First CAN-SPAM Lawsuit Filed in California

rocketjam writes "Foster City, California-based ISP Hypertouch, Inc. has filed the first lawsuit alleging violations of the new Federal CAN-SPAM Act of 2003. The lawsuit was filed against BobVila.com and the spammer they hired, Bluestream Media, for sending Hypertouch customers unwanted, unsolicited email advertisements for Vila's "Home Again Newsletter." The suit alleges the defendents sent spam email ads with fraudulent headers and no physical address. It also alleges the emails were sent to randomly generated and harvested addresses as well as addresses that had replied to opt-out links in other spams. Hypertouch's attorney, John L. Fallat, said the CAN-SPAM Act offers little protection to the public, but they would use the few protections it offers to punish spammers." Reader Clemence links to Wired's coverage of the suit.

Fraud

[ScooterBill]

IANAL so I'll ask this question.

Faking an email header, return address, etc. is supposedly illegal under CAN-SPAM. If this is fraud, then wasn't this illegal before CAN-SPAM?

M

Re:Fraud

[Tango42]

To you and me (and the rest of /.), that might make sense, because we are used to thinking of the internet as just another part of life. For some (most) people, that isn't yet the case. They seem to think that something happening online is inherently different from the same thing happening IRL. That will probably change over the next decade, but until then laws will have to be tested twice, once for real life, and then again for the net.

Re:Fraud

[IANAAC]

No it wasn't. To wit, if I ask a girl for her phone number, and she gives me a fake one, is that fraud under some law? No. However, pretend next year a law is passed that says girls giving out fake phone numbers at bars is now illegal because it is fraudulant. The point is, everything dishonest isn't fraud.

If you're trying to sell me something with false information, it's fraud. If all your doing is trying to get someone drunk and naked, well...

Your example is just garden-variety dishonesty (unless, of course, one of you expects a bill or two left on the nightstand).

Hmm

At first I was kind of worried that the first target gone after was someone "respectable"-- bob vila-- and not like the people selling penis pumps or something.

But then I thought about it. How much of the problem is caused by ignorant businesses who just happen to hire the wrong marketing firm, and just say "we want you to increase our exposure on the internet" and don't realize this means millions of spam mails sent illegally through hijacked SMTP?

Perhaps to some degree education is the answer. If other legitimate businesses see bob vila getting smacked for spam mail, maybe they'll panic and make absolutely certain the people they're hiring aren't sending fraudulently-sent spam.

Re:Hmm

[Smidge204]

A valid point. Unless they can proove that BobVila.com knew or explicitly ordered advertising in this form, then shouldn't the company that actually DID the spamming take most of the heat?

Although, in the long run, this might work out if BobVila.com loses. If hiring non-compliant spammers for advertizing becomes a liability, maybe they'll go out of business!
=Smidge=

Re:Hmm

[rixstep]

I don't know good ol' Bob Vila. For all I know, he's just another Nathan Arizona. But it's his business; he's ultimately responsible, as are Blue Stream. I say 'good' if it helps reduce spam.

Bob Vila might not have known, true, but that's highly unlikely. Blue Stream are in it up to their skinny necks. In either case, they're all responsible under the law, and be glad for that. Otherwise the classic defence will be 'we didn't know, and the employee who did that terrible thing for us is long gone, and we don't have a forwarding address'.

Re:Hmm

[ticklemeozmo]

a) SMTP HELO's with names whose IP addresses don't match the originating IP

That's interesting.. when you send a mail from a windows machine, it uses its NetBIOS name as it's HELO.

Surely, that's name doesn't match the original IP address when you try to resolve it from the recipients computer.

Is it me, or is this one of those overly broad clauses they only apply when they need to?

Show how useless it is

[Lord_Dweomer]

"Hypertouch's attorney, John L. Fallat, said the CAN-SPAM Act offers little protection to the public, but they would use the few protections it offers to punish spammers."

If this case gets a lot of press coverage, it might help show people how utterly useless the CAN-SPAM act really is.

If a lawyer says its near useless, you know it must be bad. Hopefully the NY Times covers this in depth.

At least for once they are suing the company who uses the spammer and not just the spammer.

Re:Show how useless it is

[rixstep]

Good point, but it's 'spam' with a 'p', not a 'c'. Scamming is bad enough; this law - and the general objection - is about spam.

Re:fraudulent headers?

"Fraudulent" refers not to the compliance of the headers with the e-mail protocol, but means that the headers contained information which was false.

Who pays for the spam?

[d474]

Until they start punishing the companies that benefit from the ads this is never going to stop. It should be handled like the drug war. If your company is benefitting from ads spammed to millions of people, you go down unless you reveal who you hired to do it.

Re:Who pays for the spam?

[crackshoe]

Wait... something should be handled like the drug war? that highly succesful siphoning off of american tax dollars that accomplishes next to nothing? If it was handled as such, i wouldn't be suprised if spammers starting simply directing minors to do the actual spamming, much like the crack dealers that recruited under-age dealers because they wouldn't get the same jailtime.

CAN-SPAM, Politrix, and the unsuspecting victims

[segment]

Firstly CAN-SPAM is nothing more than a political tool used by a tool this election year nothing more. For the US to claim to have made a law in places where laws mean nothing - e.g. about those pesky APNIC/LACNIC domains. Now, considering a huge portion of spam gets sent by users whose machines are infected with annoying ass viruses, what is the government going to do aside from possibly bringing in innocent victims - users whose machines were infected or rooted - to court and make them stand trial for something they didn't even know they did.

Secondly, with every Joe Blow dot com stepping on the scene, how many companies with misconfigured mail servers fall victim to going to court?

Re:CAN-SPAM, Politrix, and the unsuspecting victim

Now, considering a huge portion of spam gets sent by users whose machines are infected with annoying ass viruses, what is the government going to do aside from possibly bringing in innocent victims - users whose machines were infected or rooted - to court and make them stand trial for something they didn't even know they did.

They can sue the person the spam mail was sent on behalf of, and subpeona the names of the actual spammers, then charge them with hacking the computers used to send the spam.

For it to be spam, someone has to be selling something. If someone is selling something logically they can be tracked down, because how else are they supposed to get the money?

Re:CAN-SPAM, Politrix, and the unsuspecting victim

[segment]

and subpeona the names of the actual spammers, then charge them with hacking the computers used to send the spam Did you miss something I posted? Again if someone has their machine broken into, how the hell are they supposed to find out who it was that broke into it if they didn't know how to protect it from the jump? As for your subpoena point, makes little sense, again what are you going to do if Shaka Zulu from Niger broke into your machine, go searching for him? Sure waste 2million tax dollars as opposed to just chalking up what a $ .0002 spam sent. Instead of attacking the endusers, they should be going after the companies who are selling the products being offered. That would definitely stop it, going after an end user does nothing, besides the gov is liable to falsely prosecute some innocent joe shmoe. If you think it won't happen look at what the RIAA did to 80 year olds who never even heard of an MP3. Same players different issue

Re:Bob Vila is more or less fictional...

[AndroidCat]

His primary sponsor is Sears

From a Dec 2001 article:

Bobvila.com was initially a joint venture with Sears, which held a majority interest. But that relationship ended earlier this year when Sears, no longer enamored of the Internet, unceremoniously pulled out.

Perhaps that's when the slide to the spammy side started?

My seemingly obvious method of getting rid of spam

[Killswitch1968]

What I never understood is instead of going after the spammers, can't we go after the companies hiring the spammers? They would be far easier to track down. They must have websites to solicite their garbage, with credit card payments and lots of contact info.
I can see the potential for people to 'fake-spam' and get a company into trouble, but is this the only problem?