SPAM - A Different Kind of Identity Theft?

bmooney28 asks: "After maintaining a single permanent email address through 8 years and five ISP's (via a forwarding service), I lost it all in a day. My first sign of trouble came when I found a message undeliverable email in my inbox containing hundreds of failed email addresses. Apparently, my email address had been pasted as the return address in a mass mailing similar to this one sent to hundreds of random recipients. This process repeated a few times over the next day or so, effectively blacklisting my email address on various master lists and adding my address to thousands of random address books (virus magnets). In the past, I have had a great deal of luck fighting off SPAM and other unwanted email via throwaway email addresses and preemptive email filtering. Now, the email address that I use to communicate with friends, former students, and coworkers around the world is useless. Have any of you ever found yourself in a similar situation? Are there any legal steps that I could take against this company?"

legal steps

[zarqman]

if you can identify who the spammer is and if they are in the same country as you are, then you certainly can sue. whether you can collect of course, is a different matter. but, things that are likely to help: document, document, document. seriously. you can probably approach this two ways: a criminal basis, fraud, and a civil basis, personal loss.

for fraud, you'll likely need the assistance of a public prosecutor. if they are cool with that, you're in luck. if they aren't, there's not much you can do. you will have to somehow show ill-intent on the basis of committing the fraud. honestly, not too difficult, but given the courts in your jurisdiction, you never know. jurisdiction differences between you and the spammer may make this difficult.

for personal loss, jurisdiction can be worked with (if, as mentioned above, in the same country), although it could get expensive to pursue. documentation becomes really big here as you'll have to prove loss. document the time you spend contacting people to let them know of your new address. write a journal and document your 'pain and suffering' having to go through this. keep all server logs, measure for bandwidth and storage use (not totally sure what to do with it, but maybe someone else creative here will help), and anything else you can think of. if it requires long distance calls, document that. etc. then find a lawyer who will take it and see what happens. then again, contact a lawyer in your jurisdiction first, as the usual /. rules apply: few here are lawyers (i'm not) and none are _your_ lawyer.

good luck. i certainly feel for you. this bites.

Come and si the violence inherit in teh system!

[Xunker]

While not and answer to your question, I feel this incident exposes a major problem with the way many MTAs are architected.

I cannot send mail to AOL users. Why? Because I'm in their spam filter. Why? Because of Kleez. AS you may know, it extracts address from your IE cache and sends mail using one of those addresses it find. Well, mine was used a bunch of times to send the virus to AOLers.

AOLs mail server didn't bother to read the headers -- instead, it does wqhat no server should do, trust the "From:" header. Had their MTA parsed the "Received By" logs, it would find that it wasn't sent by me. Instead, whoever wrote it took the easy way out and decided to always believe the From: header and as such I'm now unable to send mail to AOL.

Not like I mind.

Habeas.com headers to assert you're not spamming

[manastungare]

Check out Habeas for adding headers to your email that certify you're not sending spam. Habeas' license policy restrict spammers from using them, thus spam filters allow emails Habeas headers through without problems. Let's hope it works! :)

Re:2 ways to deal with this

[jhunsake]

I don't see 1) and 2) as mutually exclusive actions.