Home / Blogs

Virginia Court Throws Out Spam Law; One Spammer Gets Away With It

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.
John Levine

The 2004 criminal spam case against large-scale spammer Jeremy Jaynes, which I've covered in several previous blog entries, appears to have come to an ignominious end with the state supreme court throwing out the law under which he was convicted. The Virginia anti-spam law was one of the first in the country with criminal provisions, but it failed due to the way that First Amendment cases are treated differently from all other cases.

The court's decision [PDF] is quite technical, dealing with issues of whether the prosecution and defense raised issues at appropriate times, and disposing of a bunch of other defense challenges that the lower courts also rejected. The court accepts that Jaynes did all the bad things the lower courts found that he did. (The expert witness they mention at the bottom of the third page of the decision was me, telling them that legitimate senders don't send mail like he did.)

Normally, an appeals court reviews the law "as applied", that is, in the context of the case in question. As applied, nobody found any problem with this case. But for the first amendment, there's a special overbreadth rule that asks whether the law might impermissibly contrstrain the speech of other people who did different things, in this case, sending non-commercial spam. The Virginia law forbade using fake IP addresses or domains, and didn't distinguish between commercial and other speech. The court noted that we have a long tradition of protecting anonymous political speech dating back to the Federalist papers, and decided that since that only way to send anonymous email is to use fake IP addresses and domains, the law was overbroad and threw it out.

I have some technical cavils with their analysis, but probably not enough to persuade a court otherwise. Forging IP addresses is a red herring: due to the way that TCP works you can't meaningfully forge them in e-mail. (You can put in headers with fake IPs, but the mail system will add more headers with the real IPs.) I'd also argue that there are a variety of ways to send mail without domain forgery, such as using throwaway free webmail accounts, or routing stuff through anonymizers such as Tor using domains that say it's OK for people to use them in anonymous mail.

The only place this can now be appealed is to the US Supreme Court, which the Virginia Attorney General reportedly plans to do. From the point of view of the SCOTUS, this case has an unpleasant mix of First Amendment issues (do they want to revisit the boundaries of commercial speech regulation?) and states rights (do they want to further limit the ability of state courts to interpret state laws?) so I'd be surprised if they accepted it.

For everyone except Jeremy Jaynes, this decision has little or no effect. Jaynes was tried for things he did in 2003, before CAN SPAM came into effect, and even his lawyer has said that if he did them now, CAN SPAM would catch him. All of the other state laws that I've looked at are CAN SPAM compliant, which means they only affect commercial spam. So I can't say I'm thrilled that Jaynes got off (after three years in house arrest), and less thrilled if he gets to keep the $20 million he reportedly made from spamming fake FedEx refund kits and the like, but it's not the end of the world.

Related Posts on Jeremy Jaynes' Case:
Jeremy Jaynes Gets One More Chance 3/5/2008
Virginia Supreme Court Narrowly Upholds Jaynes' Conviction 2/29/2008
Putting a Spammer in Jail 11/26/2004

Update 10/10/2008: Podcaster Speaking of Justice talked to me about the Virginia Supreme Court's reversal of the Jeremy Jaynes conviction. You can listen to it here.

By John Levine, Author, Consultant & Speaker. More blog posts from John Levine can also be read here.

Related topics: Email, Law, Spam



unbelievable... Alessandro Vesely  –  Sep 17, 2008 4:59 AM PDT

IANAL, but I don't think email can be considered a publishing media. If the Federalist Papers were being published today, they would do so by opt-in. It doesn't matter if I speak commercially or religiously: if I forcefully lock the listeners in a room because otherwise they wouldn't listen, then I'm kidnapping. Does the First Amendment allow kidnapping in case that's the only way someone can hold a speech?

The definition given in a note, "Fraud involves a false representation of a material fact, made intentionally, which induces reliance on that false representation, and resulting damage", perfectly describes the act of producing forged headers. There is a resulting damage, and an appeal should be made to all recipients to go there and witness that those protocols are required to guard their freedom to limit what they want to listen.

What the next note says, "The protocol is the product of private collaboration and not established by a governmental entity", is wrong. It is actually more than that. It is what the community at large has established, and should be recognized as such. Currently, RFCs have no a Legal Considerations section; probably they should…

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Sponsored Topics

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Port25 Announces Release of PowerMTA V4.5r5

New Case Study: Jobtome.com Replaces 30 Postfix Servers with a Single PowerMTA

An Update on Port25 and the Future of PowerMTA - One Year Later​

Encrypting Inbound and Outbound Email Connections with PowerMTA

US Court Grants DCA Trust's Motion for Preliminary Injunction on .Africa gTLD

V12 Group Sustains Customer Satisfaction by Deploying PowerMTA for Launchpad Platform

PowerMTA Now Offers Scheduled Delivery Control

DKIM for ESPs: The Struggle of Living Up to the Ideal

Reactivation Campaign: Shared vs. Dedicated IPs

To Where are Bounce Messages Sent?

An Open Source Perspective on Commercial MTAs

Five Essential PowerMTA Configuration Tips

What's New With Port25's PowerMTA v4.5

New Feature in PowerMTA v4.5: IP Based Rate Limiting

Case Study: Emergency Response Systems Rely on Timely Messaging Through PowerMTA

Port25 Announces Next Major Release of Its Email Delivery Solution, PowerMTA

Case Study: How PowerMTA Transparent Deliverability Metrics Paves Way for Email Service Provider