First CAN-SPAM Lawsuit Filed in California 167
rocketjam writes "Foster City, California-based ISP Hypertouch, Inc. has filed the first lawsuit alleging violations of the new Federal CAN-SPAM Act of 2003. The lawsuit was filed against BobVila.com and the spammer they hired, Bluestream Media, for sending Hypertouch customers unwanted, unsolicited email advertisements for Vila's "Home Again Newsletter." The suit alleges the defendents sent spam email ads with fraudulent headers and no physical address. It also alleges the emails were sent to randomly generated and harvested addresses as well as addresses that had replied to opt-out links in other spams. Hypertouch's attorney, John L. Fallat, said the CAN-SPAM Act offers little protection to the public, but they would use the few protections it offers to punish spammers." Reader Clemence links to Wired's coverage of the suit.
Fraud (Score:5, Insightful)
Faking an email header, return address, etc. is supposedly illegal under CAN-SPAM. If this is fraud, then wasn't this illegal before CAN-SPAM?
M
Re:Fraud (Score:1, Funny)
-os
Re:Fraud (Score:5, Insightful)
Re:Fraud (Score:2, Interesting)
Kind of like sales tax?
Re:Fraud (Score:2)
Re:Having our cake and eating it too? (Score:2)
Yes.... (Score:4, Informative)
Re:Fraud (Score:2, Interesting)
There is also fraudalent advertising that does not require the element of reliance to be considered.
Now, if you claim you are JFK's son anwhen you meet a woman, then you date her, you are committing a fraud (presuming you are not JFKs son), but then may not have the requirments for a fraud action in California.
Re:Fraud (Score:5, Insightful)
If you're trying to sell me something with false information, it's fraud. If all your doing is trying to get someone drunk and naked, well...
Your example is just garden-variety dishonesty (unless, of course, one of you expects a bill or two left on the nightstand).
Re:Fraud (Score:2)
Emphasis mine
Kinda like "I did not have sex with that woman"?
Note: This is not a serious statement. Do not read anything into it. Do not read btween the lines. It doesn't matter who said it. It's still funny, so laugh, dammit.
Re:Fraud (Score:2, Funny)
I, for one, will work towards making that a reality. ;)
Re:Fraud (Score:1)
Hmm (Score:5, Insightful)
But then I thought about it. How much of the problem is caused by ignorant businesses who just happen to hire the wrong marketing firm, and just say "we want you to increase our exposure on the internet" and don't realize this means millions of spam mails sent illegally through hijacked SMTP?
Perhaps to some degree education is the answer. If other legitimate businesses see bob vila getting smacked for spam mail, maybe they'll panic and make absolutely certain the people they're hiring aren't sending fraudulently-sent spam.
Re:Hmm (Score:5, Informative)
One of the most compelling aspects in deciding to file this case was that among the various emails messages in their spam run they managed violate nearly every ISP-actionable part of CAN-SPAM. Specifically various email of the spam run had one or more of the following violations:
1) No street address
2) False headers, including
a) SMTP HELO's with names whose IP addresses don't match the originating IP
b) Domain names used in the headers that were registered with false names...
3) Addresses that had been submitted to the opt-out mechanisms of other spam
4) Random and harvested addresses, include domain registration contact addresses.
Re:Hmm (Score:5, Funny)
And all this time I thought HELO DUDE was a perfectly legit way of identifying oneself to an SMTP server...
Re:Hmm (Score:5, Funny)
Re:Hmm (Score:5, Insightful)
That's interesting.. when you send a mail from a windows machine, it uses its NetBIOS name as it's HELO.
Surely, that's name doesn't match the original IP address when you try to resolve it from the recipients computer.
Is it me, or is this one of those overly broad clauses they only apply when they need to?
HELO behavior and greylisting (Score:4, Interesting)
Indeed, I might be willing to discriminatorily greylist [puremagic.com] all mail from any remote Windows system. (Greylisting: Sending a 4xx temporary failure the first time a host tries to send mail to a particular recipient. This causes a normal MTA to retry in a few minutes, but fire-and-forget spamware and worms generally abort.)
How to apply this to Windows only? OpenBSD's passive OS fingerprinting would be a start. It allows one to selectively redirect traffic based on the detected OS, and thus to offer different quality of service based on the quality of the client system. Since there is a much greater likelihood that a given Windows host's connection to my MTA is delivering spam and worms than that a given Solaris or Red Hat host is delivering spam and worms, there is a good reason to deteriorate service (as by greylisting) for Windows hosts -- as long as it can be done in a way which retains (eventual) delivery of real mail.
If Unix mail server admins all chose to greylist remote Windows hosts -- including Windows MTAs as well as client hosts -- then Windows servers would eat the cost of keeping messages in queue during the greylisting period. This would, effectively, be the cost of proving you're a real Windows MTA, not a worm or spamware. This lays part of the burden of the Windows system's susceptibility to malware back upon those responsible for it (deployers of Windows) whereas currently they are able to offload it upon the rest of us in the form of junk mail from worms.
(Incidentally, yes, the majority of mail exchangers run some form of Unix. Less than half, however, run Sendmail.)
HELO HOMECOMPUTER (Score:2, Interesting)
I did this in November and so far its trapped tens of thousands of spam mails and less than ten valid mailers. Of these valid mailers, two said they had no idea they were using these names and promptly changed them to FQDNs, one was not happy, and the others didn't respond to my messages so their mail is still trapped/refused - my users didn't want the mail
Re:Hmm (Score:2)
Surely, this depends on the mail client? Nothing to do with Windows specifically, anyone can send anything they want as the HELO parameter. If some broken mailer chooses to use the NetBios name, then that's a client problem, not OS.
Re:Hmm (Score:1, Flamebait)
I don't know what kind of stunt you are pulling here, but I don't really give a whole heap of credibility to someone who files a lawsuit and then goes talking about it on slashdot.
When the CANSPAM act was being debated at the FTC the big issue everyone was worried about was that the law would be used by gold-diggers against the folk with the deepest pockets. This is apparently what had happened in Utah were the act quickly became a f
Re:Hmm (Score:4, Interesting)
Unfortunately, more than half of the spam I'm getting lately is now from the fake viagra ones, that, while using viagra, have nothing to do with pfiser, and the actual company isn't mentioned at all, so all you can do is go after the spammer, and not their source of funding.
Re:Hmm (Score:3, Insightful)
Although, in the long run, this might work out if BobVila.com loses. If hiring non-compliant spammers for advertizing becomes a liability, maybe they'll go out of business!
=Smidge=
Re:Hmm (Score:2, Informative)
Re:Hmm (Score:2)
Actually, nobody can sue Pfizer - in civil suits loser pays court costs, and the win is not exactly guaranteed... In other words, choose your battles carefully.
But when you leave your car for restaurant's attendant to park it in a 3rd party parking lot, and he damages it, you sue the attendant (for
Re:Hmm (Score:2)
Re:Hmm (Score:4, Insightful)
Bob Vila might not have known, true, but that's highly unlikely. Blue Stream are in it up to their skinny necks. In either case, they're all responsible under the law, and be glad for that. Otherwise the classic defence will be 'we didn't know, and the employee who did that terrible thing for us is long gone, and we don't have a forwarding address'.
Re:Hmm (Score:4, Funny)
Re:Hmm (Score:3, Interesting)
It defeats the whole purpose of a subcontractor if you have to micromanage them.
Now, if you are micromanaging a subcontractor and you encourage them to do something illegal, it may be a different story.
Also, it seems sufficient to deter us-based spamming if the person doing the spamming is h
ignorant businesses (Score:3, Interesting)
Re:Hmm (Score:1)
Show how useless it is (Score:5, Insightful)
If this case gets a lot of press coverage, it might help show people how utterly useless the CAN-SPAM act really is.
If a lawyer says its near useless, you know it must be bad. Hopefully the NY Times covers this in depth.
At least for once they are suing the company who uses the spammer and not just the spammer.
Re:Show how useless it is (Score:5, Funny)
Re:Show how useless it is (Score:3, Insightful)
Re:Show how useless it is (Score:2)
Maybe it will, but when it's over, everybody will forget it like was yesterday's slashdot story. The FUD about the "benefits" of CAN-SPAM will continue to be printed every day.
Hopefully the NY Times covers this in depth.
Oh, no! Not the NY Times...I've already forgotten the last three thousand names I used to register:-)
If a lawyer says it's near useless, it's because he/she doesn't see
Re:Show how useless it is (Score:2)
You jest, but few on here realize the sway the NY Times holds. Many business professionals read it daily in print form. Hell, I'm a college student in Minneapolis and I have a subscription. The NY Times is one of America's biggest news sources, and that was BEFORE they had online access.
Say it ain't so! (Score:3, Funny)
This Old Dot-Com (Score:3, Informative)
Re:This Old Dot-Com (Score:2)
Vila, whose wife, Diana Barrett, is a senior lecturer at Harvard Business School...
Uh, where was she when hubby decided to get involved in spamming? This is very interesting...
California's tougher law still has some effect (Score:5, Informative)
So for any spam that has a forged header or a misleading subject, California's new law, with the $1000 per spam penalty, will still apply. California allows private suits in small claims court by any party. So you can haul the bozos into court. Maybe even across state lines.
A year or two from now, we'll be rid of the chickenboners, but we'll be getting even more spam from "legitimate businesses".
Re:California's tougher law still has some effect (Score:4, Informative)
"(a)(1) In addition to any other remedies provided by this article or by any other provisions of law, a recipient of an unsolicited commercial e-mail advertisement transmitted in violation of this article, an electronic mail service provider, or the Attorney General may bring an action against an entity that violates any provision of this article to recover either or both of the following:
(A) Actual damages.
(B) Liquidated damages of one thousand dollars ($1,000) for each unsolicited commercial e-mail advertisement transmitted in violation of Section 17529.2, up to one million dollars ($1,000,000) per incident.
(2) The recipient, an electronic mail service provider, or the Attorney General, if the prevailing plaintiff, may also recover reasonable attorney's fees and costs.
California Business & Professions Code sec 17529.8
Re:California's tougher law still has some effect (Score:2)
Argh.
Meanwhile, the lawyers are ecstatic. No job security there, nossirree bob...
SB
Re:California's tougher law still has some effect (Score:2)
Actually, any feature designed to defeat spam filtering inherently consitutes "falsity or deception" (its entire purpose makes spam appear to be non-spam). Proper enforcement of this law would give spammers the choice of insuring that their spew is trivially easy to filter or paying the penalties.
Opportunism (Score:5, Interesting)
Sounds like there could be money in setting up as an ISP, and sueing any spammers who use you for $100 per message. Given the millions of messages an individual spammer can send, even one victory against them would result in a cash windfall for the ISP concerned.
Who pays for the spam? (Score:3, Insightful)
Re:Who pays for the spam? (Score:5, Insightful)
Re:Who pays for the spam? (Score:2, Interesting)
Re:Who pays for the spam? (Score:2)
Give me Convenience or give me Death -DK
Re:Who pays for the spam? (Score:2)
No charge for the fact checking.
Spammers "can" spam (Score:2, Interesting)
Re:Spammers "can" spam (Score:2)
Not really (Score:1)
Act may be more useful than we think (Score:2)
The physical address of a spammer is more difficult to change cheaply and, if trained properly, will find it's way into bayean databases.
I guess we will see over time.
Incidentally, my mailserver (and my company's mailservers) reject any emails with "bluestreammedia.com" in the body and have done so for some time.
Re:Act may be more useful than we think (Score:2)
s
Here ya go.
Re:Act may be more useful than we think (Score:2)
Similarly, the CAN-SPAM act requires UCE to be marked, but doesn't specify how, which makes filtering hard.
But it's not over. The FCC has the authority to enforce CAN-SPAM, and they are (supposedly) working on standards. Of course, any slashdotter could have come up with a workab
CAN-SPAM, Politrix, and the unsuspecting victims (Score:3, Insightful)
Firstly CAN-SPAM is nothing more than a political tool used by a tool this election year nothing more. For the US to claim to have made a law in places where laws mean nothing - e.g. about those pesky APNIC/LACNIC domains. Now, considering a huge portion of spam gets sent by users whose machines are infected with annoying ass viruses, what is the government going to do aside from possibly bringing in innocent victims - users whose machines were infected or rooted - to court and make them stand trial for something they didn't even know they did.
Secondly, with every Joe Blow dot com stepping on the scene, how many companies with misconfigured mail servers fall victim to going to court?
Re:CAN-SPAM, Politrix, and the unsuspecting victim (Score:1, Insightful)
They can sue the person the spam mail was sent on behalf of, and subpeona the names of the actual spammers, then charge them with hacking the computers used to send the spam.
For it
Re:CAN-SPAM, Politrix, and the unsuspecting victim (Score:3, Insightful)
Re:CAN-SPAM, Politrix, and the unsuspecting victim (Score:1)
I am suggesting that they would subpeona the end person who hired the people to break into it. I.E. the person selling the product or service advertised in the spam.
Obviously this isn't going to do much good if this person is some kind of crime organization running a scam out of nigeria or something. However, it's not like 100% of spam is sent by organizations performing scams in countries which are unwilling to cooperate with a fraud investigation in the U.S.. I would say we
Windows: the (un)suspecting victim (Score:3, Funny)
Question (Score:2, Interesting)
The idea here (Score:2, Interesting)
The idea here is to increase the accuracy of filter-based spam fighting techniques. If we can assume-- because the CAN-SPAM act requires it-- that e-mails sent within the U.S. have accurate header information, we can set up much stronger e-mail filters based on that assumption.
We can't assume email from the netherlands has this assumption, but this just means that these filters are going
great publicity (Score:3, Interesting)
Real Time Filters (Score:3, Interesting)
Re:Real Time Filters (Score:2)
Two things make this difficult:
1) zombies - many of the trojans install spam-sending zombies so the IP addresses are different
2) random nonsense is inserted into consequitive spams to make the non-identical
Of course filters are getting better and no doubt will deal with these techniques in the ever-escalating arms race that is spam.
Spammers must die! (Score:1)
Hah! (Score:5, Funny)
Re:Hah! (Score:2)
you can be sure... (Score:5, Funny)
Re:you can be sure... (Score:2)
So, whether he made the decision or not, he's responsible because he owns at least a good chunk of the company that the decision maker was acting on behalf of.
Re:you can be sure... (Score:1)
Re:you can be sure... (Score:1)
I wonder whose cell would be nicer... (Score:5, Funny)
Re:I wonder whose cell would be nicer... (Score:4, Funny)
sorry, I hadda do it
SB
Re:I wonder whose cell would be nicer... (Score:2)
(Does Craftsman have a crochet hook in their line of tools? I do remember that they had a ready supply of 10 and 15 Torx drivers when they were needed to get into a Compaq box. I haven't thought about that in years, but when I needed them and couldn't find them, I got them at Sears.)
Re:I wonder whose cell would be nicer... (Score:2)
Mod parent up...
I don't know about Craftsman...haven't bought in years, don't have a catalog around. I think there's an online one tho
SB
How long before a decent set of laws/legislation (Score:1)
FYI: lawsuit homepage... (Score:5, Informative)
One of the biggest problems with CAN-SPAM Act that we are hoping to educate the press so they can inform the public is that the Act says end users _must_ contact each spammer and opt-out. This is of course exactly the opposite of what ISPs have been tell their customers to do. "Opting out" merely gives the spammer have a live address. Some of the email addresses defendants sent spam to were unique addresses submitted to a "virus software 90 % off" spam. In no uncertain terms, "opting out" of spam signs you up for more spam.
We were surprised when even after we told BobVila.com about the quality of the lists their hired spammer was using, they still refused even just to promise they'd never use BlueStream Media again... Right before we filed the action, one of our users received a new BobVila spam, this time sent through a Florida based spammer.
Re:FYI: lawsuit homepage... (Score:1)
BobVila.com has posted a reply... (Score:3, Informative)
Bob Vila is more or less fictional... (Score:5, Informative)
He was a nobody until a PBS series called This Old House came along in 1979. He was hired as the host of that show. His job duties there were to read the opening and closing sequence lines, and to interview the experts who really did know what they were doing. He was not one of those experts, he was just asked questions to the experts.
In 1989, when he left This Old House, he created his own TV production company, and used his association with home improvement to get endorcement deals. His primary sponsor is Sears, and his Home Again series can more or less be seen as a Sears infomerical at times. (Sears has always been a title sponsor, and controls a large chunk of the ad space within the program. The content portion of the show might not hit you over the head as an ad, but notice the clear bias when it comes time to select which company's products to work with.)
His primary line of work these days isn't as a home improvement expert, it's in being the pitch man for Craftsman tools and other Sears brands. He'll endorse other products too, but that's really the only skill people pay him for. You never see him doing any of the work on his TV shows, and that's for good reason...
Re:Bob Vila is more or less fictional... (Score:2, Insightful)
From a Dec 2001 article: [bizforward.com]
Perhaps that's when the slide to the spammy side started?Re:Bob Vila is more or less fictional... (Score:2)
Re:Bob Vila is more or less fictional... (Score:2)
I'm no fan of Bob Vila, but if you were on job sites for 10 years asking questions of experts all that time, you'd be bound to learn a thing or two about homebuilding.
I'm j
What else is new? (Score:3, Offtopic)
Seriously, ever notice that he does nothing but talk to the people doing the work, and the few times he actually picks up a tool he even makes me seem coordinated?
A while ago some friends and I caught an old episode of This Old House when Vila was still on it, and in this particular episode he was talking to Norm Abram as he was putting on some wooden shingles. Bob decided to show show his ineptness by putting up a few himself. Comparing the two would have been sad if it hadn't been so damned funny...
Re:What else is new? (Score:3, Informative)
Vila was not hired because he knew about construction. He was hired because he looked credible, and could speak well to the camera. He was the host of the show, and that's it.
Will it help any? (Score:5, Interesting)
The sad thing is during a recent review of my spam trap account (11800+ email in 3 months) a grand total of 30 of them were from "legitimate" business. The rest were for your usual run of penis pills, bad mortgages, "Stop spam now" software, and herbal vi@gra.
Now, if I could collect on each and every one of them, I'd be a wealthy man. But the vast majority are coming in through open proxies or trojaned Windows boxen, and are annoyingly difficult to track back to their source - which is often off-shore and out of reach of the CAN-SPAM act in any case.
Going after a legitimate" company like this is may put a slight damper on SPAM sent by "real" companies, but it does little or nothing to stem the flood tide of crap we get from the low lifes who are at the root of the problem.
Tracking Spammers (Score:3, Interesting)
Just imagine for a sec (Score:3, Funny)
Wow. The mind boggles.
Prolly never would have happened if Norm were still on board.
My seemingly obvious method of getting rid of spam (Score:3, Insightful)
I can see the potential for people to 'fake-spam' and get a company into trouble, but is this the only problem?
Re:My seemingly obvious method of getting rid of s (Score:2)
Re:My seemingly obvious method of getting rid of s (Score:2)
Re:fraudulent headers? (Score:4, Insightful)
Re:fraudulent headers? (Score:2, Interesting)
No attempt was made to destroy or steal anything. Even the theft of bandwidth is comical. Compared to how most
Let's jump off this litigation wagon fo
Let's put a spin on this slightly. (Score:2)
BUT... it is somewhat satisfying to use it against them, ridding the Internet of another vaccous marketing firm, regardless of the circumstances.
In an ideal world, my upstream mail relay would reject all email that wasn't signed, and I'd have all my friends keys on my keyring.
But I will have to settle for this...
I mean, does anyone cry if a slashdot troll dies? I know I wouldn't.
Re:fraudulent headers? (Score:2)
You are arguing that sending spam with forged headers is OK, and still believe that you hate spam as much as anyone? You aren't paying attention. I guarantee that I hate it more than you do - that's why I'm not arguing that spam is OK. (Much less spam with forged headers.)
Re:fraudulent headers? (Score:2)
My computer and ISP are my private property. You are not authorized to use them for spamming. QED.
A mail system by nature invites all comers.
Nope, any more than a front door by nature invites all comers. It is long overdue for the law to treat circumvention of spam filtering as severely as it treats the meatspace version of breaking and entering.
Re:fraudulent headers? (Score:2)
Wrong. A spam filter is a refusal to accept email from all comers. The evasion of a spam filter is deliberate (because the use of any filter evasion technique is prima facie proof that the mailer knew that his message had been prohibited by at least some recipients) trespass.
A better analogy would be....
Nope; my analogy is the correct one. You either believe in private property rights or you don't; I do, therefore I understand that spamm
Re:fraudulent headers? (Score:2)
Yes, if it's done with the intent of gaining unauthorized access to other people's property (e.g. computer cracking, evasion of spam filtering, fraudulent electronic bank transactions, etc).
Re:foster city (Score:4, Informative)