NY AG Sues MonsterHut Over Marketing Spam

Ian Hill writes: "This BBC article tells how NY State Attorney Elliot Spitzer has sued marketing firm MonsterHut.com over "millions" of unsolicited e-mails. He claims MonsterHut.com falsely told its clients that e-mails sent on their behalf were sent to addresses who registered themselves as interested parties. Also at question is how exactly these addresses were collected." eviljim adds a link to a press release from New York's Attorney General and a reminder of how MonsterHut was disconnected from their ISP.

SPAM

[coryboehne]

No, not the canned mystery meat, the junk e-mail that clusters my inbox everyday. I really hope this case will set a precedent that will deter the 25 or so people that seem to like to spam my account with their 'earn 10,000 a day', 'make your penis larger', 'diet now, lose 100 lbs a day and get paid $1 a pound', etc. I am truly sick of this shit, and I hope that someone gets the message. Of course the trick is to make this non-profitable, either by suing them blind, or by simply not responding to any of these e-mails. Keep in mind that the only reason that they don't do this via snail mail (aka: USPS) is because it actually costs money to mail a letter via this means, otherwise you would find it necessary to have a mailbox 4' X 4' X 6' and it would still be overflowing after 2 days.

The choice is clear and obvious

[Jucius+Maximus]

There needs to be a law in the United States outlawing spam.

All the logic is there an the anti-junk-fax laws. It just needs to be applied to e-mail. This way it would be much easier to prosecute groups like monsterhut.

Re:The choice is clear and obvious

[Jucius+Maximus]

"yea, but then the spammers just go off-shore to avoid the law."

No problem ... just firewall whatever country permits this behaviour. When those countries get the idea that spam is bad and want to send e-mail to the US, they shut the spammers down and we un-firewall them.

This would crack down the americans spamming through open relays in asia, people who are actually living in other areas to send spam to us. (Do I sound overly xenophobic?)

Re:Spamming

[tomhudson]

there is a difference. At least the people giving you junk mail in your home mailbox had to spend real money. They had to believe enough in their product so that the cost of solicitation would be covered.

But with the cost of email spam (the opportunity cost) being orders of magnitude lower, to the point where it's so close to zero per unit, the "social contract", whereby the one doing the soliciting has made an up-front investment, has been violated.

Oh, by the way, deleting spam on your computer is not free. It takes some of your time, and, even if you were to value your time at the minimum wage, your investment is far higher than the spammers.

Gee - Using EXISTING laws!

[R2.0]

The only thing stopping the AG's and other law enforcement is a lack of imagination, not a lack of laws. If spam is fraud, pursue it as fraud. If someone is violating copyright, go after the individual. How freaking hard is it?

Re:Gee - Using EXISTING laws!

[gatekeep]

You make some good points, but forget some important ones as well. Sure there's lots of existing laws that could apply, but the problem in a lot of cases is tracking down the offenders, and even then there's so many of them that the manpower to prosecute them is ridiculous.

SPAM and internet scams operate on a different scale than anything before. I probably get no less than 150-200 SPAM emails a day. Assuming they all from different senders, and are all fraudulent (which I realize is quite an assumption) let's figure out just how much time/money it would take to prosecute them all. Let's say for arguments sake that it takes 15-20 hours to collect information, and find the person to prosecute in the first place. Then let's suppose there's another 200 man hours involved in bringing this to trial. Including the judge, attorneys, etc this is probably a conservative estimate. Now let's suppose each of the people along the way (two attorneys, judge, technician to collect evidence) are making $40,000 each of taxpayer money, again that's probably conservative. Using the above estimate of 220 man hours per spam, that gives us a cost of $4230. Seems to me that's probably on the low side. Multiply this by the 200 messages a day I'm getting, and WOW $846,153 to prosecute the senders of one days worth of spam for one user. That's a lot of money.

All the laws in the world won't help with this problem. So long as the system is designed to allow the amount of spam that's out there, there's not much laws can do to change it. We need to either change the system so it costs the senders to spread around thousands upon thousands of emails, or find some other way to penalize without involving the already overburdened, underfunded, bureaucratic legal system.

Re:Good - Make SPAM cost the spammer

[Dimensio]

I do worry though about legal remedies just moving the problem to where the laws don't exist.

So do I. Unfortunately I don't think that the proper solution, vigilantism (stringing up spammers, beating and killing them brutally) will be smiled upon by the courts.

We Can't Stop Spam, so Stop Fraud

[EricHsu]

The main problem with spam is fraud and not its unsolicited nature. Okay, we're all geeks on this bus, so we're angry if we people violate the boundaries of our computer in some unsolicited way (I know it, I feel it too). But there's a difference between getting unsolicited mail from, say someone who's interested in a band you wrote an online review about, and some anonymous mailbot trying to scam you.

The problem is fraud. (1) Spammers forge return-addresses and lie in their subjects to trick you. This makes it hard to weed out unwanted mail. (2) Practically all spam comes from fraudsters. Spam is so despised as a marketing tactic that it cannot be used (openly) regularly by legitimate businesses without them getting a lot of flak.

I hate spam. It drives me crazy. But I believe we will never fully get rid of it, because it makes money. And there may truly be compelling free speech reasons that keep us from banning it (I'm not decided on this point).

But I think three steps would take most of the pain out of spam for me.

1. Spammers who are criminals (stock-pumpers, penis-mightiers) get arrested and deterred/reformed. The NY AG move is a much-needed start.
2. Spam must be given a proper subject like "ADV:", and need a legitimate return address. Violators are subject to large fines and jail.
3. Spammers need to pay for all their bounced mail. Not sure how to enforce this, but it would make me feel better.

Once these things are true, maybe spam will reach the same annoyance level as junk mail in real life: annoying, but not obscene.

Re:There is one!

[JCMay]

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

Hey, Coward, this is not a speech issue. It's a property rights issue. I don't get upset about junk mail in my postal mailbox; I don't have to pay for it. The sender pays the postage to have it delivered to me. I just carry it to my trash.

Spam, on the other hand, is often times paid for by the recipient. If you want to play First Amendment with me, I'll play Fifth Amendment with you:

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

Since you say that Spam is the sender's First Amendment right, it appears that delivery of said spam is "public use," and can't be paid for by the recipient because there's no just compensation. Spammers can't take my money (private property) to deliver your message (public use) without paying me (just compensation) in return for paying for your message's transmittal.

By the same token, you can't use the Freedom of the Press clause-- for the same reason. I can't be forced to pay (private property) for the publication (reception) of spam (public use) without paying me (just compensation).

If they want to pay me to receive their messages, that would be constitutional. As it stands, sending people unsolicited messages that they must pay for is not only not protected speech, but unconstitutional.

Read more about it

Why not whitelists?

[billtom]

It seems to me that the answer to spam is whitelists. I find I get very little non-spam from people who aren't in my address book (you just have to be diligent about keeping your whitelist up to date).

I realize that some people do have a different email usage pattern and do get lots of mail from new senders, but then you could just use an "ask for confirmation" style whitelist filter.

Is there some reason why whitelists aren't more popular (aside from the fact that it's not the default configuration of Outlook [Express])?

Spam Bad- Fake Addresses worse

[fermion]

Unsolicited email is bad, but the problem is proving an email is unsolicited. I am supposedly on some many valid lists it is unbelievable. I have registered a fresh name, used it to complain about an email, and have been told the new registered address was listed on their opt-in list. When I complained to all the various agents, no one did anything.

No, this current approach is a losing battle. What we must have is transparency. The Spammer cannot be allowed to use fake email addresses. I have complained about commercial emails with fake addressee, and the providers refuse to do anything. There must be an opt-out link or email address that is in the same domain as the from and return address. These address must be in the owner domain, and not Yahoo, Hotmail, or whatever free service they use for one time addresses. The subject line must clearly identify the company being advertised. If the email is to a website, the website must have an email link, and, if it is a DBA, must have a link to the corporation or person.

These guidelines will create a proper and honorable two-way communication. There are companies like (I think) Virtual Holdings that cowardly hide behind fake addresses and do not even put a real address on their domain registration. They keep their costs down by hiding behind fraudulent websites that do not have a single method of communicating with the owner. It is the highest form of arrogance that they think they have the right to spam us, but we don't have the right to spam them.

I know it has been said before, but let me say it again. Get a free email account. When you get a spam, especially with a fake email, look up the registration for the websites advertised. Look up the registration for the DNS providers. Send an email to every address you can find stated how cowardly and dishonorable using fake email addresses is. Let them know we know they are vermin. You do not even have to include your own information, as you are complaining about bad netiquette, not Spam.

Re:We need more of this

[MillionthMonkey]

Seriously, why do they think that if they keep sending me five copys of the same email EVERYDAY, eventually I will answer?

If you didn't reply the first 100 times, maybe you'll reply on the 101st. Remember, a spammer might have paid good money ($0.000001) for your email address and when you don't reply he's forced to eat the loss, damn it. And when you're running a prestigious nonaccredited university, every microdollar counts. So it's quite cost effective to hammer you with the same spam using a hundred different subject lines because someday you might go crazy and decide you do need a larger penis (or that you have a penis to enlarge at all), which would give the poor guy a return on his investment.

Why 5 duplicates? Most of the real money in spam comes from selling your list of addresses, because that's the only thing a spammer has to sell. (It's the only thing he pays for besides the throwaway dialup accounts, cable modems, address harvesting software, and sex, and none of those has a comparable resale value.) A spammer typically runs around buying or stealing all the lists he can find from other spammers, so he can compile them into one big list and resell it to other spammers. He obviously can't be bothered to remove duplicates, because 1. that would require him to use his own computing resources, which is forbidden in the spam business, 2. the guy he bought his lists from didn't bother to remove the duplicates, so why should he remove them from the compiled list he's selling? and 3. when you remove duplicates the list gets shorter and commands a smaller price, so what's the motive in doing it anyway? To avoid pissing off the recipients? Ha, ha, ha, ha. A list of 1,000,000 email addresses in which each address is duplicated 5 times will sell just as easily as a list of 1,000,000 addresses with no duplicates. In fact the difference between "200,000 email addresses!" and "1,000,000 email addresses!" is usually four Control-Vs.

Or why would I answer if they use a completly misleading subject line so that it gets through my filters?

Why would you answer if they used a subject line that doesn't get through your filters?

Because...

[schon]

It seems to me that the answer to spam is whitelists. I find I get very little non-spam from people who aren't in my address book (you just have to be diligent about keeping your whitelist up to date).

If a whitelist is the solution, you don't understand the problem.

A whitelist is pretty much like "bolting the barn door after the horses have eaten your children." You're basically just closing your eyes and saying "I don't see it, so therefore it doesn't hurt me."

Spam has two problems, and the concept of a whitelist (or email client "spam filter") only covers one: the nuisance factor (it's a pain in the ass to wade through all this spam.)

The second, much worse, problem is that spam costs the recipient money. Bandwidth isn't free - it costs money.. even if you don't directly pay for bandwidth, your ISP does, so it costs them money, which they charge to you (even if you don't see it broken down in your monthly bill.)

Any client-based anti-spam "solution" (such as your whitelist) is ignoring this: the bandwidth has already been consumed by the spam, so it's already been spent. Rejecting the email AFTER it's been delivered to your server only means that you don't see it - it doesn't mean that you're not paying for it, and THAT is the biggest problem with spam - you're paying for something you don't want.

Re:There is one!

[bear_phillips]

Since I don't give out my email to anyone that shouldn't have it. No it is not "freely accessible and freely used by the public in general".

Re:Good - Make SPAM cost the spammer

[zbuffered]

SPAM is the equivalent of your TIVO recording infomercials for you. You can delete them if you want, but they still take up space, and you didn't ask for them.

Courts and Technical Solutions

[davburns]

Spam is a distributed problem, and will require a distributed solution. Courts, law-enforcement, education (social engineering), and technical measures will each chip away at the problem.

Source-based filtering work best when the sources are concentrated and not moving (like when Sanford Wallace was making most of the noise.) This still works a little, and is the premise that all the various RBLs and DNS-BLs are based upon. Content-based filtering works only when the content of the spam is either identical for a large number of victims over time (which is how razor works) or contains patterns that are very unlikely to appear in legitimate email. (Tools like spamassassin work well against these.) If these technical measures against (obvious) spams were effective and universially applied, it would cut down on the volume of spam, but the spammers would get more subtle, and start sending spam that is very hard to detect.

Since most spammers do it only once (but there are a lot of them) it would likely help to educate the public that the spamware-salesmen are essentially con-artists. If it were illegal to send spam, this would be a lot easier. Legal measures alone would likely be unenforcable, because of the sheer numbers of spammers, and the fact that its easier for them to get new accounts and other services than it is to track them down. If I my offer an analogy, this is like people burguling my house. I can stop most of them by putting locks on my front door. For those that are determined enough to defeat those locks, the police will will stop them by sending lots of men and women with guns and handcuffs. It also helps if parents and schools teach their children that it's not right to steal.

Re:Good - Make SPAM cost the spammer

[darkonc]

It would be spam if they managed to convince your TIVO to spuriously record them for you. ---

On the other hand, it's not spam if you willingly opted in to some 'free service for ads' scheme. Similarly, the ads on /. aren't spam because I willfully came to the site, and they just happen to be here (and well paid-for, one would hope).