're trading one problem (spam) for another (cost). If you were going to re-invent the whole system like that, why not keep it free with other ideas for limiting spam like behaviors?