The CAN-SPAM Act is supposed to protect us from unwanted commercial email but some U.S. based spammers, who usually call themselves direct marketers, have found a loophole to get around the requirements placed on them by the law.

CAN-SPAM says commercial emailers must provide a clear and easy way for recipients to opt out of receiving further messages and they must promptly honor those requests. What some sleazy marketers have found however, is that they can get around having to do so by changing their name. They send a blast of spam as XYZCompany at XYZ.com. They get a flurry of opt out requests and instead of honoring them, they change their name to XYZCompany1 at XYZ1.com.  More spam sent, more requests received, and they change their name again, this time to XYZCompany2 and XYZ2.com.

What can be done? It’s up to the U.S. to change the law to say that direct marketers and commercial emailers must get permission from consumers BEFORE sending any of their spam. In doing so the U.S. will fall into line with spam laws in most other countries.

Will this happen? That’s anyone’s guess. The Supreme Court’s decision to allow businesses to spend as much as they want on political campaigns may have a less than pleasant effect on the law. In the meantime, if your company is using this practice, stop. It’s not legal and it’s not good business.

Australian financial services firm CommSec was fined $55,000 (roughly $48K US) for violating that country’s Spam Act. The Australian Communications and Media Authority (ACMA) levied the fine after it launched an investigation into the company’s mail campaigns and found they were in violation of the Spam Act. That Act, like the CAN-SPAM Act, requires that all commercial email include a way to unsubscribe and that emailers honor those requests. The ACMA’s investigation, prompted by numerous consumer complaints, found that the company’s emails had no unsubscribe directions and that they ignored requests from consumers who asked to be taken off their mailing list.

          “ACMA expects that Australian businesses take note of this outcome,” ACMA chairman Chris Chapman said. “Under the Spam Act, every person has the right to unsubscribe from receiving commercial electronic messages and to have that request acted on effectively and quickly. The failure to act on a request can result in significant penalties if a business is found to have breached the Act.”

CommSec sent over 6 million advertising emails in 2009. The company says it has agreed to have an independent consultant to review its compliance systems and to also provide additional training to its staff.

A CAN-SPAM court decision may hurt the private domain registration business.

Spammers hiding behind private registration of domain names to spread junk email received a slap in the face recently by a federal district court in California. In their attempt to nullify the U.S. CAN-SPAM Act the garbage pedlars argued, among other things, that the law was unconstitutionally vague because anyone trafficking in private domain registrations could be held liable for materially falsifying an identity under the statute.

Ironically, private domain registrations were created to protect domain owners from spammers, scammers, telemarketers and other unsavory types. Under the process, domain owners who want to keep their personal  information private enlist another company, a proxy registrar, to register their domain for them. The domain owner retains control of the domain, but for public purposes, such as listing in the WHOIS directory, the proxy’s contact information is listed as the owner of the domain. The rub to the process, though, is that anyone can use it–even spammers seeking to hide ownership of their domains. It’s a  pair of such spammers that found themselves  appealing their prosecution before the Ninth Circuit Court of Appeals.

The case, U.S. v. Kilbride, involved a pair of porn spammers operating through a company based in the small African nation of Mauritius. Their spam, which generated 662,000 complaints with the U.S. Federal Trade Commission, violated CAN-SPAM in a number of ways including forged headers, fake email addresses and phony contact information. A jury, after a three week trial, convicted the defendants of criminal CAN-SPAM violations and other charges. One smut circulator received a 6.5 year prison term; the other, five years in the Big House.

In their arguments before the court, the skin merchants asserted that CAN-SPAM is too vague in its definition of material falsification to meet constitutional standards because it criminalizes private registration of domain names. The court, however, wasn’t buying that contention. “We fail to perceive any vagueness on this point,” the judges opined.

Passed in 2003, CAN-SPAM provides penalties for anyone, among  other things, who “materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages” or “registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names…” Continue reading Private registration no defense for spammers»

Facebook announced on Thursday that it has won its lawsuit against notorious spammer Sanford Wallace. A judge in San Jose, CA awarded the site a $711 million judgement, the second largest in history to be awarded under the CAN-SPAM Act.

“While we don’t expect to quickly collect the full amount, we’ll work hard to get everything we can,” Simon Axten, a privacy and public policy associate at Facebook, said in a statement.

The suit was filed in February and accused Wallace and his accomplices Adam Arzoomanian and Scott Shaw of running a spamming and phishing scheme on the site. The trio sent messages to Facebook members that contained links leading to malicious sites that stole their login info. They used that info to spam everyone on the compromised account’s friends list. In addition to the hefty judgement the three spammers face possible prison sentences.

Wallace is no stranger to the legal system. MySpace won a $234 million judgement against him last year and in the last decade he has been sued by AOL, CompuServe, Earthlink and many other ISPs. He usually ignores the suits and refuses to show up in court. Earlier this year he filed for bankruptcy to avoid MySpace’s attempts to collect their judgement.

A Washington lawyer had an idea. He wanted to sue spammers but since the CAN-SPAM law allows only ISPs to do so, he decided to become an ISP. He set up a domain and gave email accounts to his friends and family. When emailed, the accounts sent an auto-response that claimed the sender would either agree to stop spamming or pay $500 per spam message. The lawyer, James Gordon, then sued email marketing firm Virtumundo for $10 million dollars claiming damages under the CAN-SPAM Act.

Continue reading Lawyer’s Spam Fighting Idea Backfires»

A Michigan man faces up to 3.5 years in prison for his part in a penny stock spam scheme that involved the sending of millions of emails.  63-year-old Alan Ralsky and his son-in-law Scott Bradley faced a 41 count indictent under the CAN-SPAM Act. Ralsky also pleaded guilty to stock fraud and money laundering.

          “Alan Ralsky was at one time the world’s most notorious illegal spammer,” U.S. Attorney Terrence Berg said after the plea. “Today Ralsky, his son-in-law Scott Bradley, and three of their co-conspirators stand convicted for their roles in running an international spamming operation that sent billions of illegal e-mail advertisements to pump up Chinese ‘penny’ stocks and then reap profits by causing trades in these same stocks while others bought at the inflated prices.”

The pair and nine others operated a penny stock pump and dump scheme. They sent out unsolicited emails to millions hyping a worthless Chinese penny stock. When unsuspecting victims fell for the come ons and bought shares, it artificially inflated the stock’s worth. Ralsky and the others then sold their shares for huge profits and left their victims hanging.

They used forged headers, proxy computers and domains registered under fake names to send their spam without being detected. Prosecutors plan to recommend 35 to 43 months in prison, a term Ralsky agreed to as part of his plea deal. The deal also includes a fine of up to $1 million and an agreement on Ralsky’s part to assist government in future investigations.

Former Senator Bill Bradley sits on the board of a company called QuinStreet, which has been identified as a major spammer. It labels itself as a leading “vertical marketer” but experts say that’s frequently a code word for spamming. QuinStreet’s clients include trade school DeVry, several dating websites, and credit card and gaming companies.

          “There’s a class of company called ‘affiliates,’ and they’re basically organizations that send spam for some other company that holds the product,” said Adam O’Donnell, Director of Emerging Technologies at Cloudmark Inc., an Internet security firm. “Think of it as a third-party marketing firm that does the dirty work of sending spam.”

The company has been the target of many complaints about its allegedly aggressive spamming activities, both under the QuinStreet name and under aliases such as VendorSeek, and it’s likely they could be in violation of the CAN-SPAM Act as some of the complaints say the company refused to stop sending junk mail even after they clicked the opt out link.

While companies like QuinStreet try to hide their spamming behind affiliates and shell companies, the fact remains that spamming is spamming and the CAN-SPAM Act isn’t to be taken lightly. It carries an $11,o00 fine per offense. Before you begin any kind of email marketing plan, review the law with your legal department and make sure your company is following it to the letter!

Disgraced former FL District Attorney Jack Thompson is facing spam charges for flooding a Utah State Senator with complaints about the CAN-SPAM Act. Oh the irony!  Thompson was disabarred last September for making false statements to tribunals, disparaging litigants and other lawyers, and improperly practicing  law outside the state of Florida.

The possible spam charges come as a result of another barrage of emails he sent in an attempt to pursuade Utah lawmakers to override a veto of a law that would have made the sale of video games labled Mature illegal. Thompson is a rabid anti-video game activist.

          “In the grip of such legislative ignorance, Mr. Waddoups has today threatened Mr. Thompson with criminal prosecution by Utah’s Attorney General for writing him, the ultimate purpose of which is to encourage Utah legislature to override Gov. Huntsman bizarre veto,” reads Thompson’s press release. “Thompson also informed Sen. Waddoups that the same Attorney General he wants to have prosecute Thompson has received thousands of dollars from the video game industry whom Mr. Shurtleff now helps protect. Gov. Huntsman has received their money as well. What a surprise. This is pay to play in Utah. Maybe the whistle blowing as to this is what concerns Mr. Waddoups the most.”

The email in question included an image of two barely clad women about to give a Grand Theft Auto IV character a lap dance. When State Senate President Waddoups asked to be removed from Thompson’s email list, he refused, leading Waddoup to seek charges under the CAN-SPAM Act, which carries fines of up to $11,000. Thompson pledges to fight any charges and keep his vendetta against video games going strong.

The CAN-SPAM (The Controlling the Assault of Non-Solicited Pornography and Marketing) Act is celebrating its 5th birthday. President Bush signed it into law in December 2003. The act mandated that marketers comply with the following mandates:

• Ensure that the “FROM” line clearly reflects the sender’s identity
• Include subject line text consistent with message content
• Include their valid postal address
• Contain a working opt-out mechanism as a way for the consumer to decline to receive further commercial email from the sender. (Although most experts advise never clicking an opt out link in a spam message as it usually just tells a spammer your address is active and actually reads spam!)

Continue reading Happy Birthday CAN-SPAM!»

Facebook won its case against a spammer, Adam Guerbuez and his company, Atlantis Blue Capital, for violations of the CAN-SPAM Act. The courts awarded Facebook an incredible $873 million in damages, the largest award under the Act to date. According to reports, his business involved phishing Facebook user logins, and then using other peoples’ accounts to send spam to other Facebook users, selling various pharmaceuticals and male enhancement drugs. Guerbuez never showed up for his hearing.

It is of course, a symbolic gesture. Facebook is not likely to get a dime from Mr. Guerbuez. Although I’m sure he’s made some money from his spam business, I doubt it’s anywhere near $873 million. And by now, if he’s smart, both he and his money are far outside of United States jurisdiction. Besides the monetary judgment, he also received an injunction preventing him from using Facebook in the future. This too, is a symbolic gesture, and one that would be impossible to enforce.

Continue reading Facebook gets judgment against spammer»