Legitimate spammers

by John Quiggin on November 9, 2004

It’s not the death penalty as demanded by Stephen Landsburg for hackers, but the nine-year sentence handed down to megaspammer Jeremy Jaynes should mark the beginning of the end for spammers physically located in the US. But that’s small comfort, since spam can be sent from anywhere. A less mobile target can be found in the businesses that ultimately sell stuff through spam. These include some very large firms indeed.

I was struck, a few months ago, by an article in the Kansas City Star (free subscrption required, reprinted from the Chicago Tribune), which details the activity of a spammer, Ryan Pitylak, selling various kinds of insurance. The money quote (literally) is

Completed forms, in turn, are sold to agents of legitimate companies, such as IndyMac Bank, ADT Security and MEGA Life and Health Insurance. The agents say they pay $3 to $7 for each referral. (emphasis added)

I can’t see anything legitimate about a company that employs criminal methods in its business, while pretending to be at arms length from the whole thing. It seems pretty clear that the way to make this kind of spam uneconomical is to make the employers of spammers liable for civil action. Estimates of $2000/employee, mentioned in the story,may be a bit on the high side, but the economic damage done by spammers is immense – more than enough to put firms like those mentioned out of business if they were forced to bear their share of the bill.

I thought perhaps these firms might be unaware of how Pitylak was getting his referrals, so I emailed them with links to the story[1]. Of course, I got no reply.

It strikes me that John Edwards has a bit of free time on his hands and that, if there’s one thing that could make plaintiff lawyers universally popular, it would be a class action lawsuit against the employers of spammers. Put me down for $2000, please, John.

Of course, this wouldn’t work so well against the purveyors of generic viagra, penis enlargement and so on, where the businesses are just as fly-by-night as the spammers. But every little helps.

fn1. BTW, it’s surprisingly hard to locate corporate email addresses for the purpose of making complaints like this. Perhaps they’re afraid of being spammed.



Aidan Kehoe 11.09.04 at 7:45 am

But that’s small comfort, since spam can be sent from anywhere.

Given the substantial proporition of spam that still comes from the US, it’s actually more encouraging than “small comfort.”


George Williams 11.09.04 at 12:16 pm

ahem. If we outlaw spam, only outlaws will send spam.


Kieran Healy 11.09.04 at 12:41 pm

If we outlaw spam, only outlaws will send spam.

Too right. The solution is to put industrial-strength spamming technology into the hands of ordinary citizens. The resulting deterrent effect would reduce the flood of spam to almost nothing, as any rational spammer would not risk immediate retaliation in kind.


David Velleman 11.09.04 at 12:43 pm

Nine years for sending spam? That’s excessive — outrageously excessive.


KCinDC 11.09.04 at 1:40 pm

Because the chance of prosecution is so small, the penalty must be severe to provide a deterrent. Nine years doesn’t seem excessive, considering the mind-boggling amount of other people’s time (many lifetimes) he wasted.


Giles 11.09.04 at 3:01 pm

I’m sorry but nine years seems a bit excessive – we’re not talking about some one who sent worms or viruses – just rubbish that gets deposited in your junk box every day.

Seems to me that this would be more approprately dealt with as a class action suit by employers against Mr Jaynes and his employers – damages would be compensation for time wasted by their employees and IT staff dealing with spam.


Dubious 11.09.04 at 3:40 pm

Nine years does seem crazy to me too. I mean, sure, if you wanted to slap a mulit-billion dollar civil suit on this guy for the value of the the electronic traffic and employee-time he’s destoyed, that’s fine. But nine years of jail (mimimum security, hopefully) time? Crazy.


Ken Houghton 11.09.04 at 4:01 pm

Since the case was limited to servers in VA, let’s limit analysis to same.

30 days of mailings. (7/11-8/9, 2003)

at least 3 days in excess of 10K messages through VA servers

27 days with less than 10K; assume an average of 6,000, which is probably low.

Approximately 192K spams through VA servers. (Clearly, a low estimate for the volume done by Mr. Jaynes.)

If each piece of spam takes 1 minute to deal with (process, upload, replicate into an e-mail program, review, delete, expunge), you’re talking about 133.3 DAYS of lost productivity.

For VA alone. For all fifty states, you get something between 14.4 (population weighted) and 18.26 YEARS of loss.

In such a context, Mr. Jaynes is getting a bargain–effectively, he is free-riding six months a year.

Mr. Jaynes should take the


ogged 11.09.04 at 4:11 pm

It’s the petty annoyances that really annoy, so although, like all bleeding hearts, I feel bad for murderers and such, nine years seems like a good minimum for a spammer.

But…given all the companies and products that have cropped up to fight spam, are we sure that getting rid of it would be a net benefit?


david 11.09.04 at 4:19 pm

Just pointing out the amount of other people’s time he’s wasted isn’t going to justify the sentence. Wasting other people’s time isn’t usually thought of as a punishable offense.


Cog 11.09.04 at 7:02 pm

Sympathy for the spammer is absurd. Jaynes is guilty of massive fraud, on the scale of millions or billions of instances — numbers so large they defeat human intuition about scale (“one spam is a tragedy, twenty million is a statistic”).

I can only believe there’s some kind of class bias here. Why do people think white collar crimes that cause enormous economic damage should be punished less severely than other crimes? Economic loss *is* real loss. If Jaynes had stolen ten million dollars from the mattresses of retirees in the dead of night, you’d be calling for his head. If he’d mugged a hundred thousand people coming out of Broadway shows for a hundred dollars each, you’d be calling for his head. As it is, he used computers to deceive millions of people for the purpose of stealing their time and money. Off with the motherfucker’s head, I say.


Giles 11.09.04 at 7:40 pm

“each piece of spam takes 1 minute to deal with ”

Ken I cant believe that anyone spends a minute dealing with each item of spam – either it doesnt get through the filter, in which case it takes up no ones time or it does, in which case it normally takes people no more 5 seconds to recognise it as spam and delete it.

I think you can therefore lower your estimate by at least 100


obeah 11.09.04 at 9:26 pm

It’s not just the time spent by end-users dealing with spam. It’s the bandwidth and disk space it consumes, and the vast amounts of time and money spent by administrators trying to find ways to filter spam so their users’ inboxes don’t become completely unmanageable.

Spam is theft.


DonBoy 11.10.04 at 5:49 am

If Jaynes had stolen ten million dollars from the mattresses of retirees in the dead of night, you’d be calling for his head.

I think that it makes a difference to our intuitions whether the imaginary version of Jaynes had stolen $10,000 from each of 1,000 retirees (pretty bad), or $1 from each of ten million (less so, although equally profitable to him). Maybe the “correct” way to sum up the damage is not by adding up the annoyance one spammer does to each of a million people, but to sum up the damage that 10,000 spammers together do to one person. Unfortunately, we can only punish one person at a time, so one kind of summing-up does the work of the other.

Comments on this entry are closed.