Is Forged Spam a Crime?

PJRC2 writes "ABC News.com has an article about a man who claims he commited no crime in sending millions of AOL users porn and make-money-fast spam and making the messages appear as though they came from ibm.net. " We're going to see more of this in the future. I think forged spam should be punishable by death, but I probably get more of it than most people ;)

Trademark Infringement?

[BoLean]

Wouldn't this count as Trademark Infringement? Since domain names have precedent as being covered under Trademark law, shouldn't abuse of domain names also fall under Trademark/IP law? Unfortunatly this would put the onus on the abused company to do anything. Matbe IBM should get in on the action.

Treat it like any other form of forgery.

[Bowie+J.+Poag]

Ding-Ding-Ding! All aboard the Logic Train! (tm)

If I try and pass a check at a band with a signature other than my own, that's illegal. I'm convicted of check fraud, and I go to prison.

If I walk into a bar with a fake ID, or attempt to purchase a firearm go with false identification, I'll get busted as well.

If I send a piece of mail through the US Postal Service posing as someone I'm not, then bingo, i'm guilty of mail fraud.

Now, in the case of fradulent spam, I attempt to tell tens of thousands of people I am someone who I'm not. Worse yet, i'm trying to use that identity to sell something. Why should that form of fraud be punished any differently than other forms of fraud?



Bowie J. Poag

Actually, these forgeries are very common

[BlueUnderwear]

Am I the only one who occasionnaly takes a (cursory) look at the spam they get? Forged spams are really common. The next time you get some spam, take a look at its headers. 7 times out of 10 the easily visible, and also easily forgeable From header doesn't agree at all with the more diffultly forgeable Received headers. This makes sense: within hours, the spammers (apparent) ISP is flooded with complaints, and closes the spammers account if he was careless enough not to forge his headers.

However, there are always a certain percentage of readers who know about these forgeries, and the spammer will lose his account eventually anyways. Btw, there is even a even a web site in which you can paste your spam, and which automatically sends complaints to the correct places: Spamcop.

So, unless this forgery was done with the express purpose of annoying someone at IBM, don't make it into a criminal case; it's just business as usual.

Nail 'em to the wall!

[Tackhead]

There's ample precedent for this:

Juno and Hotmail have sued spammers (e.g., the "TCPS" spammer from a couple of years back) for forging their domain names into fake email addresses inserted in the From: header. The forging caused clueless people to send countless bogus abuse reports to Juno and Hotmail abuse desks, consuming their resources. IIRC, uu.net got into the act too, as most of the spams were coming from a long series of uu.net dialups in an area of NYC that didn't have caller-ID.

There's the "flowers.com case", where a spammer issued a forged HELO flowers.com when doing a spam in order to fool (ancient) versions of Sendmail into hiding the spammer's originating IP address when raping a third-party relay. $65000 in damages because it defamed the legitimate owner of flowers.com at the time.

It's trademark infringement as well. You purport that your mail comes from AOL, it's AOL's business that you're using their domain name. AOL's landsharks have been known to sue spammers for falsely implying that spam comes from AOL. More power to 'em.

Finally, in the cases of "joe jobs" - where a spammer will forge spam in the name of someone in order to target the forged party for harassment - it's obvious that there's intent to defame, harass, and of course, willful misrepresentation.

The forging of headers in unsolicited bulk email should be at the very least a civil, if not a criminal, offense.

The real problem, of course, is that since your average spammer lives in a trailer surrounded by beer cans and chicken bones, collecting anything from a spammer can be a real problem.

Which is why it's relatively rare that ISPs sue or press criminal charges against spammers. More's the pity. There's a group of spammers operating out of Earthlink dialups in a manner identical to that of the TCPS spammer's abuse of uu.net dialups a few years ago, and Earthlink is doing nothing about it. More's the pity.

But back to the original article on ABCNews:

The son of a bitch not only spammed, but he raped a relay to do it. That's theft of computer services at a minimum, and given the number of bounced spams that probably came back to the raped relay at Market Vision, probably a DOS attack too.

Throw the book at the son of a bitch and put his head on a pike. Pour encourager les autres.

Why is this even a question?

[Millennium]

Forgery is already a crime in the physical realm. Why, then, should it not be also a crime in the digital? Leave the spam issue out of it, if you want; a forged letter is still a forged letter.

It's not even about spam, or email

[mindstrm]

The important thing to remember is not to get too technical.
At a certain level, of course we can tell the message didn't come from IBM.
But...
The guy sending the spam.
a) new that he was making his messages appear to come from IBM.net to the average user.
b) was probably doing this without authority from ibm.net
c) Was doing this for the express purpose of misleading the recipients of the spam into reading the spam. THIS is the really bad part. It's fraud.

Re:Spam sucks, but worse than government?

[Sick+Boy]

Hell no it's NOT. We're using existing law to bitchslap a spammer. Not making new ones. This existing law doesn't harm our privacy, doesn't give any wiggle room that some of the state's laws give, ie the "well, what if I decide to sue somebody I do know for sending me (and only me) a single e-mail I didn't want (instead of bulk mailing something I didn't want)" winge.

There is no opt-out.
There is no invasion of privacy (those spammers obviously wanted to be contacted, or they wouldn't be sending out communications)
There is no new legistation (fraud, forgery and misrepresentation are already on the books).

In short, this could be just the ticket to stop spam. If forging headers is found illegal, then the spammers will have to use their real address. Then we can do a quick whois, hunt them down and kill them. Slowly. Uh- I mean, get their accounts cancelled.

--

Depends on the judge

[ElecCham]

Of course, IANAL...

Many years ago, I had this guy from my school leave a bunch of very bizarre and often threatening messages on other people's answering machines and voicemail - and leave my phone number on it.

I finally found one sympathetic company willing to play the message back to me over the phone - I recall it had something to do with "and I'd better be seeing that money soon, understand?" Of course, I recognized the voice, and I called my local police department to see what the law had to say on the matter... and guess what? It counted as telephone harassment, same as if he'd have called me directly.

So, if'n I was IBM's bigshot lawyers, I'd go after them for either theft of services or harassment. It seems to me that ibm.net must have gotten flooded with "die fsckin' spammer" and "delete this account" messages... sounds like the same concept to me!

--
Make Money on the 'Net

Spam punishable by death...

[Threemoons]

On a related note, a number of my colleagues are insisting that China recently EXECUTED some spammers. Any stories/f.u. on that would be great!

I wonder if the guards yelled "JUST HIT DELETE" before shooting the offenders...