Notorious spammer escapes $20 million fine - Sophos doubtful that other spammers will be deterred

July 22, 2004 Sophos Press Release

Scott Richter
Scott Richter claims he is not breaking American anti-spam laws

Scott Richter, dubbed by some the world's third-biggest spammer, has agreed to pay a total of $50,000 in settlement with the New York Attorney General for using innocent computers to send out millions of spam messages. The fine is a fraction of the $20 million punishment that New York State originally aimed to extract from Richter.

The Internet Bureau of the New York Attorney General created Hotmail email accounts as honeytraps for spammers. Over 10,000 spam messages collated in these accounts were said to have originated from Richter and his cronies.

Richter, who is the founder of OptInRealBig.com and prefers the title of "high-volume email marketer" to spammer, has claimed that all his activity and emails are compliant with the USA's anti-spam laws.

However, according to the Attorney General, unsolicited emails were sent on Richter's behalf and contained forged headers, falsified routing information, and deceptive subject lines. Richter was also charged with using a network of more than 500 zombie PCs - compromised computers belonging to innocent third-parties that are under the control of a remote hacker or spammer - to increase the amount of spam he could send at any one time. As part of the settlement, Richter did not have to admit to any illegal activity.

"Richter seems to have got off virtually scott-free, the payout being tiny when compared to what the authorities were originally demanding," said Carole Theriault, security consultant at Sophos. "The USA authorities must be disappointed that they were not able to get a result that would send a clear message to other spammers that they cannot continue to bombarded mailboxes worldwide with an army of zombie computers. Users need to protect themselves from being exploited by spammers by using up-to-date anti-virus software and personal firewalls."

"This settlement holds Richter and his company to a new standard of accountability in their delivery of emails," said New York State Attorney General Eliot Spitzer. "If he does not fulfill these standards, he will find himself back in court, facing greater penalties."

Microsoft, who has filed a parallel lawsuit in a Washington state court against Richter and his team for sending spam to its Hotmail customers, seem undeterred by the outcome in New York and are continuing with their lawsuit.

"It remains to be seen if Microsoft have better luck with their case," continued Theriault.