The two were ordered to disgorge more than $1.1 million in illegal proceeds obtained through their porn-spamming operation. They also had to pay a $100,000 fine and reimburse AOL $77,500. The judge gave Kilbride a higher sentence because it was discovered that he attempted to stop a government witness from testifying.

CAN-SPAM, or Controlling the Assault of Non-Solicited Pornography and Marketing, bans false headers and misleading subject lines, and requires commercial solicitations be properly identified.

Falsified Headers and Domains

According to the Justice Department, beginning in 2003, Kilbride and Schaffer sent out millions of spam messages advertising hard-core porn sites. They made their million dollars by earning a commission for every person who subscribed to a site after receiving one of their spams.

After the CAN-SPAM Act was passed -- it became effective January 1, 2004 -- the two starting running their operation through servers in Amsterdam, falsifying the headers so the messages appeared to come from overseas, although the operation was being run from Phoenix.

At the trial in federal court in Arizona, prosecutors brought in witnesses from around the country to testify about the impact on families and children who received the hard-core spam. AOL and the Federal Trade Commission received 1.5 million complaints about the spams.

Evidence introduced at trial showed that the pair created a fictitious employee at a shell company in Mauritius. By falsifying headers and domain information, they made it appear as if the employee was sending the e-mails from overseas. They also laundered money through bank accounts in Mauritius and the Isle of Man.

How Effective Is CAN-SPAM?

While the Justice Department applauds its success in this case, is the fact that CAN-SPAM is just now yielding jail terms -- after almost four years on the books -- a sign that the law is ineffective? Not necessarily, Andrew Storms, director of security operations at nCircle, said in an e-mail.

"Criminal trials that include technical computer details are difficult to bring before a jury trial," he noted. "Even with judge's instructions, juries often find it difficult to understand the technical nature of what's at hand."

Consider, for instance, the case of Julie Amero, a school teacher whose computer was infected with porn malware. A pornographic ad popped up when she was in the middle of a presentation to young children. She was tried and convicted in January on four counts of risk of injury to a minor, charges that carried a maximum jail sentence of 40 years. In June, her conviction was thrown out but she might yet be facing a second trial. "Those who work in the computer industry found the case to be wrought with misunderstandings and misrepresentations," Storms said.

While the spam conviction is a "proud and successful case for the Justice Department," the case serves to illustrate the limits of criminal prosecution on the spam problem. "It is well known that the majority of spam today is sent by zombie computer networks throughout the world," he said. "Further, those who control and manage the zombies have been linked to offshore mafia-style rings."