Slashdot Mirror
First CAN-SPAM Lawsuit Filed in California
rocketjam writes "Foster City, California-based ISP Hypertouch, Inc. has filed the first lawsuit alleging violations of the new Federal CAN-SPAM Act of 2003. The lawsuit was filed against BobVila.com and the spammer they hired, Bluestream Media, for sending Hypertouch customers unwanted, unsolicited email advertisements for Vila's "Home Again Newsletter." The suit alleges the defendents sent spam email ads with fraudulent headers and no physical address. It also alleges the emails were sent to randomly generated and harvested addresses as well as addresses that had replied to opt-out links in other spams. Hypertouch's attorney, John L. Fallat, said the CAN-SPAM Act offers little protection to the public, but they would use the few protections it offers to punish spammers." Reader Clemence links to Wired's coverage of the suit.
IANAL so I'll ask this question.
Faking an email header, return address, etc. is supposedly illegal under CAN-SPAM. If this is fraud, then wasn't this illegal before CAN-SPAM?
M
At first I was kind of worried that the first target gone after was someone "respectable"-- bob vila-- and not like the people selling penis pumps or something.
But then I thought about it. How much of the problem is caused by ignorant businesses who just happen to hire the wrong marketing firm, and just say "we want you to increase our exposure on the internet" and don't realize this means millions of spam mails sent illegally through hijacked SMTP?
Perhaps to some degree education is the answer. If other legitimate businesses see bob vila getting smacked for spam mail, maybe they'll panic and make absolutely certain the people they're hiring aren't sending fraudulently-sent spam.
If this case gets a lot of press coverage, it might help show people how utterly useless the CAN-SPAM act really is.
If a lawyer says its near useless, you know it must be bad. Hopefully the NY Times covers this in depth.
At least for once they are suing the company who uses the spammer and not just the spammer.
Buy Steampunk Clothing Online!
Bob Vila sending spam?!?! Next you'll be telling me Norm Abrams wants me to have a longer penis.
General article on Bob Vila's ebiz
One line blog. I hear that they're called Twitters now.
So for any spam that has a forged header or a misleading subject, California's new law, with the $1000 per spam penalty, will still apply. California allows private suits in small claims court by any party. So you can haul the bozos into court. Maybe even across state lines.
A year or two from now, we'll be rid of the chickenboners, but we'll be getting even more spam from "legitimate businesses".
So I'm a pervert. Welcome to the Internet.
"Fraudulent" refers not to the compliance of the headers with the e-mail protocol, but means that the headers contained information which was false.
Sounds like there could be money in setting up as an ISP, and sueing any spammers who use you for $100 per message. Given the millions of messages an individual spammer can send, even one victory against them would result in a cash windfall for the ISP concerned.
"If you think nobody cares if you're alive, try missing a couple of car payments." Earl Wilson
Until they start punishing the companies that benefit from the ads this is never going to stop. It should be handled like the drug war. If your company is benefitting from ads spammed to millions of people, you go down unless you reveal who you hired to do it.
Authority questions you. Return the favor.
Couldn't huge email centers (yahoo, msn, etc.) in real time compare source IP's from all emails moving into their systems, identify SPAM as massive amounts of identical email coming from identical IP addresses, load that data into a filter and then block? Some would always get through, say 100,000 but the rest of the 1.4 million get blocked? Isn't anything like this possible?
Authority questions you. Return the favor.
I can see the Warden welcoming Bob Villa to the big house: "Welcome to this old Penitentiary"
...than Bob Vila isn't personally involved. Ever watch "This Old House"? The guy never does ANY projects himself. He always passes it off to that other guy! "Hi, I am Bob Vila for Sears Bulk Mail Services. For just $19.95...."
Why don't you embrace your slashbotness instead of living in a dreamworld?
...Bob Vila's or Martha Stewart?
One of the biggest problems with CAN-SPAM Act that we are hoping to educate the press so they can inform the public is that the Act says end users _must_ contact each spammer and opt-out. This is of course exactly the opposite of what ISPs have been tell their customers to do. "Opting out" merely gives the spammer have a live address. Some of the email addresses defendants sent spam to were unique addresses submitted to a "virus software 90 % off" spam. In no uncertain terms, "opting out" of spam signs you up for more spam.
We were surprised when even after we told BobVila.com about the quality of the lists their hired spammer was using, they still refused even just to promise they'd never use BlueStream Media again... Right before we filed the action, one of our users received a new BobVila spam, this time sent through a Florida based spammer.
Yeah, he does exist and that is his real name. However, his association with home improvement is purely a creation of television.
He was a nobody until a PBS series called This Old House came along in 1979. He was hired as the host of that show. His job duties there were to read the opening and closing sequence lines, and to interview the experts who really did know what they were doing. He was not one of those experts, he was just asked questions to the experts.
In 1989, when he left This Old House, he created his own TV production company, and used his association with home improvement to get endorcement deals. His primary sponsor is Sears, and his Home Again series can more or less be seen as a Sears infomerical at times. (Sears has always been a title sponsor, and controls a large chunk of the ad space within the program. The content portion of the show might not hit you over the head as an ad, but notice the clear bias when it comes time to select which company's products to work with.)
His primary line of work these days isn't as a home improvement expert, it's in being the pitch man for Craftsman tools and other Sears brands. He'll endorse other products too, but that's really the only skill people pay him for. You never see him doing any of the work on his TV shows, and that's for good reason...
In many states, there were laws that made using false headers a violation of that state's laws. In addition many states have advertising laws which require the advertiser to be identified.
Fight Spammers!
It's nice to see someone at least trying to get something from this Law, since it did such a good job of crippling the stricter state level laws. While I agree that a single national level law is a good idea, they took it in the shorts with this one. CAN-SPAM was a waste of paper.
The sad thing is during a recent review of my spam trap account (11800+ email in 3 months) a grand total of 30 of them were from "legitimate" business. The rest were for your usual run of penis pills, bad mortgages, "Stop spam now" software, and herbal vi@gra.
Now, if I could collect on each and every one of them, I'd be a wealthy man. But the vast majority are coming in through open proxies or trojaned Windows boxen, and are annoyingly difficult to track back to their source - which is often off-shore and out of reach of the CAN-SPAM act in any case.
Going after a legitimate" company like this is may put a slight damper on SPAM sent by "real" companies, but it does little or nothing to stem the flood tide of crap we get from the low lifes who are at the root of the problem.
Never attribute to malice what can as easily be the result of incompetence...
I think running Windows is already legally aiding and abetting spamming. I wonder whether this is punishable...
It appears that one of BlueStream Media's customers is also in Foster City, DrySkinOnly.com... Small world. The local DA is taking complaints about spam, though you have to get through a disinterested police force. If you have any pre-2004 spam that has no ADV label, that is punishable under the old CA law by up to one year in jail. If you have the time and energy, file a complaint and follow up on it...
Only yesterday I got some UCE from a local company... a nice large PDF file containing details of a promo they were doing for photocopiers. This company clearly think its OK to send out such junk... whilst they included in the message their email address to request to get off their list, the replyto address was a placebo... so for that alone they're breaking the acceptable use policy of the ISP that they sent from... who got a suitable complaint from me (and I hope they yank their account!). Now, this company were using some software to bulk send these messages (pdfmail)... and they harvested my email address from somewhere. You would have thought that by now comapnies would know better than to send out SPAM/UCE.. in my case the company sent crap themselves, so they can't even blame some unscrupulous marketing company.
Indeed, I might be willing to discriminatorily greylist all mail from any remote Windows system. (Greylisting: Sending a 4xx temporary failure the first time a host tries to send mail to a particular recipient. This causes a normal MTA to retry in a few minutes, but fire-and-forget spamware and worms generally abort.)
How to apply this to Windows only? OpenBSD's passive OS fingerprinting would be a start. It allows one to selectively redirect traffic based on the detected OS, and thus to offer different quality of service based on the quality of the client system. Since there is a much greater likelihood that a given Windows host's connection to my MTA is delivering spam and worms than that a given Solaris or Red Hat host is delivering spam and worms, there is a good reason to deteriorate service (as by greylisting) for Windows hosts -- as long as it can be done in a way which retains (eventual) delivery of real mail.
If Unix mail server admins all chose to greylist remote Windows hosts -- including Windows MTAs as well as client hosts -- then Windows servers would eat the cost of keeping messages in queue during the greylisting period. This would, effectively, be the cost of proving you're a real Windows MTA, not a worm or spamware. This lays part of the burden of the Windows system's susceptibility to malware back upon those responsible for it (deployers of Windows) whereas currently they are able to offload it upon the rest of us in the form of junk mail from worms.
(Incidentally, yes, the majority of mail exchangers run some form of Unix. Less than half, however, run Sendmail.)