Legal Recources Against Above-Board Spamming?

brandyn asks: "Marketshare Recovery is apparently selling my e-mail address to companies and telling them I am an "opt-in" customer, as if somehow opting in for notifications from one company is a blank check written to every spammer in the world. More, the company who spammed me claims M.R. told them I opted-in while making an online purchase within the last six months. In truth, I never "opt-in" for e-mail, and the only online purchase I've made in the last couple of years used a different address entirely. So in the case of my address, they're almost certainly fraudulently representing it to the companies who are purchasing it from them, ultimately at my expense. What can I do to recover that expense from them and/or prevent them from continuing to cost others?"

I have the same problem

[tommy]

If you find out what to do, let me know.

Re:I have the same problem

[cyberdemo]

ok

Complaints do help.

[meldroc]

Some ISPs, fed up with wasting time and money kicking spammers off their networks, charge spammers with a cleanup fee of several hundred dollars when they kick them off. I highly encourage this, and wish more ISPs would do this.

Also, by using spamcop.net, the spammers are also more likely to end up in ORBS or the MAPS Black Hole List, as are the ISPs that don't do enough to give spammers the smackdown.

Also, if you generate enough complaints, you may end up on a spammer's list of a different type - the list of addresses to avoid mailing because they file complaints.

i...

[cyberdemo]

completely agree.

Reverse-charge phone spam?

[Tau+Zero]

It would be much easier on your own time if you had a pre-recorded monologue that you could just play into their answering system after getting the mailbox. Record once, consume their time N many times... kind of like a spam-back.
--
Knowledge is power
Power corrupts
Study hard

Doesn't work, and doesn't address my point either.

[Tau+Zero]

Also, if you generate enough complaints, you may end up on a spammer's list of a different type - the list of addresses to avoid mailing because they file complaints.

You're asking me to believe that the kind of people who mine Usenet postings and weblogs like Slashdot looking for strings with "@" signs in them are going to share lists of people who file complaints?

You're further asking me to believe that the kind of people who make their money by selling lists of N million addresses to spammers care how aggressive the people at the other end of these addresses are about pursuing spammers?

Don't make me laugh.

My solution works to get the people who collect and sell e-mail addresses as well as the spammers who use them. If a small number of people can bankrupt the scum who harvest these addresses, even if they don't spam themselves (but especially if they sell them) it would be a huge blow to the spammers. Spammers and the scum who trawl for addresses for them probably don't make $100,000 a year; ten hits in that million-addy database and they've gone to Chapter 7 bankruptcy and lost everything except their home, their car (below a certain value) and some personal property. That's the first time. You can only declare bankruptcy once every 7 years. The second time, these bozos would lose everything else.

That's the kind of penalty I want to be able to lay on spammers. I want to take away everything that they were trying to get by spamming. More to the point, I want to be able to put so many column-inches of "poor spammer" stories in the newspaper that only a complete idiot would even think of trying to spam ever again. No matter how many complaints you file or ISP accounts you get revoked, you're not going to be able to equal the legal and financial impact of willful copyright violation.
--
Knowledge is power
Power corrupts
Study hard

Re:Hit 'D'.

[LoonXTall]

I call any toll-free-to-me numbers they're dumb enough to give out and leave lengthy monologues about not wishing to receive spam.

If everybody did this, phone bills would convince real companies not to spam.

SPAM

[Zero+Sum]

My solution is to dump spam directly into ricochet. It has actually increased the amount of spam I get, but once or twice a week, I'll get a 'thank you, user now cancelled' message from admins. Dunno if it is worthwhile though. It would be more effective if more people did it.

I agree with that

[exi7]

I used to get tons of spam, about 20+ messages a day. I use Outlook Express and have setup some filters to block out subject lines like "porn, xxx, $$$, make money, financ, mortgage, loan, sex, etc..." Obviously, there's many more words than that. That's just off the top of my head. But now, I'm too lazy, so I just hit "Block Sender" whenever I get a spam. Then it just dumps all future messages from that sender in the Trash folder. But, like cr0sh, have noticed a drastic decrease in total incoming Spam. My guess is that those who reply to Spams or send removal requests (haha) are moved to the top of the list, and no-reply addresses get pushed to the bottom and eventually drop off. This is a good way to eventually get off lists, but you'll still get spam from companies that send email to all possible addresses, like a@domain.com, aa@domain.com, etc...

Re:I agree with that

[cr0sh]

When I started, I use to keep a large list of word filters, possibly like you do right now - under Netscape - I then switch to a different tactic, which has worked a lot better:

My main filter tests to see if the TO: field has my email address in it, and if it doesn't, sends it to my SPAM box. I take a few variation - look over your real email to see what you should look for - invariably, SPAM usually has the wrong thing or nothing in the TO: field, so it is the easiest to catch.

I also have filters that look for specific things in the subject line, or the FROM: field - first, because they may or may not be SPAM - things like mailing lists and such, where the TO: field might be filled with "listmembers@list.com" - don't want to trash them.

Finally I have backup word filters, that catch what manages to trickle through.

I still get some highly targetted SPAM though - and I figure if they are that good, maybe I should read it, or just manually delete it.

Worldcom - Generation Duh!

If 90% of your mail is spam....

[Alan+Shutko]

you need more mail.

I get ~1000 msgs/day. I do _not_ get 900 spams/day. (I get about 20, despite using my real email in usenet, web boards, and everywhere else.) At 2%, spam is annoying, but not that annoying. 8^)

Re:If 90% of your mail is spam....

[dubl-u]

You misread my post. Currently, 90% of my USPS-delivered mail is junk mail. Approximately 10% of the non-mailing-list email I get is spam.

My point is there's no obvious reason that spammers will stop before my email box becomes even worse than my snail-mail box.

I don't write blank checks either

[tommy]

I hate email. Most of it is garbage. It used to be fun and useful, but companies like this ruined it.

I get spammed all the time and they tell me that I opted-in. Like brandyn, I feel that if I give a company permission to email me that permission applies to that company only. I don't have time to read every privacy policy for every company. Even when I do they are so full of cruft that I get nothing from it. Some mention sharing information "only with affiliated companies." I hate that. They should be required to let me opt-in for that too.

When a company has a policy like that, you have to read the privacy policy for all the affiliates too and it becomes a never-ending chain. I really have no idea how to combat it. Discontinuing my use of email is not a very realistic solution, but without legal intervention I feel pretty powerless.

Tell you what... I will run for congress and propose harsh anti-spam laws if all Slashdotters will vote for me. Imagine that... a useful politician. I will fight for crypto rights, fixing the USPTO and other things I don't recall at 2:46AM too :-).

Hit 'D'.

[Stephen]

Spam used to really anger me. I complained to all the proper authorities whenever I got some spam. But the only effect was to raise my blood pressure. I learnt that the only thing to do was to hit 'D'. Call me a pessimist or a fatalist or whatever, but it really is the only solution.

Re:Hit 'D'.

[jfunk]

My solution is to simply not give out my email address.

I have email addresses that couldn't possibly have been leaked that were spammed.

The funniest example: SuSE 7 set up a user called "cyrus" which is for Cyrus IMAP. "Cyrus" got spammed.

I found out how this happened in my Sendmail logs. This is a pretty obnoxious practise that has grown popular recently. I'll show a tiny portion:

Dec 12 04:08:26 arthur sendmail[1687]: eBC88PC01687: <miguel@funktronics.dhs.org>... User unknown
Dec 12 04:08:26 arthur sendmail[1687]: eBC88PC01687: <homes@funktronics.dhs.org>... User unknown
Dec 12 04:08:26 arthur sendmail[1687]: eBC88PC01687: <gateway@funktronics.dhs.org>... User unknown
Dec 12 04:08:26 arthur sendmail[1687]: eBC88PC01687: <lincoln@funktronics.dhs.org>... User unknown

See the trend? My mail log is huge. Spammers now have the email equivalents of wardialers, and they're using them.

Under my current ISP, I have an email address. I have never given it out. I have never used it. It's good for getting warnings of service disruptions. It gets spam.

I still have and use my old RoadRunner address above. (the service is still up and used by my brother) I've had it for at least 3 years now. Up until a few of months ago I got about 1 or 2 spam per week. I was sort of open with it, too. Notice that I didn't spam-proof it or anything but I used it (and still do) for many site registrations. It only got bad when the dot.coms felt the crunch. I have a feeling my address was sold.

On my mailserver for funktronics.ca, I was dealing with spammers individually at first. I made a bounce message that read "Sender featured at http://goatse.cx" and added the IP. That didn't work so well so I have since set up the RBL. Cyrus hasn't gotten spam since then.

After all that, I'm surprised that your real address has not been spammed. I'm guessing it will be unless your using the RBL or something.

Re:Hit 'D'.

[SlippyToad]

My solution is to simply not give out my email address. I have about 6 completely phony Yahoo email addresses. I registered /. on one of them. No matter what I register for on the net, I use a fake address, because I have had to give up several really nice email addresses when they became engulfed in spam. Of course, my original hotmail address was by far the worst. 60+ messages a day. So far, my real email address remains unspammed.

Re:Hit 'D'.

[dubl-u]

I learnt that the only thing to do was to hit 'D'. Call me a pessimist or a fatalist or whatever, but it really is the only solution.

This may work when spam is 10% of your mail. Is it a good solution when it's 50%? How about 90% of your mail?

I don't know about you folks, but about 90% of my paper mail is garbage (sorry, I mean "special offers"). Spam is orders of magnitude cheaper per recipient than snail mail, so there's no reason to expect the spammers to stop at 90%. And once your mailbox is 99% trash, you'llstart getting 2 MB Flash advertisements in your inbox from marketroid who want to "cut through the clutter" that they themselves created.

The truth is that there is plenty you can do:

• Never buy from it - In getting rid of roaches, rule #1 is to remove their food source. Same thing here. Spammers only spam because they think it will profit them.
  
• Report it - I use SpamCop; it does 95% of the work.
  
• Automatically reject it - Tell your MTA to make use of the spammer blacklists at MAPS and elsewhere.
  
• Tell your friends - Most people don't realize that spammers inflate ISP fees and reduce service quality by clogging servers with garbage. Educate them!
  
• Tell your legislators - Some countries and US states have already outlawed spam. To help make this universal, you have to let your legal reps know how you feel. Check out The Coalition Against Unsolicited Commercial Email.
  
• Don't do business with spamhausen - Especially if you are a network admin, don't do businesses with companies that profit from spam. Check out spamhaus.org and spamsites.org for details. And make sure to let the sales droids know why you won't buy from 'em!

This is a problem that we will all have to deal with eventually. We should do it now while the problem is only costing us 10 billion dollars a year, up from approximately zero a decade ago.

What I did...

[schon]

I think I got the same spam you did, from "mygeek.com".

The first thing I did was blackhole the 204.176.122.0/24 network (this is the IP address where the spam originated from - this ensures I won't be getting any more from them - ever)

The next thing I did was track down marketsharerecovery.com, which is hosted by Verio.

Poking around Verio's site, it turns out that selling people's email addresses for spam is against their AUP. (http://home.verio.net/company/policies/aup.cfm states pretty plainly that "Advertising, transmitting, or otherwise making available any software, program, product, or service that is designed to violate this AUP, which includes the facilitation of the means to spam" is a violation.) Selling bulk email addresses is a pretty clear facilitation of the means to spam.

I got a boilerplate reply from Verio, stating that they had taken "appropriate action" (but that they couldn't tell me what that action was, due to privacy concerns.)

Bitch to Verio - if enough people do it, they'll eventually shut them down. You have to be vocal.

But another tactic might be to shut down the spammer.. anyone for a class-action lawsuit against marketsharerecovery.com?

Very good, very cheap procmail filter

[coyote-san]

These companies could easily be lying about buying you name from an "opt-in" list. I get a *lot* of spam which huffs and puffs and tries to keep the lawyers away with a prominent notice that I only got the message because I opted in with them.

Like any court would give more weight to a self-serving statement by a spammer than a sworn statement by the victim....

Anyway, I've found a very simple procmail eliminates most of my spam. If it's not addressed to me - hell, if it's not addressed to my ISP - in the to:, cc:, or bcc: line it goes into the spam bucket.

This also clobbers legitimate mailing lists, but they're easily pulled out of the stream prior to this filter.

A few messages still get through... but they get my special attention. For instance, I check to see if they're tagged - for the past year or two every time I've given my email address I've used the "user+tag@fqdn" form. It still gets delivered to me, "user," but if the address hasn't been washed I can figure out where they found the address.

Something funny...

[cr0sh]

I recently received a piece of SPAM that said they sent it to me because I opted in on another site. Since I visit so many different sites so frequently, and a few of them I have opted in (I have given up all hope regarding SPAM, because my actual email address I use for day-to-day stuff I have had since 1993, and have posted in USENET, etc - no way to get rid of the SPAM, so I don't worry anymore - I just try to keep my new addresses from being SPAMed). But it sounds exactly like your issue. If I get another, I may check it out...

I do have this to say, and I don't know what the reason is for it, but I am going to go out on a limb and speculate:

I put up a real hairy set of filters under my Netscape mail - about 6 or so filters, hierarchically arranged to dump SPAM in one bucket, good stuff in my inbox. Sometimes good stuff lands in the SPAM box, sometimes I get a real good "targetted" SPAM in my inbox. When I first did this, I was getting around 20 or so pieces of SPAM a day - landing in the SPAM box. Over the weekend (when I didn't check my email as much), my inbox would fill with a lot of SPAM - 70 or more pieces. With the filters, most started going to the SPAM box, which on occasion I would look at, and delete them instantly to the trash (I would look, just in case a real email landed in the SPAM box - which it does on occasion). I originally had the filters set up one way, then I would tweak them, reorganise them, think about the logic - when something got through, I would "step-through" the filters, to see how the spam got by, and twiddle the settings on the filters to capture it next time. All this has been going on for about 4 months or so.

Guess what happenned...

The volume of SPAM that I get has dropped - drastically! Daily, I used to get about 5-10 pieces of SPAM - now I get 2-3 captured by my filters. On weekends, I get maybe 10 or so SPAMs, landing in the SPAM box. In my inbox, maybe one or two targetted SPAMs make it through, which I delete. So what happened - why am I getting less SPAM now?

I used to use SPAMcop, as well as other tactics, to try to lessen the SPAM - all to no real avail. As far as I know, my provider didn't instate a SPAM filter of any kind, so that isn't the answer. My guess?

The majority of my SPAM I didn't look at - in other words, because SPAM can contain web-bugs and other means of identifying when you look at it (such as hitting a web site for an image or something) - I have become (in some eyes) a "non-sell" - or something. This sounds like a reasonable explanation - and I wonder if I switched to using PINE or ELM, or some other text-based reader, whether it would improve further or not.

Part of me says "maybe" - but another part of me says "nah, something else is going on to lessen the spam" - I tend to side with the latter opinion, but for the life of me I can't figure out the "why" of it. But I do know those filters have made my life a lot easier online - my only regret is that I didn't set them up sooner (I am thinking about "packaging" the filters in some way to give to others to use, they work so well)...

Worldcom - Generation Duh!

Interesting, but

[dubl-u]

This is an interesting idea, but using copyright law to prevent all copying is probably a bad idea, although IANAL.

First, copyright law has a pretty particular purpose, which is to protect intellectual property so that the creators of it can profit from it. Protecting email addresses doesn't fit well with it.

Second, copyright has all sorts of twisty exemptions and rules that go along with it. That's probably not baggage you want.

Third, the power for misuse of this is awesome. Large companies will often do anything they can to suppress unflattering information; allowing the copyright of email addresses would give them another big stick.

If you really want to shoehorn this into current law, maybe trademark law would work. But if you want to protect your email, you're better off going straight for new laws along the lines of European privacy or data protection laws. Or if you want to stop spamming (but allow trade of email addresses) than the current junk fax law isn't bad model.

Complaints do nothing, we need a cause of action.

[Tau+Zero]

Griping to spammers' ISPs sometimes has the effect of cutting off their access temporarily. Other than that, it's just like a game of whack-a-mole; another one pops up and you're no better off than before.

I am looking for a way to use other laws against spammers. Because government will not act, we need a law or laws which give a private right of action against the spammer. I am considering copyright law. If I can copyright and register my e-mail address and prohibit unauthorized duplication (for instance, incorporation into a database or sale) that would give me a right of action against anyone who duplicated it. The copyright laws do not require you to prove damages, they award statutory damages (over $10,000 IIRC) if you can prove even one violation.

Suppose that a hundred people get together and do this. A spammer offers a list of e-mail addresses for $149; that's $1.49 per participant, and we buy the list. On it we find ten of our own e-mail addresses. We go after the spammer for $100,000+ in statutory damages, bankrupting the spammer. Because copyright is international in scope we can go after spammers anywhere, from California to Cyprus.

What do you think? Are there any copyright lawyers out there who can say whether or not a "work" as small as an e-mail address can be copyrighted?
--
Knowledge is power
Power corrupts
Study hard

my tactics

[mi]

So many have offered their filtering techniques, I'll describe mine. It may help you filter and it may help you sue. :)

When a site (say lavalamps.biz) asks me for my e-mail address (which, for example, is <mi@dufus.organ>), I give <mi+lavalamps@dufus.organ>.

Thanks to the sendmail (other MTAs?) feature, all such e-mail automaticly gets delivered to my mailbox. But I can always examine the headers to find which address a message was sent to.

I used to create a special alias for each web-site (I admin my home box, which receives its mail) and spam keeps coming to my <preferences.com@dufus.organ>, but it is much simpler to use the + technique.

If you have your own domain (say, bonkers.porn), where all e-mail to <any>@bonkers.porn gets delivered to you, you can give lavalamps.biz the <lavalamps@bonkers.porn> address. This avoids the problem with some web-sites, where the form-verifiers were written by dirty-handed punks, who did not know a plus is a legitimate character for an e-mail address. Hotjobs comes to mind.

My next plan is to implement auto-expiring email-addresses as in <mi+lavalamps+982281449@dufus.organ>. After a week from now, my automatic filter will start rejecting e-mails to this address with a polite message, that this address was given to "lavalamps" and that it expired after 982281449 seconds since epoch (of course, the date will be converted to the text form).

Having such filter, I can control the validity of the e-mail addresses when I give them out. I can just estimate, when the ordered lavalamp will arrive and add a few days. If credit card companies can issue single use numbers, I can issue single use e-mail addresses.

After a second thought, I should probably try to patent this method and retire early :)