Spammer in the Slammer: Jeremy Jaynes Sentenced to Nine Years

Will other spammers take heed? Don't count on it.

Jeremy Jaynes was on top of the world. By age 28, he owned a million-dollar home, a high-class restaurant, a chain of gyms and countless other toys. Yet those were only the spoils of his main line of business, which was swindling innocent people out of their money through email scams. From an unassuming house serving as his company's headquarters in Raleigh, NC, Jaynes sent an estimated ten million messages a day pitching products most recipients didn't want, amassing an estimated $24 million fortune in the process. Using aliases such as Jeremy James and Gaven Stubberfield, Jaynes spammed his way up to the #8 position on Spamhaus' Register Of Known Spam Operations (ROKSO) and grossed as much as $750,000 a month, allowing him to live like a king.

However, Jaynes ran head-on into an information superhighway road block when a Virginia judge sentenced him to nine years in prison for his November 2004 conviction on felony charges of using false IP addresses to send mass email advertisements (some just call it spamming). The conviction was a landmark decision, as Jaynes became the first person in the United States convicted of felony spam charges. Though his operation was based in North Carolina, Jaynes was tried in Virginia because it is home to a large number of the routers that control much of North America's Internet traffic (it's also the home of AOL and a government building or two).

He should've Used the Privacy Software

During the trial, prosecutors focused on three of Jaynes' most egregious scams: software that promised to protect users' private information; a service for choosing penny stocks to invest in; and a work-from-home "FedEx refund processor" opportunity that promised $75-an-hour work but did little more than give buyers access to a website of delinquent FedEx accounts. Sound familiar? Anyone with an e-mail address has received countless messages originating from Jaynes' operation. (If you're still waiting on your privacy software to show up, it's probably safe to stop checking the mailbox.)

Jaynes got lists of millions of email addresses through a stolen database of America Online customers. He also illegally obtained e-mail addresses of eBay users. While the prosecutors still don't know how Jaynes got access to the lists, the Associated Press reported that the AOL names matched a list of 92 million addresses that an AOL software engineer has been charged with stealing.

When Jaynes' operation was raided, investigators found that the house from which he ran his operation was wired with 16 T-1 lines (a large office building can get by on a single T-1 line for all its users). Investigators also entered into evidence to-do lists handwritten by Jaynes. Take a look at Jeremy Jayne's meticulously detailed lists at:

* www.ciphertrust.com/images/jaynes_notes1.JPG
* www.ciphertrust.com/images/jaynes_notes2.JPG
* www.ciphertrust.com/images/jaynes_notes3.JPG

Good Work if You Can Get (Away With) It

The economics of spamming makes Jaynes' decision to build a career of it understandable, though not noble. Spammers work on the law of averages, which would seem like an odd strategy considering that the average response rate for a spam message is just one-tenth of one percent. However, once you do the math even this miniscule response rate can make one very wealthy very quickly. If a spammer sends one million messages pushing a product width a $40 profit, a response rate of 0.1 percent works out to 1000 customers, or $40,000 per million messages sent. Since each message costs only fractions of a penny to send, and Jaynes was sending literally billions of messages a year, it's easy to see how he pulled in $400,000 to $750,000 a month, while spending perhaps $50,000 on bandwidth and other overhead.

The fact that spamming can be such a profitable undertaking means that the profession is not likely to go anywhere in the near future. Spammers have financial motivation to come up with innovative ways to avoid detection, and they have begun to join forces. While the landmark decision handed down in the Jaynes trial may serve as a deterrent to some would-be spammers, it is unlikely that the threat of prosecution will keep future spammers from refining their trade. For now and the foreseeable future, the answer still lies in technology, not law enforcement.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed enterprise anti spam solution designed to stop spam, phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com/products/spam_and_fraud_protection/ today.