Major Anti-Spam Lawsuit To Be Filed In VA

Rick Zeman sends us to the Washington Post, which is reporting that a John Doe lawsuit will be filed in US District Court today in spam-unfriendly Alexandria, Virginia. The suit will be filed by Project Honey Pot, which is having a week of big announcements. The suit seeks the identity of individuals responsible for harvesting millions of e-mail addresses on behalf of spammers. From the Post: "The company is filing the suit on behalf of some 20,000 people who use its anti-spam tool. Web site owners use the project's free software to generate pages that feature unique 'spam trap' e-mail addresses each time those pages are visited. The software then records the Internet address of the visitor and the date and time of the visit. Because those addresses are never used to sign up for e-mail lists, the software can help investigators draw connections between harvesters and spammers if an address generated by a spam trap or 'honey pot' later receives junk e-mail."

Re:Yeah but what will the judge think

[aadvancedGIR]

Directly proving how the address was collected may indeed be a weak evidence, but you'd better see that as a working base.
Starting evidences:
-A send spam to targeted email, obviously without opt-in.
-B is suspected to have harvested that adress.
And then:
-Investigation shows a link between A and B.
Then you have something solid to sue on.

Re:What would the natural response be?

Clearly spam works, so the amount of spam being sent would only continue to grow.

Sometimes I wonder if that's the case or if it's a case of slash and burn marketing - the spammers just keep signing up folks (especially overseas) who don't know any better, take their money, the folks who "advertised" realize it doesn't work and stop, the spammer just moves on and keeps signing folks up.

My ISP's spam filters are great and I'm really careful about sharing my email address. That being said, are there still a lot of spams selling spam services like there was a few years ago? In other words, are most spams just advertising spam and "sure thing" stock market tips?

Re:RIAA tactics to catch spammers?

[crymeph0]

Same thing I thought. Of course, since this is being done by the good guys, there won't be any major flames directed towards them. If you honestly don't believe the RIAA can find who owned an IP address at a certain time, what makes you think these guys will do any better?

Re:Vatican spam

[operagost]

VA was an accepted postal abbreviation for Virginia way, way, way before there was a vatican.va.

Maybe that's the solution.

[Kadin2048]

Maybe the solution to the botnet problem isn't to go after the botnet operators, but to go after the people who are leaving unpatched machines connected to the net? Or, perhaps more to the point, their ISPs?

I understand this wouldn't be an exactly popular solution -- it's sort of the equivalent of a "scorched earth" tactic towards spammers -- but what if you implemented strict liability on all computers under your control? You get rootkitted or botnetted, sorry pal, it's your problem. Don't want to deal with it? Keep your machines up-to-date or keep them unplugged.

Unpatched machines that are connected to the internet are a public nuisance, in the same way that an abandoned house in an otherwise good neighborhood is. It's nearly impossible, and probably a losing battle, to try and go after the individual criminals who are using the abandoned house for nefarious purposes (which isn't to say that we shouldn't try); sometimes the best solution is just to go after the person who owns the house and make them either fix it or raze it.

A compromise, which would avoid true strict liability, would be making it a positive defense that you took reasonable steps to secure a system; i.e. it was kept up-to-date with the latest vendor patches and was behind a firewall. But if you can't take those reasonable steps, or are too incompetent/lazy/ignorant to do it, maybe you shouldn't be on the net at all.

NOT Viginlante

[DynaSoar]

This is in response to various replies, not the parent or TFA: This is not "vigilante" activity. A vigilante is someopne who usurps or subverts established social structure, acting as judge, jury and/or executioner.

Before there were laws on the books about spamming, there was no social structure for identifying and acting against spammers. Those who did it then were emergent order enforcement acts. They were volunteers carrying out the desires of many based on the consensus, or at least vocal majority, of the net. There was a socially accepted behavior, people who violated it, and people who took it upon themselves to enforce the socially accepted. All law enforcement has evolved from social systems in precisely this manner.

Now that there are laws, these people seek to identify the perps, and use the established social structure by turning them over to the proper channels and authorities.

Those who provide filtering/blocking services are acting within a social structure suitably designed and executed for property protection. They are offering private protection services and people sign up with them, or not.

Ever since Canter & Seigel people have accused anti-spammers of vigilantism without understanding what it means. Of course this was semi-informed media, hot headed critics, or spammers caught in the act, all of them using the word for hot-button value.

Now, people who cat together their tracking cookies with large garbage files to try to buffer overflow spammers' data collection activities, and people who set up botnets to DDoS spammer botnets, those are vigilantes. There are laws in place. Going around them is what vigilantism is about.

I was there for Canter & Seigel, and many more for several years. Only Alan Boyle, science editor at MSNBC, ever noted that the word "vigilante" was frequently misused in this way by others in the media. The few others anywhere near as correct simply didn't refer to us in that way.