Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have welcomed
news that Microsoft and the State of Texas have been successful in
their legal action against a university graduate who admitted
sending 25 million spam emails a day at the height of his
Ryan Pitylak, 24, of Austin, has been fined at least $1 million
following the civil suits, and is selling his $430,000 house,
luxury car and other assets to help pay the fine and legal bills.
Pitylak's email campaigns commonly involved spamming out messages
promoting low cost mortgages and debt-counselling, and he was at
one time rated the world's fourth worst spammer.
Pitylak says on his personal blog that he is now offering his
services to internet companies who wish to stop the spam that he
used to transmit:
I am pleased to announce that I am now a part of the
anti-spam community, having started an internet security company...
that offers my clients advice on systems to protect against
Over time I have come to see how I was wrong to think of
spam as just a game of cat and mouse with corporate email
administrators. I now understand why so much effort is put into
Sophos experts, however, question whether companies will be
rushing to take advantage of Pitylak's experience.
"Spammers like Pitylak have shown themselves to be prepared to
break the law in their eagerness to pump out unwanted marketing
messages. Anyone dealing with a former spammer would need to feel
comfortable working with someone who has shown a history of
behaving unethically, without caring about the consequences for
other internet users," said Graham Cluley, senior
technology consultant for Sophos. "Society also needs to be careful
not to send a message to internet criminals that legitimate rewards
can be made on the back of their unsavory activities. Firm action
is required by the authorities to make it crystal clear to spammers
that their activities are unacceptable."
Spams sent by Pitylak were found to break the CAN-SPAM Act,
which forbids email marketers from using bogus names or not giving
recipients a legitimate way to unsubscribe themselves.
Sophos recommends that companies protect their computers with a
consolidated solution to defend against
spam, spyware and viruses.