By Mike Musgrove and David A. Vise Washington Post Staff Writers
Friday, June 25, 2004; Page E01
Spammers can cross the e-mail address email@example.com off their lists, because Mount Airy resident Roland A. Mariano canceled his subscription to America Online yesterday.
The news that a 24-year-old America Online software engineer was arrested on charges that he hacked into the Internet provider's computers and took a list of 92 million AOL-mail addresses so they could be sold to bulk e-mailers sent Mariano over the edge.
"I think you're going to have a lot of people quitting," he said, still fuming over the half-hour-long phone call it took to discontinue the account.
Mariano is an extreme case; America Online Inc. officials said there were no mass defections by subscribers as a result of the news. Rather, during a 24-hour period following the announcement of the arrest of former employee Jason Smathers, the company said, it experienced a small surge of calls to its call centers amounting to a 2 percent increase over a typical day, according to Nicholas Graham, a company spokesman.
Subscribers described several reasons for staying put. Changing an address can be a major inconvenience not unlike changing a phone number. Not only do you have to set up a new online identity but you have to alert friends, family and others to the new address. Besides, some users figured they were just as likely to receive stacks of unwanted e-mail at any new address they picked.
Nancy Malloy, a Rockville resident and AOL subscriber since the 1990s, found the theft of screen names annoying, but didn't bother to stop her account. She said she still remembers the runaround she received when she tried to cancel her subscription once before.
"I would cancel it if I had the time to sit on the phone and go through it with them today, but I didn't," Malloy said.
Malloy figures she will change her screen name as a response to the security breach; AOL members get seven screen names, monikers under which they can send and receive e-mail. She had to change her screen name once a year or two ago, after a spammer sent bulk e-mails using her e-mail address. "Now I guess I'll have to do it again," she sighed.
Yesterday, AOL was counseling users not to take any action as a result of the screen name theft. After all, some popular spam techniques, called "dictionary" attacks, don't depend on lists of known users, they simply work by trying different combinations of words and numbers.
"Spam is still going to exist on the Internet no matter what kind of screen name you have or whether it gets changed," Graham said.