"We get people who send us a lot of postal junk mail, send us dirty letters, call us up and cuss us out," Richter says. "And a lot of people who do those things to us aren't even people who've had mail from us. Every time somebody writes a story on us, I'll get these E-mails, 'Don't ever spam me, you dirty bleep bleep,' ... and they're not even on our list."

A California E-mail marketer of printer supplies, who asked not to be identified, tells of having to take the company's 800-number fax out of his messages because of the protest response. "When we had the fax number in there, they would tie up the fax for three or four days at a time," he says.

Frontier justice? Perhaps. Now the legitimate lawmakers are moving in on spam.

A California judge on Oct. 24 imposed a $2 million fine on PW Marketing LLC and its owners, Paul Willis and Claudia Griffin, for sending unsolicited bulk E-mail and other offenses such as disguising the origin of the messages. The pair was charged with sending messages with misleading subject lines, including "Has She Contacted You Yet" on E-mail pitching a how-to book for getting into the bulk E-mail business. This is the first such penalty under the state's anti-spam law, which will be strengthened Jan. 1 with tougher penalties.

The feds also are taking aim. The U.S. Senate last month voted 97-0 for an anti-spam bill known as the Can-Spam Act of 2003. Such uncharacteristic unanimity reflects popular discontent with spam, which displeases 70% of E-mail users, according to an October survey by the nonprofit Pew Internet & American Life Project.

But understanding the business of people like Richter and his less-savory brethren suggests the E-mail tide won't be stemmed soon.

If you took Richter out of his black short-sleeve polo shirt and squeezed him into a suit, you might see a passing resemblance to Rush Limbaugh, one of the few people as polarizing as senders of bulk E-mail. Richter insists that anyone who gets E-mail from his company, OptInRealBig.com LLC, has asked for it and can easily opt out. There's no doubt his company sends a lot of mail: several hundred million messages a day for 122 clients.

What distinguishes Richter's business from that of a spammer, he says, "is you can find us. We have a phone number. We're a business. We're a company. We're not hidden in a basement, hidden underground." The value of E-mail as a means of marketing is equally apparent. Richter says his rapidly growing company of 28 employees has revenue approaching $2 million a month. The California bulk E-mailer who spoke on condition of anonymity describes his printer-supply business as "very, extremely" profitable.

Such reports support figures from the Direct Marketing Association, which finds that 36% of E-mail users have bought a product or service as a result of a commercial E-mail last year and that 9% of E-mail users have made a purchase in response to unsolicited E-mail.

Pinpointing the origin of spam, a necessary step for effective law enforcement, is one of the thorniest problems, because of the mutability of message-header information and "relay raping," the practice of using open server relays to conceal the path of a message. And anti-spam tools don't help, Richter contends. "All these technology companies are doing is taking legitimate marketers who aren't causing problems and filtering our mail because that's all they can catch consistently," he says.

That perspective isn't shared by everyone, particularly those selling anti-spam tools. Marten Nelson, director of business analysis and strategy for anti-spam vendor CipherTrust Inc., likens spam to computer viruses. "It will continue to be a problem," he says. "But it will be controlled." That's also the view from IronPort Systems Inc., another anti-spam technology vendor. "The technology will develop acceptable levels of spam-stopping," says VP of marketing Tom Gillis. "But making it go away completely will be hard."

Of the 161 spammers listed in early November on Spamhaus.org's Registry of Known Spam Operations--a list run by Spamhaus.org, a nonprofit Web site run out of the United Kingdom--132 are based in the United States. But according to the business-intelligence division of E-mail solutions vendor Brightmail Inc., 90% of spam is untraceable by available methods. Francois Lavaste, VP of marketing, says that among the spam snared by Brightmail, the claimed continents of origin break down as follows: 85% from North America, 14% from Europe, and the remainder from Asia and elsewhere.

But about half of the spam received in the United States is probably routed through overseas servers, says Brian Huseman, a Federal Trade Commission staff attorney, citing consensus at the FTC Spam Forum this spring. Richter says only 30% of the spam received in the United States is native, with the remainder coming mostly from Canada and China.

Brightmail has noticed an increase in Trojan horse programs that turn PCs into spam generators, sending E-mails from unsuspecting owners. "These are nasty because they hide the spammers' tracks," says Ken Schneider, chief technology officer at Brightmail.

Internet service providers put a lot of effort into combating spam, blocking illegitimate incoming messages and bouncing spammers sending out messages from their systems. While technology can be employed to automate the identification and blocking of unsolicited bulk E-mail, catching and legally removing a spam sender remains a human-driven process. "The way we find out that spam has traveled across our network is when we receive a complaint from a user," says Craig Silliman, director of the network and facilities legal team for MCI. Mary Youngblood, abuse team manager for EarthLink Inc., says it can take months to get a resilient spammer off the network through the legal system.

So who's behind all this? Ray Everett-Church, chief privacy officer for ePrivacyGroup.com, a consulting, training, and software firm focused on privacy, says spammers fall into two categories. The first is the fairly clueless Internet user who thinks he or she can get rich doing it. "Typically, what they find very quickly is their Internet service gets disconnected, they don't get very much response, and they tend to leave the business very quickly," he says. "The second category of spammers," he says, are "the professional criminals--and I don't use the word 'criminals' lightly. A good number of them have had substantial run-ins with the law." Laura Atkins, partner in the anti-spam software and consulting firm Word to the Wise, offers a more expansive definition. "Some of them do it for the challenge in outsmarting people and filters," she says. "Some of them do it because they truly believe that it's their right to market to you. Some of them do it because they really believe that people want their products."

Lavaste at Brightmail contrasts our knowledge of spammers with that of hackers and virus writers, where we've worked up a fairly good understanding of the kind of people and motivations involved. "We were joking about what would be the typical profile of a spammer," he says. "The problem is, we don't know who they are because they're hiding themselves. The one common denominator that we know is that they want to make money." That doesn't exactly narrow the field.

The cornerstone of the E-mail industry--whether it's spam or bulk mailing--is the list business. How companies get and maintain the names on their lists can make all the difference between the two camps.

Almost every major company keeps an E-mail list to communicate with customers and market to them, including InformationWeek and its parent company, CMP Media LLC, and most manage to stay on the right side not only of the law but of anti-spam sentiment. One company often cited for following best practices with regard to commercial E-mail is online publisher Cnet Networks Inc. "It all comes down to the relationship we have with our end users," says Markus Mullarkey, VP of Cnet's outbound marketing. The key, he stresses, is providing real value for customers, as well as working closely with ISPs to remain whitelisted so mail won't be blocked. "We have what I think most would say are industry-leading permission practices."

Mullarkey also says Cnet has low complaint rates on the messages it sends out. But spammers use techniques that make the number of complaints a less-reliable red flag, while at the same time gathering ever-larger lists.

There are several ways of gathering addresses, says Atkins at Word to the Wise. One is scraping addresses off Usenet or the Web using an address-gathering program. Also, there are dictionary attacks, which, as the term suggests, throw words at Web domains in an effort to hit a valid E-mail address. A third is sites offering prizes, sweepstakes, or free stuff that are really address-harvesting schemes.

Ethical bulk E-mailers want lists collected with exacting standards for opting in, which is known as permission-based marketing. But for those operating on the fringe, the issue isn't how many people didn't really opt in, it's how many complain. That's where list washing comes in. To appear legitimate, senders of unsolicited bulk E-mail purge from their lists people who complain. When the number of complaints falls below a certain percentage, the list appears clean. Rather than permission-based marketing, it's more like omission-based marketing.

Youngblood at EarthLink says for this reason, the ISP relies on monitoring tools to seek out spammers: "We look at E-mails themselves, we look at the products they're selling, we look at how many times our automatic processes had to end the connection with their mail machine because of 'user unknowns' [undeliverable mail], we look at our spam filters."

Spammers, she says, make no effort to fine-tune lists to get higher-percentage response rates. "They don't think that way. What they say is, 'Gee, if I get a one-out-of-a-thousand response, think how much I would get if I doubled my E-mail," she says. "Spammers deal in volume, instead of only sending E-mail to those who want it." Of course, it's possible to disagree about whether permission was given to receive messages. Many of those who believe they've been spammed, Richter says, received the unwanted E-mail as a result of their own actions, such as registering for prizes at Web sites.

Steve Linford, director of the anti-spam site Spamhaus, disputes Richter's characterization. "Unfortunately, all spammers refer to themselves as legit E-mail marketers, since to them spamming is perfectly legitimate E-mail marketing," he says. Richter points to the lack of legal action against his company as proof that he's operating appropriately.

While courts will increasingly be asked to separate spammers from E-mail marketers, there's a chorus of skepticism about the impact of new laws.

Atkins sees the cost of enforcement as a problem. "Most of the spam out there breaks existing consumer-protection, criminal, or fraud laws," she says, echoing similar concerns voiced by ePrivacyGroup's Everett-Church. "But spammers are hard to prosecute. They hide, they lie, they cheat, and it costs a lot of money to track them down and build a case against them. That is money a lot of states don't have."

Richter concurs. "The people who these laws are supposed to be trying to attack, they're not going to be affected," he says. "The guy overseas isn't affected."

Still, with spam threatening to become the majority of all E-mail traffic, we haven't seen the last of high-profile prosecutions. And that how-to book the California duo was peddling had best include a chapter on how not to end up in court.