Microsoft and the SPAM Game

The Seattle Times reported a while ago that Microsoft is pushing for Washington State Senate Bill 5734 which will overturn most of Washington State's laws that specify monetary penalties for companies who send out spam. This will completely exempt ISPs from current Washington spam laws, which Microsoft just happens to be. It seems that they are jumping the gun a bit. They are having a company named Digital Impact (save that address for you spam filters) send the email for them. Thankfully I live in Seattle so maybe I can collect an easy $500 before Microsoft guts the current law.

Easy? Hardly.

[SexyTr0llGal]

Thankfully I live in Seattle so maybe I can collect an easy $500 before Microsoft guts the current law.

I also live in Washington state, and I can tell you from experience: collecting the $500 will not be easy. Here are the ideal conditions for a lawsuit (taken from the Peacefire webpage, which I have been a member of for four years now):


* The defendant is a corporation, and you know the state where they are incorporated. (Usually, the state where they're incorporated is either the state where they're located, or Delaware -- because Delaware makes it easy to incorporate there.) Legally, a company cannot use "Corporation" or "Inc." or "Incorporated" anywhere, unless they really are a corporation -- but that won't tell you where they're incorporated, or even if they're incorporated in the U.S. Unfortunately, with most spam, you can't even find out the name of the company that sent it, much less whether they're a corporation.

* You can easily prove one of the following (one of these conditions must be satisfied to show that the spam violated the law):

* The sender address ("From:") or return address ("Reply-To:") was forged. If you get mail from an address that looks blatantly forged, like "98of292h38h2r@hotmail.com", send a blank message to that address, and keep the error message that comes back to you saying that there is no such address. This can be used to prove, in court, that the spammer violated Washington's anti-spam law by forging the return address. The subject line was "misleading". This is a subjective determination, one that will ultimately be made by the judge. One of the spammers that I'm suing, sent me an advertisement with the subject line "Shareholder request", which I considered blatantly misleading since Peacefire doesn't even have "shareholders". (The gist of the advertisement was, "You will look good in your shareholder's eyes if you use our product.")

You have registered your address with the WAISP (http://registry.waisp.org/) registry -- to sue a spammer under Washington's law, you have to be able to show that there was some way for the spammer to determine that you lived in Washington.


More power to you if you can collect the $500, but it's a tough road ahead.

Re:Easy? Hardly.

I've sued over 20 spammers in WA, and collected or settled from most. Spammers paid for this P4 laptop!

99% of the spams I receive violate the law because they forge the headers in some fashion, use a misleading subject or use a third party domain name without permission. Using an ISP domain name for the return address is often an easy one as they rarely have permission to do so. Making up a fake persons name also qualifies as header forgery, and this seems to be very common at the moment.

It's usually fairly easy to find the company behind the spam, unless it's a blind order form. After all, they are usually trying to sell you something. Once I get a phone number, I call and ask for the company name and address as I'm sending a package. It never fails.

If it's a mortgage lead spam, I set up a name and voicemail box and submit that to the lead form. When the mortgage company calls, I get hold of a manager and warn them if they don't tell me where they got my details from (in a written affidavit no less), I'll include them in the suit. This usually works. At the very least the spammer won't be getting any more business from them.

A quick free search on Dun and Bradstreet or http://www.searchsystems.net/ and you can easily locate most companies once you have a name, address or phone number.

If they don't turn up on D&B, they probably aren't worth suing. With so many spams, I usually pick the companies that sent at least eight spams (8 x $500 =$4000 limit in Small Claims court) and that are listed in D&B. Dun and Bradstreet will also do collections for you, and in my experience they are quite effective since a companies credit record is at risk.

Re:Great....

[linuxghoul]

Well, there is a monthly "features" mail that i get on my hotmail account from "staff@hotmail.com" that

cannot be blocked
cannot be marked as "junk mail"
cannot be forwarded ( say to "abuse" at hotmail.com)
does not specify how i can stop recieving it

i think its the worst kind of spam possible. no other spam msg has made me feel so helpless and so angry. The fact is only hotmail itself could spam its users in this manner...they have a system where the "this is junk mail", "block sender" buttons etc, do not even appear when u view the msg. The first time i rcvd it was when i finally decided to get my own domain and buy some decent email hosting. I have still not completed the switching over, but am getting there...i definitely wont miss hotmail. its weird when one of the largest companies in the world finds it useful to spam its users.

Ghoul2

Re:The Ultimate Solution to Spam

[Scumbag+Tracker]

Nice idea, but flawed. Spammers do not normally use real e-mail addresses anyway, and their invalid ones may actually map onto innocent collateral damage victims.

I don't get it?

Why don't they just obey the law if they want to send spam? Spam isn't illegal in WA, just forging the header or providing a misleading title. If they'd send mail on the up-and-up, there's no problem.

Taken from the WA lawbook, it's illegal when it:

(a) Uses a third party's internet domain name without permission of the third party, or otherwise misrepresents or obscures any information in identifying the point of origin or the transmission path of a commercial electronic mail message; or

(b) Contains false or misleading information in the subject line.

Re:Great....

[akiy]

Well, there is a monthly "features" mail that i get on my hotmail account from "staff@hotmail.com" that cannot be blocked cannot be marked as "junk mail"

Actually, you can block those e-mail by going into Options, Custom Filter, and creating a rule that states, "Deliver mail that contains staff@hotmail.com in the from addr to my Junk Mail folder."

Works for me.

Inaccurate story

[bluelan]

Ummm, unless Digital Impact is planning on sending out e-mail with fraudulent header information, they won't be violating Washington State law as it stands. The poster of the story doesn't seem to have read the text of the law he provided a link to.

The current law can be found here. A report on a successfully prosecuted case can be found here. If one reads either, it's easy to see that the current law only applies to fraudulent headers.

Given that the current law only covers fraudulent headers, I doubt that Microsoft is maliciously trying to destroy the current law.

However, last year the senate introduced bill 6568 which extended the old law to require that commercial e-mail contain ADV: as the first 4 characters of the subject line. That bill passed the senate with flying colors. Unfortunately, it got locked up in committee in the house and died.

House bill 5734 is a watered down version of last year's senate bill 6568.

I don't like Microsoft much. That said, the story at the Seattle Times is riddled with half-truths and inaccuracies. For example, it claims that 5734 completely exempts ISPs. The senate summary of the bill says

Interactive computer services may not be held liable for acting as an intermediary between the sender and the recipient of commercial spam sent in violation of the law, or for providing transmission over its computer network or facilities of commercial spam that is sent in violation of the law.

So, ISPs aren't liable for transporting SPAM, as they aren't liable for transporting copyrighted material or child porn. They can still be liable for originating, or aiding in the origination, of spam. I think that's a reasonable exemption.

I'd be really interested in knowing whether lobbyists that are partially funded by Microsoft also supported senate bill 6568 from last year. If so, this is definitely unjustified Microsoft bashing. However, if their lobbyists locked it up in the house then we can villify them for weakening a good bill.

Too bad the article doesn't comment on that, and I don't have a way to find out.

Re:Great....

[Tim+Macinta]

cannot be blocked
cannot be marked as "junk mail"
cannot be forwarded ( say to "abuse" at hotmail.com)
does not specify how i can stop recieving it

This might be considered cheating, but you could use something like Gotmail to download the messages to a regular email client and then set up filters within that client. If you wanted to still read your email from the web, Gotmail can also forward to another email address, so you could have it forward to a Yahoo account. That's admittedly convoluted and probably not as good of a solution as just using Yahoo or your own domain.

In defense of Digital Impact.

[Upright+Joe]

Don't jump on digital impact too hard. I work for a MAJOR e-commerce site that contracts with Digital Impact. They are very good at sending out large volumes of e-mail reliably. We use them purely for legitimate, non-spam-type e-mails. Sure with time we could write the code to do it ourselves but they specialize in it. I'm not sure what MS has contracted them to do but as much as I hate to say it, it could be on the up and up. Not all high volume e-mails are spam.

As for overturning spam laws I'm skeptical that it is in the public's best interest but Digital Impact does offer valuable services.