Spammer in the Slammer: Jeremy Jaynes Sentenced to Nine Years

by: Paul Judge, CTO, CipherTrust, Inc.

Will other spammers take heed? Don't count on it. Jeremy Jaynes was on top of the world. By age 28, he owned a million-dollar home, a high-class restaurant, a chain of gyms and countless other toys. Yet those were only the spoils of his main line of business, which was swindling innocent people out of their money through email scams. From an unassuming house serving as his company's headquarters in Raleigh, NC, Jaynes sent an estimated ten million messages a day pitching products most recipients didn't want, amassing an estimated $24 million fortune in the process. Using aliases such as Jeremy James and Gaven Stubberfield, Jaynes spammed his way up to the 8 position on Spamhaus' Register Of Known Spam Operations (ROKSO) and grossed as much as $750,000 a month, allowing him to live like a king. However, Jaynes ran head-on into an information superhighway road block when a Virginia judge sentenced him to nine years in prison for his November 2004 conviction on felony charges of using false IP addresses to send mass email advertisements (some just call it spamming). The conviction was a landmark decision, as Jaynes became the first person in the United States convicted of felony spam charges. Though his operation was based in North Carolina, Jaynes was tried in Virginia because it is home to a large number of the routers that control much of North America's Internet traffic (it's also the home of AOL and a government building or two). He should've Used the Privacy Software During the trial, prosecutors focused on three of Jaynes' most egregious scams: software that promised to protect users' private information; a service for choosing penny stocks to invest in; and a work-from-home "FedEx refund processor" opportunity that promised $75-an-hour work but did little more than give buyers access to a website of delinquent FedEx accounts. Sound familiar? Anyone with an e-mail address has received countless messages originating from Jaynes' operation. (If you're still waiting on your privacy software to show up, it's probably safe to stop checking the mailbox.) Jaynes got lists of millions of email addresses through a stolen database of America Online customers. He also illegally obtained e-mail addresses of eBay users. While the prosecutors still don't know how Jaynes got access to the lists, the Associated Press reported that the AOL names matched a list of 92 million addresses that an AOL software engineer has been charged with stealing. When Jaynes' operation was raided, investigators found that the house from which he ran his operation was wired with 16 T-1 lines (a large office building can get by on a single T-1 line for all its users). Investigators also entered into evidence to-do lists handwritten by Jaynes. Take a look at Jeremy Jayne's meticulously detailed lists at: * www.ciphertrust.com/images/jaynes_notes1.JPG * www.ciphertrust.com/images/jaynes_notes2.JPG * www.ciphertrust.com/images/jaynes_notes3.JPG Good Work if You Can Get (Away With) It The economics of spamming makes Jaynes' decision to build a career of it understandable, though not noble. Spammers work on the law of averages, which would seem like an odd strategy considering that the average response rate for a spam message is just one-tenth of one percent. However, once you do the math even this miniscule response rate can make one very wealthy very quickly. If a spammer sends one million messages pushing a product width a $40 profit, a response rate of 0.1 percent works out to 1000 customers, or $40,000 per million messages sent. Since each message costs only fractions of a penny to send, and Jaynes was sending literally billions of messages a year, it's easy to see how he pulled in $400,000 to $750,000 a month, while spending perhaps $50,000 on bandwidth and other overhead. Spammers have financial motivation to come up with innovative ways to avoid detection, and they have begun to join forces. But as spammers become savvier, the public is fighting back. Law enforcement has begun to crack down on internet criminals, like Jaynes, and corporations are taking measures to defend their inboxes using anti spam hardware. Law enforcement, coupled with the effectiveness of today's anti-spam systems, is introducing hesitation, uncertainty and fear for many would be spammers. As profitability decreases and risk of prosecution increases, many spammers will be forced to simply pack up and move on. About the author: Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed enterprise anti spam solution designed to stop spam, phishing attacks and other email-based threats. Learn more by visiting www.ciphertrust.com/products/spam_and_fraud_protection today. Circulated by Bandoni Media