Lawsuits Against Spammers

apc writes "Pretty good overview of the state of the law regarding spammers, and some stories about people who have sued them and won. Nice to see the topic getting mainstream attention." It talks about several different states and several different people who have won cases. I still think its fairly hopeless, but I also believe forging SMTP headers should be legally punishable by castration.

Re:www.xns.org

[johnburton]

I like this.

But I can't see any reasable hope of pursuading people to replace DNS. But I suppose people won't care what kind of name lookup their email software is doing.... Hmm...

Or what about something like ICQ where you can say who you want to be able to receive communciations from. Anyone else you have to authorize before they can send you an actual message. I doubt spammers could be bothered to do this, they'd go find some other way to annoy people.

How about doing this?

Your email program looks at the headers of emails being received. If the message is from someone in your address book, or is from someone you sent an email to *recently*, or is from a recognised mailing list then you get the email.

If it does not fit any of those conditions, it must first validate the sender. To do this it sends back a message to the senders From address with instructions saying under what terms you are prepared to accept the email, and a code to send back saying that you accept those terms. Your client would then accept one, and only one message from that address to be delivered to you. If you want to accept more in future you can add them yo your local address book.
The fact that the "spammer" must explicitly accept your terms for accepting your email would give a lot more legal protection to filtering and blacklists of known spammers.

Hmm. Must think about this some, and implement something!

another tactic?

[Alien54]

I saw this idea else where, and it looks promising enough that I want to share ....

One could extend the SMTP protocol for mail delivery so that (non-favored?) senders were forced to jump through some computationally expensive hoop before mail to local users will be accepted.

Currently SMTP looks like this:

>>> 220 mailhost.domain.com ESMTP Sendmail 8.9.9/8.9.9; Fri, 11 Jan 2002 16:05:32 -0500 (EST)
>>> HELO host.domain2.com 250 mailhost.domain.com Hello host.domain2.com [155.108.129.30], pleased to meet you
>>> MAIL From: 250 ... Sender ok
>>> RCPT To: 250 ... Recipient ok
>>> DATA 354 Enter mail, end with "." on a line by itself 250 QAA00187 Message accepted for delivery
>>> QUIT 221 mail.domain.com closing connection

We could add something like (not real numbers):

>>> 220 mailhost.domain.com ESMTP Sendmail 8.9.9/8.9.9; Fri, 11 Jan 2002 16:05:32 -0500 (EST)
>>> HELO host.domain2.com 250 mailhost.domain.com Hello host.domain2.com [155.108.129.30], pleased to meet you
>>> MAIL From: 250 ... Sender untrusted, please give prime factor of 34576184516935692342934759132 to continue
>>> FCTR 345837413 250 Ok, you bothered...
>>> RCPT To: 250 ... Recipient ok
>>> DATA 354 Enter mail, end with "." on a line by itself 250 QAA00187 Message accepted for delivery
>>> QUIT 221 mail.domain.com closing connection

The beauty of this is, putting support in sendmail would mostly be sufficient, and it lets you effectively add a cost per message without any sort of micropayments scheme, or giving up anonymity. I'd be curious what your reader groupmind thinks about this, or if the idea has been tossed around before?

- Mike Earl

Personally, I do not know the feasibility of this angle, although I am sure some expert with be willing to point out the flaws.