Home / Blogs

Virginia Court Throws Out Spam Law; One Spammer Gets Away With It

John Levine

The 2004 criminal spam case against large-scale spammer Jeremy Jaynes, which I've covered in several previous blog entries, appears to have come to an ignominious end with the state supreme court throwing out the law under which he was convicted. The Virginia anti-spam law was one of the first in the country with criminal provisions, but it failed due to the way that First Amendment cases are treated differently from all other cases.

The court's decision [PDF] is quite technical, dealing with issues of whether the prosecution and defense raised issues at appropriate times, and disposing of a bunch of other defense challenges that the lower courts also rejected. The court accepts that Jaynes did all the bad things the lower courts found that he did. (The expert witness they mention at the bottom of the third page of the decision was me, telling them that legitimate senders don't send mail like he did.)

Normally, an appeals court reviews the law "as applied", that is, in the context of the case in question. As applied, nobody found any problem with this case. But for the first amendment, there's a special overbreadth rule that asks whether the law might impermissibly contrstrain the speech of other people who did different things, in this case, sending non-commercial spam. The Virginia law forbade using fake IP addresses or domains, and didn't distinguish between commercial and other speech. The court noted that we have a long tradition of protecting anonymous political speech dating back to the Federalist papers, and decided that since that only way to send anonymous email is to use fake IP addresses and domains, the law was overbroad and threw it out.

I have some technical cavils with their analysis, but probably not enough to persuade a court otherwise. Forging IP addresses is a red herring: due to the way that TCP works you can't meaningfully forge them in e-mail. (You can put in headers with fake IPs, but the mail system will add more headers with the real IPs.) I'd also argue that there are a variety of ways to send mail without domain forgery, such as using throwaway free webmail accounts, or routing stuff through anonymizers such as Tor using domains that say it's OK for people to use them in anonymous mail.

The only place this can now be appealed is to the US Supreme Court, which the Virginia Attorney General reportedly plans to do. From the point of view of the SCOTUS, this case has an unpleasant mix of First Amendment issues (do they want to revisit the boundaries of commercial speech regulation?) and states rights (do they want to further limit the ability of state courts to interpret state laws?) so I'd be surprised if they accepted it.

For everyone except Jeremy Jaynes, this decision has little or no effect. Jaynes was tried for things he did in 2003, before CAN SPAM came into effect, and even his lawyer has said that if he did them now, CAN SPAM would catch him. All of the other state laws that I've looked at are CAN SPAM compliant, which means they only affect commercial spam. So I can't say I'm thrilled that Jaynes got off (after three years in house arrest), and less thrilled if he gets to keep the $20 million he reportedly made from spamming fake FedEx refund kits and the like, but it's not the end of the world.

Related Posts on Jeremy Jaynes' Case:
Jeremy Jaynes Gets One More Chance 3/5/2008
Virginia Supreme Court Narrowly Upholds Jaynes' Conviction 2/29/2008
Putting a Spammer in Jail 11/26/2004

Update 10/10/2008: Podcaster Speaking of Justice talked to me about the Virginia Supreme Court's reversal of the Jeremy Jaynes conviction. You can listen to it here.

By John Levine, Author, Consultant & Speaker. More blog posts from John Levine can also be read here.

Related topics: Email, Law, Spam

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

unbelievable... Alessandro Vesely  –  Sep 17, 2008 4:59 AM PDT

IANAL, but I don't think email can be considered a publishing media. If the Federalist Papers were being published today, they would do so by opt-in. It doesn't matter if I speak commercially or religiously: if I forcefully lock the listeners in a room because otherwise they wouldn't listen, then I'm kidnapping. Does the First Amendment allow kidnapping in case that's the only way someone can hold a speech?

The definition given in a note, "Fraud involves a false representation of a material fact, made intentionally, which induces reliance on that false representation, and resulting damage", perfectly describes the act of producing forged headers. There is a resulting damage, and an appeal should be made to all recipients to go there and witness that those protocols are required to guard their freedom to limit what they want to listen.

What the next note says, "The protocol is the product of private collaboration and not established by a governmental entity", is wrong. It is actually more than that. It is what the community at large has established, and should be recognized as such. Currently, RFCs have no a Legal Considerations section; probably they should…

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Non-English "IDN Email" Addresses Are Finally Working!

A Look Inside Dyn's 1.2 Billion Monthly Email Delivery Statistics

INTA 2013: Gearing Up for Dallas

Dyn to Host Email Analytics Webinar With Ongage

Dyn Adds Claudia Santoro, Dave Connors and Andrew Sullivan to Technical Team

Dyn Receives $38M Investment from North Bridge

Thomson Reuters to Acquire MarkMonitor

Nominum Launches Comprehensive Suite of DNS-Based Security Solutions for Russian Service Providers

Nominum Sets New Record for Network Speed and Efficiency

DNS on Defense, DNS on Offense

Managing Outbound Spam: A New DNS-based Approach For Stopping Abuse (Webinar)

MarkMonitor Fraud Intelligence Report, Q4 2011

Afilias Says "No" to SOPA

Minds + Machines to Announce New .brand gTLD Pricing at INTA

MarkMonitor Fraud Intelligence Report Released for Q2 2011

Dyn Releases New Powerhouse in Enterprise Class Email Delivery

.CO Recognized Alongside Industry Giants in Trademark Industry Awards

Verisign and Coalition for ICANN Transparency, Inc. ("CFIT") Resolve Litigation

MarkMonitor to Co-Chair International Anti-Counterfeiting Coalition Spring Conference

The Botnet-Counterfeit Drugs Connection

Sponsored Topics

Afilias

DNS Security

Sponsored by
Afilias
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
dotMobi

Mobile

Sponsored by
dotMobi
Verisign

Security

Sponsored by
Verisign