Slashdot Mirror
WA Wins First Case Against Deceptive Spammer
GPFCharlie writes "The Seattle Post-Intelligencer is running this article about the first victory by a US state against a spammer. Apparently the judge ruled that a civil trial was not even necessary, since the state had already proven their case. The law was upheld by the WA Supreme Court and an appeal was turned down by the US Supreme Court. Next phase: penalties. How about 5 million hand-written apology letters?"
...being put on your apology letter mailing list!
- Peter
"Right now it's a bunch of states making their own laws about how people in other states can do business," Crandall, his attorney, said. "It's a profoundly interesting case about whether the government can regulate business on the Internet, or at least regulate equally."
No, it's Washington state saying how you have to do business in Washington state. It's not like they don't already do this, in every other area of business. If you want to sell something in Washington state, you have to abide by their laws. This isn't new. If you don't like their laws, don't sell there.
And I don't think you're going to get much sympathy by whining "but how do I know what state you're in, if I'm indiscriminately spamming you"? ;)
The Debian "advertising" policy is listed below:
"This policy is intended to fight mailing-list "spamming". "
"The Debian mailing lists accept commercial advertising for payment. The fee for advertisments is a donation of USD 1000 or more to "Software in the Public Interest" (SPI). One donation per advertisement, please. If you prefer to pay in arrears, simply post your advertisement to the list, and the list operator will bill you USD 1999. The list operator will donate this amount, minus the expense of collecting it, to SPI. Please note that the lists are distributed automatically -- messages are generally not read or checked in any way before they are distributed. "
"The act of posting an advertisement indicates your willingness to
accept responsibility for the fee,
indemnify the list operator against any legal claims from you or others in connection with your advertisement, and
pay any legal and business expenses incurred in collecting late payment.
Our liability to you is limited to a good-faith effort to deliver your message. "
"Reduced rates and/or waiver of fee are available for Debian-related advertisements. You must consult the list operator in advance of posting for any reduction or fee waiver. "
I could not find confirmation, but I have heard that Debian was once able to collect a useful server as the only asset that a spammer had to pay under the terms of this policy.
...5 million hand-delivered cans of SPAM?
I think society should be run on purely utilitarian grounds. In other words, we should run the state, and by extension our society, by the principle of what gives the greatest good to the greatest number. This allows us to throw out Judaeo-Christian notions of morality entirely, to be replaced by an inherently scientific notion of justice. We simply give the highest punishments for those crimes that cause the greatest unhappiness.
Under this simple and fair scheme the death penalty would be used less on murderers, rapists etc (who, really, only cause harm to one or two people at a time) but would be used a lot on spammers (who cause a small amount of unhappiness to many millions of people). By simply adding the small amounts of happiness caused to these millions up, we see that the *total* amount of unhappiness caused by spammers is far greater than that caused by the typical murder, rapist or arsonist.
This would allow us to institute the death penalty for spammers and put an end to this terrible scourge. Next time I see an email urging me to visit animalporn.com, I want the full recourse of the law to hunt down these terrible spreaders of unhappiness, the biggest scourge of our times, and electrocute them to death in a chair in Nebraska.
It is just and it is right, Utilitarianism points the way forward.
"I'm sorry. If you can find it in your heart to forgive me, send one dollar to Sorry Dude, 742 Evergreen Terrace, Springfield. You have the power."
Who the fuck is the State of WA to determine what the hold times are. Bah.
The difference between that and this spam case is simple.
The spammer is sending an email to you, in WA. With a call center, someone in WA is chosing to phone the call center in another state.
I would agree with you about the call center (though if the call is tech support for something sold in a WA store, I suppose you could argue that it is part of the sale ...)
A troll (or I sure as hell hope you are), but I'll bite.
I hate spam as much you do, however, I would cheerfully delete an email about penis enlargement if it meant, somewhere, a rape victim received the justice that they deserve. If you're not a troll, you really should read up on debate and logically constucting an arguement. Statements such as this tend to scuttle your point before you even complete it.
Entrepreneur : (noun), French for "unemployed"
Spam stopped being a problem for me and all my clients after we setup a SpamAssassin mail server - even if you run Outlook on Windows, you can still run the local version:
A Spam Filter that Works. Problem Solved.
Answer: the spammer. He causes small amounts of unhappiness to VAST numbers of people.
If the Spammer causes 100 rapists worth of total unhappiness, who should recieve the greater punishment? Why the spammer should, of course.
It is people with attitudes like yours, holding to some spurious "moral standard" that depends on belief that allow a culture of unhappiness to prevail. let us attack those who cause unhappiness and society will improve and become a better place to live. Who knows, by applying these zero tolerance policies on spammers the greatly increased happiness in society in general may reduce the numbers of desperate rapists. Everything is connected. and we should act on what works best, you know?
"The law, which does not ban all unsolicited commercial e-mail, makes it illegal to send an e-mail to people in Washington that contains deceptive subject lines, uses a bogus return address or uses a third party's domain name without permission."
deceptive subject lines? Don't try and tell me there isn't room for lawyers to abuse that.
There is room for lawyers (and their clients) to abuse anything. But most of the time, the legal system actually operates in a fairly sensible, equitable manner (recent copyright matters excepted ...).
It would have to be found actionably deceptive in a courtroom, not just on Slashdot or something. I'm trying to think of a "legitimate" need for actionably deceptive subject lines in email ...
Subject: Re: your Bible order ...)
Body: (an HTML porn email
Yeah, what an "abuse" to ban this practice ...
However, the subtle application of inverse Utilitarianism shows that arbitrarily locking pople up will in fact cause greater unhappiness due to general insecurities, so I imagine rights would be much the same.
Nonetheless, I think my point about spammers stands. They are a great evil, far worse than murderers etc purely in terms of unhappiness caused.
Is removing barriers to commerce a good thing? If so, why is spam "bad," since it is enabling commerce?
For murder, why is it that WTC caused so much panic, whereas traffic accidents, personal handguns, and AIDS cause nary a stir? The number of people who died in WTC was (for the sake of argument) 3,000. The number of people who died of in auto wrecks (41,730 for 2001) caused nary a stir, yet much more "harm."
By your reasoning, we need to forget this 9/11, "we'll never forget," patriotism, and Saddam and concentrate on increasing auto safety...
Yeah, right.
Every single time there's an article about spam we get the same old "I use spamassasin, so I'm alright Jack". Don't you see you're just hiding the problem.
You're actually doing the scum a favour by running spam blocking software - your users are oblivious to the problem and the spammer's ISP recieves less complaints. It's like just closing the curtains when some scumbag is throwing eggs at your windows - it won't go away until you actively DO SOMETHING ABOUT IT!
And YES I do...
Code, Hardware, stuff like that.
Please, think carefully before invoking Big Brother to solve your problems! As convenient as it sounds, regulation of e-mail provides yet another disturbing precendent for government control of private communication. Our founding fathers viewed governments as a last resort for problems that cannot be solved locally.
Think about it. Defining "spam" is about as easy as defining "offensive" content. Subjective decisions about which e-mail messages are deemed worthy to be delivered should NOT be made by politicians.
There are very obvious technical solutions to the spam problem involving digital signatures. Consider the icon at the bottom of your browser, which informs you that an online merchant is "trustworthy" (i.e. their identity has been independently verified). It's not hard to see how this concept of "transitive trust" could be extended to e-mail, while preserving relative anonymity.
Basically, various groups would establish public-key databases containing validated e-mail signatures, and databases could transitively incorporate other databases, similar to DNS. (Most likely, keys would be issued to servers rather than to individuals.) Mail servers could then be configured to reject any e-mail which is not signed with a recognized key. A user could report spam to the approriate *local* group, and they could respond by reprimanding the sender or revoking the key. The definition of "offensive" would then be relative to a particular group's interests. A similar scheme could be used for content regulation on web sites, etc. etc.
E-mail has been LONG overdue for incorporation of basic technologies like PGP. This is partly because of the perceived cost of implementation, but mainly because of apathy on the part of sysadmins. So, if you sysadmins are finally ready to take action, please do something more proactive than simply deferring to Uncle Sam or some other imperial authority.
Sending e-mail should not be a crime!
Receiving e-mail should be optional!
-Gonz
The anti-SPAM laws, and the junk fax laws are putting restrictions of form of delivery without restricting the message. Otherwise, the police cannot stop graffitti on buildings because that is restricting free speech. Am I allow to break into your house to take a message to a bathroom window?
Fight Spammers!
Is no one else bothered by this new US legal fashion of conviction without trial?
Why the hell would people who get spammed want money that should go to them to go to some open source project? Maybe even ending up lining ESRs pockets?
The money should go to people who have been harmed, namely, the people who have been spammed.
autopr0n is like, down and stuff.
Why the hell should the money go to them? Judging from the article, this has absolutely nothing to do with the "Open Source movement".
If you want to the state to fund Open Source, for whatever reason, then just like any other special interest group with a pet political agenda you should go talk to your politicians and ask for a law, and be prepared to say why. Or, in states with binding referendums, a public referendum.
Only the dead have seen the end of war.
IMHO a lot of spam does fall under the category of "free Speech"
Your opinion is just wrong.
Spam has NOTHING to do with free speech, any more than any other type of harrassment.
Free speech is the right to say whatever you want.
Free speech is NOT the right to force people to listen to you, nor is it the right to force people to PAY to listen to you.
Spam is harrassment.
Spam theft of service.
Spam is NOT speech.
In the near future, we'll probably have two major verdicts against spammers. Then, once the legal machinery has been debugged, anti-spam suits will go into volume production, as the plantiff's bar (the "ambulance chasers" of the legal field) get into the business. Finally, we'll see bus posters: "Got spam? Call us to sue and win!"
No. There's a whole body of law on what constitutes deceptive marketing. Mere puffery, for instance, is not.
Guaranteeing $10K a week for working from one's home selling brochures that talk about making money for selling brochures, however, generally is. So are the herbal viagra scams, 419s, pamphlets on "clearing" your credit history by fraudulently creating a new identity, et al.
Only the dead have seen the end of war.
I can see the apology letter now...
I miss the Karma Whores.
What if you do business via the mail with companies in Washington State? You may be operating out of Oregon, but you're still selling to Washington companies.
How about the anti-fax spam laws that are in place -- are those federal only, or do the laws of the state that you're faxing to apply to you as well?
May we never see th
I've sued nearly 20 spammers in WA Small Claims Court this year. To date I've won every case, or settled out of court. It's good to see this win at the higher court level, but it's not really news to me.
Almost every spammer violates the law (RCW 19.190) because even if the return address is valid (e.g. optin@spammers.com) they are always forged return addresses because the actual mail comes from Korea or China or a dialup somewhere.
Having said that, I do sometimes get spam from more 'legitimate' spammers (i.e. ones who actually have a website, usually mentioning keywords like CRM and direct advertising). They send mail with their own domain name, and they send it from their own servers. It's probably less than 1% of the total right now. Those emails don't fall under RCW 19.190.
I rarely go after the actual spammers but instead the companies that hire them. The spammers themselves are service and/or judgment proof, whereas the companies that hire them are usually real companies registered to do business somewhere. Having said that, you would be surprised how many companies that spam go out of business shortly thereafter. It appears to be an act of desperation for many.
I've collected over $5000 in settlements and I have $7000 in judgments outstanding. If they don't pay up, I sic Dun and Bradstreet debt collection on them so at least their D&B credit record will be ruined for all time (an unpaid court judgment is considered a Very Bad Thing on a businesses credit record). Total cost to me per case is less than $50 usually, so I can afford the unpaid judgments.
I understand the free speech arguments, but RCW 19.190 is pretty specific. First, it must be unsolicited commercial email. Secondly, they must have a misleading subject or forge the addresses. I have got spam pitches from religious types and politicians, but neither falls under RCW 19.190. And thirdly, there is a registry for WA resident to enter their addresses (http://registry.waisp.org). If the spammers are really honest, they could listwash us all from their lists. Of course, they never do this because they are always buying the latest and greatest CD full of email addresses.
It's the old rule of Garbage In Garbage Out. If you collect 20 million email addresses at random, don't complain to me about how hard it is to check them!
I'm dubious as to whether spam is "free speech", but if it is, you should have the right to anonymous free speech.
The original point of our free speech rights were to allow us to have free political speech -- to spread political dissent if it became necessary. The right to have that speech be anonymous is crucial to prevent governments reprisals toward the authors.
Our definition of free speech is now far, far more broad than our founding fathers intended. That isn't necessarily a bad thing, but we also need to know where the limits are -- is spam free speech?
What about political campaign spam? AFAIK, faxing political compaing spam isn't legal...
May we never see th
There are an increasing number of 'victories' in the war on spam by government ; but overall the number of Spam sent is increasing.
While the government can fight blatent abuse of a person or companies communication rights ; they have not (and I believe they can not) come up with legislation that actually makes spam illegal while allowing all legitimate communications to be made unhindered.
The solution to Spam and the new 'free marketing' medium of the Internet really is to use an Authentication system for all communications that are prone to abuse ; and that would work for telephones as well.
What we need is an Authentication System in the email protocol itself, and that is what my company - SolidBlue is working on over the next year or so. Interested researchers can email us and we'll see if we can get an RFC group started.
Ace
Although this is certainly welcome news, it shouldn't be interpreted to mean that spam will dry up in the near future.
/var/log/maillog, and my mailbox, my filters block about 95% of the crap that's flung my way.
Read the story. It took four years to get this far. At four-five years a pop per spammer, how long would you care it'll take to go after all of 'em?
I still believe that the real solution is a combination of technical and social approaches, with litigation being used only for the worst offenders, like Heckel. It's been my experience that carefully-tuned mail filters are very succesful in blocking between 60-75% of the junk. If you don't mind an occasional false positive, you can get even better than that. Adding up what I find in
What's left over can be kept in check by agressively going after the network providers who are providing Internet connectivity to these spamming parasites. That's the social approach. If you've been complaining to large networks you've probably figured out for yourself that many large networks consider spam complaints to be nothing other than requests to shut down a paying customer. A paying customer who often generated lucrative "bulk-friendly" hosting fees.
Agressive spam blacklists, like SPEWS have actually gotten some pretty good results in forcing these rogue networks to get their shit together, by massively blacklisting large portions of spam-hosting networks until such time that they decide to get rid of their spamming vermin. I think that the spam problem will finally get handled when more and more people will accept the notion that sometimes it is necessary to temporarily throw the baby out with the bathwater, and blackball an entire network until they no longer refuse to do anything about their spamming abusers.
Subject: Re: your Bible order Body: (an HTML porn email ...)
Hmmm...that might not be deceptive if they were trying to sell you an abridged version of the Old Testament (only the smutty parts) illustrated with full-color photo speads by re-enactors.
If a job's not worth doing, it's not worth doing right.
Please, think carefully before invoking Big Brother to solve your problems!
Using the term "Big Brother" (from Orwell's 1984) is simply inflammatory. From now on, please use "the government" when referring to the government.
Sending e-mail should not be a crime!
So where does all of this end? If they can steal my bandwidth, time, and storage with spam, what's next? Should we repeal the junk fax law so that they can steal my expensive thermal paper, too? Should we take restrictions off of telemarketers so that they can call me collect and mis-identify themselves? Why not just let businesses advertise by throwing a brick through my window with a flyer attached ("Window broken? Call A&A Glass for a free repair estimate..."). While we are at it, maybe the USPS should deliver anonymous-sender advertising at no cost and just force me to pay the postage on delivery -- since that's analogous to what happens with spam.
Commercial speech does not (and should not) enjoy the same level of protection as non-commercial speech. In Central Hudson Gas & Electric v Public Service Commission the Supreme Court announced a test for evaluating commercial speech regulations that would be used in many subsequent cases. The Central Hudson test recognizes the constitutionality of regulations restricting advertising that concerns an illegal product or service, or which is deceptive. For all other restrictions on commercial speech, the Court's test requires that the government show that the regulation directly advances an important interest and is no more restrictive of speech than necessary.
Preventing the theft of millions of dollars from U.S. citizens and businesses represents an important interest and making e-mail advertisers use opt-in, correctly identify themselves, and provide automated systems for address removal is no more restrictive than necessary. When a sender falsifies e-mail header information and provides a forged from:/reply-to: address, that's deceptive and passes the aforementioned Central Hudson test as speech which can be constitutionally regulated.
And them cut his/her hands off, just to be on the safe side that he/she will never send Spam again. :)
One of the 5 suspected terrorists arrested in Buffalo was a telemarketer.
This seems a lot like what we all complain about when it deal with other sorts of laws -- "but you can't do that, what he did was legal in Russia!"
What if a U.S. state passes a law regulating what sort of material it is permissible to transmit to their citizens. Assuming the law were not struck down as unconstitutional, should everyone in the U.S. now have to follow this state law, to make sure that they don't accidentally transmit banned material to residents of that state (for example, by placing it on a website where a resident of that state could access it)? This would end up with the result that everyone must follow the union of all state laws (thus the most restrictive in each category). Which is already happening with spam laws, which I don't see as a good precedent.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
These guys have built a really clean implementation of a peer-driven (as opposed to true P2P) spam filter. You install their MS Outlook extension on your desktop machine, and it filters incoming messages against a list of spam signatures reported by other Cloudmark users. You then have the opportunity to report any spam that makes it through the filter, which in turn reduces the probability that other users will be subjected to that particular spam message.
They are running an open beta test at the moment. I've only used it for a few days, but it seems like a definite win. It's been flagging around 75% of the spam I've received since I installed the beta, with zero false positives so far.
Not affiliated with Cloudmark, just a (so far) satisfied user...
Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
Well, Springfield is a 2000 mile drive from Arlen, Texas [5F03], and it is one of the 11 states in which George H W Bush claims residence [3F09]. I am not aware of any other clues that determine their whereabouts.
Wouldn't it depend on what you consider deceptive?
No, it would depend on what the law classifies as deceptive. If there is ambiguity there, it would depend on what a judge, jury, or both considers deceptive. Doesn't matter what you and I think about it, unless we're on the jury, or voting single issue in WA.
That does make sense, though, now that I think about it, isn't there an oil field just outside of Springfield? That would certainly limit the areas in which Springfield could be located.
This is true, and actually the precedent was already set in the Amateur Action BBS case nearly a decade ago, when BBS owners in California were jailed for three years for violating obscenity laws in Tennessee after a Memphis-based postal inspector downloaded images over a modem connection.
"How about 5 million hand-written apology letters?" ;)
Wouldn't this count as more Spam?
"Wireless : LAN
I suppose you haven't given much thought to the practicality behind this. Others have.
First off, spam typically comes with a spoofed email address. If you try mailbombing that email, you will probably only be overloading some poor uninvolved ISP's mail server.
Secondly, you might think of DoS/DDoSing the originating IP of that email. Blow the spammer off the net before he can get more emails out. Lately, however, spammers have been spoofing message headers, mostly to avoid filters; but this also makes automatic originating IP determination problematic. Trust me, you don't want your auto-1337-DDoS engine bombarding an IP that turns out to be whitehouse.gov.
Third, an attack on the sites the spammer is advertising is potentially practical. You wouldn't want to do this through an automated system, though. AFter the trick's been used for a while, I would expect spammers to add hidden incorrect phone numbers and URLs in a way designed to be picked up by automated systems. Again, hammering http://www.navy.mil might not be the brightest thing to do.
How about 5 million hand-written apology letters?
Hello Mr. Donkey.
This letter is not junk mail! You have received this because you have chosen to opt-in to receive special apologizes from this company.
We sincerly apologize for sending you unsolicited e-mails informing you of exciting offers for new companies.
By receiving this apology letter, you have been selected by our database to receive an unlimited amount of incredible offers by direct mail from super-value-offers direct.
To discontinue receiving these apology letters, please point your browser to 192.168.0.4/unsubscribe
The Internet is generally stupid
Until everything is right in the world of Internet email again, I will just continue to use Spam Assassin I am using it on my own mailing lists and myself here at home via procmail, and we just launched it into production at work using milter on our main external SMTP servers. The nice thing is, we don't delete the stuff, we just make it easier for our users to filter it themselves. No real legal issues that way.
...if you can't run the SERVER:
SpamAssassin PRO for Windows Users
Almost.
That company then sells your email address to 10 other spam companies. And most of the time they don't remove you from their list. A common trick I've noticed is that you won't get anything from them for a few months, then it'll start back again. It's pretty obvious when you see a very unique opt-out page a few times in a year.
Out of interest, how much of your time does it take?
My spam problem is unique. I opted into spam (free trial of an online game) but I gave them a forwarding address. Now I don't want the email anymore.
:)
The only way to (easily) unsubscribe is to reply to the email. However, since when I reply it's with a different email address than the one the email is sent to, it doesn't unsubscribe me.
Maybe I should forge the header when I reply
Robots are everywhere, and they eat old people's medicine for fuel.
As SPAM is advertising, wouldn't invalid return addresses and bogus subjects fall under deception...
What's your point?
Scot Wilcoxon
$5K sounds like a lot, but I'd say you've earned it. Thing is, you live in a state with strong anti-spam laws. Before we can follow your lead, most of us are going to have to campaign to get similar laws enacted in our own states. In CA, where I live, that probably would mean a ballot initiative -- I can't see the legislature flouting the direct marketing industry. And getting an initiative on the ballot is expensive.