Spammer fined $1 million claims he is switching sides in war against junk email

June 05, 2006 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have welcomed news that Microsoft and the State of Texas have been successful in their legal action against a university graduate who admitted sending 25 million spam emails a day at the height of his activities.

Ryan Pitylak, 24, of Austin, has been fined at least $1 million following the civil suits, and is selling his $430,000 house, luxury car and other assets to help pay the fine and legal bills. Pitylak's email campaigns commonly involved spamming out messages promoting low cost mortgages and debt-counselling, and he was at one time rated the world's fourth worst spammer.

Pitylak says on his personal blog that he is now offering his services to internet companies who wish to stop the spam that he used to transmit:

I am pleased to announce that I am now a part of the anti-spam community, having started an internet security company... that offers my clients advice on systems to protect against spam.

Over time I have come to see how I was wrong to think of spam as just a game of cat and mouse with corporate email administrators. I now understand why so much effort is put into stopping it.

Sophos experts, however, question whether companies will be rushing to take advantage of Pitylak's experience.

"Spammers like Pitylak have shown themselves to be prepared to break the law in their eagerness to pump out unwanted marketing messages. Anyone dealing with a former spammer would need to feel comfortable working with someone who has shown a history of behaving unethically, without caring about the consequences for other internet users," said Graham Cluley, senior technology consultant for Sophos. "Society also needs to be careful not to send a message to internet criminals that legitimate rewards can be made on the back of their unsavory activities. Firm action is required by the authorities to make it crystal clear to spammers that their activities are unacceptable."

Spams sent by Pitylak were found to break the CAN-SPAM Act, which forbids email marketers from using bogus names or not giving recipients a legitimate way to unsubscribe themselves.

Sophos recommends that companies protect their computers with a consolidated solution to defend against spam, spyware and viruses.