Home / Blogs

Virginia Court Throws Out Spam Law; One Spammer Gets Away With It

The 2004 criminal spam case against large-scale spammer Jeremy Jaynes, which I’ve covered in several previous blog entries, appears to have come to an ignominious end with the state supreme court throwing out the law under which he was convicted. The Virginia anti-spam law was one of the first in the country with criminal provisions, but it failed due to the way that First Amendment cases are treated differently from all other cases.

The court’s decision [PDF] is quite technical, dealing with issues of whether the prosecution and defense raised issues at appropriate times, and disposing of a bunch of other defense challenges that the lower courts also rejected. The court accepts that Jaynes did all the bad things the lower courts found that he did. (The expert witness they mention at the bottom of the third page of the decision was me, telling them that legitimate senders don’t send mail like he did.)

Normally, an appeals court reviews the law “as applied”, that is, in the context of the case in question. As applied, nobody found any problem with this case. But for the first amendment, there’s a special overbreadth rule that asks whether the law might impermissibly contrstrain the speech of other people who did different things, in this case, sending non-commercial spam. The Virginia law forbade using fake IP addresses or domains, and didn’t distinguish between commercial and other speech. The court noted that we have a long tradition of protecting anonymous political speech dating back to the Federalist papers, and decided that since that only way to send anonymous email is to use fake IP addresses and domains, the law was overbroad and threw it out.

I have some technical cavils with their analysis, but probably not enough to persuade a court otherwise. Forging IP addresses is a red herring: due to the way that TCP works you can’t meaningfully forge them in e-mail. (You can put in headers with fake IPs, but the mail system will add more headers with the real IPs.) I’d also argue that there are a variety of ways to send mail without domain forgery, such as using throwaway free webmail accounts, or routing stuff through anonymizers such as Tor using domains that say it’s OK for people to use them in anonymous mail.

The only place this can now be appealed is to the US Supreme Court, which the Virginia Attorney General reportedly plans to do. From the point of view of the SCOTUS, this case has an unpleasant mix of First Amendment issues (do they want to revisit the boundaries of commercial speech regulation?) and states rights (do they want to further limit the ability of state courts to interpret state laws?) so I’d be surprised if they accepted it.

For everyone except Jeremy Jaynes, this decision has little or no effect. Jaynes was tried for things he did in 2003, before CAN SPAM came into effect, and even his lawyer has said that if he did them now, CAN SPAM would catch him. All of the other state laws that I’ve looked at are CAN SPAM compliant, which means they only affect commercial spam. So I can’t say I’m thrilled that Jaynes got off (after three years in house arrest), and less thrilled if he gets to keep the $20 million he reportedly made from spamming fake FedEx refund kits and the like, but it’s not the end of the world.

Related Posts on Jeremy Jaynes’ Case:
Jeremy Jaynes Gets One More Chance 3/5/2008
Virginia Supreme Court Narrowly Upholds Jaynes’ Conviction 2/29/2008
Putting a Spammer in Jail 11/26/2004

Update 10/10/2008: Podcaster Speaking of Justice talked to me about the Virginia Supreme Court’s reversal of the Jeremy Jaynes conviction. You can listen to it here.

By John Levine, Author, Consultant & Speaker

Filed Under


unbelievable... Alessandro Vesely  –  Sep 17, 2008 11:59 AM

IANAL, but I don’t think email can be considered a publishing media. If the Federalist Papers were being published today, they would do so by opt-in. It doesn’t matter if I speak commercially or religiously: if I forcefully lock the listeners in a room because otherwise they wouldn’t listen, then I’m kidnapping. Does the First Amendment allow kidnapping in case that’s the only way someone can hold a speech?

The definition given in a note, “Fraud involves a false representation of a material fact, made intentionally, which induces reliance on that false representation, and resulting damage”, perfectly describes the act of producing forged headers. There is a resulting damage, and an appeal should be made to all recipients to go there and witness that those protocols are required to guard their freedom to limit what they want to listen.

What the next note says, “The protocol is the product of private collaboration and not established by a governmental entity”, is wrong. It is actually more than that. It is what the community at large has established, and should be recognized as such. Currently, RFCs have no a Legal Considerations section; probably they should…

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign


Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global