Spam King Pleads Guilty in Seattle

arbitraryaardvark writes "The Seattle Times reports that spammer Robert Soloway has pled guilty to mail fraud and tax evasion, in exchange for the state dropping multiple counts of identify theft. 'The electronic-mail fraud charge is punishable by up to five years in prison. The tax charge is a misdemeanor and carries a maximum one-year sentence. The law also allows for fines against Soloway and his business of up to $625,000 on all charges. Both sides agreed to let U.S. District Court Judge Marsha Pechman determine not just the amount of prison time Soloway, 28, might serve but also the number of his victims, the size of any fine and the amount of restitution he may be ordered to pay.' We've previously discussed his arrest and mention in the New Yorker. The wire fraud felony count is based on selling $500 packages to wannabe spammers."

For sending too much email?

Why would they drop the charges of identity theft and charge him with sending too much email? Who cares if someone spams, SMTP is an open system and it's designed to indiscriminately deliver messages- CAN-SPAM is a terrible idea. If you don't want spam, ju

Re:

Usually the prosecutor will only agree to drop charges if there was at least about a 40% possibility that they wouldn't hold up in court. My guess is that the charges dropped were put there mainly as bargaining chips to get him to plead guilty. I can't s

Re:

Anyone know what the evidence was regarding the ID theft?

I don't actually. But TFA mentioned how the Washington ID theft statute had never been used in that way before. In my original draft of the summary I described the ID charges as "iffy".
The deal is fo

Re:For sending too much email?

That's all fair and well if you're only expecting email from certain servers, but for most of us a deny-by-all service doesn't cut it.

Re:For sending too much email?

Your post advocates a

(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. your idea will not work. here is why it won't work. (one or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) spammers can easily use it to harvest email addresses
( ) mailing lists and other legitimate email uses would be affected
( ) no one will be able to find the guy or collect the money
( ) it is defenseless against brute force attacks
( ) it will stop spam for two weeks and then we'll be stuck with it
(X) users of email will not put up with it
( ) microsoft will not put up with it
( ) the police will not put up with it
( ) requires too much cooperation from spammers
(X) requires immediate total cooperation from everybody at once
(X) many email users cannot afford to lose business or alienate potential employers
( ) spammers don't care about invalid addresses in their lists
( ) anyone could anonymously destroy anyone else's career or business

specifically, your plan fails to account for

( ) laws expressly prohibiting it
(X) lack of centrally controlling authority for email
( ) open relays in foreign countries
( ) ease of searching tiny alphanumeric address space of all email addresses
( ) asshats
( ) jurisdictional problems
( ) unpopularity of weird new taxes
( ) public reluctance to accept weird new forms of money
(X) huge existing software investment in smtp
(X) susceptibility of protocols other than smtp to attack
(X) willingness of users to install os patches received by email
( ) armies of worm riddled broadband-connected windows boxes
( ) eternal arms race involved in all filtering approaches
( ) extreme profitability of spam
( ) joe jobs and/or identity theft
( ) technically illiterate politicians
( ) extreme stupidity on the part of people who do business with spammers
( ) dishonesty on the part of spammers themselves
( ) bandwidth costs that are unaffected by client filtering
( ) outlook
(X) botnets

and the following philosophical objections may also apply:

(X) ideas similar to yours are easy to come up with, yet none have ever been shown practical
(X) any scheme based on opt-out is unacceptable
( ) smtp headers should not be the subject of legislation
( ) blacklists suck
( ) whitelists suck
( ) we should be able to talk about viagra without being censored
( ) countermeasures should not involve wire fraud or credit card fraud
( ) countermeasures should not involve sabotage of public networks
( ) countermeasures must work if phased in gradually
( ) sending email should be free
( ) why should we have to trust you and your servers?
( ) incompatiblity with open source or open source licenses
( ) feel-good measures do nothing to solve the problem
( ) temporary/one-time email addresses are cumbersome
( ) i don't want the government reading my email
( ) killing them that way is not slow and painful enough

furthermore, this is what i think about you:

(X) sorry dude, but i don't think it would work.
( ) this is a stupid idea, and you're a stupid person for suggesting it.
( ) nice try, assh0le! i'm going to find out where you live and burn your house down!

Re:

I hate these forms.
Let's go through it

(X) technical ( ) legislative ( ) market-based ( ) vigilante

What other way will there be of blocking spam? Legislative won't work because there is no one governing body that controls the entire world and can pun

Re:

So, how does this fail ?

It fails because your Aunt Mathilda doesn't know the first thing about email encryption, nor does she care. Businesses won't mandate its use with the buying public because most of those customers will go somewhere else instead of c

Re:For sending too much email?

And you'll identify these e-mail servers how? By hostname? (Domain stealing, DNS poisoning, DNS injection) By IP address? (Fake IP headers + source routing, Router table poisoning, Zombies on legit servers, Zombies on any machine between legit server and target) By mail headers? (Zombies anywhere)

And you guarantee inclusion of legit traffic from mobile sources, how? You don't know what IP address or ISP will be used. What about legit mailing lists, where the originator is indeterminate?

X.400 provides much better authentication, and offers an API for repudiation, but if that's what people really wanted, we'd be using it. Or maybe everyone would use SMTP-over-SSL where client-side and server-side certificates were validated. We don't use them because people need the privacy, anonymity and flexibility of the existing system, although I'd argue almost anything is technically superior to the existing system.

In the end, although a totally secure option should exist, an insecure option should also exist that is controlled by policy rather than technology, and that ultimately means laws.

Re:

ID theft and tax evasion are the real charges here.

The "real charges" are based on which charges are politically most popular and Spam is charge that raises the most ire.

Re:For sending too much email?

Who cares if someone sends junk faxes, the phone network is an open system and it's designed to indiscriminately deliver messages - making junk faxes illegal is a terrible idea. If you don't want wasted toner, just don't accept phone calls from every bozo on the phone system.

And yet, oddly, junk faxes are illegal, because they cause a significant amount of cost for the receiver. Just like junk email does.

The law won't [i]fix[/i] things, of course. Junk faxing still occurs. But it might help, if it's designed properly.

I hope...

He shares a jail cell with men who have enlarged their penises, taken Viagra, and are looking for a new relationship.

Re:I hope...

Because rape, HIV, and Hepatitis aren't cruel and unusual punishment in your book? Or is that just the line you toss out to get out of jury duty?

Your comedic take is about as funny as the drunk guy I saw yesterday that said "Ooops, you just knocked over your home" when he walked past a homeless guy that dropped a cardboard box yesterday.

The rules he's charged under suck

The major charge in this case seems to be that he defrauded a bunch of other spammers. For that, he faces serious time - conning a bunch of nasty people who had every intent to spam a lot of genuinely innocent people if they could. He faces only much more minor time and fines for not paying his fair share of taxes or for spamming anybody who wasn't themselves out to con people. The guy's pond scum, and a few years in medium security looks reasonable, but isn't this all sort of like arresting Clyde Barrow and threatening him with 30 days for each murder, 180 days each for the robberies, and 20 years+ for shortening shotguns?

Best Seattle Sentence

He should be sentenced to be taken to Pike Place Market and slapped in the face with a salmon for each email sent while being forced to drink cheap coffee. Of course, that would probably a horrible waste of salmon.

Calm down!

There's too many comments suggesting he should be killed, raped, or otherwise hurt. If you seriously approve of that kind of punishment, either
a) move to a country with Sharia law
b) save it for the worst offenders, those that actually murder others, like some US states do
c) grow up. At worst he's annoyed you, and maybe cost you a bit of time or money.

Re:

I don't think he should be killed or raped, but he should be put away for more than a year. The cumulative damage he caused to many people in bandwidth costs alone is probably much more than the guy who vandalized a few SUVs as an environmental protest and

Re:Calm down!

There's too many comments suggesting he should be killed, raped, or otherwise hurt.

Seriously.

For the people advocating death/rape for this guy: just wait until you are falsely imprisoned, or simply imprisoned for a minor infraction such as telling your mind verbally to someone who turns out to be on the 'good' side of the law. It happens very frequently in this country. And non zero odds that it will happen to you as well.

To everyone else: don't get me wrong, I'm not at all saying Soloway is innocent and should not be punished for his crimes. Just that wishing cruel and unusual punishments on him, which sadly are highly likely to happen to anyone that ends up in jail or prison, will also be forced on a small part of the innocent population as well, and that it's never right.

I also don't feel stupidity should be punished with nightly beatings, rape, disfigurement, torture, and potentially murder in the prison system either, despite the fact that the people wishing these things on others will probably never learn just how stupid such desires are until it happens to them.
But I sure do wish there was less stupid people in the world, such as those that cheer for this sort of treatment.

Re:

w00t!

I don't think w00t! is the appropriate response as FTA:

One thing is clear from the plea agreement: Soloway does not have a lot of assets for the government to seize. Among the items Pechman will be asked to consider for forfeiture are Soloway's collection of 24 pairs of sunglasses, valued at more than $3,700; 27 pairs of shoes, worth more than $7,400; and clothing worth about $14,200.

HAHA! seems much more appropriate... Even though the guy apparently dresses nicer then I do by leaps and bounds.

Re:

It seems only appropriate to seize those assets and auction them off to pay part of his fines. After all, I doubt he'll be allowed to use any of them in the slammer.

Re:

Actually, filters have been remarkably good for me. At work (Gmail), a spam slips through every few days. At home, I have an "unsure" box, which gets mostly spam (maybe 10 a day) and the occasional innocent mail -- out of hundreds hitting the actual spam f

Re:If only it were so good...

I always envision a system where a new protocol (say smtpx) simply adds to smtp, adding authentication of where the mail is actually being sent from, allowing rate limiting error codes for domains/addresses, and a relationship trust mechanism built between servers.

Basically, a server could implement smtpx, so that all emails sent using it must be authenticated (no more header spoofing), cannot send X number of emails per Y period (for instance, not more than 10 per minute), and the sending server must have a trust score of at least 50/100 with at least 3 other trusted servers (you can set static trusted servers, like gmail etc which are alwasy checked).

Regular smtp would still be accepted for the time being, but would be put on a 30 minute delay before being delivered (or has some other limitation as incentive to use smtpx - like maybe no attachments?). Sure, you're company might not implement the limitations, but others might, which is why you don't want to deal with smtp - and if you convert smtp to smtpx, you become the sender, so you're trust score would go down if you start forwarding spam (because other servers would see the spam rate go up via spam filters and rate you accordingly). Now of course you need some mechanism so that you can't poison or fake the trust relationships, but I believe problems like that are pretty well solved in modern p2p systems.

Just my 2 cents... now where is someone with that list of things they put X's in that say why such an idea would never work?

Re:If only it were so good...

The problem with this? The depressing number of office workers who use their accounts for personal type mail. A company uses your smtpx protocol and promptly sees their rating drop due to the dozen fifty year old ladies in accounting forwarding on every piece of cute spam and donate-to-save-the-children mail they get.

Re:

Vigilante justice and torture are also no laughing matter, mod this guy down into oblivion.

Re:

"Riiiight. And lets disembowel they guy that lets his dog crap on your lawn...
Can you really read your own post and think you were adding constructively to the topic? Spamming is annoying, ID theft is a crime, but neither deserves more than fines and some

Re:

It's true that things like spam have in some ways hindered the internet, but they also create an immune system like reaction. Overall, the whole thing is a very interesting phenomenon. Essentially, by allowing anonymity and taking away cost as a barrier