Posted on 08/21/2004 7:45:24 PM PDT by Stoat
Richard Cunningham is like many twenty somethings in the United States -- he enjoys hanging out at the bars with friends, motorcycling, hiking and buying the latest electronic gadgets. He regularly puts in 12-hour days from his home office and is respected by peers in his industry.
But his industry is about as unconventional as it gets. And if the anti-spam community discovered who he really was, it would go out of its way to make life as difficult as possible for a guy who profits from flooding your e-mail inbox.
"Richard Cunningham" more than likely isn't his real name; he won't say one way or another. But that's the name that appears on the WHOIS record for Spamsoft.biz, a domain he owns. He's also attributed as the owner of Sencode.com, though a WHOIS query of that domain reveals the site's owner information is protected by a RegisterFly.com service called ProtectFly.
Cunningham's identity is even murkier in the online forums he frequents. In those, he's known as "dollar" or "swank." He communicates mostly via online boards like SpecialHam.com and private message boards, or with instant messaging clients like AIM and ICQ.
There are many names attributed to Cunningham. But only one is common in nearly every language and known by every person who's ever owned a computer with an Internet connection: spammer.
The moniker isn't one Cunningham, or anyone else in the business of bulk e-mail distribution, is fond of, understandably so, as he claims to send only legitimate e-mails. Bulk mailing, he said, has been lumped into the same category as illegal spam, which sports spoofed e-mail addresses or peddles in a variety of unsavory markets like porn and Internet scams, such as the Nigerian spam scam.
"The anti-spam community and media tends to like to blame us for all of it and if you notice, a lot of the time the so-called spam-related cases were, in fact, not spam related but scam related," Cunningham said in an e-mail interview. "Notice how they try to say spammers are the culprits? It's another scheme to put a bad image to bulk-mail marketing; I investigate and turn in every single bit of these types of e-mails and operations I come across, as I cannot stand them either."
The Birth of a Bulk E-Mailer
When kids dream of what they want to be when they grow up, bulk e-mail marketer probably doesn't rank as high as fireman or astronaut. So how does one become one of the great Scourges of the Internet?
Like many people in his generation, Cunningham grew up around computers and the Internet -- participating on BBSes and playing video games. Cunningham said running with the wrong crowd and coming from a troubled family life, along with getting tired of dreary nine to five work as a dish washer, telemarketer and telephone order operator, prompted him to start looking for other orthodox ways of making money "without worrying about Johnny Law or stressing myself working for the man."
The Internet of the 1990s provided for anyone with interest a plethora of money schemes that ranged from MLMs (multi-level marketing or network marketing) to referral programs creating "set and forget" business opportunity Web sites.
Cunningham moved on to Unsolicited Commercial E-mails (UCE) and mass-mailing software programs. Seeing that many of his programmer friends were making good money with homegrown applications, mainly targeted at AOL because of the ISP's difficulty keeping up with blocking technology, he began running his own spamming operations.
He also began to experiment with other mailing programs, such as Stealth Mass Mailer, Send-Safe, Golden Launcher and Desktop Super Server, putting aside some money each time and investing in other marketing schemes. In the waning years of the 20th century, Cunningham migrated from promoting others' products to running his own affiliate programs, designing his own marketing software and lending his services to other bulk-mail providers. It was an evolution brought about by the changing times and the growing clamor over junk e-mails and rise of the anti-spam community.
"The payoff for spam is not like it was in the old days," he said. "It has changed tremendously over the years as more and more people got into the business, technology changed and people got wiser. In reality, you'd assume the more surfers, the more money, but it doesn't pan out that way any more; it's harder to make a living mailing now, and that's a fact."
For his part, Cunningham claims the only products he deals with range from legal advertisements for herbal supplements or leads programs, a marketing strategy that matches people to a particular product. He said he's a firm believer in responsible bulk e-mailing -- using valid forms and valid "Remove" links and processing them; in other words, keeping "your campaigns nice and clean," he said.
When he does send out bulk e-mail campaigns of his own, which Cunningham said he does less these days than in years past, he sends between 30 million and 60 million General Internet (GI) e-mails a day for three or four days at a time. GIs are "shot in the dark" e-mail addresses that are culled from e-mail harvesting software, whose use does not target any particular demographic.
Ray Everett-Church is the co-founder of the Coalition Against Unsolicited Commercial E-mail (CAUCE), a group that spends much of its time trying to steer businesses and organizations away from marketing campaigns that could be construed as spamming.
He rejects the claim that any group or individual, whether or not they abide by the CAN-SPAM Act requirements, that conducts spam blitzes does so legitimately. For an e-mail to be legitimate in his eyes, the marketer must have had some prior business relationship to the recipient or the recipient has opted to receive the specific type of e-mails (called opt-in).
"At some level, the folks who are engaged in a business where they are sending out massive volumes that they couldn't possibly have the permission of all those recipients for, they know full well that they are not engaged in legitimate or responsible non-spamming activities," he said. "You don't typically come up with 60 million e-mail addresses through a permission-based process."
Everett-Church does believe that companies, and people, can be persuaded to steer their business away from activities that are causing all the fuss. He points to none other than Walt Rines, a notorious spammer in the 90s and a former associate of spam king Sanford Wallace. Rines built and sold a rather robust e-mail marketing architecture, he said, to a group of buyers who turned it into TargetMail, a fairly reputable e-mail marketing services company.
"There's nothing more powerful than enlightened self-interest," Everett-Church said. "If you look at e-mail marketing and the tremendous opportunities that are in that space, and you look at spamming, you see that they are not compatible as far as longevity and long-term growth and opportunity."
Cashing In
Cunningham said the costs associated with bulk-mail or spamming campaigns are considerable. He present what is entailed in two common set-ups that bulk mailers use in their campaigns.
One is called a proxy mail campaign. This calls for one server for hosting ($600-$1,000 a month); a proxy mailing server ($300-$750 a month); a proxy subscription ($500 a month); mailing software ($500 a copy); and a list of recipients' e-mail addresses ($25 to $50 per million). Using the high end of each range, the initial cost of getting this campaign off the ground would run $2,800. Most bulk-mailers, Cunningham said, send from two to six servers, buy or harvest millions and millions of e-mail addresses and use multiple copies of mailing software because of the click-through rates.
The direct mail campaign requires one server for hosting ($350-$600); a direct mailing server ($250-$750); one to three domains for advertising ($25-$75); valid return e-mail addresses ($25-$75); and direct mailing software ($800-$3,200). The initial cost for this campaign runs $4,700.
But when these costs are offset with the potential payoff from sales leads, it is easy to see why many people, and businesses, aren't put off by the negative goodwill they receive for the business they conduct.
According to Cunningham's figures on mortgage leads, he can get a click-through rate for his messages from anywhere between 1:60 to 1:240, which means that one person will respond for every 60 to 240 e-mails; for AOL e-mail addresses the click-through rate is as favorable as 1:19. His commission rate varies from $8 to $16 per lead.
While that figure doesn't translate into actual sales (and he won't say what that percentage is), the figures are still impressive. For four days worth of work, Cunningham can send 240 million e-mails, which return 1 million (1:240) to 12.6 million (1:19) click-throughs. If only one-half of 1 percent lead to sales, he has still made anywhere between $40,000 and $1 million.
Cunningham wouldn't say exactly how much he makes in a year. But he did say it's a six-digit figure. And yes, he said, he does pay his taxes.
Fighting Backlash
Nevertheless, his work has made him enemies. The bane of his existence, of course, is the anti-spam community, which is often quite zealous in its efforts to put spammers, legitimate bulk mailers and scammers alike out of business
Earlier this year, an individual e-mailed SpamCop, an anti-spam discussion site, accusing Cunningham of sending Viagara, porn and easy-diploma advertisements to their inbox. The e-mail read, "this guy should be in jail, he's a real animal."
The more hardcore RBLs block the entire domains of Web hosting companies who do business with bulk-mailers. And Cunningham claims others have gone so far as to threaten spammers' families, throw bricks through their windows and send them excrement through the mail.
"They are nothing more than kooky Net trolls out to profit and glorify themselves off a so-called problem more so than actually attempting to fix the so-called problem," he said. "They do not scare me, and the likes of them are cowards hiding behind a computer screen."
He's not above tweaking members of the anti-spam community. His user profile on the SpecialHam.com forum features a picture of a can of Spam with cartoon character Homer Simpson drooling in the foreground. The caption beneath the picture reads, "I would like to give a big 'f*** you' out to all of my favorite anti's reading this profile. ;)"
You CAN-SPAM. Get Used to It
All of his bulk-mailing campaigns are legal thanks to the CAN-SPAM Act, which went into law in January. Four months after its passage, the legislation has received lukewarm reviews from e-mail security outfits and the federal agencies charged with enforcing the it.
Eight months later, it seems the United States has turned into the largest spam haven in the world. E-mail security firm CipherTrust last week reported that, while both the United States and South Korea represent only 28 percent each of the IP addresses used to send spam, a whopping 86 percent of the total spam volume comes from the United States, with South Korea a distant second at 3 percent. The U.S. numbers jumped enough during last year to indicate the CAN-SPAM Act had some effect on the numbers, a CipherTrust official said, though it could be a short-term spike as spammers test how far they can push the letter of the law.
Cunningham said spam is only going to get worse, not better, with time. More legitimate bulk mailers and established companies will take advantage of the CAN-SPAM's wording: as long as the e-mail doesn't use spoofed IP addresses, contains an Internet-based opt-out mechanism and includes a legitimate physical mailing address and indication in the subject line that it's an advertisement, then it is legal.
"Some spammers will go legit and some spammers won't," Cunningham said. "Some spammers will stop and some will continue to pursue this lucrative business practice."
Jennifer Martin, a CipherTrust spokeswoman, said many spammers are already finding ways to make it harder for the enforcement arms of the CAN-SPAM Act to prosecute. She said the company's already run into cases where spam includes a legitimate e-mail address with an Internet-based opt-out option. But, she continued, the server hosting the opt-out link returns a message saying the unsubscribe option is out of order and to instead send the request by regular mail to a postal address.
Not many computer users are experienced enough to know that the unsubscribe process needs to be entirely electronic, Martin said, and so they don't report it to the authorities or their ISP.
Not everyone takes to that point of view, especially among the e-mail marketing industry. Officials at the Direct Marketing Association (DMA), a trade association that conducts interactive and database marketing, say they have an entirely different impression of the effectiveness of the CAN-SPAM Act.
Louis Mastria, DMA director of public and international affairs, said the organization has been working with the FBI for the past year, donating technical and funding resources to aid law enforcement officials. He said the response he's gotten from federal agents, the men and women actually responsible for enforcing the legislation, have nothing but good things to say about the new law.
"What we've heard over and over again is that law enforcement feels like this is a boon to them, because, prior to the passage of this act, it used to be a very subjective thing. You would have to find out if they were spamming, and it came down to intent. Intent is a little harder to prove," he said. "Under the CAN-SPAM Act, it's black and white. You've either included an Internet-based opt-out or you haven't; you've either included a physical address or you haven't. So on its face, e-mail can be judged spam very easily, and prosecutions can be built rather quickly. The chances of success on prosecutions are significantly higher under the CAN-SPAM Act."
Still, enforcement of the act is getting off to a slow start, though Mastria expects the number of cases to increase soon. In the two years leading up to the CAN-SPAM Act, the FTC brought only 54 spam cases, according to an attorney at the commission in an interview last fall.
The problem with spammers using falsified information is the fact they are so hard to track down, officials say, and they aren't worried about breaking the law in the first place. In one case, the FTC spent four months tracking down one spammer's identity in an investigation that took one year and spanned two continents.
Phyllis Schneck, CipherTrust vice president of strategic development, said the fact that more than 85 percent of spam is coming out of the United States leads her to believe the arrests will pick up in time.
"I would expect to see more prosecutions and more court cases, but it goes to the policy and enforcement piece of CAN-SPAM," Schneck said. "You can have technology and you can have policy, but at one point you need to show that you're going to enforce it."
What Does It Really Cost in the End?
Like many others, Cunningham takes the stand common among both legitimate bulk-mailers and illegal scammers alike: If you don't like it, delete it. That stand is one side of the central argument surrounding spam -- the cost to the end user.
For network administrators, ISPs and business executives alike, the cost of spam is measured in terms of time wasted hitting the "delete mail" and the money spent in bandwidth to download the messages. There are numerous "spam calculators" on the Web that show just how much those costs are, like those at Computer Mail Services, NetworkWorldFusion and MX Logic.
"You've got to take into consideration the use of advertisements, promotions and more," Cunningham said. "You would be surprised at how many of these providers send their own advertisements and some even work deals in the background with e-mail marketers."
He declined to say who these providers where, saying that many "take extra precautions to make sure this is never exposed."
Despite the negative perception his job brings him, Cunningham doesn't see himself going "legitimate" and back to a nine-to-five job any time soon.
"I enjoy what I do and I enjoy conversations with others in the industry," he said. "As long as it makes me money, I'll continue to do it."
...that's the name that appears on the WHOIS record for Spamsoft.biz, a domain he owns. He's also attributed as the owner of Sencode.com...
Thanks for the warning. I have now blackholed both domains as well as the Chinese netblocks on which they reside:
219.128.0.0/13 and 219.136.0.0/15 are the ones to block if you don't want this jackass's spam.
So sayeth Ritchie...
"Richard Cunningham" more than likely isn't his real name; he won't say one way or another.
Pot, meet kettle.
< it's harder to make a living mailing now, and that's a fact." >
My favorite line in the whole post.
Whatever. Scum is scum.
There's probably a lesson in this somewhere.
An easy way to kill spam would be to go after the companies whos' products are being advertised through spam.
Something that would be more satisfying though, would be to make it legal to publish the names, photos, and home addresses of spammers, and allow the Internet public to club these bastards like baby seals!
Mark
Killing a spammer should be a $5 mail-in fine.
Would you please tell me how to do that? (block). Thanks in advance....
This is done using firewalls such as IPfilter or IPtables on the mail server. If you don't run your own mail server, I can't help you. Anyone who uses their ISP's mail service or a third-party mailer is pretty much at their provider's (and the spammer's) mercy.
So what the hell is this guy's problem? He never put his name on my "do not throw brick through my window" or "do not send me excrement through the mail" lists -- therefore, by his own standards, I have every right to do just that.
Thankya.. thankya...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.