Slashdot Mirror
Lawsuits Against Spammers
apc writes "Pretty good overview of the state of the law
regarding spammers, and some stories about people who have sued them and won. Nice to see the topic getting mainstream attention."
It talks about several different states and several different people who
have won cases. I still think its fairly hopeless, but I also believe forging
SMTP headers should be legally punishable by castration.
Instead of encouraging litigation, why don't we develop (easy) and attempt to gain acceptance (harder) of an authenticated e-mail format?
I would much rather see technical (or social) solutions to the spam problem... laws have a funny way of not going in our favor, don't they?
What we need is national legislation against spam. There are too many state laws that legitimize spam in one way or another. This gives every spammer a one time get out of jail free card, and does nothing for spam problem in general. New spammers pop up all the time - it doesn't make sense to 'opt out' of every new spam list you get onto.
The article makes a good point about laws that require spam to be labeled. This isn't a solution, and there are also conflicting requirements between state laws. One law requires "ADV: ADLT" on the subject header, another law requires "ADULT ADVERTISEMENT". This is a perfect example of laws being too specific - legislation has no business dictating changes to the SMTP protocol. This isn't useful either: shouldn't spam laws apply to more than SMTP? Say, ICQ spam? Internal AOL spam?
This is why we need a national spam law. No conflicts, no SMTP requirements, no opt-out. Make spam illegal, period. Spam is harassment, theft of service, and usually fraudulent. It costs ISPs millions of dollars that are passed on to YOU. Companies lose productivity because of workers receiving spam.
If you think this is any different from junk fax laws, you're kidding yourself. Spam and junk faxes both hurt the recipient. Spam is not free speech. Spam is not a constitutional right. Banning spam IS the right answer.
Tired of not making enough MONEY ? HOW ABOUT $3000 PER WEEK OR MORE !
No, this is not a joke, YOU TOO CAN QUIT YOUR JOB AND MAKE THE MONEY YOU DESERVE !
HOW ?
Very recently, I have discovered that anybody on the internet receives "SPAM" emails, and that it is usuall possible to sue those "SPAMMERS". Most often, "SPAM" originates from VERY LARGE COMPANIES who have a LOT OF MONEY MOST OFTEN, and these companies don't want to lose their reputation in the "SPAM" industry, therefore they are usually willing to give plaintiffs A LOT OF MONEY to settle their claims.
I CAN ALREADY HEAR YOU SAY "HOW CAN I SUE SPAMMERS TOO AND RECEIVE A LOT OF SETTLEMENT MONEY ?" !
IF YOU SEND ME A RESPONSE AT THE EMAIL ADDRESS AT THE BOTTOM OF THIS MESSAGE, I'LL INTRODUCE YOU TO MY NEW BOOK CALLED "HOW TO SUCCESSFULLY SUE SPAMMERS AND RECEIVE A LOT OF SETTLEMENT MONEY". MY BOOK NORMALLY COSTS IN EXCESS OF $85 FROM NORMAL RETAIL CHANNELS, BUT ONLY FOR YOU, I OFFER YOU THIS INCREDIBLE MONEY-MAKING TOOL FOR ONLY $19.99 !!
DON'T PASS UP YOUR CHANCE TO MAKE THE MONEY YOU DESERVE. SEND ME A RESPONSE RIGHT NOW, OR CALL ME AT THE NUMBER BELOW.
THANK YOU DEAR FRIEND !
email: SUCKER_RESPONSE@HOTMAIL.COM
phone: 1-800-YOU-SUCK
**********
THIS IS A ONE-TIME EMAIL, YOU DO NOT NEED TO DO ANYTHING IF YOU DO NOT WISH TO RECEIVE ANYMORE INFORMATION ABOUT THIS INCREDIBLE OFFER.
The only reason spam is so prevalant is because there are still enough suckers out there who respond to it and buy into the schemes. We need to do one of two things. Either successfully educate the suckers so the spam becomes uneconomical, or compile a real list of suckers and find a way to convince the spammers to ONLY spam them, and not the rest of the world.
Neither of these things will happen, unfortunately.
-Restil
Play with my webcams and lights here
This is why XNS (a next generation DNS replacement) needs to be adopted ASAP by the worldwide technical community. For example, here is the white paper on spam filtering. In a nutshell, if someone who is not on your acceptable email list wants to send you an email, they must first (and this is all automatically handled by the software) accept an agreement which dictates your exact privacy requirements. If it is a personal email with actual valid content, clearly they will simply accept the agreement and automatically be added to your list. On the other hand, bulk email spammers (hereafter referred to as "Dickwads") will probably not like the section talking about your fees for accepting bulk advertising. :)
Spam is Free Speaaech (A Troll)
No more government regulation (aynrand666) All problems have a technical solution. Just hit delete.I know more than you do (karmawhore23) I am cleverer than you.
Comment removed based on user account deletion
U.S. businesses generally oppose restrictions, equating advertising with free speech.
"If you ban me from this type of medium, you have severely limited my ability to enter into the marketplace," said Jerry Cerasale of the Direct Marketing Association.
God DAMN IT, for the LAST time, spam is not a free speech issue, it's a property rights issue. My computer is NOT a public utility for every sleazy marketing dink in the world to use at MY expense.
If Mr. Cerasleazy wants to "enter the marketplace", he can damn well pay for his advertising.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Many of these spammers send from hotmail.com or from email addresses that are not in the US. So how would I go about suing them? Even assuming that I could sue them, how could I manage to go about collecting my settlement from them?
I'm afraid suing is not the answer to ending all spam, just a small class of spam.
I could not justify my existence if I were a turkey farmer. Would I terminate myself? Undoubtably, yes.
220 foo.bar.com CASHMAIL System
HELO
250 foo.bar.com Hello
MAIL FROM: mom@aol.com
667 foo.bar.com accepts payment of 0 cents
DATA
..
MAIL FROM: unknown_spammer@hotmail.com
250 unknown_spammer@hotmail.com... Sender ok
RCPT TO: foo@bar.com
666 foo@bar.com requires payment of 200 cents
CASH: 82kd0xma893mcos0
667 foo.bar.com accepts payment of 200 cents
DATA
...
MAIL FROM: known_spammer@hotmail.com
250 known_spammer@hotmail.com... Sender ok
RCPT TO: foo@bar.com
666 foo@bar.com requires payment of 1.0e09 cents
CASH: 82kd0xma893mcos0
666 foo.bar.com detects fraudulent/forged e-coin. Forwarding to fbi.gov
The only title of honor that a tyrant can grant is "Enemy of the State."
I run my own mail server, running qmail with the rblsmtpd daemon, pointing at several "underground", i.e. not for pay, black hole lists. In addition, there are spam _content_ filtering tools out there such as spamassassin, which looks for common telltale fingerprints in email. WORK FROM HOME, MAKE MONEY FAST, etc. etc. etc.
It can be done, with a little work.
I want to delete my account but Slashdot doesn't allow it.
YES! Most times that I get spam, I trace down the headers to find the source and report the spam to the ISP hosting the address, and the spam stops.
MOST times. It took a while to get through to hinet.net about their 'tom lee designs' spammer, but even then, when I finally got through to somebody the spam was stopped.
For the last three months, I've been dealing with wads of spam from what I believe to be the same spammer due to the headers:
The ISP in question is AT&T Global. (mail to abuse@prserv.net ends up at postmaster@attglobal). For the last three months or so, I've diligently forwarding the messages, with headers, to abuse@prserv.net (or postmaster@attglobal.net). Until recently, they've been universally coming back with form-letters saying 'this problem has already been reported'. Sometimes the spam stops for a day or two, sometimes it doesn't.
I even looked up their contact number on whois and called THAT a few times (the only human beings there seem to be overworked and underpaid tech support people). The last few days, I've been getting my reports returned in a form letter stamped 'not our domain', as if whoever's getting my messages at AT&T Global is either 'in on it' or just doesn't want to deal with it any more (or perhaps is's just a 'new guy' who's not used to dealing with the headers, or thinks that only AT&T Global user's complaints about spam from their network should be dealt with)....
Point is, with roughly 80 spam messages from the same spammer forwarded, the spam has continued unabated, and I honestly wonder if some salesdrone at AT&T Global's Austin, Texas area POP has an 'understanding' with the spammer and has been willing to re-sign him every time he gets kicked off. Unfortunately, none of the emails I've sent to 'postmaster@attglobal.net' requesting more information about the spammer (including requests on the order of 'who do I contact to find out the proper legal procedure for obtaining the spammer's identity so that I can look into taking action myself') simply come back with more form-letters, or are unanswered...
I called them again today (after last night's two spams came back from them stamped 'not our domain') and for the first time, actually got to speak to someone in the postmaster department. She actually seemed helpful and polite, so hopefully something might finally be DONE about this spammer...
So, anyway, to get back to the point - the ISP's are the ones who have the power to do something about spammers on their network, and if they choose not to, there ought to be some sort of recourse. Small ISP's, you can complain to their upstream provider, but when you're dealing with AT&T Global?....
'scuze the verbosity of this post - this particular spammer/ISP issue has me pretty irritated at the moment...
Hacker Public Radio is our Friend
I think a better resolution to the problem is to enforce a certain amount of purity in the mail headers.
If you are spam, you should mark your message as being such. If you are a mailing list, you should mark your message as being such.
And then we need to have a network of trust between the mail servers. Something lightweight enough that it works 90% of the time. Servers who are trusted are trusted that they will send out mail with proper headers. Servers who aren't trusted will get their mail bounced most of the time.
Thus, spam can be dropped on the floor at the option of any mail server. And server admins who don't mark spam as spam are marked as untrusted servers. At the option of the country that the mail server exists in, this can be declared as fraud.
I wrote up some notes on it on my webpage but I'm not sure how well it would really work in practice.
Gentoo Sucks
I think it's time to apply Truth in Advertising standards to spam.
You say your product will help me lose weight? We send a rebuttal picture of your naked fat ass to everyone you know.
You say your product will make my penis gain 3"? We get testimonial from your two mercy fucks about how you need to use this product yourself.
You say your product will get me hot dates every weekend? We distribute a copy of your busy social calendar - with a note that you were stood up for the sole entry, your Jr. Prom in 1989.
And lest we forget it, you say your product will net me $50,000 in only 10 weeks? We show your credit card bills, and how even Miss Cleo has cut you off as a deadbeat.
The best thing of all si that this doesn't really require any new laws. (Well, the suggestions above do, but not the concept.) Don't just nail the spammers with small fines for sending spam, hit them with large fines for fradulant advertising, participation in criminal enterprises, etc.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
I've sued phone spammers, the type who use a machine that calls people and plays a recording, which as been blatantly illegal for almost 10 years.
I've won, but it takes more work than the $500 you win is worth even when you do win, and on average it's something you do only on principle and not for money.
And thus few do it. When I have been in court the judges/commissioners have said they don't often (if at all) see these cases.
Laws are not the answer to spam. In spite of what people say it is not just a question of "it's not a free speech issue it's a property issue."
Spam involves rights in conflict. It's a free speech issue AND a property issue AND a privacy issue, all in one. The answers are not so simple as these laws suggest.
Has it been over a year since you last donated to the Electronic Frontier Foundation
I think companies like MSN/Microsoft/Hotmail, yahoo, excite and @home should be doing the suing.
Everytime someone forges an e-mail address using their domain name, and someone forwards it to abuse@something.com then it costs them money to research it. It could also be considered slander if someone sends you an e-mail from something like animalsex@microsoft.com.
Don't they care about their PR? I mean now I think that Microsoft has something to do with bestiality. How do I know that it wasn't really from them?? I'll just keep assuming that till proven otherwise.
The problem with a national law, with any law, is that it defines "safe turf" for both sides.
If Congress debated such a law, I'm sure that the DMA would yell and scream and "compromise" that it is willing to make it illegal to send unsolicited email of a criminal nature. Outlaw the pyramid schemes, outlaw the cock&tit creams that don't have FDA approval, etc.
Meanwhile, in the same spirit of compromise, it's now Federal law that companies can ignore repeated requests that you be removed from their spam lists because you have a bona fide business relationship. It doesn't matter that this "relationship" was a one-time purchase of a Christmas present a decade ago for a person who's long been out of your life - you might need another left-handed bacon turner some day and if they can't sent you reminders, you'll buy it elsewhere!
Likewise the legislation would undoubtably protect affiliated businesses - the reason I briefly got investment solicitations from my car insurance carrier, until I made it clear they were about to lose the latter account. It will even protect attempts to woo you away from existing businesses - you drive, so therefore you should hear about Fly-By-Night insurance rates. And Bob's detailing shop. And on and on and on....
I'm not saying that legislation would never be appropriate, just that it's too early to do it at the national level. Let's get a clear concensus that spam is a problem, then use the federal law *only* to normalize things like mandatory subject lines.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
"It is a greater offense to steal men's labor, than their clothes"
Well, not exactly. You're right in that that's all it technically does for us. However, this leads us to two potential advantages:
- When the spammer is identifiable, they don't tend to last long because the volume of incoming complaints tends to overload the ISP.
- It makes it easier to create a groupware blocking system - for example, 10,000 people subscribe, and the system requires three subscribers to complain about an address before it's blocked. A spammer sends spam and it hits 8237 of the subscribers. The first three to see it click the "this is spam" button, and the system automatically removes the mail from the inboxes of the other 8234 subscribers who got it and blocks all future email from the sender.
You're right, but again, the volume of incoming complaints (and denial of service attacks) tends to make the ISPs balk at hosting spammers. Once they're tracable, the attacks begin, and the ISPs dump the spammers.The problem is, we need a completely new email system with authentication, and we need mail clients that handle both it and the current standard seamlessly... because practically nobody is going to make a hard switch over to a new email system that will prevent most of their friends and associates from emailing them, and very few people are going to be willing to run two separate email clients. It would be best if the server-side software supported both standards as well, so server admins don't have to feel that they're getting an additional piece of software to support. Moreover, everything has to support every major platform and some of the more prominent minor ones so it can support a massive switchover and won't piss off users of any particular platform by not properly supporting them.
Java, anyone?
The main thing I see is that the best idea is to somehow transfer costs back to the spammer. So an idea that forces the spamming computer to use up resources is fine.
similarly, a solution that causes you to spend time implementing more technical solutions is costing you time, and probably money.
bottom line: Make the spammer pay.
In my original example, the smtp could also be set to have several levels of trust, with corresponding levels of computional feedback for the sender.
"It is a greater offense to steal men's labor, than their clothes"
This is revealing, however the real text of the interview is more so:
Interviewer: I'm calling regarding Congressional action on spam.
Jerry Cerasale: If you ban me from this type of medium, you have severely limited my ability to enter into the marketplace.
I: But surely with all the ads for porn, casinos and viagra substitutes that you'd be competing with, it's not going to be of any use to you anyway.
JC: You're not listening. I said if you ban me from entering the marketplace. You can ban everybody else.
I: So you're saying you want to ban everybody except Jerry Cerasale from using spam?
JC: No, I want to ban unethical marketers from using spam.
I: How do you define unethical marketers?
JC: They're the ones that forge stuff and won't honor remove requests.
I: So won't they just start following that law and you'll still have the volume problem?
JC: No, because they're unethical marketers.
I: So who are the ethical marketers
JC: They're the DMA members
I: So if the unethical marketers join the DMA do they become ethical marketers?
JC: Of course.
I: Even if they still forge and don't honor remove requests?
JC: Yes. If they join the DMA, then what they are doing is ethical marketing.
I: Surely all the spammers will just join the DMA then and they can all spam.
JC: That's OK.
I: But then won't email be useless for everybody because of the volume? After all, there's got to be hundred of millions of potential marketers out there who might want to use it.
JC: Yes.
I: So you're opposed to laws that will make spam unusable for marketing?
JC: Yes.
I: But you realise that if the laws aren't passed, spam will be unusable for anything.
JC: Yes.
I: Including marketing.
JC: Yes.
I: So really your opposition to laws banning spam achieves nothing to protect it for marketing, and just succeeds in destroying it for everybody.
JC: That's right - if me and my DMA buddie's can't use it for our purposes, then nobody can use it for any purposes.
I: Isn't that a little childish.
JC: Well since they won't play by my rules I would take by bat and ball and go home, but I don't own the bat or the ball, so the only way I can stop them from playing is by destroying the bat and the ball.
I: Mr Cerasale, thank-you for your time.
JC: My pleasure.
I think companies like MSN/Microsoft/Hotmail, yahoo, excite and @home should be doing the suing.
Well, maybe, perhaps not. Companies will sue if it's in their interest. If their network becomes good enough to handle the congestion from spam, and the amount of spam doesn't vary too much as a customer moves from ISP to ISP, it's conceivable that the providers might begin to view spam as the customer's problem (as they pretty much do now). And even if they do start suing- who benefits from that directly? Besides the obvious value as a deterrent to spammers, there isn't much justice being done if the plaintiffs are all going to be large ISPs. The parties most damaged by spam are the end users and especially the smaller ISPs.
I always thought class action lawsuits by the actual recipients of spam are the most logical way to counter spam if the approach is going to be via the courts. After all, have you ever received a single, individual spam that's caused you to consider taking the case to court against that particular spammer, with lawyers and court costs and all that hassle? With a judge that might ask "well why didn't you just hit delete?" And getting that single spam email message isn't really what you're suing over. It's the degradation of your daily routine, the tedium of having to delete a hundred emails a day year in and year out, the loss of almost a day of your life per year deleting countless messages about herbal Viagara and credit repair software and diplomas from prestigious non-accredited universities and hair loss and government grants info packages and an EZ way to consolidate debt and reducing all payments by 60% and frisky teens. Going to court over a single spam seems to miss the point. And it's expensive and inconvenient to sue as an individual, so a spammer might very well recognize that his individual spam probably isn't going to elicit a lawsuit if it isn't outrageous enough for a spammed plaintiff to choose as THE spam (out of the 10000 in his box) that he's going to go to court over. In fact, people tend to sue when the spam particularly offends them (e.g. when it talks about sex with minors, or has nude photos in it and is received by a minor). Unless things proceed to the point where every spam message sent out results in a lawsuit, a spammer that keeps his emails polite and sticks ADV in the header is pretty much safe from being sued. So you don't even get much of a deterrent effect.
Unless we switch to using class action suits, which don't have these problems if someone with the resources starts consistently nailing all spammers with them. It's much easier than taking a case to court yourself. Someone is doing the suing for you and you get to hang on like a million other freeloaders and enjoy the fruits of your class action. I almost wouldn't mind getting spam if I knew there was a chance that I could stick it to the spammer for a few cents along with thousands of other people. If I even got a fraction of a penny on average per message, we could still be talking about some serious money. And it certainly wouldn't be too hard to set up. In fact (if this were 1999) you could probably build a dot-com out of it somehow, to coordinate the spam submissions, identify plaintiffs and defendants, litigate in court, hire collections agencies, and process the payments back to all plaintiffs. That's more of a business plan than many dot-coms had. I think that if there weren't so many jurisdictional problems with the idea in general (and if there were more spam laws) someone would try this.
I mean now I think that Microsoft has something to do with bestiality. How do I know that it wasn't really from them??
Strictly speaking, even if it turns out the email wasn't from Microsoft, it still doesn't prove that Microsoft has nothing to do with bestiality.