A federal grand jury returned a 35-count indictment against Soloway charging him with mail fraud, wire fraud, e-mail fraud, aggravated identity theft and money laundering.

Holy hot damn!

Prosecutors say Soloway used computers infected with malicious code to send out millions of junk e-mails since 2003. The computers are called “zombies” because owners typically have no idea their machines have been infected.

He continued his activities even after Microsoft won a $7 million civil judgment against him in 2005 and the operator of a small Internet service provider in Oklahoma won a $10 million judgment, prosecutors said.

U.S. Attorney Jeff Sullivan said Wednesday that the case is the first in the country in which federal prosecutors have used identity theft statutes to prosecute a spammer for taking over someone else’s Internet domain name. Soloway could face decades in prison, though prosecutors said they have not calculated what guideline sentencing range he might face.

The investigation began when the authorities began receiving hundreds of complaints about Soloway, who had been featured on a list of known spammers kept by The Spamhaus Project, an international anti-spam organization.

And this… this is the part that really frosts my you-know-what:

Soloway used the networks of compromised computers to send out unsolicited bulk e-mails urging people to use his Internet marketing company to advertise their products, authorities said.

People who clicked on a link in the e-mail were directed to his Web site. There, Soloway advertised his ability to send out as many as 20 million e-mail advertisements over 15 days for $495, the indictment said.

After having worked with so many clients who have fallen for stuff like this, or variations of it, it just makes me crazy because people can’t help but think that all “Internet marketing companies” practice this kind of behavior! Never, ever have I worked for or participated in email spam, nor have I (or any company I’ve worked for) offered to spam people for some ridiculously “low” price. Same goes for directory submissions, links, or anything else related to online marketing.

I feel like people like him are pushing miracle pills that just don’t work. It makes me so mad, and now that he’s been caught and arrested - I’m thrilled.

It doesn’t even have to be YOUR email address. I’ve had it happen to me with addresses like ‘jpc4029dnmgal@anubismarketing.com”. What happens is typically that your real email address has been set up as a “catch all” account, and you wake up one morning to 400+ “returned mail: unknown recipient” emails. Greaaaaat, you say! Well, I’d like to share some of the things I’ve done in an attempt to stop it, and why.

First I’ll touch on the “why” - It’s because inevitably, your domain is going to end up on some company’s “spammer” list (or two, or twenty companies’ lists), and could eventually wind up banned by some ISPs or other email hosts that use spam filters and blockers. Then, in the event that you do get one of those people who WANTS to be on your email list, they probably won’t receive it.

Now, for your sheer entertainment, here are a few things I’ve been known to do when this has happened to me. I’m not saying that these are GOOD ideas, mind you. Most of them kind of just happened out of pure anger and frustration the first few times this happened to me!

• I’ve checked the whois on the domain for the site/link that’s included in the spam message. Unbelievably, these people rarely get private registrations. Not so unbelievable is the fact that they’re typically from other countries.
• After checking the domain name, I find out who’s hosting that site, and report them to their hosting company for partaking in email spam behavior. Sometimes this works, other times it doesn’t. Depends on if the IP addresses match with the emails usually.
• The registration information. I’ve gone so far as to call the phone number (yep, paid the international toll), and ask for the registrar by name. Only once did I get said person on the phone (during a call to Costa Rica), and let’s just say they got an earful of English profanity, peppered with demands to stop, etc. I’m sure I said something about “taking legal action”, at which the guy probably laughed after hanging up the phone.
• Slightly more reasonable, yet not quite effective in terms of stopping the act itself, is turning the “catch all” option off. This only works if you’re not using one email address to catch others that you’ve put out there, like sales@domain.com, info@domain.com - without actually creating those emails as accounts. Simple fix - create them, and then turn the catch all off.
• Definitely send an email to your own email hosting provider, explaining the situation. Ward off unexpected account terminations this way. They won’t be able to do anything to stop it, but they’ll appreciate the heads up.
• Try using a javascript to display your email address, as opposed to the traditional way to code it in there. Much like the way you see people posting them so they don’t receive spam (lara [at] anubismarketing [dot] com) except, they can scan and find that stuff as far as using it to send out spam so that it appears to be coming from you. They don’t even need to do that… I think they typically just pick a word they like and check for already registered domains. In this case, the javascript thing or the disguise won’t help you much. But since I’m not a spammer, I wouldn’t know exactly what they’re doing, so any little bit helps.
• When all else fails, and you’ve already removed a significant percentage of hair from your head, gone through a whole pack of smokes in the course of 2 hours, and lost your voice from yelling at the spammers - let it go. It typically only happens over a 12-24 hour period, and then it’s over, they’ve moved on. They’re only doing it so THEY don’t get the returned mail… it’s silly, it’s ridiculous (wouldn’t you want to know if the email list you paid for was worth the dough?) and it’ll drive you crazy - take the precautions with your ISP/email host and move along…

Note: I’ve seen a few people talking about SPF, or Sender Policy Framework. I really know nothing about this, nor how to implement/request it. If anyone has any experience with SPF, please let us all know!