Slashdot Mirror


First CAN-SPAM Lawsuit Filed in California

rocketjam writes "Foster City, California-based ISP Hypertouch, Inc. has filed the first lawsuit alleging violations of the new Federal CAN-SPAM Act of 2003. The lawsuit was filed against BobVila.com and the spammer they hired, Bluestream Media, for sending Hypertouch customers unwanted, unsolicited email advertisements for Vila's "Home Again Newsletter." The suit alleges the defendents sent spam email ads with fraudulent headers and no physical address. It also alleges the emails were sent to randomly generated and harvested addresses as well as addresses that had replied to opt-out links in other spams. Hypertouch's attorney, John L. Fallat, said the CAN-SPAM Act offers little protection to the public, but they would use the few protections it offers to punish spammers." Reader Clemence links to Wired's coverage of the suit.

6 of 167 comments (clear)

  1. Opportunism by StuWho · · Score: 5, Interesting
    "Even if Hypertouch succeeds in its case, the message to spammers and the companies that hire them might not be loud enough to make a difference. The ISP is asking for $100 in damages -- the maximum allowed by the Can-Spam Act -- for each of the approximately 100 messages that it claims were sent by BlueStream Media."

    Sounds like there could be money in setting up as an ISP, and sueing any spammers who use you for $100 per message. Given the millions of messages an individual spammer can send, even one victory against them would result in a cash windfall for the ISP concerned.

    --
    "If you think nobody cares if you're alive, try missing a couple of car payments." Earl Wilson
  2. Re:Hmm by Masem · · Score: 3, Interesting
    I've gotten spam from the BlueStream Media group, that appears more legit than other spam (that is, they don't hide the fact they're advertizing something and yet the ad is readible, not mangled text, and so forth; eg it's nearly good enough to get past a number of spam filters because it looks like a legitamite written email), and representing other clients outside of BobVila. I personally think that's the way the fight has to go, is to make sure that the company that is being advertized in the spam, and not just the spam provider, is targetted in the suits, as once these companies realize that even if they don't send spam directly, usign spam to advertize is a bad idea.

    Unfortunately, more than half of the spam I'm getting lately is now from the fake viagra ones, that, while using viagra, have nothing to do with pfiser, and the actual company isn't mentioned at all, so all you can do is go after the spammer, and not their source of funding.

    --
    "Pinky, you've left the lens cap of your mind on again." - P&TB
    "I can see my house from here!" - ST:
  3. Real Time Filters by d474 · · Score: 3, Interesting

    Couldn't huge email centers (yahoo, msn, etc.) in real time compare source IP's from all emails moving into their systems, identify SPAM as massive amounts of identical email coming from identical IP addresses, load that data into a filter and then block? Some would always get through, say 100,000 but the rest of the 1.4 million get blocked? Isn't anything like this possible?

    --
    Authority questions you. Return the favor.
  4. Will it help any? by Bagheera · · Score: 4, Interesting

    It's nice to see someone at least trying to get something from this Law, since it did such a good job of crippling the stricter state level laws. While I agree that a single national level law is a good idea, they took it in the shorts with this one. CAN-SPAM was a waste of paper.

    The sad thing is during a recent review of my spam trap account (11800+ email in 3 months) a grand total of 30 of them were from "legitimate" business. The rest were for your usual run of penis pills, bad mortgages, "Stop spam now" software, and herbal vi@gra.

    Now, if I could collect on each and every one of them, I'd be a wealthy man. But the vast majority are coming in through open proxies or trojaned Windows boxen, and are annoyingly difficult to track back to their source - which is often off-shore and out of reach of the CAN-SPAM act in any case.

    Going after a legitimate" company like this is may put a slight damper on SPAM sent by "real" companies, but it does little or nothing to stem the flood tide of crap we get from the low lifes who are at the root of the problem.

    --
    Never attribute to malice what can as easily be the result of incompetence...
  5. ignorant businesses by DavidDeLux · · Score: 3, Interesting

    Only yesterday I got some UCE from a local company... a nice large PDF file containing details of a promo they were doing for photocopiers. This company clearly think its OK to send out such junk... whilst they included in the message their email address to request to get off their list, the replyto address was a placebo... so for that alone they're breaking the acceptable use policy of the ISP that they sent from... who got a suitable complaint from me (and I hope they yank their account!). Now, this company were using some software to bulk send these messages (pdfmail)... and they harvested my email address from somewhere. You would have thought that by now comapnies would know better than to send out SPAM/UCE.. in my case the company sent crap themselves, so they can't even blame some unscrupulous marketing company.

  6. HELO behavior and greylisting by Frater+219 · · Score: 3, Interesting
    a) SMTP HELO's with names whose IP addresses don't match the originating IP
    That's interesting.. when you send a mail from a windows machine, it uses its NetBIOS name as it's HELO.
    ... Well, my mail server does not need to be receiving mail from remote Windows client systems. Windows mail servers, yes, but presumably those can follow the protocol and HELO with their real name, not their Microsoft made-up toy name.

    Indeed, I might be willing to discriminatorily greylist all mail from any remote Windows system. (Greylisting: Sending a 4xx temporary failure the first time a host tries to send mail to a particular recipient. This causes a normal MTA to retry in a few minutes, but fire-and-forget spamware and worms generally abort.)

    How to apply this to Windows only? OpenBSD's passive OS fingerprinting would be a start. It allows one to selectively redirect traffic based on the detected OS, and thus to offer different quality of service based on the quality of the client system. Since there is a much greater likelihood that a given Windows host's connection to my MTA is delivering spam and worms than that a given Solaris or Red Hat host is delivering spam and worms, there is a good reason to deteriorate service (as by greylisting) for Windows hosts -- as long as it can be done in a way which retains (eventual) delivery of real mail.

    If Unix mail server admins all chose to greylist remote Windows hosts -- including Windows MTAs as well as client hosts -- then Windows servers would eat the cost of keeping messages in queue during the greylisting period. This would, effectively, be the cost of proving you're a real Windows MTA, not a worm or spamware. This lays part of the burden of the Windows system's susceptibility to malware back upon those responsible for it (deployers of Windows) whereas currently they are able to offload it upon the rest of us in the form of junk mail from worms.

    (Incidentally, yes, the majority of mail exchangers run some form of Unix. Less than half, however, run Sendmail.)