History of email spam

The history of email spam reaches back to the mid-1990s when commercial use of the internet first became possible - and marketers and publicists began to test what was possible.

Very soon email spam was ubiquitous, unavoidable and repetitive. This article details significant events in the history of spam, and the efforts made to limit it.

Background
Commercialization of the internet and integration of electronic mail as an accessible means of communication has another face - the influx of unwanted information and mails. As the internet started to gain popularity in the early 1990s, it was quickly recognized as an excellent advertising tool. At practically no cost, a person can use the internet to send an email message to thousands of people. These unsolicited junk electronic mails came to be called 'Spam'. The history of spam is intertwined with the history of electronic mail.

While the linguistic significance of the usage of the word 'spam' is attributed to the British comedy troupe Monty Python in a now legendary sketch from their Flying Circus TV series, in which a group of Vikings sing a chorus of "SPAM, SPAM, SPAM..." at increasing volumes, the historic significance lies in it being adopted to refer to unsolicited commercial electronic mail sent to a large number of addresses, in what was seen as drowning out normal communication on the internet.

The "first spam email" in 1978
The first known spam electronic mail (although not yet called email), was sent on May 3, 1978 to several hundred users on ARPANET. It was an advertisement for a presentation by Digital Equipment Corporation for their DECSYSTEM-20 products sent by Gary Thuerk, a marketer of theirs.

The reaction to it was almost universally negative, and for a long time there were no further instances.

USENET
The name "spam" was actually first applied, in April 1993, not to an email, but to unwanted postings on Usenet newsgroup network. Richard Depew accidentally posted 200 messages to news.admin.policy and in the aftermath readers of this group were making jokes about the accident, when one person referred to the messages as “spam”, coining the term that would later be applied to similar incidents over email.

On January 18, 1994, the first large-scale deliberate USENET spam occurred. A message with the subject “Global Alert for All: Jesus is Coming Soon” was cross-posted to every available newsgroup. Its controversial message sparked many debates all across USENET.

In April 1994 the first commercial USENET spam arrived. Two lawyers from Phoenix, Canter and Siegel, hired a programmer to post their "Green Card Lottery- Final One?" message to as many newsgroups as possible. What made them different was that they did not hide the fact that they were spammers. They were proud of it, and thought it was great advertising. They even went on to write the book "How to Make a Fortune on the Information Superhighway : Everyone’s Guerrilla Guide to Marketing on the internet and Other On-Line Services". They planned on opening a consulting company to help other people post similar advertisements, but it never took off.

The 1990s
MAPS ("Mail Abuse Prevention System") was founded in 1996. Dave Rand and Paul Vixie, well known internet software engineers, had started keeping a list of IP addresses which had sent out spam or engaged in other behavior they found objectionable. The list became known as the Real-time Blackhole List (RBL). Many network managers wanted to use the RBL to block unwanted email. Thus, Rand and Vixie created a DNS-based distribution scheme which quickly became popular.

Spam was already becoming a serious concern, leading in late 1997 to the MAPS, which was "blackhole list" to allow mail servers to block mail coming from spam sources.

Others started DNS-based blacklists of open relays.

Alan Hodgson started Dorkslayers in September 1998. By November 1998 he was forced to close, since his upstream BCTel considered the open relay scanning to be abusive. The successor ORBS project was then moved to Alan Brown in New Zealand.

Al Iverson of Radparker started the RRSS around May 1999. By September 1999 that project was folded into the MAPS group of DNS-based lists as the RSS.

In August 1999, MAPS listed the ORBS mail servers, since the ORBS relay testing was thought to be abusive.

2000, spam becomes a serious problem
The SpamAssassin spam-filtering system was first uploaded to SourceForge.net on April 20, 2001 by creator Justin Mason.

In May 2000 the ILOVEYOU computer worm travelled by email to tens of millions of Windows personal computers. Although not spam, its impact highlighted how pervasive email had become.

In June 2001, ORBS was sued in New Zealand, and shortly thereafter closed down (see Open Relay Behavior-modification System for more details).

In August 2002, Paul Graham published an influential paper, "A plan for spam", describing a spam-filtering technique using improved Bayesian filtering and variants of this were soon implemented in a number of products. including server-side email filters, such as DSPAM, SpamAssassin, and SpamBayes.

2003, the fight to control spam
In June 2003 Meng Weng Wong started the SPF-discuss mailing list and posted the very first version of the "Sender Permitted From" proposal, that would later become the Sender Policy Framework, a simple email-validation system designed to detect email spoofing as part of the solution to spam.

The CAN-SPAM Act of 2003 was signed into law by President George W. Bush on December 16, 2003, establishing the United States' first national standards for the sending of commercial email and requiring the Federal Trade Commission (FTC) to enforce its provisions. The backronym CAN-SPAM derives from the bill's full name: "Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003". It plays on the word "canning" (putting an end to) spam, as in the usual term for unsolicited email of this type; as well as a pun in reference to the canned SPAM food product. The bill was sponsored in Congress by Senators Conrad Burns and Ron Wyden.

In January 2004 Bill Gates of Microsoft announced that "spam will soon be a thing of the past."

In May 2004, Howard Carmack of Buffalo, New York was sentenced to 3½ to 7 years for sending 800 million messages, using stolen identities. In May 2003 he also lost a $16 million civil lawsuit to EarthLink.

On September 27, 2004, Nicholas Tombros pleaded guilty to charges and became the first spammer to be convicted under the CAN-SPAM Act of 2003. He was sentenced in July 2007 to three years' probation, six months' house arrest, and fined $10,000.

On November 4, 2004, Jeremy Jaynes, rated the 8th-most prolific spammer in the world, according to Spamhaus, was convicted of three felony charges of using servers in Virginia to send thousands of fraudulent emails. The court recommended a sentence of nine years' imprisonment, which was imposed in April 2005 although the start of the sentence was deferred pending appeals. Jaynes claimed to have an income of $750,000 a month from his spamming activities. On February 29, 2008 the Supreme Court of Virginia overturned his conviction.

On November 8, 2004, Nick Marinellis of Sydney, Australia, was sentenced to 4⅓ to 5¼ years for sending Nigerian 419 emails.

On December 31, 2004, British authorities arrested Christopher Pierson in Lincolnshire, UK and charged him with malicious communication and causing a public nuisance. On January 3, 2005, he pleaded guilty to sending hoax emails to relatives of people missing following the Asian tsunami disaster.

2005
On July 25, 2005, Russian spammer Vardan Kushnir, who is believed to have spammed every single Russian internet user, was found dead in his Moscow apartment, having suffered numerous blunt-force blows to the head. It is believed that Kushnir's murder was unrelated to his spamming activities.

On November 1, 2005, David Levi, 29, of Lytham, England was sentenced to four years for conspiracy to defraud by sending emails pretending to be from eBay. His brother Guy Levi, 22, was sentenced to 21 months after pleading guilty to conspiracy to defraud, and four others were each sentenced to six months for money laundering.

On November 16, 2005, Peter Francis-Macrae of Cambridgeshire, described as Britain's most prolific spammer, was sentenced to six years in prison.

2006
In January 2006, James McCalla was ordered to pay $11.2 billion to an ISP in Iowa, U.S. and barred from using the internet for 3 years for sending 280 million email messages. In court, he was not represented by an attorney.

On June 28, 2006, IronPort released a study which found 80% of spam emails originating from zombie computers. The report also found 55 billion daily spam emails in June 2006, a large increase from 35 billion daily spam emails in June 2005. The study used SenderData which represents 25% of global email traffic and data from over 100,000 ISP's, universities, and corporations.

On August 8, 2006, AOL announced the intention of digging up the garden of the parents of spammer Davis Wolfgang Hawke in search of buried gold and platinum. AOL had been awarded a US$12.8 million judgment in May 2005 against Hawke, who had gone into hiding. The permission for the search was granted by a judge after AOL proved that the spammer had bought large amounts of gold and platinum. In July, 2007, AOL decided not to proceed.

On October 12, 2006, Brian Michael McMullen, 22, of East Pittsburgh, Pennsylvania, U.S., was sentenced to three years' supervised release, five months' home detention and ordered to pay restitution in the amount of $11,848.55 for violating the CAN-SPAM Act of 2003.

On October 27, 2006, the Federal Court of Australia fined Clarity1 A$4.5 million (US$3.4 million; euro2.7 million) and its director Wayne Mansfield A$1 million (US$760,000; euro600,000) for sending unsolicited emails in the first conviction under Australia's Spam Act of 2003.

In November 2006, Christopher William Smith (aka Chris "Rizler" Smith) was convicted on 9 counts for offenses related to Smith's spamming.

2007
On January 16, 2007, an Azusa, California man was convicted by a jury in United States District Court for the Central District of California in Los Angeles in United States v. Goodin, U.S. District Court, Central District of California, 06-110, under the CAN-SPAM Act of 2003 (the first conviction under that Act). He was sentenced to and began serving a 70-month sentence on June 11, 2007.

On May 30, 2007, notorious spammer Robert Soloway was arrested after having been indicted by a federal grand jury on 35 charges including mail fraud, wire fraud, email fraud, identity theft, and money laundering. If convicted, he could face decades behind bars. Bail was initially denied although he was released to a half way house in September. On March 14, 2008, Robert Soloway reached an agreement with federal prosecutors, two weeks before his scheduled trial on 40 charges. Soloway pleaded guilty to three charges - felony mail fraud, fraud in connection with email, and failing to file a 2005 tax return. In exchange, federal prosecutors dropped all other charges. Soloway faced up to 26 years in prison on the most serious charge, and up to $625,000 total in fines. On 22 July 2008 Robert Soloway was sentenced four years in federal prison.

On June 25, 2007, two men were each convicted on eight counts including conspiracy, fraud, money laundering, and transportation of obscene materials in U.S. District Court in Phoenix, Arizona. The prosecution is the first of its kind under the CAN-SPAM Act of 2003, according to a release from the Department of Justice. One count for each under the act was for falsifying headers, the other was for using domain names registered with false information. The two had been sending millions of hard-core pornography spam emails. The two men were sentenced to five years in prison and ordered to forfeit US$1.3 million.

2008
On July 20, 2008, Eddie Davidson "the Spam King" walked away from a federal prison camp in Florence, Colorado. He was subsequently found dead in Arapahoe County, Colorado, after reportedly killing his wife and three-year-old daughter, in an apparent murder-suicide.

August 19: A survey on Marshal Limited's website (an email and internet content security company) showed that 29% of the 622 respondents had bought something from a spam email. Other studies, one by Forrester Research in 2004, which surveyed 6,000 active Web users, reported 20 percent had bought something from spam, while a 2005 study by Mirapoint and the Radicati Group showed 11%, and 57% indicated that clicking on a link in spam caused them to receive more spam than before. A 2007 study by Endai Worldwide (an email marketing company) showed 16% had bought something from spam. In response to the Marshal study, the Download Squad started their own study. With 289 respondents, only 2.1% indicated they had ever bought something from a spam email.

November 11: McColo, a San Jose, California-based hosting provider identified as hosting spamming organizations, was cut off by its internet providers. It is estimated that McColo hosted the machines responsible for 75 percent of spam sent worldwide. McColo's upstream service was severed on Tuesday, November 11; that same afternoon, organizations tracking spam noted a sharp decrease in the volume being sent; some as much as a half.