NY AG Sues MonsterHut Over Marketing Spam

Ian Hill writes: "This BBC article tells how NY State Attorney Elliot Spitzer has sued marketing firm MonsterHut.com over "millions" of unsolicited e-mails. He claims MonsterHut.com falsely told its clients that e-mails sent on their behalf were sent to addresses who registered themselves as interested parties. Also at question is how exactly these addresses were collected." eviljim adds a link to a press release from New York's Attorney General and a reminder of how MonsterHut was disconnected from their ISP.

Good - Make SPAM cost the spammer

It is about time some of the cost associated w/spam got moved to the spammer. More of this can only be a good thing. If it gets too expensive, maybe it will slow down.

I do worry though about legal remedies just moving the problem to where the laws don't exist.

.

Re:Good - Make SPAM cost the spammer

If Comcast starts charging me by amount downloaded per month, or even just limits me to a cetain amount, I will attempt to sue spammers based on the amount of bandwidth I end up using to download their crap. That will cost per email. Class action anyone?

Re:Good - Make SPAM cost the spammer

The infomercials about growing your penis are paid for by the advertisers. It also doesn't cost you anything to receive them. -- and you can program your TIvo to skip over them late at night (when most of them are on).

I have no problem with the infomercials, because they don't pretend to be anything else, and they don't fill up my mailbox, and they don't cost me more than the cost the person who paid to put them on the TV station.

Besides, if you actually sit up at 5AM watching one of those things, then you obviously don't have anything better to do, so they're providing you a service .. (at the very least, they're helping to pay the TV station for the costs of broadcasting 'buffy'.)

STATE LAWSUIT SEEKS TO END SPAM EMAILS SENT BY NIA

STATE LAWSUIT SEEKS TO END SPAM EMAILS SENT BY NIAGARA FALLS COMPANY

Spitzer Says Company Sent More than 500 Million Unsolicited Messages to Consumers

Attorney General Eliot Spitzer today filed a lawsuit against a Niagara Falls-based "spammer" that sent hundreds of millions of emails to consumers whom it falsely claimed had requested the emails.

"Every day New Yorkers are being inundated with unsolicited commercial emails, or spam," Spitzer said. "Some of the spam is a vehicle for fraud, some of the spam is inherently fraudulent, and much of it constitutes a real annoyance for email user. This lawsuit is the next battle in our continuing fight against online fraud, and an attempt to help consumers maintain control of their email in-boxes."

MonsterHut, Inc., its Chief Executive Officer Todd Pelow and its Chief Technical Officer Gary Hartl, are accused of fraudulently advertising and representing the company's email marketing service as "permission based" or "opt-in," meaning that every consumer to whom they send commercial email has explicitly asked to receive it. In fact, the suit alleges, the company's email lists are only partly "opt-in," and include many consumers who never asked to receive email from the company. The suit also alleges that this false representation of MonsterHut's business practices enabled the company to profit through the deception its Internet access provider, its own paid advertisers, and consumers at large.

The suit alleges that since March 2001, MonsterHut has flooded consumers' email in-boxes with more than 500 million commercial emails, advertising a variety of goods and services. At the same time, negative consumer response to MonsterHut's spam has been overwhelming. More than 750,000 consumers have requested to be removed from MonsterHut's mailing lists, and tens of thousands have complained to MonsterHut's internet access provider, PaeTec Communications, Inc., of Rochester.

Earlier this month, PaeTec cut off MonsterHut from its network, after a New York appeals court held that MonsterHut had violated an anti-spamming provision in its contract with PaeTec. However, nothing in that decision prevented MonsterHut from spamming consumers through another internet service provider.
"We are seeking to prevent MonsterHut from continuing its fraudulent, deceptive and illegal practices, not just over PaeTec's network, but over any ISP in New York," Spitzer said.

The Attorney General is seeking a court order to:

• Enjoin MonsterHut, Pelow, and Hartl from falsely representing the nature of their unsolicited commercial email;
• Require MonsterHut, Pelow and Hartl to disclose how it obtained all the consumers' email addresses; and
• Require MonsterHut, Pelow and Hartl to pay civil penalties and court costs for its violations of New York's consumer protection laws.

This case is being handled by Assistant Attorney General Stephen Kline of Attorney General Spitzer's Internet Bureau

SPAM

No, not the canned mystery meat, the junk e-mail that clusters my inbox everyday. I really hope this case will set a precedent that will deter the 25 or so people that seem to like to spam my account with their 'earn 10,000 a day', 'make your penis larger', 'diet now, lose 100 lbs a day and get paid $1 a pound', etc. I am truly sick of this shit, and I hope that someone gets the message. Of course the trick is to make this non-profitable, either by suing them blind, or by simply not responding to any of these e-mails. Keep in mind that the only reason that they don't do this via snail mail (aka: USPS) is because it actually costs money to mail a letter via this means, otherwise you would find it necessary to have a mailbox 4' X 4' X 6' and it would still be overflowing after 2 days.

Micropayments

It'd be really cool to see mandatory micropayments for UBE - I would be willing to accept the extra load on my mailservers if I know I was making a tenth of a penny per message.

Hell, running an open relay would rapidly go from moronic to profitable :).

--
Phil

The choice is clear and obvious

There needs to be a law in the United States outlawing spam.

All the logic is there an the anti-junk-fax laws. It just needs to be applied to e-mail. This way it would be much easier to prosecute groups like monsterhut.

Re:There is one!

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

Hey, Coward, this is not a speech issue. It's a property rights issue. I don't get upset about junk mail in my postal mailbox; I don't have to pay for it. The sender pays the postage to have it delivered to me. I just carry it to my trash.

Spam, on the other hand, is often times paid for by the recipient. If you want to play First Amendment with me, I'll play Fifth Amendment with you:

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

Since you say that Spam is the sender's First Amendment right, it appears that delivery of said spam is "public use," and can't be paid for by the recipient because there's no just compensation. Spammers can't take my money (private property) to deliver your message (public use) without paying me (just compensation) in return for paying for your message's transmittal.

By the same token, you can't use the Freedom of the Press clause-- for the same reason. I can't be forced to pay (private property) for the publication (reception) of spam (public use) without paying me (just compensation).

If they want to pay me to receive their messages, that would be constitutional. As it stands, sending people unsolicited messages that they must pay for is not only not protected speech, but unconstitutional.

Read more about it [nara.gov]

Re:There is one!

> Hey, Coward, this is not a speech issue. It's a property rights issue

Amen.

I'll see your Fifth Amendment response, and, I'll raise you a Supreme Court ruling.

"Nothing in the Constitution compels us to listen to or view any unwanted communication, whatever its merit. We categorically reject the argument that a vendor has a right under the Constitution or otherwise to send unwanted material into the home of another. If this prohibition operates to impede the flow of even valid ideas, the answer is that no one has a right to press even 'good' ideas on an unwilling recipient. The asserted right of a mailer, we repeat, stops at the outer boundary of every person's domain."

- Chief Justice Berger, U.S. Supreme Court, Rowan vs. U.S. Post Office Dep't, 397 U.S. 728, May 4, 1970.

A man's home - and his email box - is his castle. Any spammer invoking the First Amendment is full of it.

Attorney General Spitzer, YOU ROCK.

Re:There is one!

I'll call your ruling:

Ownership does not always mean absolute dominion. The more an owner, for his advantage, opens up his property for use by the public in general, the more do his rights become circumscribed by the statutory and constitutional rights of those who use it.

Not that I think that spam is good, rather the argument that "My mail server is mine, thus spam is illegal" does not follow.

- Justice Black, U.S. Supreme Court, Marsh v. State of Ala., 326 U.S. 501 (1946)

Re:There is one!

> To take your point a little further. Why can I not bill for time spent disposing of junk mail?

In the US, your mailbox doesn't actually belong to you - it belongs to the US Post Office. They allow you to take mail out of it.

I don't like junk mail, but someone's paying the US Post Office to deliver the snail junkmail to mailboxes which are the US Post Office's property. (To be absolutely technical - I think it's something like "you may purchase and own the physical container on the fencepost near the driveway, but the USPS still owns the space within it.")

> (in addition, materials garbage bags, etc.) What about electricity used to power the doorbell when a solicitor comes?

OK, fair enough :)

The (non-property-rights) issue with spam is the one of scale -- junk mail costs money for the sender to deliver. Door-to-door solicitors are throttled by the time/effort that it takes to walk from door to door. Even telemarketers are rate-limited by the number of drones they can have behind the predictive dialers. (Which is we've passed laws to try and combat the use of prerecorded telephone messages. But even these are rate-limited by the time it takes the recording to play back into the victim's voicemail.)

Spam, regrettably, has no such bottleneck. Even if you don't agree that it's theft of the recipient's mailbox, most of it comes through open proxies and open relays -- which clearly qualifies as stealing service from the victimized hosts.

Whether they're stealing very small amounts from millions of victims (the recipients) or larger amounts from a few victims (the bandwidth stolen from unauthorized abuse of intermediate open relays and open proxies) - spammers are thieves.

Criminal Perjury Charges

Personally, I'd like to see perjury charges brought against the individuals who lied under oath ("All our addresses are opt-in. Honest!") in order to obtain the infamous injunction that prevented Paetec from TOSing Monsterhut.

On a sidenote (with regard to the quest for the email address source), it's fairly common knowledge (enough so that Paetec mentioned it somewhere on litigation.paetec.net [paetec.net] back when they were soliciting affidavits from spammed parties) that a number of the addresses used came from WHOIS records.

Paetec made the mistake...

Paetec made the mistake of agreeing to contract terms that specified that if 2% (I think that was the figure) of the addresses were found to be non-opt-in, that this would be an acceptable margin of error. Presumably MonsterHut would have removed them from the list if asked. Even in the worst case of assuming that every complaint was one of those non-opt-in addresses, the complaints would have had to reach the level of 2% for Paetec to disconnect them under terms of the contact. It's that contact that allowed MonsterHut to get the injunction. MonsterHut didn't need to say that 100% were opt-in ... it only needed to say that 98% were opt-in, and Paetec didn't have enough numbers to prove that more than 2% were genuinely non-opt-in, at least not initially.

Paetec made some legal blunders. The rest of us can learn from their mistakes. I'll give Paetec the benefit of the doubt for being fooled in this case. A future company will not get that from me.

One step an ISP can do (if they didn't stupidly sign away any rights to do this) is to put the spammer on static IP and set up reverse DNS to name them with the spammer's domain name. Then I can block the spammer without blocking the ISP, regardless of the stupidity of the ISP's lawyers. And this is my common practice ... I block just the spammer if they are in reverse DNS identified static addresses. And I block them by their domain name, so if they move, even to another ISP, they are still blocked. They have to change domain name to evade this (and I'm sure many have).

Also, I do all my anti-spam blocking at the server during the SMTP session. I don't want their spam in my servers, and I don't want rejection notices to sit undelivered for days, either. By stopping spam before the mail is delivered, it doesn't get queued and the sending server has to deal with the rejection (but there is still a rejection in the cases of legitimate mail getting caught so the sender at least knows something happened, and can look for a way around).

Monster Hut

Monster Hut makes the best monsters. I love their personal pan monsters, and their deep-dish Chicago style monsters, also. Great for parties. The crispy thin-crust monsters are also good, if you like a nice New York style monster. A slice of their leftover monster also makes a great breakfast. I like to order a medium monster with pepperoni and peppers and olives. This is enough to feed me and my girlfriend (who also loves monster), plus leaves a little leftover for the next day.

Cell phone spamming

...came to my attention last week when my wife signed up for text messaging for her cell phone. Her plan allows the first 100 messages each month free, with extras for an additional price after that. What happens if (when) that number gets on spam lists it can be sent in the form of an email, ie, cell-number@provider.com? At the rate I get spam in my inbox, surely she'll run over the 100 limit, and it WILL cost me money to receive spam. Surely there's cause for recourse at that point?

Wouldn't be too hard to take the ball and run with this one. Get on the message boards and put your number in your sig. Too bad I don't have the time or resources to do it.

Re:Cell phone spamming

That happened to me already.. My account came with e-mail at 10 cents Canadian a message.. but all the e-mail addresses on the network where the same format areacode-phonenumber@companyname so a marketing CO just started randomly e-mailing addresses because they could easily guess valid adressess.. I had to quickly remove the e-mail option from the phone because the charges stated to add up fast... When I asked the phone company if they could block or filter such messages.. they said there was nothing they could do.. I no longer have e-mail on my phone because of stupid SPAMERS!

We need more of this

I hope there is a lot more cracking down on this method of marketing. I've always wondered why it works for them in the first place? Seriously, why do they think that if they keep sending me five copys of the same email EVERYDAY, eventually I will answer? Or why would I answer if they use a completly misleading subject line so that it gets through my filters? They say that they are complying with whatever laws apply by giving you an email address to be removed, but it you mail that, it's either not a valid email, or they just sell your email to others, and you get tons more emails. Obviously some people must answer these emails, but I don't understand how it would ever be worth the cost of thier investment.

I don't know about you...

...but I'm starting to love this man. If he figures out how to make regular old junk mail opt-out, I'll be the first to nominate him for sainthood. He'll have the miracles thing covered.

Gee - Using EXISTING laws!

The only thing stopping the AG's and other law enforcement is a lack of imagination, not a lack of laws. If spam is fraud, pursue it as fraud. If someone is violating copyright, go after the individual. How freaking hard is it?

Simply Shocked

Mr Spitzer's lawsuit against Niagara Falls-based MonsterHut.com accuses it of falsely telling clients that it sent the e-mails with consumers' consent. Under New York state's advertising laws, the company could be ordered to pay a $500 (£342; 538 euros) penalty for each unsolicited message.

I am "simply shocked" that a company would tell such lies to it's customers.

Thank God that we don't know of any other companies that would do something like that.

Tricky...

My spam has been going up over the years, using the same email for 5+ years, seems to do it. And Im a busy Internet poster, and active on mailing lists and online BBS boards, so it compounds matters.

Topics lately that have passed my spam filters, "Your Bill", My Name correctly(most spam dont use names, just email addresses), Actual products that I use, (someone must of sold my email address), Mailing list type headers (vnc/linux kernel/etc).

Funny thing, some mailing lists are tagged as spam, like IGN computer news, which I had to tag as good. Spam takes way more of my time than it should. I know for sure, I havnt opt'ed in for anything, and "Opt-Out" is a fucking joke.

how to stop spam:

Declare the internet the 'land of the free'.

Instead of calling it your 'inbox', it's now your 'american spirit'.

Those dirty emails you send to your wife are now 'vital communications of the heart'.
Your mom nagging you to visit her more often are 'sincere messages from the home front'.

Once we make spam a terrorist act only terrorists will send spam! U-S-A! U-S-A!

big news

This suit has been making the rounds in the anti-spam circles, like the SpamCom [spamcon.org] mailing list and the news.admin.net-abuse.email Usenet group.

It is good to see things heading in this direction. The MonsterHut situation stunk very badly for a long time, and it's good to see them getting smacked for such irresponsible behavior.
-----
Apple hardware still too expensive for you? How about a raffle ticket [macraffle.com]?

Just a thought...

Would be nice if spam companies such as this who periodically engage in widespread consumer fraud could, by court order, have all assets liquidated and the funds distributed to a state task force designed to root out further spam comanies. If this isn't serving the public, I don't know what is.

Korean Spam

the majority of the spam I get is chinese/japanese/korean shit that I can't even read anyway.

Is there a way to filter spam by charset?

Reality Check...

1) NY State Attorney Elliot Spitzer is nothing more than a "Look At Me" political hack that will sue any organization that will get his mug on NY television. He is essentially a shakedown artist that uses the post of AG to harass companies that are not popular with the Democratic Party. Not to say that SPAMMERS are popular with Republicans (at least not with this one). One of his more outrageous shakedowns was when he was suing adoption agencies that did not offer abortion services in order to pander to pro-choice voters. Why would an adoption agency want to kill babies?

2) This case will have no effect on the SPAM that is currently coming into your e-mail box. Monsterhut is already kaput.

3) NY State has no real SPAM laws so Spitzer is mangling current law to go after a defunct SPAM house.

4) Do you really think that Spitzer is going to get $500 a pop for 500 million e-mails from a defunct SPAM house? Or do you think he will waste thousands, if not millions, of tax payer dollars promoting his "high-tech savvy" trying to squeeze blood from a rock?

5) How can the AG of NY State sue a company that "violated the rights of consumers" in other states? Wouldn't that be the job of the US AG or the Federal Trade Commission?

Unfortunately, the time and money wasted by Spitzer in this "Look At Me" case would have been better spent in the State Legislature crafting an anti-SPAM bill that goes after all spammers instead of one high profile SPAM house. Also, this will do nothing about the likes of btamail.net.cn. What is Spitzer going to do about them?

Watch that slope (it can get awful slippery)

Yes, kudos to Mr. Spitzer for finally doing something about spammers. His litigation may make some of the more egregious, mass spammers think twice before trying to force-feed our Inboxes with herbal viagara and penny stocks.

But here is the HOWEVER.

With technology regulation a) not particularly well defined on the books, and b) almost always implemented the *wrong* way (DCMA?), I have little doubt that many legitmate newsletters and mailing lists will get hit by Mr. Spitzer's shrapnel. There are plenty of Attorneys General out there who are not quite so intelligent as sheep (let alone, Mr. Spitzer), and will follow New York's example to the detriment of legitimate mailers.

Damn. Another message for teen sex in my Inbox. Heck, maybe it's worth it....

-FC

Yes!

I've had them blacklisted for a couple years now. I wish other states would jump on the bandwagon. These SOBs deserve to pay. They should be forced to read every piece of spam they ever sent out I think. That should keep them occupied for a few life sentences.

Thank god for Elliot

I am a New York State resident and I must say that Elliot Spitzer has been nothing short of wonderful when it comes to protecting the consumer.

First it was unsoliticited phone calls (we were one of the first states to set up a no-call list). Now I recieve maybe 1 unsoliticited call every 2-3 months instead of 1 or 2 a day (and at dinner time.... arrrrgggg).

Then it was dissent on the microsoft case. In all likelyhood, New York State served as a keystone for the 9 dissident states.

Now we've got Spitzer battling the evil spam demons. My guess is that once again, Spitzer will come out on top.

Spitzer is a definately a defendant of consumer rights and privacy and has been unwavering in his cause.

my .02

We Can't Stop Spam, so Stop Fraud

The main problem with spam is fraud and not its unsolicited nature. Okay, we're all geeks on this bus, so we're angry if we people violate the boundaries of our computer in some unsolicited way (I know it, I feel it too). But there's a difference between getting unsolicited mail from, say someone who's interested in a band you wrote an online review about, and some anonymous mailbot trying to scam you.

The problem is fraud. (1) Spammers forge return-addresses and lie in their subjects to trick you. This makes it hard to weed out unwanted mail. (2) Practically all spam comes from fraudsters. Spam is so despised as a marketing tactic that it cannot be used (openly) regularly by legitimate businesses without them getting a lot of flak.

I hate spam. It drives me crazy. But I believe we will never fully get rid of it, because it makes money. And there may truly be compelling free speech reasons that keep us from banning it (I'm not decided on this point).

But I think three steps would take most of the pain out of spam for me.

1. Spammers who are criminals (stock-pumpers, penis-mightiers) get arrested and deterred/reformed. The NY AG move is a much-needed start.
2. Spam must be given a proper subject like "ADV:", and need a legitimate return address. Violators are subject to large fines and jail.
3. Spammers need to pay for all their bounced mail. Not sure how to enforce this, but it would make me feel better.

Once these things are true, maybe spam will reach the same annoyance level as junk mail in real life: annoying, but not obscene.

Diminishing spam for me

Since I've added a LART list of IP addresses and domains, per SPEWS, i've seen a nice decrease of UCE coming directly to me.

2002-05-01 09:37:21 recipients refused from [212.90.15.164] (RBL relays.ordb.org)
2002-05-05 07:49:48 recipients refused from [210.76.113.46] (RBL relays.ordb.org)
2002-05-07 00:18:46 recipients refused from cis-ns.careinfo.co.jp [210.226.191.114] (RBL relays.ordb.org)
2002-05-09 02:49:48 recipients refused from [200.24.95.174] (RBL relays.ordb.org)
2002-05-13 13:14:06 refused relay (host) to from H=nat170.63.mpoweredpc.net (none) [142.177.170.63]
2002-05-15 18:06:36 recipients refused from [211.218.38.20] (RBL relays.ordb.org)
2002-05-15 23:36:06 recipients refused from w045.z208037064.nyc-ny.dsl.cnc.net [208.37.64.45] (RBL relays.osirusoft.com)
2002-05-15 23:58:10 recipients refused from [211.174.179.8] (RBL relays.ordb.org)
2002-05-16 20:33:15 recipients refused from [202.164.96.4] (firewall-user) (RBL relays.ordb.org)
2002-05-17 04:01:57 recipients refused from [202.164.96.4] (firewall-user) (RBL relays.ordb.org)
2002-05-18 19:16:22 recipients refused from [210.105.80.65] (RBL relays.osirusoft.com)
2002-05-19 11:36:51 recipients refused from [202.164.96.4] (firewall-user) (RBL relays.ordb.org)
2002-05-21 23:41:55 recipients refused from [202.164.96.4] (RBL relays.ordb.org)
2002-05-24 06:53:23 connection from outmta016.topica.com [64.125.140.225] refused
2002-05-24 06:53:54 connection from outmta016.topica.com [64.125.140.225] refused
2002-05-24 07:41:45 connection from bso002.topica.com [64.125.140.241] refused
2002-05-24 08:33:05 connection from bso002.topica.com [64.125.140.241] refused
2002-05-24 09:35:23 connection from bso002.topica.com [64.125.140.241] refused
2002-05-24 10:46:02 connection from bso002.topica.com [64.125.140.241] refused
2002-05-24 12:17:27 connection from bso002.topica.com [64.125.140.241] refused
2002-05-24 14:19:49 connection from bso002.topica.com [64.125.140.241] refused
2002-05-24 16:23:14 connection from bso002.topica.com [64.125.140.241] refused
2002-05-24 19:01:45 connection from bso002.topica.com [64.125.140.241] refused
2002-05-24 21:31:16 connection from bso002.topica.com [64.125.140.241] refused
2002-05-25 00:07:19 connection from bso002.topica.com [64.125.140.241] refused
2002-05-25 05:29:37 recipients refused from www.shinohara.com [209.153.61.10] (RBL relays.ordb.org)
2002-05-25 16:22:30 recipients refused from [203.199.213.3] (RBL relays.osirusoft.com)
2002-05-28 04:37:49 recipients refused from h-64-105-76-95.nycmny83.covad.net [64.105.76.95] (RBL relays.ordb.org)
2002-05-29 08:22:41 recipients refused from [211.102.2.131] (RBL relays.ordb.org)

So you can see I'm rejecting mail per relays.osirusoft.com and relays.ordb.org. My LART list is pretty big, too. But that's just for a small mail server.

If you apply similar rules to a multi-hundred or multi-thousand user system, you can really cut down on tons of UCE. Combine it with spamassassin and UCE will almost never get in your inbox.

Spamhaus.org's collection on MonsterHut

There's a great deal of useful information in

Spamhaus.org records about MonsterHut [spamhaus.org]

It includes such gems as

MonsterHut's PR [spamhaus.org]

and

Whine: MonsterHut Letter to Spam Clients [spamhaus.org]

(scroll down - the header index is identical for these links, but the material below is different)

Definitely worth looking over, for a profile of a spammer.

Sig: What Happened To The Censorware Project (censorware.org) [sethf.com]

No more laws please

What good is governement if they want to govern me? (pennywise)

If we want the government to stop trying to creake things like mandatory age checks before accessing adult material, then we need to stand up and tell them not to create spam laws either.

It is a problem that can be solved technically. We should strive to find better technical solutions instead of finding ways to sue them.

Poor Stupid Me

Here I was thinking it was, not only legitimate, but favored by legislators, this method of everyone in the USA, by default, being opt-in for every sort and channel for solicitation. Perhaps derived from the business community's interpretation of the 1st Amendment (a re-vision not entirely unlike Ashcroft's attempt to re-write the 2nd Amendment, but I digress), promoting and protecting commercial speech to the populace in much the same manner as the populace ought not have regarding political candidates, public figures and the government.

I'm sure if the NY AG, by some miscarriage of justice, wins against MonsterHut, that telephone solicitors, junk mailers and door-to-door sales groups will leap to MonsterHut's aid and have it overturned, thus ensuring their much cherished freedom to do business as usual.

"There ought to be limits to freedom" -- George W. Bush, regarding www.gwbush.com

NY == USA?

Okay, Niagra Falls is in NY so suing is cool, but 500 million emails to just New Yorkers? Of course if all of the 19 million people (last census) in New York state received an equal number of emails that would make about 25 per person which seems reasonable, but if we extrapolate that same rate to the 280 million in the US they sent about 7.5 billion emails from March last year to April when they were cut off. (Think about it, the extrapolation is reasonable) At a very conservative 1kB per html-email this makes about 7.5 terabytes of data they've sent in a little more than a year. Which makes about 20.5GB of email a day. That seems like a bit much to me.
This is all mental math, so please correct me if you've got the time.

Why not whitelists?

It seems to me that the answer to spam is whitelists. I find I get very little non-spam from people who aren't in my address book (you just have to be diligent about keeping your whitelist up to date).

I realize that some people do have a different email usage pattern and do get lots of mail from new senders, but then you could just use an "ask for confirmation" style whitelist filter.

Is there some reason why whitelists aren't more popular (aside from the fact that it's not the default configuration of Outlook [Express])?

A nice change in direction

For those who inforce the law. It seems as though so much time and energy has been spent as of late in the courts to protect big business (read RIAA) from the actions of people (read us).

It's about time the courts were used, en masse, to protect people (us) from the fradulant actions of business (monsterhut and others).

In a free market, business is supposed to be at the mercy of the consumer. We keep the government around to pass and enforce laws when that does'nt happen. It really does make me feel good to see the NY AG doing it's job.

---

I want their servers.....

Hmmmm according to Spamhaus their servers were put under lock and key when PaeTec TOSed them. Hmmmm i wunder how much they want for their equipment.. I could use some of their parts, or they could be put to good use in a RTCW or a Q3 extreme server for that matter. :D

Spam Bad- Fake Addresses worse

Unsolicited email is bad, but the problem is proving an email is unsolicited. I am supposedly on some many valid lists it is unbelievable. I have registered a fresh name, used it to complain about an email, and have been told the new registered address was listed on their opt-in list. When I complained to all the various agents, no one did anything.

No, this current approach is a losing battle. What we must have is transparency. The Spammer cannot be allowed to use fake email addresses. I have complained about commercial emails with fake addressee, and the providers refuse to do anything. There must be an opt-out link or email address that is in the same domain as the from and return address. These address must be in the owner domain, and not Yahoo, Hotmail, or whatever free service they use for one time addresses. The subject line must clearly identify the company being advertised. If the email is to a website, the website must have an email link, and, if it is a DBA, must have a link to the corporation or person.

These guidelines will create a proper and honorable two-way communication. There are companies like (I think) Virtual Holdings that cowardly hide behind fake addresses and do not even put a real address on their domain registration. They keep their costs down by hiding behind fraudulent websites that do not have a single method of communicating with the owner. It is the highest form of arrogance that they think they have the right to spam us, but we don't have the right to spam them.

I know it has been said before, but let me say it again. Get a free email account. When you get a spam, especially with a fake email, look up the registration for the websites advertised. Look up the registration for the DNS providers. Send an email to every address you can find stated how cowardly and dishonorable using fake email addresses is. Let them know we know they are vermin. You do not even have to include your own information, as you are complaining about bad netiquette, not Spam.

Spam is out of hand!

I'll be honest ( and hide under the Anonymous Coward name ), I work for an email marketing company. I can't say who, but it should not matter, I think I will be hated for it no matter what. I do get to see the inner workings of the email marketing world everyday though, and I'd like to throw a little education out there.

Something we all know is that the whole system is corrupt. The current laws passed by the 106th congress are almost never enforced, and spammers blast out billions of email in a totally un-targeted fashion through relays or by deleting their headers. The anti-spammers are just as corrupt, using sweeping generalizations of anyone even remotely associated with the business, coming almost to the points of slander, and using blacklists as extortion tools.

" Extortion?? " Yup. We have found you can easily get off a blacklist with $1000 or more in hand, but if you simply ask to get off the list because you are not a spammer, "Nope. You got on there at some point for something, you must be!" No record check, no records at all. Your business name can be sullied if someone simply puts your URL in a piece of spam. Bribe or no bribe, they don't ask questions of the validity of the argument, but only one way will get you off the list. Not everyone does this, but not all spammers hide their identity or blast millions either.

The entire system is almost defunct. In fact, in my experience, anti-spammer have created their own problem with some fuel from a few abusive spammers.

The email marketing business is like any other, adapting to ensure their way of life. When it first started, removal lists were gold, always honored, and mailings were done through the proper channels, like private or bulk servers. Then a news article pops up about a guys spamming the world, and everything goes to hell. As anti-spammers make it harder to spam, spammers make it harder to be detected. This means removal lists never get made, and no one is ever able to get off of a list. Anti-spammers are so busy taking down sites and killing mail boxes, they are almost making it impossible for even the current laws to be used as guidelines. Spammers are no slackers either. New software is always being created to hide their servers, or are sending from outside the country. Politicians aren't going to help. Much like anti-spammers with no scruples, they will go to the highest bidder.

Email marketing needs something along the lines of traffic cops. People to enforce the laws of "No tampered headers, a valid return address, and a way to be removed from the list" without interference from vigilante groups. ISPs can still enforce mailing limits so people don't use them as cheap ways to blast out millions, and they could also respond to complaints by deleting the account, but also have extra power to report to a working federal authority. Large bulkers would use special bulk ISP's like today, and the government or some regulatory body would be able to keep tabs on the whole process.

But still there is that lingering cry of people saying it puts the costs on the receiver. Though I have never seen one ISP raise their rates because of spam, I would be interested in someone showing me one. But then again, that is the premise of the internet. Requesting a pages means you have to hop through a bunch of servers along the way, costing them bandwidth. Same goes for email. It costs a lot to deal with a complaint, doesn't it? Perhaps even the same or more as any other email? Granted, spam is in overwhelming bulk due to the shoddy system we have now, but the internet still works on the same premise it always has. An inter-connected network of computers sharing the costs to make it cheap for everyone overall. No one is happy about ISPs in Australia charging by bandwidth used, but no one even speaks about the same demands being made on a piece of mail. Everyone pays $40 or $50 a month for their cable modem or DSL, but the people who only use it once a day are not whining that we geeks take up gigs of use a month. 1% of high speed users take up 30% of the bandwidth, but I don't see any of you advocating to more fairly divide the costs.

Is spam a problem now? Yes. Email marketing works, and helps small businesses make their presence known. Unfortunately , many legit marketers get squished in the uncaring cogs of anti-spammers, while most of the major problems are unreachable to CAUCE and Spam Cop. Yes, there is a lot of crap, yes it needs more finite guidelines, and yes, there are a few who are ruining it for everybody. Instead of trying to pass laws and kill email marketing, try and educate and make the system work.

Now we need to get the California AG a clue

The California Attorney General's office now accepts spam complaints. [state.ca.us] But you have to print out a PDF form, fill it out, and send it back on paper.

They accept non-spam complaints from a web form, so they know how to do it right. Clearly they're not serious about stopping spam, even though California has a strong anti-spam law, and the courts have ruled that it is valid. There haven't been any high-profile spam cases from the California AG yet.

(There's a legal challenge to the California anti-spam law, but the spammer is losing. The California State Supreme Court recently decided that the California anti-spam law was valid (Ferguson vs. Friendfinder). Friendfinder may still try an appeal to the U.S. Supreme Court. But that has to happen soon, or the decision is final.)

Stopping Spam...

We're never going to stop spam flat out, but I have started to take an agressive stance against spam during the last few days.

First I grabbed a sendmail access database someone else was using as a base to start my anti-spam efforts from. To this I add domains from which I or a coworker received spam from. One spam and it's done. This list contains more than 9000 domains and IP addresses.

Next I added ordb.org as an RBL. This has helped as well but has also exposed some of our clients as having open relays. I find it interesting to get a call insinuating the problem is with my mail server when the user has not even read the error message. (Which, as you may know, tells them to visit ordb.org to find out what the story is) It is frustrating to explain that I am not going to turn off my RBL because their mail server is incorrectly configured.

I've been using the RBL for about 20 hours off and on and the access database for about two days. So far it has dropped 309 messages intended for a mail server with about 20 users on it.