NY AG Sues MonsterHut Over Marketing Spam

Ian Hill writes: "This BBC article tells how NY State Attorney Elliot Spitzer has sued marketing firm MonsterHut.com over "millions" of unsolicited e-mails. He claims MonsterHut.com falsely told its clients that e-mails sent on their behalf were sent to addresses who registered themselves as interested parties. Also at question is how exactly these addresses were collected." eviljim adds a link to a press release from New York's Attorney General and a reminder of how MonsterHut was disconnected from their ISP.

STATE LAWSUIT SEEKS TO END SPAM EMAILS SENT BY NIA

STATE LAWSUIT SEEKS TO END SPAM EMAILS SENT BY NIAGARA FALLS COMPANY

Spitzer Says Company Sent More than 500 Million Unsolicited Messages to Consumers

Attorney General Eliot Spitzer today filed a lawsuit against a Niagara Falls-based "spammer" that sent hundreds of millions of emails to consumers whom it falsely claimed had requested the emails.

"Every day New Yorkers are being inundated with unsolicited commercial emails, or spam," Spitzer said. "Some of the spam is a vehicle for fraud, some of the spam is inherently fraudulent, and much of it constitutes a real annoyance for email user. This lawsuit is the next battle in our continuing fight against online fraud, and an attempt to help consumers maintain control of their email in-boxes."

MonsterHut, Inc., its Chief Executive Officer Todd Pelow and its Chief Technical Officer Gary Hartl, are accused of fraudulently advertising and representing the company's email marketing service as "permission based" or "opt-in," meaning that every consumer to whom they send commercial email has explicitly asked to receive it. In fact, the suit alleges, the company's email lists are only partly "opt-in," and include many consumers who never asked to receive email from the company. The suit also alleges that this false representation of MonsterHut's business practices enabled the company to profit through the deception its Internet access provider, its own paid advertisers, and consumers at large.

The suit alleges that since March 2001, MonsterHut has flooded consumers' email in-boxes with more than 500 million commercial emails, advertising a variety of goods and services. At the same time, negative consumer response to MonsterHut's spam has been overwhelming. More than 750,000 consumers have requested to be removed from MonsterHut's mailing lists, and tens of thousands have complained to MonsterHut's internet access provider, PaeTec Communications, Inc., of Rochester.

Earlier this month, PaeTec cut off MonsterHut from its network, after a New York appeals court held that MonsterHut had violated an anti-spamming provision in its contract with PaeTec. However, nothing in that decision prevented MonsterHut from spamming consumers through another internet service provider.
"We are seeking to prevent MonsterHut from continuing its fraudulent, deceptive and illegal practices, not just over PaeTec's network, but over any ISP in New York," Spitzer said.

The Attorney General is seeking a court order to:

• Enjoin MonsterHut, Pelow, and Hartl from falsely representing the nature of their unsolicited commercial email;
• Require MonsterHut, Pelow and Hartl to disclose how it obtained all the consumers' email addresses; and
• Require MonsterHut, Pelow and Hartl to pay civil penalties and court costs for its violations of New York's consumer protection laws.

This case is being handled by Assistant Attorney General Stephen Kline of Attorney General Spitzer's Internet Bureau

Spamhaus.org's collection on MonsterHut

[Seth+Finkelstein]

There's a great deal of useful information in

Spamhaus.org records about MonsterHut

It includes such gems as

MonsterHut's PR

and

Whine: MonsterHut Letter to Spam Clients

(scroll down - the header index is identical for these links, but the material below is different)

Definitely worth looking over, for a profile of a spammer.

Sig: What Happened To The Censorware Project (censorware.org)

Re:There is one!

[Tackhead]

> Hey, Coward, this is not a speech issue. It's a property rights issue

Amen.

I'll see your Fifth Amendment response, and, I'll raise you a Supreme Court ruling.

"Nothing in the Constitution compels us to listen to or view any unwanted communication, whatever its merit. We categorically reject the argument that a vendor has a right under the Constitution or otherwise to send unwanted material into the home of another. If this prohibition operates to impede the flow of even valid ideas, the answer is that no one has a right to press even 'good' ideas on an unwilling recipient. The asserted right of a mailer, we repeat, stops at the outer boundary of every person's domain."

- Chief Justice Berger, U.S. Supreme Court, Rowan vs. U.S. Post Office Dep't, 397 U.S. 728, May 4, 1970.

A man's home - and his email box - is his castle. Any spammer invoking the First Amendment is full of it.

Attorney General Spitzer, YOU ROCK.

Nope.

[OmniGeek]

I have a Deutsche Telekom cell phone for business trips (it was VERY cheap), and you pay $.16 or so all over Germany for calls you make, and $.05 or so per SMS you send (if I recall correctly, I may be off somewhat); NO charge for incoming anything from anywhere. It is, IMHO, a MUCH better setup than in the US, where I pay for incoming.

Re:There is one!

[Artifex]

Let me see if I can boil all this down to something smaller:

You have the right to speak; you don't have the right to force people to listen.

Spam wastes my time. If I pay by bandwidth, it wastes my money. At the very least, I have the right to refuse it; at best, I have the right to restitution for damages.

Re:There is one!

[Tackhead]

> To take your point a little further. Why can I not bill for time spent disposing of junk mail?

In the US, your mailbox doesn't actually belong to you - it belongs to the US Post Office. They allow you to take mail out of it.

I don't like junk mail, but someone's paying the US Post Office to deliver the snail junkmail to mailboxes which are the US Post Office's property. (To be absolutely technical - I think it's something like "you may purchase and own the physical container on the fencepost near the driveway, but the USPS still owns the space within it.")

> (in addition, materials garbage bags, etc.) What about electricity used to power the doorbell when a solicitor comes?

OK, fair enough :)

The (non-property-rights) issue with spam is the one of scale -- junk mail costs money for the sender to deliver. Door-to-door solicitors are throttled by the time/effort that it takes to walk from door to door. Even telemarketers are rate-limited by the number of drones they can have behind the predictive dialers. (Which is we've passed laws to try and combat the use of prerecorded telephone messages. But even these are rate-limited by the time it takes the recording to play back into the victim's voicemail.)

Spam, regrettably, has no such bottleneck. Even if you don't agree that it's theft of the recipient's mailbox, most of it comes through open proxies and open relays -- which clearly qualifies as stealing service from the victimized hosts.

Whether they're stealing very small amounts from millions of victims (the recipients) or larger amounts from a few victims (the bandwidth stolen from unauthorized abuse of intermediate open relays and open proxies) - spammers are thieves.

Paetec made the mistake...

[Skapare]

Paetec made the mistake of agreeing to contract terms that specified that if 2% (I think that was the figure) of the addresses were found to be non-opt-in, that this would be an acceptable margin of error. Presumably MonsterHut would have removed them from the list if asked. Even in the worst case of assuming that every complaint was one of those non-opt-in addresses, the complaints would have had to reach the level of 2% for Paetec to disconnect them under terms of the contact. It's that contact that allowed MonsterHut to get the injunction. MonsterHut didn't need to say that 100% were opt-in ... it only needed to say that 98% were opt-in, and Paetec didn't have enough numbers to prove that more than 2% were genuinely non-opt-in, at least not initially.

Paetec made some legal blunders. The rest of us can learn from their mistakes. I'll give Paetec the benefit of the doubt for being fooled in this case. A future company will not get that from me.

One step an ISP can do (if they didn't stupidly sign away any rights to do this) is to put the spammer on static IP and set up reverse DNS to name them with the spammer's domain name. Then I can block the spammer without blocking the ISP, regardless of the stupidity of the ISP's lawyers. And this is my common practice ... I block just the spammer if they are in reverse DNS identified static addresses. And I block them by their domain name, so if they move, even to another ISP, they are still blocked. They have to change domain name to evade this (and I'm sure many have).

Also, I do all my anti-spam blocking at the server during the SMTP session. I don't want their spam in my servers, and I don't want rejection notices to sit undelivered for days, either. By stopping spam before the mail is delivered, it doesn't get queued and the sending server has to deal with the rejection (but there is still a rejection in the cases of legitimate mail getting caught so the sender at least knows something happened, and can look for a way around).