"Spammers have taken advantage of Internet technologies to conceal their identities and their whereabouts," said Howard Beales, director of the FTC's Bureau of Consumer Protection. "They've resorted to including the E-mail addresses of innocent third parties in the reply-to addresses of their unwanted messages, or simply forging E-mail headers."
Calling the coordinated civil and criminal actions a "spam dunk," Beales said the FTC's complaint alleges that the defendants--Christopher Chung, Daniel Lin, James Lin, and Mark Sadek--violated the Can-Spam Act by sending commercial E-mail addresses with false header information, without a clear and conspicuous opt-out notice, and without a valid postal address. The commission also alleges that the defendants violated the act by making false or unsubstantiated claims about the diet patches they were pitching.
Separately, the FTC filed suit against an Australian and a New Zealander for sending spam advertising diet patches and human growth hormone products that claimed to reverse the signs of aging.
Laura Parsky, deputy assistant attorney general in the criminal division at the Department of Justice, said Chung and Sadek had been arrested Wednesday in Detroit for Can-Spam Act violations and mail fraud. They face up to five years in prison for illegal spamming and up to 20 years for mail fraud.
The other two defendants, Daniel Lin and James Lin, are expected to turn themselves in shortly.
The alleged spammers should at least be able to afford expert legal counsel--according to U.S. Attorney Jeffrey Collins, the defendants grossed an average of $100,000 per month from August to January.
The case highlights a practice of spammers that law enforcement officials say is increasingly problematic, using legitimate E-mail addresses that belong to innocent parties as a reply-to address. Also known as a joe-job or spoofing, it's a tactic employed by spammers to inflict the burden of bounce-back messages--generated when spam is sent to a non-working address--on someone other than their mail provider. The result for the recipient is effectively a denial-of-service attack.
One spoofing victim who spoke at the news conference said that in early February, his company was receiving more than 1 million erroneously bounced messages per day, which effectively shut his business down for several weeks.