Gotten any spam lately? Of course you have. Despite blockers, blacklists, whitelists and even federal regulation, those infuriating incursions on your in box continue. Now let me ask a more embarrassing question: gotten any spam from me lately? It may well be that some of your unwelcome e-mail, specifically touting hot investments in obscure microcap companies, appear to have been sent by someone whose Internet address comes from the domain stevenlevy.com. If you check it out, you will indeed find that the owner of that domain is not the ESPN sportscaster, the Suffolk (N.Y.) county executive or the University of California, Berkeley, quarterback, but moi .
In truth, I'm innocent. My domain name is being used as a phony return address by spammers wishing to hide the real origin of their come-ons. I discovered this when I suddenly began receiving dozens of bounced e-mail messages and out-of-office replies referencing mail I hadn't sent. (My ISP forwards all stevenlevy.com mail directly to me.) Sometimes the original message was sent along, and to my horror, each one was a carnival-barker plea to buy the penny stock of some obscure enterprise, like the tiny company with some mineral rights in British Columbia that was shifting its focus to entertainment and media opportunities in China.
Sometimes the message has a fine-print disclaimer noting that the person touting the stock is being remunerated, often with massive amounts of stock, for hyping up its prospects. Such propriety seems odd, because the act of sending e-mail with a hijacked return address is itself a crime under the federal 2003 CAN-SPAM Act. From my point of view, it's like being robbed by someone who takes pains to make sure that the gun used in the heist is legally registered.
John Reed Stark, the Securities and Exchange Commission's chief of Internet enforcement, thinks it's a positive step that the spammers are including the disclaimers, required by an SEC rule that dictates disclosure in stock solicitations. "Hopefully, investors will read them," he says. The bigger problem, though, is the persistence of "pump and dump" operations of over-the-counter (OTC) stocks, where a large shareholder hires a promoter to help publicize, or pump, the stock. The promoter hires spammers who blitz the Internet with millions of messages about "the homerun stock of the year." If only a small percentage of the recipients bite, the effort may jack up the price--whereupon the shareholder dumps his investment and pockets a profit.
Reed believes the SEC does a good job of pursuing those who violate its regulations, but critics say that the SEC should adopt new rules to specifically target spammers. R. Cromwell Coulson, CEO of pinksheets.com, an information repository for over-the-counter stocks, has formally proposed new rules to better control the violators. "These guys turn [the OTC market] into a tar pit," he says.
Meanwhile spam keeps coming from fictitious people using my Internet domain, and there's not much I can do. Mark Seiden, an Internet security consultant familiar with such shenanigans (he was even able to guess correctly which companies the phony e-mails were hyping), says that it's a technically trivial trick to anonymously put someone else's domain on the mail header. "It's like someone writing your name on the return address of an envelope," he says. "You can't stop them from doing it."
The SEC's Stark has excellent advice for those receiving spam that touts an allegedly fantastic stock-market opportunity. "Treat it like a leaflet on your windshield," he says. Even if it comes from me.