Application security

Who will fill the void left by indicted Seattle spam king?

One of the world's most reputed spammers, who used his botnet army to deliver up to billions of junk emails each day, was indicted Wednesday in a U.S. District Court in Seattle.

The so-called spam king Robert Alan Soloway, 27, who lived in a posh apartment on the Seattle waterfront, was indicted on 35 counts of fraud, identity theft and money laundering. If convicted, he faces up to 65 years in prison.

"Soloway has been a long-term nuisance on the internet," spam tracking nonprofit The Spamhaus Project wrote on its website. "He has been sending enormous amounts of spam for years, filling mailboxes and mail servers with unsolicited and unwanted junk mail. In addition, he has fraudulently marketed his spam services to others as legitimate ‘opt-in’ services when they were anything but that."

While authorities said enterprises could notice a significant drop in global spam after his indictment, the break period likely will not last, experts told today. There is no shortage of other spammers anxious to fill the void left by Soloway.

"This doesn’t solve the fundamental problem (of spam)," Gartner analyst Peter Firstbrook said. "You just took one of the players off the map. Someone else will step in. Just like with any crime family, someone will step in and say, ‘I can make money and I won’t get caught.’"

He said civil and criminal prosecution – or even anti-spam solutions – is not an ultimate solution to stop spam. The burden falls on the internet service providers (ISPs) to ensure none of their IP addresses are being used to launch zombie attacks.

"You have to stop this stuff at its source," Firstbrook said. "No individual company can stop it at their border, other than what we’re doing now. Botnets are where it originates. And the only ones in position to stop the botnets are the ISPs. That’s what it will take, not any legislation."

Paul Henry, vice president of strategic accounts at Secure Computing, said the recently publicized standard, DomainKeys Identified Mail (DKIM), will help authenticate email as legitimate and charge spammers to use domains.

"The only way we will ever win the battle against spam is to remove the financial incentive that spammers have," Henry said.

Before his arrest, Soloway lost two civil lawsuits that accused him of violating the federal CAN-SPAM Act. Two years ago, Microsoft won a $7 million decision after accusing Soloway of using its MSN and Hotmail services to deliver spam, and Robert Braver, owner of an Oklahoma-based internet service provider, won a $10 million judgment against him.

Get more IT security news. Click here for SC Magazine Blogs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.