Slashdot Mirror

← Back to Stories (view on slashdot.org)

Suing Spammers: What works?

Posted by Hemos on from the how-to-make-it-work dept.

jdedman4 writes "According to Junkbusters, various civil lawsuits against Spammers have used a number of theories, including the analogizing of junk email to junk faxes. As there have been a number of "IANAL, but . . ." discussions of late, I was curious as to which legal theories, if any, you all thought might work against spammers. Does the fact that a spammer deluges us all with automated commercial email subject him and his enterprise to personal jurisdiction in the courts of the fifty states? What torts do the spammers commit (intentional affliction of emotional distress, invasion of privacy, false light, nuisance, et cetera?) Might an unfair trade practices lawsuit be brought? Is state or federal law a better weapon? Why haven't the legislatures been more active in this area? It seems like this is a pure public relations winner for a media-conscious political figure - everyone hates spammers. If this is such a widespread and pernicious menace(which of course it is), why hasn't some enterprising young plaintiff's attorney filed a class action suit? Is it that the spammers are essentially judgment proof, or that they are difficult to find, or all of the law is analagous but not directly helpful?"

29 comments

  1. Perhaps... by Anonymous Coward · · Score: 2, Interesting

    Most spammers are probably overseas in countries where they cannot be sued.

    Of course IAJAIAC. (I Am Just Another Ignorant AC.

    First post?

    1. Re:Perhaps... by fishnuts · · Score: 2, Informative

      On the contrary. From the analyses I've read in news.admin.net-abuse.email, and my own observations, it seems at least half the major spammers - the ones with easily recognized patterns, styles, and quirks - are based in the US, but use foreign resources for their campaigns. 90% of the spam I'm getting now is originating from foreign open proxy servers, mostly in APNIC and RIPE ip space, which shows that spammers are now getting more cunning about covering their email tracks. They're also using foreign "free webhosting" services for their web content, but as you go through it all, it's evident that a lot of them are American, by their vocabulary, their pitches, addresses (er, PO boxes) and phone/fax numbers, etc.

      Such practices of using open proxies and free anonymous web hosting may be advocated by the free-speech party, but I don't feel it's free speech anymore when the sole purpose of hiding their identity is to avoid punishment for NON-free-speech related crimes, as well as having a purely commercial, rather than political or editorial, purpose.

      Luckily, all this effort goes to prove that they KNOW what they're doing is wrong, and jumping through hoops to avoid being caught. It makes it that much easier to prosecute them once they're identified and caught. Unfortunately, finding them is the hard part.

      In the meantime, the best we can do is help the government in THEIR fight against spam and scams, by forwarding all your spam - WITH HEADERS - to utc@ftc.gov
      They've found and prosecuted several high-profile scammers and originators of pyramid schemes, and they notify the SEC about stock price manipulation schemes done in large spam campaigns.

  2. Theft of Services by routerwhore · · Score: 4, Insightful

    Outright theft has always been my favorite course of thought. They are stealing my bandwidth, my cpu cycles, my disk space. Not a big deal for one message, but when it comprises 30% of mail traffic, then that means my operating expense is 30% hire. This is real money they are stealing from me. If they paid me, or anyone (post office) to accept it, fine, thats different. The main reason spam needs to be made illegal is because it is outright theft.

    1. Re:Theft of Services by pete-classic · · Score: 2
      my operating expense is 30% hire.


      I thought they're would be alot of web sights about how much hire expenses are out their, but there nowhere too be found.

      Weird.

      -Peter
    2. Re:Theft of Services by Anonymous Coward · · Score: 0

      HAH. I think you misspelled "wood", peter!

      p.s. My company would be in world of hurt if it cost us 30% to hire people. How does he do it?

    3. Re:Theft of Services by jdedman4 · · Score: 3, Informative
      Outright theft has always been my favorite course of thought.

      I wonder if there is any precedent for that? Courts usually have a tough time making such a leap from penal statutes which don't directly address a specific electronic infraction. Remember, too, that we would be dealing with 51 sets of criminal theft statutes, as well. Take Texas, for example. Compare statutory theft to statutory theft of services. Now, I think we all know that when these statutes were drafted that the authors did not envision spam as it didn't exist at the time of the drafting. There's just no way. The defense attorney would be able to convincingly argue that legislators did not envision these types of offenses and thus they are not covered under the statute. That is why this enterprise is so perilous when we attempt to argue by analogy (i.e. pursuing spammers under junk fax laws) or couch electronic offenses into the statutory language of pre-Internet penal statutes.

      Remember, that some courts are still struggling with initial hurdles of authentication and admissibility [PDF] of electronic email and web data. My favorite such quip from a federal judge (from my own state of Texas):

      "While some look to the Internet as an innovative vehicle for communication, the Court continues to warily and wearily view it largely as one large catalyst for rumor, innuendo, and misinformation.... Anyone can put anything on the Internet. No web-site is monitored for accuracy and nothing contained therein is under oath or even subject to independent verification absent underlying documentation. Moreover, the Court holds no illusions that hackers can adulterate the content on any web-site from any location at any time. For these reasons, any evidence procured off the Internet is adequate for almost nothing, even under the most liberal interpretations of the hearsay exception rules found in FED. R. EVID. 807". See St. Clair v. Johnny's Oyster & Shrimp, Inc., 76 F.Supp.2d 773, 774-75 (S.D. Tex. 1999)
      The PDF link is to an article I wrote earlier this year on that very subject. See also the Siddiqqui case for the application of the rules of evidence to e-mail. The point: How can such a jurist be convinced to apply pre-digital laws to spammers? That is the question.

      jd

  3. Any Australians out there? by judd · · Score: 2
    Got one today with an actual address and phone number in it. This crowd:



    The Maverick Partnership
    A division of The Which Company Pty Ltd
    ABN: 90 091 728 620
    Postal: P.O. Box 159, Northbridge W.A. 6865
    Phone: +618 6210 1348 Fax: +618 6210 1445


    are advertising some book or other.


    Any Aussie state or federal laws worth mentioning when I ring them?

    1. Re:Any Australians out there? by Keith+Owens · · Score: 1

      This is a notorious Australian spammer, they are even suing people who complain about them. Don't bother complaining to the company, complain to the ISP that they are using. So far this spammer has been thrown off uu.net, iprimus.net.au and a couple of .es ISPs.

  4. Spam is also used to attack people by FireWhenRady · · Score: 3, Interesting
    I recently suffered from a spammers "joejob" where a spammer used my email address as a reply address for a spam.

    This meant that I received all the bounces, irate messages etc. to the tune of over 7000 bounces in the last week and a half. From the email headers of the bounced messages, I was able to trace the sender to Miami Florida using Ameritech ADSL, but that provides little proof.

    My real anger is over the people running open relays that aided and abetted this attack. Spam is not just junk email so they are not innocent bystanders. They are similar to someone who helps a bank robber escape from a crime scene. In this case it prevented me from receiving email for several days (my incoming mailbox was full) and created an immense amount of work sorting the bounces out from legitimate traffic (bounces for messages I wanted to know about).

    Has there been any precedent for suing owners of open relays or providers of abusive users?

    1. Re:Spam is also used to attack people by Anonymous Coward · · Score: 0

      I have had this same exact problem a few months ago. I tracked the spam to some relay in China of all places (Good old Asian spammers). I e-mailed the first administrative e-mail address I could track down throught whois records, but I doubt that the Chi-Coms really care a bit, or can even read Engrish.

    2. Re:Spam is also used to attack people by jdedman4 · · Score: 2, Interesting
      I recently suffered from a spammers "joejob" where a spammer used my email address as a reply address for a spam.

      This, I think, is the actionable. I wonder why some enterprising young federal prosecutor does not chase this villain under the wire fraud statutes. The spammer, after all, committed a fraud and sent it across state boundaries, didn't he? If the feds can pursue college coaches who fax faked test scores from cheating athletes, can't they get these guys?

      You might also have a claim against him for false light, a tort at common law which I don't think is recognized here in Texas but is elsewhere. The example my law prof gave me was the following: Let's say you work at Company A, which provides you with a public mailbox from which to retrieve your memos, letters, magazines, brochures, et cetera. A colleague of yours, as a joke, signs you up for various pornographic magazines. Anyone who visits the mailbox area sees your mailbox stuffed with the porn, and reasonably believes that it is yours. Your colleague has put you in "false light," just as this spammer might have.

      Defamation seems analagous, but dubious under these facts.

    3. Re:Spam is also used to attack people by FireWhenRady · · Score: 1
      I would have difficulty prosecuting because I am in Canada and the spammer in the U.S. But since the same spam was also sent out in the name of an web designer in Tennessee and spamcop.net someone else may be able to prosecute.

      See spam forgery joejob . If somebody does catch up with the perpetrator of this and is able to convict him or her, it would be a great victory for Internet civility and law enforcement.

    4. Re:Spam is also used to attack people by jdedman4 · · Score: 2, Insightful
      I would have difficulty prosecuting because I am in Canada and the spammer in the U.S. But since the same spam was also sent out in the name of an web designer in Tennessee and spamcop.net someone else may be able to prosecute.

      I wonder if part of the problem is a lack of complainants. Do the people to whom this happens take the time to file an official complaint with the district attorney or federal prosecutors? Does it occur to them to contact a plaintiffs attorney to suggest a possible suit? This might make a spectacular class action lawsuit, provided that a suitably wealthy corporation could be found to sue. Stealing one's identity to send offensive pornographic or automated commercial email simply has to be tortious or illegal or negligent per se or something, you know?

    5. Re:Spam is also used to attack people by Yottabyte84 · · Score: 1

      I had some usenet spams posted with my from address. I got a few flames, but not much else. The email address? forged at mail dot com :) (I shit you not)

  5. Please Explain by i8a4re · · Score: 0

    why spammers don't have a return email address, don't have a url to visit and don't have a phone number. I can understand spammers trying to generate business, but when there is no easily discernable way to contact them OR any business, what's the point.

    --

    If I drive fast enough at the red light, it'll appear green.
    1. Re:Please Explain by Anonymous Coward · · Score: 0

      1. Send out lots of spam

      2. ???

      3. Profit!!

      It doesn't really have to make sense, there are many fools who send out spam because they get spam and "it must be working." Step one doesn't cost much and step three is potentially a huge profit because "if only 1% buy my stuff I'll be rich!"

    2. Re:Please Explain by i8a4re · · Score: 1

      But if I can't find any way to respond (not like i would even if i could), then how does that make them any money?

      --

      If I drive fast enough at the red light, it'll appear green.
    3. Re:Please Explain by dacarr · · Score: 2, Insightful

      As always, IANAL. One typically provides a URL when they spam, which can typically be traced somehow to a physical address. How this is done is left as an exercise, but in the end it'll probably involve a subpoena. The message can be traced by IP (the modern MTA's will implant them in the headers), the provider can take their own action. As for subpoena, if you want to take action, you need one against the ISP providing the account to the user. One way or another, you *can* find them.`

      --
      This sig no verb.
  6. Dont sue spammers... by cassidyc · · Score: 1

    Sue the companies that are being advertised.

    They are the ones employing the spammers and if they are selling something, should have a contactable address!

    Just a thought

    CJC

  7. sue your ISP - have them pass it up the line by cdn-programmer · · Score: 2

    A comment was made a while back that worldcom had no interest in blocking span because they made money from it. You see - they got paid by the people who created it and furthermore they got paid by the telcos that paid them for access to the POP's.

    Its all about money. When the Telco's find the pain from the wrath of people like you and me costs them more than they make from the bandwidth the ISP's pay for - then they will stop it.

    This is also true of overseas connections.

    Consider the position of a large company like AT&T. If they have 5 million angry customers phoning each day to bitch about spam from say Korea how will they react? One solution is for them to tell say their Korean counterparts to clean it up or they will be disconnected. Yup - most of us can live without Korea for instance being part of the net. But Koreans cannot.

    So it is simply a matter of upping the anti so to speak.

    When the cost of accomodating the shit exceeds the money they get from it then they will take action - not before. It is well within the control of the Telecommunications industry to eliminate the spam.

    The simplest way is to require each adn every customer to sign an agreement that prohibts UCE and require them to agree to a penalty of say several $1000 bux is the create UCE. This can be on the visa cards of those who pay via Visa ot it can be by way of a deposit or a pledge of assets. Get the deposit in place - then when they send it out pinch the deposit. End of problem.

    ISP's will catch on really quickly. Terms of service agreements already prohibit UCE. These just need to be enforced.

    It is a simple problem to solve but again - why would any company take this problem on when people just bitch among themsleves?

    --------------

    This is true of Hacked servers too. The ISP I use to go through is Cadvision and those idjots were so bad that they didn't even bother to pull the plug on customers hacked with Code Red. They didn't even tell them. In fact when I phoned up Cadvision they blamed me for complaining. I told them I'd sic the cops on them for a denile of service attack. You see - the idjot factor is really high.

    1. Re:sue your ISP - have them pass it up the line by mabu · · Score: 1

      Ironically, worldcom makes money off "script kiddies" too. If you purchase their burstable service, they measure average bandwidth every x seconds, and the more port scanning going on, the more bandwidth being utilized. Isn't that special.

  8. Possibly fishing for real e-mail addresses? by smcv · · Score: 2

    You get annoyed and click the unsubscribe link (if you're stupid enough), they know your e-mail address is actually read by a real person, they sell your e-mail address on one of those CDs a fair proportion of spam advertises, profit!!!.

    If it's HTML mail with images in, and your mail client knows too much HTML (::coughOutlookcough::), downloading the image will confirm that your e-mail address is real, if the spam mail's set up right.

  9. Don't expect government to help by Old.UNIX.Nut · · Score: 1
    The reality is large SPAMmers make major campaign donations and YOU don't!!!
    Politicians only respond to two things ONLY.
    1) big campaign donations 2) huge numbers of voters bitching constantly about the issue*

    * this means ALL the time, not this week!!!

    1. Re:Don't expect government to help by jdedman4 · · Score: 1
      The reality is large SPAMmers make major campaign donations and YOU don't!!!

      That's not really dispositive, is it? That this industry is universally despised seems to outweigh any campaign contributions they might receive, and surely those corporations wealthy enough to give those contributions are diversified enough not to rely so heavily on spam anyway, right? I am just agog that the politicians have not seized upon this issue, as:

      1. There are already analogous laws on the books and a new such regulation would not be novel. We regulate junk faxes, telephone solicitors, debt collectors, et cetera, but not spam in the same meaningful sense. Broadening these laws to include spammers would be consistent with the spirt of the existing law.
      2. Targeting a villain that everyone despises seems like an enterprise in which the politician would receive only good publicity and accolades.
      3. Those that would come forth to oppose the bill would already be pigeonholed as pernicious hacks that the politicians could easily shoot down with ready-made soundbytes.
      4. Such a bill would be newsworthy, and even the most junior member could easily write such a bill and get good press coverage.

  10. Here's the problem I found. by Mustang+Matt · · Score: 3, Insightful

    I tried to sue a spammer once. I talked to a lawyer for a while but the problem is that I couldn't prove much as damages.

    Yes, they abused my resources and my bandwidth that I pay for but even if they sent 100 duplicate messages, that's such a small fraction of the bill that it's not worth trying to sue them.

    I get a lot of spammers that send between 5-20 duplicate emails to @mydomain.com and I have a catchall setup, it pisses me off to no end that spammers can't go through their lists and clear off all 'root' and 'webmaster' and 'info', 'billing', 'support', etc. accounts off their lists.

    Now I'm using SpamPal but that doesn't solve the problem, it just keeps it from being as annoying for me.

    --
    The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
    1. Re:Here's the problem I found. by jdedman4 · · Score: 2, Informative
      I tried to sue a spammer once. I talked to a lawyer for a while but the problem is that I couldn't prove much as damages.

      Was it that you yourself couldn't prove actual damages at all, or that you could not prove enough damages so that he could recover a large enough fee to cover his own expenses/cost?

      Yes, they abused my resources and my bandwidth that I pay for but even if they sent 100 duplicate messages, that's such a small fraction of the bill that it's not worth trying to sue them.

      This, I think, is why any suit against spammers would have to be a class action suit. Recall that class actions are typically used when a large number of individuals' rights have been violated by defendant's course of conduct but the cost of vindicating those rights is too great, as no one is going to file a lawsuit to recover a mere pittance in damages. However, if you agglomerate all of those claims, it becomes worth the attorneys time and the threat of an enormous verdict frightens the defendants. This is why most class action lawsuits settle if the plaintiffs attorney successfully certifies the class. Of course, the converse of that is that the class action joinder rule can take a relatively frivolous individual claim that an attorney would not pursue and convert it into a lucrative and dangerous claim with a potential for high recovery. But that really isn't a concern in this context, as these claims would not be frivolous, especially if we are dealing with a spammer who has misappropriated one's identity.

  11. Addendum (Articles on Anti-Spam Lawsuits) by jdedman4 · · Score: 1
    Just stumbled across this article about a class action lawsuit against Sprint for spam. Not sure if this has been remarked upon here, but likely so.

    Here's another article about a $2 trillion class action lawsuit based on violation of the junk fax law, in effect since 1991. I suspect - but cannot confirm - that a true anti-spam federal law would prompt suits similar to this one. After all, one you ban something and create a statutory violation penalty, lawyers have an incentive to invest in the lawsuit based on the likelihood of success.

  12. public nuisance by coyote-san · · Score: 2

    A theory I would like to see developed is that operating an open relay poses a public nuisance and that it you have your access yanked at will. More importantly, a complantant can compel your access to be yanked. That wouldn't kill spam, but it may have a significant impact on the joe jobs.

    One way to do this is to set up an easily accessed test for being an open relay - you could use any of the existing ones, or create a new one. If you're a sysadmin, you're expected to test your own site after every configuration change, software update, etc. If you don't and somebody else does, you get a record of every failure... as does a public record. You then have some reasonable time to close the relay, say 10 business days, and then each and every person who receives spam through your open relay can get statutory damages of, oh, $250. Enough to make it worthwhile to pursue the matter in small claims court.

    The Free Speechers will point out that there are, rare, valid reasons for running an open relay. Fine... but if you do that then you need to take some effective steps to ensure that spam doesn't get through the relay, only that rare legitimate OR material.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  13. Get Real by angel+one · · Score: 1

    Sueing spammers, or ISPs, or those whom spam advertises is a waste of time (and money). Various theories have been tried. None have worked. The principle reason is because spam is, by law, considered commercial free speech. Sorry folks. That's the real world, not our geek utopia. As such, it is protected by the constitution. Read Missouri v. Blastfax. Because spam has already been found to be contitutionally protected free speech, any law restricting spam (or used in a case to try to restrict spam) must pass what is called the "Central Hudson test." One must prove that the government (via law) has a "substantial interest" in protecting the public from the offense. In order to prove that, you have to prove substantial harm or potential harm. Good luck. For example, it used to be illegal for tabacco companies to advertise in certain cases and lawyers to advertise at all... because the gov't was supposedly protecting the public. However, BOTH of those restrictions have since been overturned. Can you prove spam more harmful than cigarettes or ambulance chasers? The so-called anti-fax law has been determined in court to be unconstitutional. Why would anyone think it could work for spam? Examples of other approaches: 1) theft. Do the math. Spam costs the recipient maybe $20 a year, and that's if you are getting ripped off by your ISP. Not "substantial." Your time is irrelevant. Suing for theft of your time is like suing the guy who wrecked his car and made you sit in traffic for three hours. 2) suing your ISP. You have a contract with your ISP, you can only sue for breach of that contract. Do you really think your ISP is going to leave the contract open to that? 3) intentional affliction of emotional distress - try to prove intent here. They claim ignorance and you're out legal fees. 4) unfair trade practices - these laws are pretty cut and dried. You'd have to prove the spam was either fraudulent or misleading. Some spam might fall into this category, but not much. The only possible legal remedy for spam is a no-call sort of opt-out system. However, in states where no-call laws exist for telemarketing, they have not been effective at detering telemarketing calls.