Slashdot Mirror
NY AG Sues MonsterHut Over Marketing Spam
Ian Hill writes: "This BBC article tells how NY State Attorney Elliot Spitzer has sued marketing firm MonsterHut.com over "millions" of unsolicited e-mails. He claims MonsterHut.com falsely told its clients that e-mails sent on their behalf were sent to addresses who registered themselves as interested parties. Also at question is how exactly these addresses were collected." eviljim adds a link to a press release from New York's Attorney General and a reminder of how MonsterHut was disconnected from their ISP.
It is about time some of the cost associated w/spam got moved to the spammer. More of this can only be a good thing. If it gets too expensive, maybe it will slow down.
I do worry though about legal remedies just moving the problem to where the laws don't exist.
.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
Spitzer Says Company Sent More than 500 Million Unsolicited Messages to Consumers
Attorney General Eliot Spitzer today filed a lawsuit against a Niagara Falls-based "spammer" that sent hundreds of millions of emails to consumers whom it falsely claimed had requested the emails.
"Every day New Yorkers are being inundated with unsolicited commercial emails, or spam," Spitzer said. "Some of the spam is a vehicle for fraud, some of the spam is inherently fraudulent, and much of it constitutes a real annoyance for email user. This lawsuit is the next battle in our continuing fight against online fraud, and an attempt to help consumers maintain control of their email in-boxes."
MonsterHut, Inc., its Chief Executive Officer Todd Pelow and its Chief Technical Officer Gary Hartl, are accused of fraudulently advertising and representing the company's email marketing service as "permission based" or "opt-in," meaning that every consumer to whom they send commercial email has explicitly asked to receive it. In fact, the suit alleges, the company's email lists are only partly "opt-in," and include many consumers who never asked to receive email from the company. The suit also alleges that this false representation of MonsterHut's business practices enabled the company to profit through the deception its Internet access provider, its own paid advertisers, and consumers at large.
The suit alleges that since March 2001, MonsterHut has flooded consumers' email in-boxes with more than 500 million commercial emails, advertising a variety of goods and services. At the same time, negative consumer response to MonsterHut's spam has been overwhelming. More than 750,000 consumers have requested to be removed from MonsterHut's mailing lists, and tens of thousands have complained to MonsterHut's internet access provider, PaeTec Communications, Inc., of Rochester.
Earlier this month, PaeTec cut off MonsterHut from its network, after a New York appeals court held that MonsterHut had violated an anti-spamming provision in its contract with PaeTec. However, nothing in that decision prevented MonsterHut from spamming consumers through another internet service provider.
"We are seeking to prevent MonsterHut from continuing its fraudulent, deceptive and illegal practices, not just over PaeTec's network, but over any ISP in New York," Spitzer said.
The Attorney General is seeking a court order to:
- Enjoin MonsterHut, Pelow, and Hartl from falsely representing the nature of their unsolicited commercial email;
- Require MonsterHut, Pelow and Hartl to disclose how it obtained all the consumers' email addresses; and
- Require MonsterHut, Pelow and Hartl to pay civil penalties and court costs for its violations of New York's consumer protection laws.
This case is being handled by Assistant Attorney General Stephen Kline of Attorney General Spitzer's Internet BureauIt'd be really cool to see mandatory micropayments for UBE - I would be willing to accept the extra load on my mailservers if I know I was making a tenth of a penny per message.
:).
Hell, running an open relay would rapidly go from moronic to profitable
--
Phil
All the logic is there an the anti-junk-fax laws. It just needs to be applied to e-mail. This way it would be much easier to prosecute groups like monsterhut.
On a sidenote (with regard to the quest for the email address source), it's fairly common knowledge (enough so that Paetec mentioned it somewhere on litigation.paetec.net back when they were soliciting affidavits from spammed parties) that a number of the addresses used came from WHOIS records.
Monster Hut makes the best monsters. I love their personal pan monsters, and their deep-dish Chicago style monsters, also. Great for parties. The crispy thin-crust monsters are also good, if you like a nice New York style monster. A slice of their leftover monster also makes a great breakfast. I like to order a medium monster with pepperoni and peppers and olives. This is enough to feed me and my girlfriend (who also loves monster), plus leaves a little leftover for the next day.
Karma: Good (despite my invention of the Karma: sig)
...came to my attention last week when my wife signed up for text messaging for her cell phone. Her plan allows the first 100 messages each month free, with extras for an additional price after that. What happens if (when) that number gets on spam lists it can be sent in the form of an email, ie, cell-number@provider.com? At the rate I get spam in my inbox, surely she'll run over the 100 limit, and it WILL cost me money to receive spam. Surely there's cause for recourse at that point?
Wouldn't be too hard to take the ball and run with this one. Get on the message boards and put your number in your sig. Too bad I don't have the time or resources to do it.
The only thing stopping the AG's and other law enforcement is a lack of imagination, not a lack of laws. If spam is fraud, pursue it as fraud. If someone is violating copyright, go after the individual. How freaking hard is it?
"As God is my witness, I thought turkeys could fly." A. Carlson
I am "simply shocked" that a company would tell such lies to it's customers.
Thank God that we don't know of any other companies that would do something like that.
"It is a greater offense to steal men's labor, than their clothes"
Yes, kudos to Mr. Spitzer for finally doing something about spammers. His litigation may make some of the more egregious, mass spammers think twice before trying to force-feed our Inboxes with herbal viagara and penny stocks.
But here is the HOWEVER.
With technology regulation a) not particularly well defined on the books, and b) almost always implemented the *wrong* way (DCMA?), I have little doubt that many legitmate newsletters and mailing lists will get hit by Mr. Spitzer's shrapnel. There are plenty of Attorneys General out there who are not quite so intelligent as sheep (let alone, Mr. Spitzer), and will follow New York's example to the detriment of legitimate mailers.
Damn. Another message for teen sex in my Inbox. Heck, maybe it's worth it....
-FC
I am a New York State resident and I must say that Elliot Spitzer has been nothing short of wonderful when it comes to protecting the consumer.
.02
First it was unsoliticited phone calls (we were one of the first states to set up a no-call list). Now I recieve maybe 1 unsoliticited call every 2-3 months instead of 1 or 2 a day (and at dinner time.... arrrrgggg).
Then it was dissent on the microsoft case. In all likelyhood, New York State served as a keystone for the 9 dissident states.
Now we've got Spitzer battling the evil spam demons. My guess is that once again, Spitzer will come out on top.
Spitzer is a definately a defendant of consumer rights and privacy and has been unwavering in his cause.
my
The problem is fraud. (1) Spammers forge return-addresses and lie in their subjects to trick you. This makes it hard to weed out unwanted mail. (2) Practically all spam comes from fraudsters. Spam is so despised as a marketing tactic that it cannot be used (openly) regularly by legitimate businesses without them getting a lot of flak.
I hate spam. It drives me crazy. But I believe we will never fully get rid of it, because it makes money. And there may truly be compelling free speech reasons that keep us from banning it (I'm not decided on this point).
But I think three steps would take most of the pain out of spam for me.
- Spammers who are criminals (stock-pumpers, penis-mightiers) get arrested and deterred/reformed. The NY AG move is a much-needed start.
- Spam must be given a proper subject like "ADV:", and need a legitimate return address. Violators are subject to large fines and jail.
- Spammers need to pay for all their bounced mail. Not sure how to enforce this, but it would make me feel better.
Once these things are true, maybe spam will reach the same annoyance level as junk mail in real life: annoying, but not obscene.Spamhaus.org records about MonsterHut
It includes such gems as
MonsterHut's PR
and
Whine: MonsterHut Letter to Spam Clients
(scroll down - the header index is identical for these links, but the material below is different)
Definitely worth looking over, for a profile of a spammer.
Sig: What Happened To The Censorware Project (censorware.org)
What good is governement if they want to govern me? (pennywise)
If we want the government to stop trying to creake things like mandatory age checks before accessing adult material, then we need to stand up and tell them not to create spam laws either.
It is a problem that can be solved technically. We should strive to find better technical solutions instead of finding ways to sue them.
Hey, Coward, this is not a speech issue. It's a property rights issue. I don't get upset about junk mail in my postal mailbox; I don't have to pay for it. The sender pays the postage to have it delivered to me. I just carry it to my trash.
Spam, on the other hand, is often times paid for by the recipient. If you want to play First Amendment with me, I'll play Fifth Amendment with you:
Since you say that Spam is the sender's First Amendment right, it appears that delivery of said spam is "public use," and can't be paid for by the recipient because there's no just compensation. Spammers can't take my money (private property) to deliver your message (public use) without paying me (just compensation) in return for paying for your message's transmittal.
By the same token, you can't use the Freedom of the Press clause-- for the same reason. I can't be forced to pay (private property) for the publication (reception) of spam (public use) without paying me (just compensation).
If they want to pay me to receive their messages, that would be constitutional. As it stands, sending people unsolicited messages that they must pay for is not only not protected speech, but unconstitutional.
Read more about it
Okay, Niagra Falls is in NY so suing is cool, but 500 million emails to just New Yorkers? Of course if all of the 19 million people (last census) in New York state received an equal number of emails that would make about 25 per person which seems reasonable, but if we extrapolate that same rate to the 280 million in the US they sent about 7.5 billion emails from March last year to April when they were cut off. (Think about it, the extrapolation is reasonable) At a very conservative 1kB per html-email this makes about 7.5 terabytes of data they've sent in a little more than a year. Which makes about 20.5GB of email a day. That seems like a bit much to me.
This is all mental math, so please correct me if you've got the time.
If the recent internet Libel case goes to verdict, it may impact the power of current anti-spam laws as well. If it turns out that people can be sued for libel in the jurisdiction where internet content is being viewed, it then follows that spammers can be sued for breakage of anti-spam laws in the jurisdiction where the spam is recieved. Only time will tell how this will paly out but there is a silver lining to everythnig, if you look hard enough.
--CTH
--Got Lists? | Top 95 Star Wars Line
Amen.
I'll see your Fifth Amendment response, and, I'll raise you a Supreme Court ruling.
A man's home - and his email box - is his castle. Any spammer invoking the First Amendment is full of it.
Attorney General Spitzer, YOU ROCK.
I have a Deutsche Telekom cell phone for business trips (it was VERY cheap), and you pay $.16 or so all over Germany for calls you make, and $.05 or so per SMS you send (if I recall correctly, I may be off somewhat); NO charge for incoming anything from anywhere. It is, IMHO, a MUCH better setup than in the US, where I pay for incoming.
"My strength is as the strength of ten men, for I am wired to the eyeballs on espresso."
No, this current approach is a losing battle. What we must have is transparency. The Spammer cannot be allowed to use fake email addresses. I have complained about commercial emails with fake addressee, and the providers refuse to do anything. There must be an opt-out link or email address that is in the same domain as the from and return address. These address must be in the owner domain, and not Yahoo, Hotmail, or whatever free service they use for one time addresses. The subject line must clearly identify the company being advertised. If the email is to a website, the website must have an email link, and, if it is a DBA, must have a link to the corporation or person.
These guidelines will create a proper and honorable two-way communication. There are companies like (I think) Virtual Holdings that cowardly hide behind fake addresses and do not even put a real address on their domain registration. They keep their costs down by hiding behind fraudulent websites that do not have a single method of communicating with the owner. It is the highest form of arrogance that they think they have the right to spam us, but we don't have the right to spam them.
I know it has been said before, but let me say it again. Get a free email account. When you get a spam, especially with a fake email, look up the registration for the websites advertised. Look up the registration for the DNS providers. Send an email to every address you can find stated how cowardly and dishonorable using fake email addresses is. Let them know we know they are vermin. You do not even have to include your own information, as you are complaining about bad netiquette, not Spam.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
I'll call your ruling:
Ownership does not always mean absolute dominion. The more an owner, for his advantage, opens up his property for use by the public in general, the more do his rights become circumscribed by the statutory and constitutional rights of those who use it.
Not that I think that spam is good, rather the argument that "My mail server is mine, thus spam is illegal" does not follow.
- Justice Black, U.S. Supreme Court, Marsh v. State of Ala., 326 U.S. 501 (1946)
I'm the best IRC client ever.
Seriously, why do they think that if they keep sending me five copys of the same email EVERYDAY, eventually I will answer?
If you didn't reply the first 100 times, maybe you'll reply on the 101st. Remember, a spammer might have paid good money ($0.000001) for your email address and when you don't reply he's forced to eat the loss, damn it. And when you're running a prestigious nonaccredited university, every microdollar counts. So it's quite cost effective to hammer you with the same spam using a hundred different subject lines because someday you might go crazy and decide you do need a larger penis (or that you have a penis to enlarge at all), which would give the poor guy a return on his investment.
Why 5 duplicates? Most of the real money in spam comes from selling your list of addresses, because that's the only thing a spammer has to sell. (It's the only thing he pays for besides the throwaway dialup accounts, cable modems, address harvesting software, and sex, and none of those has a comparable resale value.) A spammer typically runs around buying or stealing all the lists he can find from other spammers, so he can compile them into one big list and resell it to other spammers. He obviously can't be bothered to remove duplicates, because 1. that would require him to use his own computing resources, which is forbidden in the spam business, 2. the guy he bought his lists from didn't bother to remove the duplicates, so why should he remove them from the compiled list he's selling? and 3. when you remove duplicates the list gets shorter and commands a smaller price, so what's the motive in doing it anyway? To avoid pissing off the recipients? Ha, ha, ha, ha. A list of 1,000,000 email addresses in which each address is duplicated 5 times will sell just as easily as a list of 1,000,000 addresses with no duplicates. In fact the difference between "200,000 email addresses!" and "1,000,000 email addresses!" is usually four Control-Vs.
Or why would I answer if they use a completly misleading subject line so that it gets through my filters?
Why would you answer if they used a subject line that doesn't get through your filters?
You don't think that allowing anyone to mail you is making your mailbox "freely accessible and freely used by the public in general?"
Please, leave my infrastructure intact. I'd rather that I get the mail and filter it than have random messages dropped because I couldn't let the public at large email me.
I'm the best IRC client ever.
Let me see if I can boil all this down to something smaller:
You have the right to speak; you don't have the right to force people to listen.
Spam wastes my time. If I pay by bandwidth, it wastes my money. At the very least, I have the right to refuse it; at best, I have the right to restitution for damages.
Get off my launchpad!
In the US, your mailbox doesn't actually belong to you - it belongs to the US Post Office. They allow you to take mail out of it.
I don't like junk mail, but someone's paying the US Post Office to deliver the snail junkmail to mailboxes which are the US Post Office's property. (To be absolutely technical - I think it's something like "you may purchase and own the physical container on the fencepost near the driveway, but the USPS still owns the space within it.")
> (in addition, materials garbage bags, etc.) What about electricity used to power the doorbell when a solicitor comes?
OK, fair enough :)
The (non-property-rights) issue with spam is the one of scale -- junk mail costs money for the sender to deliver. Door-to-door solicitors are throttled by the time/effort that it takes to walk from door to door. Even telemarketers are rate-limited by the number of drones they can have behind the predictive dialers. (Which is we've passed laws to try and combat the use of prerecorded telephone messages. But even these are rate-limited by the time it takes the recording to play back into the victim's voicemail.)
Spam, regrettably, has no such bottleneck. Even if you don't agree that it's theft of the recipient's mailbox, most of it comes through open proxies and open relays -- which clearly qualifies as stealing service from the victimized hosts.
Whether they're stealing very small amounts from millions of victims (the recipients) or larger amounts from a few victims (the bandwidth stolen from unauthorized abuse of intermediate open relays and open proxies) - spammers are thieves.
Paetec made the mistake of agreeing to contract terms that specified that if 2% (I think that was the figure) of the addresses were found to be non-opt-in, that this would be an acceptable margin of error. Presumably MonsterHut would have removed them from the list if asked. Even in the worst case of assuming that every complaint was one of those non-opt-in addresses, the complaints would have had to reach the level of 2% for Paetec to disconnect them under terms of the contact. It's that contact that allowed MonsterHut to get the injunction. MonsterHut didn't need to say that 100% were opt-in ... it only needed to say that 98% were opt-in, and Paetec didn't have enough numbers to prove that more than 2% were genuinely non-opt-in, at least not initially.
Paetec made some legal blunders. The rest of us can learn from their mistakes. I'll give Paetec the benefit of the doubt for being fooled in this case. A future company will not get that from me.
One step an ISP can do (if they didn't stupidly sign away any rights to do this) is to put the spammer on static IP and set up reverse DNS to name them with the spammer's domain name. Then I can block the spammer without blocking the ISP, regardless of the stupidity of the ISP's lawyers. And this is my common practice ... I block just the spammer if they are in reverse DNS identified static addresses. And I block them by their domain name, so if they move, even to another ISP, they are still blocked. They have to change domain name to evade this (and I'm sure many have).
Also, I do all my anti-spam blocking at the server during the SMTP session. I don't want their spam in my servers, and I don't want rejection notices to sit undelivered for days, either. By stopping spam before the mail is delivered, it doesn't get queued and the sending server has to deal with the rejection (but there is still a rejection in the cases of legitimate mail getting caught so the sender at least knows something happened, and can look for a way around).
now we need to go OSS in diesel cars