Spam Laws Aggregated At SpamLaws.com

Compulawyer writes "I recently came across this website, SpamLaws.com, which has a fairly comprehensive list of laws covering unsolicited commercial email. My new favorite is the Ohio Statute. Spam must include the full name, either residence or business address, and email address of the spammer and provide an opt-out notice in the same type and size as the majority of the text of the message itself. The statute provides not only for damages of $100 per offense ($50,000 cap), but also allows for an injunction against the spammer. ISPs can also sue for $50 per violation ($50,000 cap - $500,000 cap if the violations were willful). The best part (for the non-lawyers and those who want the executive summary) is that forging headers is a FELONY."

A Felony?

[PD]

And that's the best part? A felony is too severe. I don't like spammers at all, but it's not justice if the punishment doesn't fit the crime. /. had an article the other day about crackers getting penalties that were harsher than real-world crimes, such as robbery or assault. Is this just another example of irrational punishments attached to cyber-crime?

Re:A Felony?

[Compulawyer]

Yes, that is the best part. It is a 5th degree felony, but a felony nonetheless. It is the same concept of having a relatively low penalty for robbery and an extreme penalty for robbery while masked. The enhancement is appropriate because of the increased enforcement costs and difficulty.

The statute does not make spamming totally illegal but it does ensure that Ohioans are able to stop it (to the extent that any law can) and places reasonable restrictions on advenrtising to ensure things are legit.

Re:A Felony?

[circusnews]

I think they are looking at it as if it was more akin to mail fraud, which IIRC is also a felony, not not unlike most spam.

global spam

[egoff]

Unfortunately, because of the global nature of the internet, and therefore spam, laws such as Ohio's can never be inforced. Global restrictions or the use of good technology are the only solutions. And because many governments have higher priorities (such as terrorism, the environment, commerce), it may be awhile before any UN Commission on Spam proposes a treaty. As such, we should rely on technology, rather than regulation.

Re:global spam

[Black Copter Control]

laws such as Ohio's can never be inforced.

Don't be so sure. Although it'd be difficult to get someone extradited from China for using forged headers, penalties are mostly financial. Most spammers have at least a residual attachment to the US. The $50K~$500K penalties could be garnished from their VISA/MC accounts.

A further point is that most of the spammers -- even though they may use foreign servers -- actually reside in the US. Those asholes would have something very real to worry about, since we could possibly seize their homes as the proceeds of criminal activity.

spam laws...

[MacAndrew]

It's funny, these new laws technically shouldn't be necessary to the degree they address fraud and unfair/deceptive trade practices -- that stuff is already illegal. They do set out a framework for enforcement, and clear schedule of penalties, that may make them practical. I would like to see whether penalties are proportional to similar garden-variety fraud such as by telephone or mail.

There are a lot of naysayers here who say laws won't work, but it's quite early to declare failure. The FTC does a TON of consumer protection litigation [ftc.gov] the public rarely hears about -- and that case list is just the stubborn minority of targets that refused to stop after getting the letter, or to settle. I've seen several of their actions in detail; in one the huckster was so stubborn he ended up in jail for contempt of court. That's unusual -- remedies are typically fines and injunctions. And this guy did not go to jail for deceptive trade practices exactly, rather for defiance of a generic court order.

I would focus not on saying laws won't work, but on influencing the laws to be just and effective. The Ohio law COULD be disproportionate, especially if prosecutors fist leapt for the jugular rather than sensibly working out a settlement with the target. The latter is the just and cost-effective way of doing business -- litigation is very expensive. The federal law that is doubtlessly coming will be our only chance, as Congress may not return to improve the law for years.

Since the server is now lightly loasted...

[stienman]

Since the server is now lightly loasted...

You can get the summary of all state spam laws from google's cache of www.spamlaws.com/state/summary.html [google.com].

-Adam

A nice start, but not enough

[lightspawn]

* Legislation must be global or, at the very least, federal.

* Mail that claims to be the result of an opt-in must include the name and the circumstances of the opt-in (unlike "... one of our affiliates, which we refuse to name")

* A time limit should be imposed between performing the "unsubscribing" (ha) action and the last mail received. Fake "unsubscribing" links which do nothing (like the ones from big10links.com, freestuffshare.com, azjmp.com, and offerclicks.com) should in some way be discouraged.

* Forged headers and inappropriate use of "Re:" in the subject are fraud.

* When the mail subject claims "free product" consumers are entitled to receive the product for free, even if the body says "with $500 purchase".

* Why are spammers never imprisoned for years for theft of computer resources? (A.K.A. "cyber-terrorism") is it because they almost always choose foreign targets as mail relays?

* What else is missing?

Re:A nice start, but not enough

[vidnet]

* On violations of the opt-out agreement, you will be entitled to a hammer and access to the spammer's toes.

i live in ohio ...

[capoccia]

My new favorite is the Ohio Statute. Spam must include the full name, either residence or business address, and email address of the spammer and provide an opt-out notice in the same type and size as the majority of the text of the message itself. The statute provides not only for damages of $100 per offense ($50,000 cap), but also allows for an injunction against the spammer. ISPs can also sue for $50 per violation ($50,000 cap - $500,000 cap if the violations were willful). The best part (for the non-lawyers and those who want the executive summary) is that forging headers is a FELONY."

I live in Ohio. If the sender forges headers, how do I figure out who they are?

Even though I don't speak any foreign languages, I get lots of spam in russian (maby other cryllic languages) and chinese (maybe other asian languages). How do I sue these guys?

I'm sure some of the stuff I get is coming from a spammer in Ohio. would it be easier to sue them? or does the law allow suits against spammers in other parts of the U.S.?

So, what's this mean to me as an Ohioan?

[Lendrick]

I'm guessing that, as an Ohio resident, if I happen to get spam from a spammer operating here in the state of Ohio, then I can zap him with this statute. Please correct me if I'm wrong (and believe me, I'd love to be wrong about this), but these laws aren't enforceable across state borders, correct? So if some [insert long string of expletives here] spammer from some other state spams me, there's nothing I can do, even if I know who did it. Right?

Re:So, what's this mean to me as an Ohioan?

[Compulawyer]

I can't give you specific legal advice, but I can tell you this: The law applies to out of state residents who have "minimum contacts" with the state of Ohio such that they can fairly be compelled to show up in an Ohio Court. This is a Constitutional test. It is VERY fact dependent but generally if someone directs an email to you knowing that you are an Ohio resident, then I would say the test is satisfied. Yes, this is the easy case. I can't go any further out on a limb with analysis without specific facts and I can't do that without making you a client.

Bottom line: just because they are out-of-state doesn't mean they are unreachable. Look at other posts above: a phone call can sometimes do wonders.

P.S. - you must be one of the other 6 or 7 people besides me (according to another post) who is online in Ohio ...

Re:So, what's this mean to me as an Ohioan?

[Compulawyer]

A slight clarification -- the law may still apply to out of staters, but the minimum contacts test I mentioned may mean that you cannot force the spammer to come into an Ohio court. You would then have to go to the spammer's home state and sue him (or her or it) there and argue to that court that it should apply the Ohio statute.

Sound confusing? It is. First year law students struggle with these concepts for months during their Civil Procedure class. Lawyers struggle with them for the rest of their careers.

Re:So, what's this mean to me as an Ohioan?

[mink]

Make that 8 in ohio.

It's nice that the ISP can sue but...

[phorm]

How about those who have had their name forged in a header. It's one thing to have a fake header forged, but how about the large amount of just plain p*ssed-off emails one gets because a spammer forged your email address as a return.

People should be taught how to read headers... but realistically, why don't all email clients simply parse the header and display the header email in addition to the "real" one.

California's law is pretty good.

[Animats]

I just asked a spamming mortgage firm for the $50 damages provided for by law. Had to talk to their general counsel, but they're sending a check.

This was a big California firm. Someone had hired a spammer without checking with the legal department, or Legal hadn't read the law, but once I gave them the cite, there was no argument. Nor am I seeing any more spams from them.

California requires "ADV:" on spam, and, of course, my filters trash those immediately. California also makes it illegal to "send, or cause to send" advertising E-mails without that marking. "Cause to send" is key; it lets you go after the company being advertised (who presumably caused the spam by paying the spammer), and after those outfits with "affiliate programs" that encourage spamming.

Major California lawsuits were stalled for a while by an appeal, but late last year, the California Supreme Court ruled the law is constitutional. The Attorney General is starting to go after spammers.

Once this gets rolling, I expect that hammering spammers in the courts will become a routine moneymaker for the plaintiff's bar.

Re:California's law is pretty good.

[91degrees]

It's nice that you can go after the spammers customers, and this will keep the numbers down. The problem comes when people don't know the law. You can still punish them for it of course, since ignorance is no defence, but you can't prevent them in the first place.

Example - there are any number of "Make Money fast" pyramid schemes floating around. These are certainly illegal, but people still distribute them complete with a set of references "proving" that it's legal. People clearly have no comprehension that there is anything wrong with what they're doing, because they provide their full names, and addresses in the email.

We need a way to prevent people from sending these in the first place. Preventing the spammers may work in a lot of cases, but not stoipping their customers. It is always possible for them to find more customers.

Asymmetric threat

[PhilHibbs]

from http://www.darpa.mil/iao/ [darpa.mil]:

The DARPA Information Awareness Office (IAO) will imagine, develop, apply, integrate, demonstrate, and transition information technologies, components, and prototype closed-loop information systems that will counter asymmetric threats by achieving total information awareness that is useful for preemption, national security warning, and national security decision making. (my emphasis)

I think spam, esp. forged headers, counts as an "asymmetric threat" (you gotta love that term!)