Virginia Anti-Spam Law; FTC Forum on Spam

kiwimate writes "According to this press release, the state of Virginia has just passed a statute making 'the worst, most egregious and fraudulent kinds of spam' legally actionable. And yes, this includes header forging. The article reads like a big AOL PR piece in some places -- the VA governor led the signing at the AOL HQ in Dulles. The story also states this comes on the eve of the first-ever FTC forum on spam in Washington D.C." The FTC also made the insightful discovery that most spam is fraudulent in some fashion.

Write to the Spam King

Alan M. Ralsky
6747 Minnow Pond Drive
West Bloomfield, MI 48322

This isn't new

[RJ11]

Virginia has had an anti-spam law since 1997, which is part of the Virginia Computer Crimes Act (VA Code 18.2-152). It makes spam with forged headers illegal: http://www.spamlaws.com/state/va.html

AOL, Verizon, and other large ISPs based in VA have been suing under this law for years (though they almost always go to federal court, pursuant to U.S.C. 85 1332). I have burninated a few spammers in small claims court under this law as well (I was actually in court today suing etracks.com). The law allows the recipient to seek civil relief for the lesser of $10/message or $25,000/day. For ISPs, it's the greater of the two.

Re:Either it's all illegal or the law is wrong

[ad0gg]

From the article

To qualify for the felony provisions the sender must:

consciously (with intent) alter either e-mail header or other routing information (a technical characteristics common to most unsolicited bulk mail, but not present in normal e-mail messages); and

attempt to send either 10,000 messages within a 24/hr period or 100,000 in a 30-day period OR the sender must generate $1,000 in revenue from a specific transmission, or $50,000 from total transmissions.

Its a clear definition. Alter the headers and send over 10,000 emails in day and its illegal.

Re:Going after header forgers?

[Fished]

Most likely, either you or the sender would need to live in Virginia. Generally speaking, the rule is (and this is very approximate, as IANAL) that the person sued must have done *something* that they could reasonably have expected to have placed them under the laws of a given state. Marketing to someone in that state would qualify, connecting directly to a mailserver in that state would probably qualify, bouncing off a mailserver in that state would probably *not* qualify.

Re:Either it's all illegal or the law is wrong

[gmack]

9999 isn't enough to generate revenue for them. Alan Ralsky once told me he sends a million emails per day per product.

And even that only generated about $20 000 USD per month per porn site.

Re:Just for Ralsky

[amber_lux]

That's a lot of viagra emails to send to get to 25k

2 500 emails at $10.00 is $25 000 dollars. AOL claims to block up to one billion spam messages per day.

Ralsky claims to be able to send 650 000 messages per hour on each of his 190 email servers.

If AOL sues Ralsky, the maximum they can get from him, per day, is $25 000. Meanwhile, he can throw 2 964 000 000 emails per day at AOL, if he so chooses.

Statutory damages should be $500.00 per email. ISPs could claim $500 multiplied by the number of undelivered emails in damages, with no maximum. That would change Ralsky's $25K per day habit with AOL, to a $250 000 000+ per day habit --- assuming that Ralsky is responsible for 10% of the spam at AOL.

Wind under Thy Wings

Amber

"send", not "send or cause to send".

[Animats]

This bill, unlike California law, only penalizes sending spam, not causing it to be sent. So it doesn't let you go after firms that hire spammers. California law lets you go after people who hire spammers.

The FTC has recently gone even further. They take the position that a beneficiary of the spam is responsible for it unless they took steps to stop it. This covers spamming by "affiliates".

The FTC's position is consistent with decades of false advertising law. The FTC has often prosecuted companies that let their "dealers" lie for them. The FTC has the authority to crack down on spam, and it looks like they're starting to do so.

Re:At last, a fair use for slashdotting websites

[berzerke]

5. In minutes, millons of DSL/Cable users running spammerSucker are downloading every byte out of their server, initiating millions of sockets per second.

Step 5 is probably easier than you would think. I worked briefly with a company that spammed intentially (don't flame until you read paragraph 2!). Their servers were located in Tunisa and China, and I've got more bandwidth than those servers did (I'm on DSL). I was told they had to move them off shore due to the anti-spam people. (You ARE making a difference; I heard more than one impolite comment about you!) The people that set up the servers (i.e. physical access) did a very poor job. One server was rooted before I first SSH'd in. No updates applied at all either. They are easy targets for some wanting to knock them off-line.

BTW, I didn't work there long because there were always problems with the systems. One delay after another under me. They couldn't launch any "marketing" campaigns. All accidental of course ;^) Since they never actually paid me anything (I don't believe they would have anyway, but it was interesting to a see a spam operation from the inside), I don't feel too bad about it professionally.