Spamhaus Fine Reduced From $11.7M To $27K 378
eldavojohn writes "In 2006, anti-spam crusader Spamhaus was sued for 'defamation, tortious interference with prospective economic advantage and interference with existing contracts' after blocking 'promotional e-mails' from e360. What with the case being in Illinois and Spamhaus being a British outfit, Spamhaus didn't bloody care. So, e360 was awarded $11.7 million in damages, which was later thrown out in an appeals court with a request for the lower court to come up with actual damage estimates instead of the ridiculous $11.7 million. (e360 had originally stated $135M, then $122M, and then $30M as sums of damages.) As a result, the actual damages were estimated to be just $27,002. While this is a massive reduction in the fine and a little bit more realistic, I think it is important to note that Spamhaus is a service that people proactively utilize. They don't force you to use their anti-spam identification system — it's totally opt-in. And now they're being fined what a foreign judge found to be 'one month of additional work on behalf of the customers' to a company they allegedly incorrectly identified as spam. Sad and scary precedent."
Spamhaus was right to ignore it... (Score:5, Interesting)
So why didn't e360 try that? I see no info that they tried that at all. (Likely because they couldn't prove they weren't spamming people.) Instead they just sued Spamhaus in an effort to dry them up and get them out of the way.
As the summary pointed out Spamhaus is a voluntary service. Nobody is being forced to use Spamhaus. So why on earth should Spamhaus be forced to pay any damages at all? It's just insane that upon going through the court system _twice_ someone didn't ask "Well e360 can you prove you aren't spamming people?".
Anecdotal note: Many many moons ago there used to be an RBL named the BLARS Block List.
What Blars (yes it was a handle for an actual person) would do is block whole netblocks and then anybody who would complain he'd charge $250/hour to get removed IF he chose to do so. And you would be charged the fee even if he chose not to unblock you. So looking at that right there shows you what I consider the openly worst of behavior for an RBL service. Spamhaus is definitely not that.
Goodluckwiththat (Score:5, Interesting)
Spam/reviews (Score:1, Interesting)
Sure, someone needs to decide to use the service.
People need to decide to utilize product reviews, but that doesn't mean people are allowed to post factually incorrect information in a review and claim that they get a free pass because only the people acting on the review have any responsibility for action/loss of reputation/etc.
(not commenting on the merits of this case in particular)
All emails from e360 should be blacklisted (Score:5, Interesting)
eldavojohn kills babies (Score:5, Interesting)
I think it is important to note that Spamhaus is a service that people proactively utilize. They don't force you to use their anti-spam identification system — it's totally opt-in. And now they're being fined what a foreign judge found to be 'one month of additional work on behalf of the customers' to a company they allegedly incorrectly identified as spam. Sad and scary precedent.
I have it on very good authority that eldavojohn kills babies and eats them for breakfast. He also drove his last 5 employers/clients to insanity resulting in their bankruptcy, and in 2 cases suicide. He is a horrible evil person, and you should never associate with him or employ him.
Remember, nobody's forced to listen to me so I should be allowed to say whatever the hell I want.
Re:It isn't a fine. (Score:3, Interesting)
No, but when the defendant is foreign and the defendant's actions took place on foreign soil, it seems a bit silly to try the defendant in a US court of law. Why not try the defendant in the jurisdiction where the defendant's actions actually took place, under the laws of that jurisdiction?
Re:Spamhaus was right to ignore it... (Score:3, Interesting)
I support anti-spam efforts, but I support the rule of law more. So:
Complaining about how the court handled the case shows you're ignoring one key fact: Spamhaus chose not to appear in court, and by doing so tied the court's hands. Bottom line, although you might want to evaluate this on the assumption that e360 really was spamming, when only one party shows up, the court must take that party's story at face value and cannot make assumptions about whether that party might really be telling half-truths.
Spamhaus made a choice to say "we don't care about IL court"; well, that has benefits and costs. They get the benefits (don't have to bother with the expense of the trial), so it's a pretty crappy attitude to complain that they also must bear the costs (the case is evaluated not on its merits as would be found at trial, but on the basis of e360's side of the story). Looking at it from the perspective the court has to take, then:
I'm having trouble seeing the relevance of the fact that Spamhaus is a voluntary service. I suppose their liability would be greater if they somehow blocked traffic between two parties without having any relationship with either party; but just because the recipient chose to use their service doesn't necessarily releive them of liability for the consequences of their service being used. If I hire a security guard and he beats up a passer-by, does he escape liability because I chose to hire him? (And again, I'm sure you wish to point out the differences you perceive between e360 and an innocent passer-by, but the court cannot consider those assumptions since Spamhaus didn't show up in court to argue them.)
Additionally, it may be that Spamhaus has its own resolution procedure for those who claim they aren't spamming, but a private company's policies cannot trump civil law. It might be polite to try their procedure first, but it is not mandatory.
And finally, what does the fact that other RBL's have behaved worse have to do with anything? "Yeah, Bob punched someone in the face, but Bill over here beat people with lead pipes! Why should we worry about Bob?"
Those arguments might not hold up if all the facts were revealed; in which case it's too bad Spamhaus opted not to pursue the trial and get those facts on the record.
Re:What's more outrageous... (Score:5, Interesting)
Actually the judge could have taken a side when e360 Insight got the case admitted by falsifying the record that Spamhaus was in fact an Illinois company. He/She could have easily thrown it out right there.
I'd like to see them send a message to this judge (Score:3, Interesting)
"NUTS"
Frankly, cases and rulings like this illustrate just how out of control the judiciary is. We seriously should consider bringing back the practice of tar and feathering as a means to punish judges, especially unelected and unfirable for life Federal judges, offer them the choice: Resign or tar and feathers.
Re:Wow, impressive. (Score:3, Interesting)
Keeping in mind the original lawsuit started back in 2006? So its more like 562 dollars a month.
Re:Some justification to fining Spamhaus (Score:2, Interesting)
This defense doesn't work for the torrent aggregation sites (Pirate Bay, Isohunt, etc.) and it would only work here if the various spam lists really were willing to staff the "unlist us" addresses as thoroughly as the "list us" addresses.
I work at a nonprofit that has health care and gang outreach as two chunks of what we do. I have had emails inviting a group of people to a meeting around gang violence flagged as spam in the past, because the subject line was thought to be spammy. Heaven forfend that one of our providers should dare to talk about viagra or erectile dysfunction in an email.
I am not sure if it was Spamhaus per se, but one of the times we were added to a blacklist, I was able to get us pulled immediately. But I was warned by the fully automated removal system that that was a one-time deal and if we were listed again, I would have to wait patiently while they got around to deciding what to do.
With the Barracuda list, there's a for-profit company with 800 numbers that are answered, at least. I don't remember now who it was, but one of the RBL providers got into a pissing match with Yahoo over their mailing list configuration and blackholed Yahoo's outbound mail servers a few years ago.
Accountability with these lists is a problem. The court case immediately at hand isn't interesting one way or another, since it wasn't contested.
Accountability, on the other hand, is something that needs to be addressed a lot better by the RBLs.
Re:What's more outrageous... (Score:4, Interesting)
They were suing in the wrong flipping jurisdiction.
Spamhaus is a UK organisation. They do not have any business presence in Illinois, or the US in general, as far as I know. Suing them in Illinois is about as useful as suing them in North Korea.
If they really wanted damages then they would have sued them in the UK (a country which incidentally has notoriously strict defamation laws). The fact Spamhaus "didn't bloody care" was because it was a frivolous lawsuit 1000's of miles from home.
I'm guessing the reason they didn't is because the UK legal system isn't so easy to shop for an easy win.
Yep, that's what happens (Score:3, Interesting)
If someone sues you, and you fail to show, the court will nearly always rule in their favour. The reason is that in civil court, the burden of proof is a preponderance of the evidence, meaning that their evidence is more likely than yours. So if you are not there to present any evidence, well then they win. For that matter they'll usually win in summary judgment, since there'll be no one to oppose the motion.
As such, if you get sued in a court that has the ability to enforce sanctions on you, you'd better show up no matter how stupid the suit.
In this case, however, there wasn't a reason. Spamhaus has no US operations and as such no US assets to touch. A US court can't do anything to them in a civil matter (in a criminal matter the US could have them extradited). So the judgment is irrelevant. This would be the same situation as, say, if Microsoft were sued in North Korea. Since they have no North Korean operations, they'd have no reason to respond. The courts (this is of course supposing NK has courts) would have nothing they could do.
Re:Just another example (Score:3, Interesting)
Good thing you posted AC. You could get sued for libel!
Re:and regarding your analogy ... (Score:3, Interesting)
Which is essentially what happened here, when Spamhaus didn't show up to defend itself the court was forced to rule against it. But even if they had shown up it wouldn't necessarily have been a win as they'd've had to demonstrate that the assertion was reasonable to the relevant legal standard. Or a that the plaintiff hadn't done all they could to minimize the damages (Not sure about Illinois, I know that's the case here in WA)
Re:What's more outrageous... (Score:1, Interesting)
Bullshit. Spamhaus posted files accessible on the Internet, and people in Illinois had the ability to retrieve these files and do whatever they wanted to do with them, with no business conducted by or on behalf of Spamhaus whatsoever.
Business is a market arrangement in which value is exchanged, and Spamhaus had no arrangements, no markets, and no value exchanges in Illinois. They provided a free file copying service OUTSIDE of Illinois which people from Illinois could willingly choose to go out and use - Spamhaus pushed nothing into the state and did no business there.
I have a file that says Rob Malda is OK, and you should accept any email from him. You can copy it if you want, and I won't care. I am not "doing business" with you when I tell you this.
Re:Some justification to fining Spamhaus (Score:3, Interesting)
I don't know - maybe they made the right choice? If the verdict is unenforceable (and it looks like it is) then defending the case would have been a waste of money.
Maybe some lawyer can answer this: if a case is won by default, can that establish a legal precedent?
Re:Some justification to fining Spamhaus (Score:2, Interesting)
sending 10 malware infested phishing emails to old ladies to steal their bank account info.. or 300,000,000 "buy viagra now" that get spam filtered... which is worse?
Given the 0 cost of sending virtually limitless #s of emails, I think that quoting numbers is pointless *shrug*
Re:What's more outrageous... (Score:3, Interesting)
No.
No the problem was they initially turned up and then walked out.
"Spamhaus didn't mount a defense in the case; the ruling was a default judgment in absence of counterarguments." [cnet.com] That's a little grey, but it sounds to me like Spamhaus didn't initially show up. If you've got a citation that suggests otherwise, please post it.
Judgement made in default != default judgement. Default Judgement = the defense is a no show. Judgement made in default = defense showed but stayed silent (or in the case of Spamhaus, walked out (= refused to answer) when the judge ruled that the court had jurisdiction)
Spamhaus/their lawyers f**ked up
How do you figure? Spamhaus (wisely, IMHO) looked at the case, decided they could spend boatloads of money fighting a frivolous lawsuit which they would *probably* -- but NOT necessarily -- win, or since they are not in the U.S.' jurisdiction, they could save themselves the worry and the stress by ignoring the lawsuit. The court that awarded the win to the spammer has no jurisdiction in the U.K. so as long as Spamhaus' CEO doesn't come to the U.S., what difference does it make to him? It's not like he's going to be extradited for this. If somebody sues me in a foreign country that I never intend to visit, the odds of me spending any money or effort to fight the lawsuit are somewhere between zero and none. Spamhaus did likewise.
Problem is Spamhaus originally appointed lawyers to go to the court. This was the mistake, when the lawyers appeared for Spamhaus, Spamhaus effectively 'appeared in court' (even if to contest jurisdiction). They should have, as you indicated you would (and as I would) not even appeared. If they had not appeared, then the CEO visiting the USA or not would have no effect as the case was heard in the Illinois court, and not in the federal court.
...the result was they had to pay a spammer for the f**kup.
Ummm, no. The result was a judge ordered them to pay a spammer for their strategic decision. It may be subtle, but there is a difference between a judge ordering you to do something and actually having to do it. As long as you are not in the judge's jurisdiction, you don't have to do anything they order.
Second issue in point, and a second mistake to make if you don't consult a lawyer. There is this little treaty with the UK, USA, Canada, Australia and most of Europe, known as the 'cross border enforcement treaty'. If you hold a judgement from a US court in your favour (not a default judgement - note the difference I mentioned above) against a UK entity you can apply to the UK High Court to have your judgement enforced, the ONLY defense against it is that the court where the case was heard did not have jurisdiction. Problem is Spamhaus worked out when it was too late that 'judgement in default' is not a 'default judgement' and therefore cross border enforcement would be applied. This is why they first tried to appeal the judgement (and were refused because they 'appeared') then appealed the amount of damages.
The simple facts were, they screwed up (they even admit it themselves that they "had advice which was incorrect") a judgement which is enforceable was made against them, they appealed on the only option - the amount of damages, and they won their appeal by having the damages reduced to $27k.
Net effect, they lost the case, they will pay or risk copping significantly more costs when/if it is brought to the UK high court for enforcement. That said, rumor has it, the game is not over, but only time will tell.
Note: this has been discussed to the death on NANAE where someone reportedly from Spamhaus responded with "please don't give the spammer ideas".
Re:Some justification to fining Spamhaus (Score:3, Interesting)
The way to not send spam is to not use email commercially. Any form of email that is sent out from a company that is not requested in writing (in triplicate!) by an anti-spam zealot is spam.
We have a double-opt-in mailing list. We have been blocked because the confirmation to join the email list has been sent to spam traps. Simple answer here is not to use a mailing list.
Receipts mailed to anti-spam zealots are considered to be spam and reported. This takes someone's time to sort out and try to get unblocked - which is usually successful. Simple answer is that we are trying to avoid emailing receipts for purchases. We either let some other eCommerce provider do it (and let them take care of the fallout) or moving to a web-based system where your information is retrievable on the web but never, ever emailed.
We have been blocked by Yahoo for some unknown reason, probably some rather uncommon RBL. There is no known way to get off this list because nobody has ever identified it to us. Yahoo is pretty much uncontactable for this and their blocking does not result in a "bounce" but just dropping the email.
Email is pretty much useless today for any sort of commercial communication.
Re:Some justification to fining Spamhaus (Score:3, Interesting)
for most RBL's there is no accountability or appeal. They get to publicly call you a bad name (intentionally damaging your reputation and encouraging others to act on it), and expect you to just take it. They act completely irresponsibly, and assert that, effectively, accountability doesn't scale -- they couldn't possibly review all the businesses they slander via their algorithm. '.
Spamhaus is no more accountable than the rest, but their removal mechanism is fast and clean. You're describing something more like SORBS that causes more harm than good in the fight against spam.