Brian McWilliams

Rambam gained fame in 1996 for tracking Nazi war criminals and later for revealing that Elvis Presley had Jewish ancestors. He accuses Jared of erroneously including Pallorium’s e-mail server in OsiruSoft’s database in July 2003. Rambam says there’s no proof his firm ever sent spam, or even that its e-mail server was an “open relay” exploited by junk e-mailers to disguise their spams. The listing was obviously a mistake, according to Rambam, but Jared refused repeated requests to correct it.

As a result, Pallorium had difficulty invoicing clients, sending reports and otherwise communicating via e-mail for several weeks until it moved its e-mail server to a new network, he claims.

“Joe Jared cost me a lot of money. He was essentially putting us out of business. But if he had chosen to act responsibly, this lawsuit would not have happened,” says Rambam.

Jared, who refers to himself online as Citizen Joe, says he never made a dime from the OsiruSoft filter service. (Besides working as a contract programmer, his day job is running a small business that designs custom shoe inserts known as orthotics.) Jared shuttered the anti-spam service in August 2003, after suffering months of distributed denial-of-service (DDoS) attacks aimed at preventing his blacklist service from working effectively.

In court documents, Jared suggests that the DDoS attacks, which he blames on spammers, were likely the cause of Pallorium’s difficulty in contacting OsiruSoft or using the site’s automated system for correcting mistaken listings.

Rambam counters that the dramatic manner in which Jared shut down his service further illustrates what he considers Jared’s “gleeful negligence.” On Aug. 26, 2003, Jared placed a notice at his site instructing users to stop using OsiruSoft’s data. To drive home the point, Jared configured the service to block all addresses on the Internet. The result was a period of chaos for many users of the filter.

Pallorium isn’t the first organization to complain about collateral damage from Jared’s service. In 2001, OsiruSoft was criticized for blacklisting a San Francisco arts group that was operating an open e-mail server — even though there was no evidence the server had ever been abused by spammers.

Nor is Rambam’s lawsuit against Jared his first attempt to squelch unflattering Internet postings about him. Since 1997, Rambam has been involved in litigation against the Jewish Defense Organization and others for defamation.

“By the end of the year, I will have a judgment against Joe Jared, and I’m going to enforce the judgment because he’s been so nasty to me,” says Rambam.

The Pallorium vs. Jared trial is scheduled to begin Sept. 20. The case follows a 2003 attempt by an anonymous group calling itself EMarketersAmerica.org (EMA) to sue nine spam fighters, including Jared and Steve Linford, operator of the Spamhaus.org spam information and blocking service. The EMA withdrew its lawsuit in September 2003 after the defendants’ attorney filed 500 pages of discovery — requests for business documents, programs, communications and other information.

Jared initially withheld announcing the Pallorium lawsuit, which was filed in October 2003, but he recently began soliciting online donations to a legal defense fund.

“I figured it was such a ridiculous case that I could handle it myself. I was wrong,” explained Jared. “I also needed to stay in the background to avoid further retaliation from the DDoS mafia.”

In a matter of days, supporters contributed around $1,600 to Jared’s defense, which is being handled by the Morris Law Firm. In a Usenet newsgroup devoted to spam fighting, some Internet users have expressed alarm over the lawsuit.

“Joe is being personally sued because he ran Osirusoft,” wrote one participant in the news.admin.net-abuse.e-mail newsgroup. “Anyone that participates in this newsgroup, runs a block list, IP identifier list, domain name list, or just posts spammer information on Usenet or the Internet could have [that] happen to them.”

Jared launched the OsiruSoft Open Relay Spam Stopper as a public service in early 2000. At the time, a large percentage of spam originated from “open relays” — e-mail servers configured to allow anyone on the Internet to send messages through them. Anti-spammers such as Jared sought to close the vulnerability by developing automated tools and Web sites for testing and reporting open e-mail servers. Jared eventually expanded his filter service to block other spam sources, using data from other junk e-mail block lists. In its heyday, the OsiruSoft service was reportedly used by several large Internet service providers, including Pacific Bell, Ameritech and Prodigy.

Since Jared’s filter was based on a compilation of several other databases, including the controversial Spews.org service, he is likely protected by the safe harbor provision of the U.S. Communications Decency Act, according to Pete Wellborn, the attorney who defended anti-spammers in the EMA lawsuit. Under the law, online service providers may not be liable for the content they publish as long as they don’t censor or edit the information, says Wellborn.

But Pallorium’s attorney, Gary Kurtz, says he will convince jurors that Jared is responsible for any damage caused by third parties who used his erroneous listings. And, according to Kurtz, the fact that Jared operated OsiruSoft’s spam service as a hobby doesn’t shield him from responsibility.

“If my hobby is shooting guns out an open window, I’m still liable to anybody that I hit,” says Kurtz.

As the global spam problem grows worse, Internet service providers and corporate e-mail administrators are increasingly dependent on spam blacklists to protect their users from junk e-mail. Some spam opponents fear the Pallorium lawsuit could have a chilling effect on other spam-filtering services. In May 2001, Alan Brown, the operator of the Open Relay Behavior-modification System (ORBS), shut down the anti-spam service and temporarily fled his native New Zealand after being sued over some listings.

But Laura Atkins, a partner in the anti-spam consulting firm Word to the Wise, says cases such as Pallorium vs. Jared simply highlight what she characterizes as a “flight to quality” by users of spam blocking services.

“A few years ago, it seemed like everybody was running a spam block list, and not all operated with the same diligence and professionalism. In the past 18 months, a lot of people have started looking real hard at what block list they are using,” says Atkins.

Linford, operator of the Spamhaus Block List (SBL), says Spamhaus and other responsible list operators quickly correct any errors in their listings. But he said that filter maintainers bear no legal responsibility to e-mail senders.

“The rights of an e-mail sender end at the receiving network’s border,” says Linford.

Jared seems to agree. Internet users have the legal right, he says, to choose what comes into their in box, and to refuse mail from anyone for any reason. Although his service has been defunct for over a year, Jared says he will fight the Pallorium lawsuit on principle.

“I have to fight this case because, in my opinion, it could impact the property rights of others if I don’t. Your right to speak should never impact my right to not listen, especially when it’s in my own home,” says Jared.

While OsiruSoft’s filter is no longer operational, Jared can take some comfort in knowing it helped eliminate one of the biggest conduits of spam. According to spam experts, open relays are no longer a significant source of junk e-mail — thanks primarily to smothering filters like OsiruSoft’s.

Editor’s note: This story has been corrected since its original publication.

Yet, according to many experts, Microsoft remains as much the root of the spam problem as the key to solving it.

Most junk e-mail today emanates from Windows computers that spammers have hijacked and turned into spam “zombies” using security holes in Microsoft’s operating system. What’s more, Microsoft is blamed for wrecking efforts this past summer to create e-mail authentication standards. The company also stands accused of trying to neuter state anti-spam laws. And Microsoft has yet to win a lawsuit against a major spammer.

A P.R. representative from Microsoft stressed that “there is no silver bullet” and that “it will take a combination of advanced technology, industry cooperation, user education and enablement, effective legislation and targeted enforcement against illegal spammers to significantly reduce and solve” the problem of spam. But with its huge installed base, deep pockets, marketplace clout and technology prowess, Microsoft is in a unique position to eradicate junk e-mail.

If, that is, the company has the will to do so. Microsoft says that it is working on new technologies that will help reduce spam, and denies that it is in any way responsible for the floods of junk mail coursing across the Net. “Spammers cause spam,” says Microsoft.

But a review of what Microsoft is actually doing suggests that the company isn’t pursuing the problem as vigorously as it could. Before Microsoft can make good on Gates’ prediction, experts say, it must first stop worrying about what’s good for its business, and concentrate instead on what’s best for the Internet as a whole.

To hide their tracks, spammers have always misappropriated the computers of innocent third parties. But the rise of Windows zombies is arguably the gravest problem facing spam opponents today. By one estimate, over 60 percent of junk e-mail now originates from home PCs that spammers have commandeered with the help of virus writers and hackers.

With an ever-growing arsenal of Windows zombies under their control, spammers can evade some spam filters, which have trouble keeping current lists of the addresses of known zombie systems. What’s more, spammers have used their networks of zombied computers to launch denial-of-service attacks on sites operated by blacklist services and other anti-spam organizations.

Solve the Windows zombie problem, and you’re well on the way to eliminating spam, say the experts. And who better to provide a solution than Microsoft, which created the problem in the first place by shipping buggy software?

Two weeks ago, Microsoft released a free tool for detecting and removing infections caused by a handful of Windows-based computer worms and viruses. But some security experts say the company still hasn’t adequately addressed the underlying security vulnerabilities exploited by such malicious software.

“Microsoft needs to lock down Windows so that rogue programs can’t convert PCs into zombies or hijack applications to do spamlike things,” says Richard Forno, a security consultant and commentator.

Yet Microsoft effectively created a ghetto of potential spam zombies last year when it refused to allow users of pirated versions of Windows to install a significant security update known as Service Pack 2 (SP2).

According to John Levine, chairman of the Anti-Spam Research Group, Microsoft acts as if guarding its software against piracy is a more significant issue than protecting users of unpatched Windows systems against worms and hackers.

“Microsoft, of course, has no responsibility to people who’ve stolen their software, but the security holes don’t affect the user of the infected computer as much as they do the zillion recipients of the spam and worms that it emits,” says Levine.

Levine’s recommendation: Microsoft should give away security upgrades to unauthorized users of Windows, even if doing so undercuts the firm’s campaign against software piracy.

Deterring the creation of new spam zombies would be a huge victory, says Joe Stewart, a security researcher with Lurhq. But he believes Microsoft also ought to go even further and hunt down the hacker-spammers who use existing zombies.

To accomplish this, says Stewart, Microsoft should build a network of decoy zombies, with the aim of attracting the miscreants who scan the Internet for compromised computers and send spam through them.

“Feed [the information] to the legal team that sues spammers,” says Stewart.

What of Microsoft’s legal team? They’ve kept the company intact despite antitrust lawsuits. They’ve protected Microsoft’s intellectual property with countless patents. They’ve helped convict software pirates around the globe.

So when will Microsoft’s lawyers get a big court decision against a major junk e-mailer?

In recent years, Microsoft has filed scores of lawsuits against spammers large and small. But unlike competing Internet service providers America Online and Earthlink, Microsoft can’t claim any big trophies yet.

The company’s most high-profile lawsuit — filed in December 2003 against Colorado bulk e-mailer Scott Richter — is still pending. But that litigation is unlikely to bring the $18 million judgment Microsoft boasted it would seek. Last summer, New York Attorney General Eliot Spitzer settled a parallel lawsuit against Richter for the paltry sum of $50,000.

In August 2003, Microsoft found itself in the embarrassing position of having to apologize to a British man after erroneously suing him for spamming. In a statement, Microsoft said the case against Simon Grainger “illustrates the difficulties and hazards of investigating the clandestine activities of faceless individuals operating on the Internet.”

Microsoft lobbed an innovative lawsuit last September at Levon Gillespie, the operator of a company that provides “bulletproof” Web site hosting services to spammers. Soon thereafter, Gillespie’s Cheapbulletproof.com site went offline, as did SpamForum.biz, his online marketplace for junk e-mailers. But earlier this month, Gillespie’s sites returned, now located on servers in China. A Microsoft spokesperson reports that the lawsuit is still in the discovery stage.

Anti-spam legal efforts can get results without making headlines, says Matthew Prince, an adjunct professor of law at John Marshall Law School, and chief executive of Unspam. If nothing else, Microsoft can force spammers to run up big legal bills, thereby wrecking the economics of spamming, says Prince.

Spam opponents see other behind-the-scenes opportunities for Microsoft. The company could use its enormous marketplace clout to pressure the biggest suppliers of Web site hosting for spammers.

Steve Linford, operator of the Spamhaus spam-filtering and information clearinghouse, says Microsoft’s Hotmail service could threaten to block e-mail from China unless the Chinese government pressures rogue ISPs there to stop providing havens for spam suppliers such as Gillespie.

“AOL gets an enormous amount done simply by telling other providers that they won’t accept e-mail from their systems unless they clean up their networks. Microsoft most certainly could use Hotmail as leverage in this same way,” says Linford.

Similarly, Microsoft could shame MCI Wholesale Network Services, which currently hosts around 200 spam gangs, according to Linford.

Microsoft’s anti-spam initiatives may be hampered, however, by what Prince and other experts describe as the firm’s split personality over junk e-mail. Microsoft’s MSN and Hotmail services appear determined to run spammers off their networks on a rail. But the company’s other business units want to preserve Microsoft’s ability to use unsolicited e-mail in, for example, cross-marketing to existing customers.

“AOL has a much clearer sense that spam is a problem that’s unacceptable, and they are willing to go to the mat to solve it, whereas Microsoft is definitely of two minds on the subject,” says Prince.

So even while Microsoft is an “impressive partner” in some anti-spam enforcements, according to Paula Selis, senior counsel for the Washington state attorney general’s office, at the same time the company has lobbied for weaker versions of federal and state spam laws.

“It’s struck me that sometimes their agenda is a little mixed,” says Selis.

State lawmakers have publicly criticized Microsoft’s aggressive lobbying against stringent anti-spam laws. After the company helped to defeat a do-not-spam registry proposal in Michigan, some legislators began referring to Microsoft as the “axis of inertia” in the press.

Microsoft’s conflicted spam priorities are also blamed for a recent breakdown in setting e-mail authentication standards. Last summer, an international working group was close to hammering out a standard based on Microsoft technology, which would help in the battle against spam, viruses and other e-mail abuse.

But the working group hit a roadblock when Microsoft revealed that it had applied to patent its authentication technology, known as Sender ID. Some working-group participants balked at the idea of Microsoft’s patent lawyers controlling an industry standard.

Levine says Microsoft could have offered a license that satisfied the open-source community without compromising its intellectual property protections. But the company made no such concession.

“Their best offer was a license that gives them the option to pull the rug out at any time, with vague assurances that they wouldn’t do that,” says Levine. As a result, the working group was disbanded in September without reaching an agreement.

Using its proprietary SmartScreen filtering technology, Microsoft’s Hotmail service has made great progress in shielding users from spam. Indeed, Microsoft’s best hope of defeating spam by 2006 may be within its own networks, if not the Internet at large, says Prince.

That’s a long way to come for a service that, four years ago, was blacklisted by the Mail Abuse Prevention System for improperly securing its servers against spammers.

But recent organizational moves suggest Microsoft’s priorities may have shifted away from a single-minded commitment to fighting unsolicited commercial e-mail.

The Microsoft Anti-Spam Technology and Strategy Group, created in 2002, was recently renamed the Safety Technology and Strategy Group. According to a Microsoft spokesperson, the company changed the name as a result of its taking a new view of spam as part of a broader problem of online safety that includes “phishing” attacks.

“To beat spammers, you’ve got to be unrelenting, and chase them 24 hours a day, 365 days a year,” says Prince. He worries that Microsoft’s broader focus might divert the company’s attention from that task.

For Microsoft to play a leading role in solving the spam problem, it must ultimately rein in its own marketing for the sake of being a good netizen, says Levine.

“Compared to other big companies, Microsoft’s anti-spam activities look far more to be shaped by their business interests. The other big players are doing things that are certainly good for themselves, but they’re also good for the Internet community as a whole,” says Levine.

Regardless of whether Microsoft makes such a commitment, Stewart puts the probability of a spam-free Internet by 2006 next to zero.

“The spammers are making big money at this game right now. There’s no way they’re just going to stop and say, ‘Gee, Microsoft has introduced the final, ultimate solution to stop spam. Guess we should give up now.’”

I wanted to be one of Casper’s sales affiliates. In today’s world of spam, a sales affiliate sends out junk mail on behalf of a spam-site operator or “sponsor,” who assigns the affiliate a special tracking code to include in his e-mail ads. For every sale the affiliate’s spams generate, he is paid a commission by the site operator. Sponsors also provide “remove” lists, spamming software, and other support to help their affiliates successfully market the site.

Since September, Casper and his associates had been clogging my various e-mail accounts with ads for a watch shop called Royal-Replicas.com (formerly onlinereplicastore.com). I filed several complaints with the Chinese Internet service provider hosting the site, to no avail.

I suppose I could have just clicked the “unsubscribe” links in the dozen or so spams they sent me every day. But I didn’t trust these people one bit. I was sure that if I could get inside Casper’s operation, I would find hard evidence confirming what savvy Internet users instinctively know: Trying to unsubscribe from spam is a fool’s game.

Just look at the place. Royal-Replicas.com provides no physical mailing address in its junk e-mails or at the site. The domain’s registration record lists someone in Spain as the owner. The site is hosted on a server in China, but the order page cites prices in Indian rupees as well as U.S. dollars. The headers of the spams reveal that many have been sent via “zombied” home computers. Even the headers of Casper’s private e-mails are a fraud. (He routed all his messages to me through proxy computers in South Korea.)

The “About Us” page at Royal-Replicas.com doesn’t help much, either. It contains little more than a bizarre rationale for buying its $300 knockoffs rather than the real thing: “Many people purchase watches that cost thousands of dollars and render the wearer liable to get their hand chopped off while walking home from a posh cocktail party.”

Bulk e-mailers are required to honor list-removal requests under the U.S. CAN-SPAM law. But still it’s common knowledge that clicking an unsubscribe link or handing over your e-mail address on a junk e-mailer’s remove page is insane. The U.S. Computer Emergency Readiness Team (US-CERT) warns that unsubscribe links are “often just a method for collecting valid addresses that are then sent other spam.” The FTC has sent warning letters to at least 77 marketers for their failure to honor unsubscribe requests.

Sure, a few spammers might take your name off to avoid trouble. But to most, you’re merely confirming that they’ve found a live one. Next thing you know, they’ll have sold your e-mail address to other spammers as “validated” — or, in other words, ready for spamming.

At least, that’s what I thought until Casper brought me onboard. My undercover mission into the heart of fake-Rolex spam didn’t turn out exactly as I had expected.

I tried flattering Casper in my e-mails, gushing that he had astutely tapped into a timely and lucrative spamming niche. (You could probably find similar watches on the streets of Chinatown for $25, but hey, some people prefer the convenience of holiday shopping from home.) But Casper doesn’t let just anyone join BlackMarketMoney.com. After I sent my introductory e-mail as “Chris Smith” from a free webmail account I had created, he asked to know the name of the person who had referred me to the site.

I told him I had learned about the program from a buddy in the #bulkers Internet relay chat (IRC) channel who uses the online handle Ep0ch. In fact, I had stumbled upon the home page for the watch spammers’ affiliate program after studying some of their junk e-mails.

I noticed that the spams never actually advertised Royal-Replicas.com directly; instead, they enticed recipients to visit an intermediary domain on a Brazilian server that redirected traffic to the main Chinese site.

Last month, using a special look-up tool, I enumerated the domains stored on the Brazilian server. As I was studying the list, many of which use clever typos — 0megas.net, Roiex.com, Ltalian.net — one name jumped out: BlackMarketMoney.com. I surfed over to the site, which featured an image depicting bullet holes and wads of dollar bills. “It’s easy money,” proclaimed the graphic.

A sign at BlackMarketMoney.com said affiliates got paid up to 40 percent commissions for every order. In addition to pushing replica watches, the program would soon be adding “penis extenders,” a cellphone charger and an online pharmacy to its portfolio of sites.

After spotting the member log-in panel in the upper right corner of the page, I decided to contact BlackMarketMoney.com and ask about joining.

Casper replied to my message saying he’d never heard of the #bulkers IRC channel or my friend Ep0ch. (Damn, he was good. Neither exists.) Casper said I needed to provide the name of a “big mailer” who could vouch for me.

I produced a list of names and addresses, assuming he would quickly detect that they were all bogus and he would ignore me. A couple of days went by and I still hadn’t heard back. I’d pretty much abandoned hope of ever becoming a BlackMarketMoney.com affiliate.

That’s when I decided to visit the unsubscribe page at a Royal-Replicas.com satellite site, and typed in the address of my most obscure e-mail account. (The address is unpublished, I rarely use it, and it only gets about 10 spams per day — half for Royal-Replicas.com, and the rest for a generic Cialis site.)

My thinking was this. If the canary survived in the mine, I could cut spam to that account in half. If things went sour, I’d just jettison the e-mail address. (I decided not to unsubscribe any of my primary e-mail accounts — the ones that get hundreds of spams every day for everything from fake watches to Hydrocodone without a prescription.)

A few days later, an e-mail arrived from Casper. He said I’d make “a valuable addition to the team.” His message included information about how to log in to my account at BlackMarketMoney.com, and he gave me his AOL Instant Messenger (AIM) screen name in case I had any questions.

When I signed on to BlackMarketMoney.com for the first time, I saw a page where my sales stats would be displayed. A preferences section included a form where I could specify account numbers for my commission payments. There were also pages with suggested ad copy and graphics files, as well as an updated list of the various domains we affiliates were supposed to advertise in our spams.

But what really caught my eye was a note at the site that insisted all affiliate spams include an “unsubscribe link.” Two huge archives were also available for download, containing lists of “remove” addresses. The October list held around 202,000 e-mails, while the November list had over 282,000 addresses. Sales affiliates were instructed to scrub their mailing lists to remove these names.

To my amazement, a quick search revealed that my e-mail address had successfully made it onto the November remove list. But nearly 10 days had passed since I had asked to be unsubscribed, and the fake-Rolex spams were still rolling in. Obviously, my fellow affiliates couldn’t be bothered to clean their rolls of my e-mail address.

As I scanned the remove lists, I was startled at some of the other e-mails. Hundreds of people with dot-gov, dot-mil, and dot-edu addresses had asked for the Royal-Replicas.com spam to stop. (I’d always been told that spammers filter out these domains reflexively, because they generate way more complaints than sales.)

Other addresses jumped out at me. Lots of people from high-tech companies, including Intel, Hewlett-Packard and Microsoft, had tried to unsubscribe. Dozens of people using ACM.org and IEEE.org addresses (professional engineering and computer science organizations) were also on the remove lists.

These people were supposed to be geeks — why were they bothering to unsubscribe? Surely they knew the conventional wisdom: You don’t negotiate with terrorists, and you don’t unsubscribe from spam lists.

Scrolling through the addresses, I realized someone had tried to sabotage the Royal-Replicas.com remove lists. Nonexistent addresses — ending in netscape.gov and pooper.gov, for example — were mixed in with real ones. The lists also included many “celebrity” unsubscribe requests, including ones from arlen_specter@specter.senate.gov, barbara.bush@whitehouse.gov, condaliza.rice@whitehouse.gov, and conrad_burns@burns.senate.gov.

While I understood the rage that led someone to submit phony addresses, I was also a bit ticked off at the perpetrator. Wouldn’t all this junk on the remove lists make spamming affiliates reluctant to use them?

BlackMarketMoney.com also offered a smaller “domain” filter list. Affiliates were supposed to configure their list-processing software to remove all e-mail addresses that included special keywords or domains. Among the 825 filter words were obvious ones such as “abuse” and “admin,” but there were also some head-scratchers: “beavis,” “douche” and “orgy.”

The domain filter list also included sites of well-known anti-spammers, including spews.org, chickenboner.com, scconsult.com and barbieslapp.com. Other notable domains on the filter list were kuro5hin.org, salonmagazine.com and, inexplicably, womenbehindbars.com.

I decided to try contacting some of the people on the remove lists. I’d remind them that clicking spammers’ unsubscribe links has been known to install Trojan horse software on your computer. What’s more, you can’t even trust some mainstream companies. A recent study found that Amazon and other high-profile firms are sometimes embarrassingly lax in honoring remove requests.

What were these people thinking when they handed over their addresses to the fake-Rolex spammers?

A private investigator in Florida whose e-mail address was on the October remove list didn’t return my phone calls or e-mails. I got a similar lack of response from a professor of computer science at Rensselaer Polytechnic Institute. Then Bill Hartman phoned me in response to my e-mail to his ACM.org account.

“I’m not sure why I do it. I know you’re not supposed to,” said Hartman, chief technology officer for Finite Services, a California software firm.

Hartman reported that he receives around 50 spams per day. If the messages make unsubscribing convenient — by including remove links, for example — he attempts to get off the spammer’s list. But Hartman admitted the strategy hasn’t reduced his overall junk e-mail inflows. As proof, he forwarded several copies of spams advertising Royal-Replicas.com — including some sent in early December.

Richard Stuart, an engineer with Infineon Technologies based in Maryland, had seen similarly lackluster results from his efforts to unsubscribe from spammer lists.

“Sometimes they stop. Other times, I’m pretty sure they just sell my address to another spammer,” said Stuart, who has served on International Telecommunications Union committees drafting standards for modems and DSL equipment. Stuart said he nonetheless planned to stick with the unsubscribing tactic.

“I get so much spam, I can’t keep track of it all,” said Becky Poor, director of education for a church in Baton Rouge, La. She told me by phone, with some distress, that she received about 200 spams per day. Poor had simply been deleting them until a few months ago, when a co-worker showed her how to unsubscribe. For a while, she dutifully clicked remove links, among them one that was supposed to take her off the Royal-Replicas.com mailing list.

But Poor said she has since given up unsubscribing. The spam just keeps coming, including recent messages from the fake-Rolex spammers.

At that point, I was really no closer to understanding why nearly half a million people — many of whom should know better — had tempted fate. Perhaps the same gullibility that compels consumers to buy from junk e-mailers also makes them willing to suspend disbelief about spam remove lists. Or maybe it was simply an act of desperation. Nothing else seems to stop spam, why not try a radical approach?

These people would surely be disappointed by a recent decision from the U.S. Federal Trade Commission. Earlier this year, the FTC gathered advice from experts about whether to implement a national Do Not Spam registry, akin to the Do Not Call list that has worked to silence unwanted telemarketing calls. In June, the agency announced it was nixing the spam registry idea on the grounds that it would likely backfire and make problems worse.

“Spammers would use such a registry as a directory of valid e-mail addresses. It ultimately would become the National Do Spam List,” concluded the agency in a June press release.

I had expected to produce evidence corroborating this conclusion during my brief stint as an underperforming spam affiliate. But I am somewhat shocked to report that, on Dec. 2, I stopped receiving any Royal-Replicas.com spam at my unsubscribed e-mail address. The unthinkable had happened: I had asked a spammer to remove me, and it worked!

I know that my fellow BlackMarketMoney.com affiliates are still spamming away — my other e-mail accounts are still taking in over half a dozen fake-Rolex spams each per day. But the replica spam suddenly dried up at the removed address. (Now it’s just the damned “Cialis soft tabs” ads.)

So should everybody relax, and just click on every “remove me” link they see? I still don’t think so, even if these watch spammers gave me what I asked for. For one thing, I don’t know why my remove request got results, while those of Hartman, Stuart and Poor haven’t been honored. The fact is, rogue affiliates could neglect to scrub their lists. Or worse, they could take the BlackMarketMoney.com remove lists and turn them into a spam list. For all I know, this could just be the calm before a spam storm.

Then I remembered Casper Jones. Perhaps the leader of BlackMarketMoney.com had some worldly opinions to share on the issue. I approached him over AIM using my real name. Could he answer a journalist’s questions about remove lists?

Casper didn’t respond. A minute later, he signed off. I haven’t spotted him online since.

For more than three years, Bridger has deftly balanced the most difficult task of a spammer (or “bulk mailer,” to use the term he prefers): giving out enough contact information to make a sale without putting the whole operation at risk.

For Bridger, keeping a grip on his own identity may be another challenge. When he’s tired or distracted and the cellphone chirps to life, Bridger might even have to pause and ask himself: What is my name today?

Legally, the man who goes by the name Bridger appears to be Davis Wolfgang Hawke, a former white-power activist who renounced his birth name, Andrew Britt Greenbaum, in 1996 at the age of 18. But in the late ’90s Hawke also went by the moniker Bo Decker. At the time, he was head of the Knights of Freedom Nationalist Party, one of the fastest growing neo-Nazi groups in the United States, which he later renamed the American Nationalist Party while a student at Wofford College in South Carolina.

But he hasn’t really used the names Decker or Hawke online for years. Those identities imploded in 1999, shortly after word got out that his father was a Jew from the Boston suburbs, and people started calling him a “kosher Nazi.” The ANP and its leader crawled quietly under a rock.

Yet as his world was crumbling around him, Hawke vowed he’d make a comeback on the political scene. In an interview with Rolling Stone in late 1999, Hawke predicted he would run for “major public office” within a decade. But first, he would need “a lot of money to back me up.”

So what does a former American Nationalist Party member do to make some quick bucks? In Hawke’s case, he turned to penis-enlargement pills — and a host of other dodgy products, including human growth hormone, free government grants, inkjet-printer refills, extended car warranties, “eBay secrets” — marketed via spam e-mail campaigns. Today, Hawke’s spam operations — Quiksilver Enterprises and Amazing Internet Products — while nowhere near the biggest sources of junk e-mail on the Internet, may be among its more profitable spam-based enterprises.

The life of a spammer is not a dull one. Hawke must move quickly through the obscure back roads of the Net, abandoning the Internet domains that he uses to generate his spam in quick order after he is discovered by anti-spam vigilantes or other spam fighters. The trail he leaves behind him offers a bizarre look at the seedy world of spam entrepreneurship. White-power organizer turned penis-pill spammer, he sounds like a fictional character in a bad comic novel. But he’s quite real.

Spamming was apparently part of Hawke’s career strategy even before he was laughed out of the American white-power movement.

In May 1999, as Hawke was redesigning the ANP Web site and retooling the party’s platform, he also registered Knifed.com — the future home of his first spam-vertised site, the American Knife Depot. Instead of his own name, Hawke listed his significant other and chief party secretary, Patricia Lingenfelter, as registrant, according to Internet records.

In early July, just weeks before a failed white-power march on Washington he helped organize, someone using the name Jon was spamming Internet message boards with bogus testimonials about Knifed.com’s “totally reasonable” prices for knives and other weapons.

Ever since, to throw the feds and anti-spammers off his trail, Hawke has used fictitious names like Johnny Durango, James Kincaid, Winston Cross, Clell Miller, George Baldwan, or John Milton in the registration records for the dozens of Internet domains he has registered for his online storefronts over the years.

For his physical address, Hawke typically lists a Mail Boxes Etc. location in New Hampshire, New York, or Vermont. It’s a technique he has used since 1998, when the Knights of Freedom site listed a Mail Boxes Etc. store in Walpole, Mass., as its address.

Rhode Island has apparently been Hawke’s home for at least the past 18 months. Records kept by the American Registry for Internet Numbers show that in April 2002 someone using the name Dave Hawke registered a block of Internet protocol (IP) addresses on behalf of Quiksilver Enterprises, listing a Pawtucket, R.I., address. The IP addresses were later reported to have been used to send Quiksilver spam.

An online telephone directory maintained by AT&T shows a listing for “D Hawke” at the same address in Pawtucket. The cellphone number listed by “Dave Bridger” in numerous recent spams for Pinacle is on the Sprint PCS network in Providence, R.I., according to an online database.

When Hawke unleashes a load of spam touting Pinacle he forges the return address so no one can reply or easily track its source.

Using special spam software, he typically relays the e-mails through third-party mail servers to hide their true origin. Sometimes he uses an innocent bystander’s e-mail addresses in the From line, so they have to deal with all the complaints, delivery-error or “bounce” messages, and list-remove requests.

These evasive tactics, all standard among spammers, are currently illegal in a handful of states. But no federal law yet exists to rein in such fraud. And while big Internet service providers such as AOL and MSN occasionally tie up large spammers with lawsuits, operations like Hawke’s appear to be below the radar of the major ISPs.

This is not to say that business is easy for Hawke, who is now in his mid-twenties.

Opponents of junk e-mail have been playing a type of whack-a-mole game with Quiksilver and Amazing Internet since early 2000. Whenever Hawke sends a batch of spam touting a new Web site, the anti-spammers notify the Internet service provider that hosts the site. Often, those reports are in vain, since Hawke uses hosting companies in China, Russia, and South America for whom spamming is not a violation of acceptable use policies.

But anti-spammers have had some success in making Hawke’s sites unreachable through another tactic. Because he typically uses bogus information in his domain registrations, Hawke is violating a requirement set by the Internet Corporation for Assigned Names and Numbers that so-called domain “whois” data be valid.

DirecNIC, Hawke’s preferred domain registrar, has placed many of his domains on hold in response to reports that the registrations contain false information, according to Sigmund Solares, CEO of Intercosmos Media Group, the New Orleans firm that operates DirecNIC.

Hawke and his associates are also prone to mistakes, says Piers Forrest, a London-based salesman of high-end computers and a self-proclaimed anti-spammer. As they transfer files from one site to another in the process of staging a new storefront, the spammers often leave a log file behind on the source server. These file-transfer protocol (FTP) logs have enabled anti-spammers to learn about new Pinacle sites even before their operators announce them, thus providing a head start on the shutdown process.

Following a domain shutdown, Hawke quickly gathers himself and reappears at a new location on the Internet. But the technical interruptions can help tilt the economics of spamming, says Forrest.

“Spam is only profitable because the costs are so low. What a lot of us do is try to push up those costs by making sure that when a spammer is found that they lose their Internet connection and they are paying for a Web site that they lose, so that spamming is not worth it,” says Forrest.

In a telephone interview, Dave Bridger claimed not to recognize the term “spam” or to know what a Web site is and said he worked as a manager in a McDonald’s restaurant. In a subsequent online interview, Bridger said he would agree to an interview only if paid $20,000.

“I don’t have time, make too much money, my time is very expensive,” said Bridger.

How much money is he making? That question is essentially unanswerable, but earlier this year, Amazing Internet took new offices and warehouse space beside other high-tech companies in a refurbished mill complex in Manchester, N.H. — a space previously occupied by the U.S. Senate campaign of Jeanne Shaheen, the state’s former governor.

According to a former Hawke associate, the neo-Nazi turned spammer boasts of earning “six figures” and often carries around a wad of hundred-dollar bills in his pocket, totaling thousands of dollars. (The former associate, when shown a photograph of Hawke, also confirmed that “Bridger” was Hawke, although at the time of their association, Hawke/Bridger was using the name Johnny Durango.)

Hawke has signed up scores of Pinacle sales affiliates, although only a few dozen may be active. The bottles of pills are sold for $50 to the end user, but Hawke pays his own supplier only five bucks, and he pays his affiliates another 10 for each sale made via their own spam campaigns. In the low-overhead spam business, that could mean relatively high profit margins.

Customer satisfaction may not be ideal, however. These days, when Bridger’s cell rings it could as easily be an irate customer as another direct sale or affiliate wanting to sign up. After all, the Federal Trade Commission says the cocktail of herbs listed on the label isn’t proven to grow bigger penises. One of the ingredients, yohimbe, may stimulate the central nervous system and is approved by the Food and Drug Administration. But it can also cause kidney failure or kill people with heart problems, the FDA warns.

There are no such caveats in the red-and-blue-lettered e-mails touting Amazing Internet’s Pinacle pills. They usually arrive with a subject line such as “Grow your penis 2 inches in 2 days” and assure recipients that Pinacle is “completely safe.”

The closest thing to a health warning in the ads or the Web site for ordering Pinacle is this helpful advice: “Remember, a penis larger than 9 inches may be too large for most women. But IF for some reason you need even more, it is possible for you to safely continue taking Pinacle.”

So far, no one has publicly complained about Pinacle. According to FTC spokesman Richard Cleland, the agency doesn’t have the resources to track down people like Hawke and charge them with making deceptive efficacy claims.

While the wording of his e-mail solicitations for Pinacle affiliates suggests Hawke prefers the expression “bulk mailer” to the term “spammer,” the FTP logs left on Amazing Internet sites leave no doubt about the company’s business. One log from AIP’s site Myselinak.com in early July, for example, recorded a transfer from the operator’s PC with the following directory: C:\spam\campaigns\Pinacle.

Forrest is credited with being the first to connect Hawke with the various spam campaigns run by Quiksilver. Yet he admits he’s frustrated that, despite his efforts, Hawke has prevailed in the spam business for more than three years.

Hawke’s reemergence as a spammer doesn’t surprise Mark Potok of the Southern Poverty Law Center, a group in Alabama that tracks hate groups.

“I think he is basically a petty criminal. He’s a gang leader, a cultist. He was always about forming groups in which he’s the Führer. And I think that’s probably the case again here,” says Potok.

Potok is not concerned, however, that Hawke will use his profits from spam to bankroll a new neo-Nazi movement.

“He wouldn’t last five minutes in the movement. His name is mud. That’s an insurmountable problem — your father is Jewish,” says Potok. “He got so much mockery at the time. He was just destroyed by the stuff.”

While Hawke’s career as a white-power leader may be finished, one of his former Web sites suggests that if he decides to return to political life, it may be as a Rhode Island Libertarian.

In early 2001, Quiksilver used a site named PrivacyBuff.com to sell books with titles such as “The Spambook,” as well as a collection of tips and programs called “The Banned CD.”

According to a message from “Dave Milton” on the “Who We Are” page at the site, “I am a libertarian and everyone who works for me is a libertarian … we also favor the legalization of all drugs, an end to all taxes, and the abolition of the criminal justice system.”

Then again, it’s always been impossible to know whether the opportunistic, chameleon-like Hawke ever truly embraced a political philosophy — or was simply posturing and spouting a credo to make a sale.

Yet Babil Online, the home page of an Iraqi newspaper run by Saddam Hussein’s son Uday, was still reachable following the bombing.

A headline atop the front page of Babil Online exhorts visitors to read an article about the war, which includes several postmortem photos of what appear to be U.S. troops. The images were displayed last week on Qatar-based Al-Jazeera TV. Subsequently, the TV network’s Web site came under repeated denial-of-service attacks.

Meanwhile, two primary Internet access points for Iraqi citizens — among them a high-profile blogger using the alias “Salam Pax” — have been unreachable since the weekend.

A Cisco switch that connected Baghdad residents to the Internet stopped responding Saturday morning, Iraq time. The device, located at Internet protocol address 62.145.94.250, served as a Web gateway for many citizens.

The headers of a March 19 e-mail message from Salam Pax, author of Where Is Raed? a popular blog chronicling life in Baghdad, showed he connected to the Internet using the switch. Pax’s electronic journal has not been updated since early last week.

Also apparently affected by the recent missile strikes was a satellite gateway carrying traffic for users of Warkaa, one of Iraq’s two government-controlled Internet service providers. A Web-based monitor that had previously displayed traffic statistics for Warkaa’s satellite link became unreachable early Saturday. In the days just prior to the recent attacks, the monitor at times showed hundreds of Internet connections. (A screenshot of the monitor is here.)

Besides connecting Iraqis to the Web, Warkaa also provided e-mail service for many residents.

The downing of Iraq’s Internet access was criticized by representatives of Voices in the Wilderness, a U.S. group campaigning to end sanctions against Iraq.

“There are Iraqis who depend on the Internet to keep in touch with family and friends outside the country. By cutting that off, you’ve made them even more isolated from the outside world, which will further hurt their morale,” said Jeff Guntzel, one of the group’s coordinators. He said Voices has been unable to communicate with a team of representatives in Baghdad by phone or e-mail since late last week.

Despite pummeling the city with thousands of sorties over the past 10 days, U.S. military planners have taken pains to avoid harming Baghdad citizens with the bombing campaign. U.S. officials have also repeatedly stated that the aim of the war is to remove the current regime from power, and not to harm Iraqi citizens.

Some observers have speculated that the United States left Iraq’s Internet infrastructure untouched for the first week of the war in order to maintain communications with potential defectors in the high ranks of Iraq’s government and military personnel.

But Peter W. Singer, a fellow at the Brookings Institute, said he doubted that preserving Iraq’s Internet capabilities was high on the priority lists of U.S. military planners.

“Internet access is still limited mostly to elites in the country. The U.S. is mostly concerned about protecting things like water and electricity and bridges,” said Singer.

With Internet access apparently cut off for Iraqis, Babil Online’s value as a propaganda tool is now limited to Arabic speakers outside the country.

But Singer said the mission of Iraq’s Information Ministry has been not only to fire up nationalism but also to manipulate world opinion and to raise international protests against the war.

“They want to show things that will resonate not just with people in Iraq but with people in places like Egypt or the United States,” he said.

Babil Online may have escaped the attacks because of its physical location — the site appears to be hosted on a server not in Baghdad but in Beirut, Lebanon.

Domain registration records show Lebanese ISP TerraNet as Babil Online’s host. The registrant of the domain, Alaa Sami Kadhem, is also listed as the owner of Baghdadlink.net and Warkaa.net, two domains used by the Iraqi government.

Kadhem and TerraNet’s general manager, Suheil Zurub, did not respond to e-mails asking about their involvement in Iraq’s Internet infrastructure.

Officials at California-based Mentat, which manufactured the satellite gateway used by Warkaa, said they were unaware that the device was being used by Iraq’s government. Mentat executives said they shipped one of the company’s SkyX Gateway systems to Al-Manara International in Dubai, at the request of Mentat’s customer Atlanta International Teleport (AIT) of Douglasville, Ga.

Network records revealed that AIT provides Warkaa’s satellite link. AIT, Al-Manara and Mentat officials did not respond to requests for more information.

While it’s possible that Warkaa and Uruklink were merely “unplugged” by their satellite link providers, Robert G. Ferrell, a security analyst with the U.S. government, said it was more likely that the recent bombing was responsible for the outage.

The weekend missile barrage appears to have knocked Uruklink.net, Iraq’s main government site, and its accompanying e-mail server, offline. A traffic counter contained in the code of Uruklink’s home page still appeared to be registering visits this weekend. But Sean Donelan, a networking reliability expert, said the counter was likely being loaded via copies of the site temporarily cached by Google or some Internet service providers.

Uruklink.net currently displays a computer-generated date of March 21, 2003. Atop the home page are prominent links to streaming video versions of last month’s interview between Hussein and CBS News anchor Dan Rather.

Similarly, the home page of Iraq’s BabilOnline newspaper, operated by Saddam Hussein’s son Uday, set a traffic record Thursday. A counter on the site’s home page racked up over 1,000 visits, twice its average.

The heavy shelling of Baghdad has apparently not yet affected Iraq’s primary e-mail servers, mail.uruklink.net and mail.warkaa.net. Both systems were still responding to network queries late Friday EST. The Web site of Iraq’s Satellite TV channel was also still online.

For reasons not apparent, the administrators of Iraq’s network changed the Internet protocol (IP) address of Uruklink.net and a couple of the country’s other primary Web sites on Thursday.

Meanwhile, one of Iraq’s domain name servers — the systems that route traffic to the appropriate destination — appears to be offline. As a result, the Iraqi sites’ ability to handle the increased traffic is hobbled.

As Salon reported earlier this month, Internet traffic to and from Iraq’s Web sites and e-mail systems is carried primarily by satellite links provided by Atlanta International Teleport of Georgia and Satellite Media Services of England.

So why hasn’t the U.S. given the signal to those firms to cut Iraq off from the Internet — or to its missile operators to strike Baghdad network centers?

The Bush administration has stated that the U.S. is not at war with Iraq’s citizens, and that the military campaign currently in full swing is designed to remove weapons of mass destruction — not to mention Saddam Hussein — from Iraq. Knocking out Internet access for average Iraqis would seem to contradict those goals.

Thus, the Web site of the Iraqi Center for Heart Diseases, for example, is still accessible today, even as U.S. jets fly hundreds of bombing sorties over the country.

Given the relatively crude state of Iraq’s Internet resources, the U.S. military may also have determined that Iraq’s telephone and fiber optic networks, rather than its Internet links, are the Iraqi government’s primary means of communication.

While far-fetched, it’s possible the U.S. is also leaving Iraq’s e-mail systems intact to provide a conduit for communication with Iraqi military and government leaders willing to turn on Saddam Hussein.

In January, U.S. officials acknowledged sending e-mails to Iraqi officials as part of their prewar “psychological operations.” The e-mails reportedly advised Iraqis not to use chemical or biological weapons.

It’s not immediately clear, however, whether Iraqis have been able to easily access the Internet since the initial attacks.

Repeated checks of the abbreviated log files for Uruklink.net and BabilOnline.net reveal only a few hits from users of SMS and AIT, the two satellite ISPs that supply Iraq.

It’s possible that Iraq’s government has imposed some sort of block on Internet use, such as closing its public Internet centers. Or perhaps Iraqis have more important things on their minds, such as the B52 bombers reportedly on their way from the United Kingdom.