BusinessWeek has a great article about the FTC and how they’ve evolved to become a fixture in the war against spam and online fraud. They have a server that holds over 314 million spam messages and receives over 200,000 more a day. Investigators analyze the messages in their efforts to track down spammers and prosecute them under the CAN-SPAM law. Successful investigations lead to spammers being fined and sometimes jailed. They’ve also begun moving into the areas of social networking and identity theft.

I wonder though, of all the spam messages they collect what percentage originates from somewhere other than the U.S. Most hardcore spamming operations are safely overseas on bullet proof hosts in countries that don’t investigate or prosecute cybercrime either due to lack of understanding, lack of resources, or law enforcement corruption. Since these spammers can be convicted and fined without having to actually appear in court, yet can’t be made to pay up unless they enter the U.S., it seems such investigations could all be done in vain. Suing spammers doesn’t work well either – they just declare bankruptcy and move on to a new scam. There have been a few cases lately about spammers who’ve gotten themselves pretty hefty jail sentences but again, it doesn’t really work when the spammer is overseas somewhere.

So yes, the FTC is doing a great thing by investigating spammers and holding them accountable under the CAN-SPAM Act, but fighting spam will only be truly effective when all countries do so together and have similar anti-spam laws.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

The FTC gets over 200,000 Spam Messages a Day

Federal authorities say two men accused of running a spam campaign in Columbia Missouri that targeted college students reaped in the profits to the tune of over $4 million.  Investigators say Amir Shah, Osmaan Shah, and Paul Zucker began their spamming activities in 2004. They created programs designed to harvest the email addresses of students at over 2,000 colleges, starting with those at the University of Missouri at Columbia.

The spam messages hawked products such as tooth whiteners and a social networking site called Noog.com and claimed to be from officially authorized campus representatives and alumni owned businesses. To avoid detection they used a bullet proof hosting company in China that ignored take down requests and bought proxies. They also faked the headers and reply-to addresses in their messages, a blatant violation of CAN-SPAM laws. When a college complained, the addresses of their students were simply taken off the list.

The men made their money by both selling the products they offered in their spam messages and by affiliate marketing, using their spam to inflate their referrals. They tried to hide their profits by buying properties and funneling it to overseas accounts.

The Shahs and Zucker were indicted on 35 counts of fraud in connection with email, 6 counts of fraud in connection with a computer, and 1 count of conspiracy. All three charges are felonies and they face over 60 years in prison if convicted. Zucker pleaded guilty last week. The Shahs had originally entered a not guilty plea but were expected to change that to a guilty plea last week, but cancelled their hearing after Zucker pled guilty.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Feds Say Missouri Spam Operation Netted Over $4 Million

With so much spam choking email channels on the Internet–some estimates peg spam volumes at as much as 95 percent of all email traffic–you’d think they’d be more lawsuits against the perpetrators of the junk. That’s not the case, however, and there are more than a few reasons why that’s so.

Terry Zink, at his Anti-malware blog, argues that the reason spammers aren’t prosecuted is they locate themselves in jurisdictions that tolerate the junksters for various motivations. “Some of the worst criminals in [the] spamming underworld are located in [E]astern Europe and Russia,” he writes. “Many of them are known to the authorities but they are not pursued by [those] authorities.”

A quick look at the latest Spamhaus list of the world’s Top 10 Worst Spammers shows that Zink’s analysis is right on the money. Seven of the top 10 junko artists are from Russia or one of its former republics.

Among the culprits fingered by Spamhaus were three from the Russian Federation–Leo Kuvayev, of Bad Cow, which deals in pirated software, knock-off pharmaceuticals, porn spam and payments collections, and botnet viruses; Peter Severa/Peter Levashov, a partner with a number of spam gangs; and Ruslan Ibragimov, of send-safe.com, creator of stealth spamware and operator of a spam distribution network from compromised computers and hijacked open proxies.

Spammers based in the Ukraine were Canadian Pharmacy, which operates a botnet spam distribution network and a number of spam websites; Alex Blood/Alexander Mosh/AlekseyB/Alex Polyakov, a massive botnet operator and purveyor of child porn, pharma and mortgage spam; and Yambo Financials, a distributor of child, animal and incest porn, as well as pirated software and pharma spam.

In the former soviet republic of Estonia, there’s Rove Digital, which runs a gamut of Black Hat activities–botnets, malware, pharming and denial of service attacks.

Other regions represented on the Spamhaus list were India (HerbalKing), Hong Kong (Vincent Chan/yoric.net) and Australia (Nikhil Kumar Pragji/Dark-Mailer).

Zink argues that spammers behind the old Iron Curtain can operate unimpeded because they take advantage of the legacy of corruption in their countries. While hoary cold warriors are inclined to heap the blame for corruption on communism, the practice, at least in Russia, can be traced back to the 10th century when a ruler’s subject were expected to keep his representatives fat and happy when they showed up in town to collect tribute from the locals. That payoff, called the korm, became institutionalized and public officials count on it as income, much as Wall Street investment bankers expect their bonuses, whether earned or not, every year.

In addition, Zink maintains that countries turning a blind eye to spammers see the junksters as a potential resource that could be tapped for cyber warfare exploits. “[W]hen the government decides that spammers might be useful for a geopolitical purpose, there is low chance indeed that western officials will ever get their day in court,” he observed.

That seems to me to be a bit of a stretch. Spammers have one motivation and it isn’t patriotism. What’s more, Russia already has its own corps of Web delinquents to do its dirty deeds on the Net. Called Nashi, the youth group, which operates with the imprimatur of the Russian government but is funded by businesses currying favor with the Kremlin, has claimed responsibility for cyber attacks on Estonia, been accused of mounting denial of service attacks against newspapers unfriendly to the current ruling regime and has spied on other youth groups considered “provocateurs” by Moscow bigwigs.

What Zink and others bemoaning the weak prosecution of spammers ignore is how laws like the CAN-SPAM Act can be used by opportunists to injure innocents, innocents like Azoogle.

Azoogle got trapped in a broad CAN-SPAM net tossed by a backwater ISP named Asis. Asis filed 20 lawsuits against alleged spammers. Not all the lawsuits were based on the strongest evidence of spamming, as a federal district court found last week.

“[I]t is apparent that Asis sued Azoogle based on little more than speculation that there might be a connection between those emails and Azoogle,” Magistrate Judge Joseph C. Spero of the US District Court of Northern California wrote in his opinion on the case.

“Asis then continued to litigate even as its discovery efforts turned up no evidence in support of its claims against Azoogle,” he continued. “Having initiated over 20 similar actions, and sued over 20 defendants in this action alone, an award of attorneys’ fees here is necessary to deter Asis and other plaintiffs hoping to profit under the CAN-SPAM Act from casting such a wide net.”

A judgment of $806,978.84 was awarded Azoogle by the court. While that’s a hefty sum for the parties involved, since Asis has already reaped a $2.6 million settlement from one of its CAN-SPAM lawsuits, it seems the rewards for outfits like Asis far exceed the risks in these kinds of cases, especially if a wide net is cast that traps lots of little fish with shallow pockets.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Why spammers slip through jaws of legal beagles

A new study has revealed that many businesses have been pushing the envelope as far as the CAN-SPAM Act goes. It found that 39% of major online retailers force users to go through 3 or more clicks to unsubscribe from a mailing list, up from 7% in 2008, and 30% send 2 or more emails after the unsubscribe request has been received.  This is not a good trend, in fact it can get a business in hot water.

When you’re competing against the ruthless efficiency and trustworthiness of the ‘report spam’ button, your email opt-out process needs to be friction-free and provide options ISPs can’t give their users,” said Chad White, Research Director at Responsys and author of the study. “But an examination of the unsubscribe processes of the largest online retailers shows plenty of room for improvement on both those points.”

The study also found that 4% of the top 100 online retailers refuse to honor opt-outs, a blatant violation of the CAN-SPAM Act. Passed in 2003, the CAN-SPAM Act makes it unlawful for retailers to ignore opt-out requests and mandates that they make the process as clear and easy as possible and specifically says a user who wishes to unsubscribe must not have to do anything more than sending a reply email or visiting a single webpage.

It’s crucial to make sure your company is in compliance with CAN-SPAM. Not only could not doing so land you in legal hot water, but making unsubscribing from your mailings a hassle could lead to frustrated customers flagging your messages as spam. If their ISP gets enough such reports you could find your mailings blacklisted all together and that will keep untold numbers of customers who actually want your info from seeing it!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Retailers Testing CAN-SPAM By Making Unsubscriptions More Difficult

Online jewelry retailer Bidz.com has announced that the FTC has decided not to pursue charges related to its investigation of the company’s email practices. The investigation, which was in response to numerous consumer complaints regarding the company’s alleged refusal to honor opt-out requests, began in 2009. The CAN-SPAM Act mandates that businesses must include clear and easy to follow unsubscribe instructions on all commercial email and honor all opt-out requests or face stiff fines.

“We are pleased with the decision of the FTC staff, as we have cooperated fully throughout the investigation,” said David Zinberg, the Company’s Chief Executive Officer. “We take very seriously our, and our marketing partners’, obligations relating to email marketing. This favorable result will allow us to concentrate on our core business.”

The company settled a lawsuit related to the spam complaints last month shortly after a U.S. District Court judge denied the plaintiff’s request for class action status, a move that may have helped contribute to the FTC’s decision.

Bidz.com, an auction site similar to eBay but offering jeweley, gifts, and fine art only, has a long history of troubles. Last year the SEC opened an investigation into its inventory accounting practices and it also found itself the target of several lawsuits accusing the site of shill bidding. A separate class action lawsuit was also filed against them, accusing them of securities fraud.

While the company insists there has been no wrong doing and the SEC is still investigating, it’s clear they have some serious PR messes to clean up.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

FTC Declines to Prosecute Bidz.com for CAN-SPAM Violations

There is a growing sentiment in some business circles that spam can be clearly defined by what is and isn’t allowed under the typical anti-spam legislation enacted by governments these days.

In the US the CAN-SPAM act of 2003 (the acronym drawn from the bill’s full name “Controlling the Assault of Non-Solicited Pornography And Marketing”) effectively legalized spam by applying three basic requirements to commercial emails:

• Visible and operable unsubscribe mechanism, with requests honored within 10 days
• Accurate content such as From: fields and subject lines, and includes a legitimate physical address of the advertiser
• Not sent via open relay, does not contain false headers, and is not sent to harvested email addresses

Some organizations have taken this legal standard and run with it, sending commercial email to addresses obtained through bought lists, co-registration, incentive offers, and other innocuous means such as when filling out forms or dropping business cards into prize draws at conferences.

And to comply with the unsubscribe requirements they use onerous mechanisms for unsubscribe requests instead of simple one-click methods.

And while doing all of this they insist that it’s not spam.  After all, the law says so.  It’s just perfectly legitimate email marketing.

You Don’t Get to Decide

I’m sorry, but you don’t get to decide that.  And by “you” I mean businesses.  Businesses and their marketing departments who look at email as a fast, convenient way to reach a lot of people with their very important messages.

Now for the purposes of this discussion I’ll make some definitions clear.  I’m not talking about the kind of spam that botnets send out to try and trick people into buying fake pharmaceutical goods or a counterfeit watch.

I’m talking about UCE – unsolicited commercial email.  The kind of email you get when a company decides to add you to their marketing newsletter without you ever requesting it, and without a double opt-in process.  The law might say this isn’t spam, but every customer I talk to says it is.  And guess who gets to decide that?  The customer does.

Opt-In vs Opt-Out

In the world of email marketing there are two ways to building a mailing list.  In a recent blog post the Harvard Business Review sums these up nicely.

Responsible consumer marketers have adopted an “opt-in” e-mail policy for determining who receives their marketing messages. Unless customers give the marketer permission to contact them, the marketer leaves them alone.

There are two types of opt-in – single and double.  A single opt-in is when you provide your email address and are immediately subscribed.  A double opt-in is when you provide your email address, and then receive a confirmation message usually containing a link to click on to verify your request.

Single opt-in is open to abuse because you can be added to a list by someone else without your knowledge.  Double opt-in is the standard amongst ethical email marketers.  It is what 100% of customers tell me they prefer.

Opt-out on the other hand is the opposite.  And scarily the Harvard Business School blog makes the case for it.

Many B2B marketers abide by a similar policy, but they don’t have to — and shouldn’t. In fact, I’d argue, your business customers generally would prefer the reverse: an opt-out arrangement in which you send them messages unless they say “stop.”

See the problem here?  Combine opt-out email marketing with weak legislation like CAN-SPAM and businesses see how they can send you UCE and everyone should be happy about it.

Permission Marketing

The entire concept of opt-out flies in the face of permission marketing, the term coined by marketing guru Seth Godin.  For email marketing this basically means that the marketer won’t send you emails until you have given permission for them to do so.

Marketers need to pay close attention to the permission they are given before they decide what they will send to prospective customers.

The permission can be explicit (signing up to a newsletter), or implicit (providing an email address when downloading trial software).

The scope of implicit permission also changes depending on the situation.  A business card handed to a sales rep at a convention implies permission for personal communication from that sales rep.  It doesn’t imply permission to add the person to a global marketing list that receives all of the company’s marketing materials.

Listen to Customers

Your prospective customers are sending you indirect messages about how they view spam.

• Fighting spam is a multi-billion dollar a year industry
• Nobody complains they aren’t receiving enough email
• Everybody complains when they receive something that annoys them
• Anti-spam vendors and ISPs offer no deliverability assistance to email service providers who do not require double opt-in

Customers have decided what spam is and an eco-system of ISPs, ESPs, and anti-spam vendors works every day to support them.

Listen to your customers, and don’t think you get to define what is and isn’t spam.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Who Gets to Decide if it’s Spam? Not you, Mr Marketer

The CAN-SPAM Act is supposed to protect us from unwanted commercial email but some U.S. based spammers, who usually call themselves direct marketers, have found a loophole to get around the requirements placed on them by the law.

CAN-SPAM says commercial emailers must provide a clear and easy way for recipients to opt out of receiving further messages and they must promptly honor those requests. What some sleazy marketers have found however, is that they can get around having to do so by changing their name. They send a blast of spam as XYZCompany at XYZ.com. They get a flurry of opt out requests and instead of honoring them, they change their name to XYZCompany1 at XYZ1.com.  More spam sent, more requests received, and they change their name again, this time to XYZCompany2 and XYZ2.com.

What can be done? It’s up to the U.S. to change the law to say that direct marketers and commercial emailers must get permission from consumers BEFORE sending any of their spam. In doing so the U.S. will fall into line with spam laws in most other countries.

Will this happen? That’s anyone’s guess. The Supreme Court’s decision to allow businesses to spend as much as they want on political campaigns may have a less than pleasant effect on the law. In the meantime, if your company is using this practice, stop. It’s not legal and it’s not good business.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

U.S. Based Spammers Using Loophole to Get Around CAN-SPAM

Australian financial services firm CommSec was fined $55,000 (roughly $48K US) for violating that country’s Spam Act. The Australian Communications and Media Authority (ACMA) levied the fine after it launched an investigation into the company’s mail campaigns and found they were in violation of the Spam Act. That Act, like the CAN-SPAM Act, requires that all commercial email include a way to unsubscribe and that emailers honor those requests. The ACMA’s investigation, prompted by numerous consumer complaints, found that the company’s emails had no unsubscribe directions and that they ignored requests from consumers who asked to be taken off their mailing list.

          “ACMA expects that Australian businesses take note of this outcome,” ACMA chairman Chris Chapman said. “Under the Spam Act, every person has the right to unsubscribe from receiving commercial electronic messages and to have that request acted on effectively and quickly. The failure to act on a request can result in significant penalties if a business is found to have breached the Act.”

CommSec sent over 6 million advertising emails in 2009. The company says it has agreed to have an independent consultant to review its compliance systems and to also provide additional training to its staff.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Australian Financial Firm Fined 55K For Spamming

A CAN-SPAM court decision may hurt the private domain registration business.

Spammers hiding behind private registration of domain names to spread junk email received a slap in the face recently by a federal district court in California. In their attempt to nullify the U.S. CAN-SPAM Act the garbage pedlars argued, among other things, that the law was unconstitutionally vague because anyone trafficking in private domain registrations could be held liable for materially falsifying an identity under the statute.

Ironically, private domain registrations were created to protect domain owners from spammers, scammers, telemarketers and other unsavory types. Under the process, domain owners who want to keep their personal  information private enlist another company, a proxy registrar, to register their domain for them. The domain owner retains control of the domain, but for public purposes, such as listing in the WHOIS directory, the proxy’s contact information is listed as the owner of the domain. The rub to the process, though, is that anyone can use it–even spammers seeking to hide ownership of their domains. It’s a  pair of such spammers that found themselves  appealing their prosecution before the Ninth Circuit Court of Appeals.

The case, U.S. v. Kilbride, involved a pair of porn spammers operating through a company based in the small African nation of Mauritius. Their spam, which generated 662,000 complaints with the U.S. Federal Trade Commission, violated CAN-SPAM in a number of ways including forged headers, fake email addresses and phony contact information. A jury, after a three week trial, convicted the defendants of criminal CAN-SPAM violations and other charges. One smut circulator received a 6.5 year prison term; the other, five years in the Big House.

In their arguments before the court, the skin merchants asserted that CAN-SPAM is too vague in its definition of material falsification to meet constitutional standards because it criminalizes private registration of domain names. The court, however, wasn’t buying that contention. “We fail to perceive any vagueness on this point,” the judges opined.

Passed in 2003, CAN-SPAM provides penalties for anyone, among  other things, who “materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages” or “registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names…”

The court also rejected the notion that the material falsification definition allows innocent people to be investigated for violating the law until their intent can be determined. That, the spammers asserted, invited law enforcement officials to abuse the law. “This may be so, but it does not make the statute
unconstitutionally vague,” the court said.

“As we recently noted,” it continued, ” ‘[w]hat renders a statute vague is not the possibility that it will sometimes be difficult to determine whether the incriminating fact it establishes has been proved; but rather the indeterminacy of precisely what that fact is.’”

“While determining as a factual matter whether the requisite intent for culpability under [CAN-SPAM]exists may prove difficult, this does not demonstrate
that the concept of intent as used in the statute is an entirely indeterminate, subjective one,” it added. “Hence, the problem Defendants identify is irrelevant to the vagueness inquiry.”

Of course, the Ninth Circuit is only one court, and its decisions don’t necessarily carry any weight outside its jurisdiction. Another court could very well find that CAN-SPAM’s falsification provisions are unconstitutional and send the whole issue to the Supreme Court.

For now, however, the question remains will court decisions that discourage netizens from using private registrations or registrars from offering them make a dent in the spam volumes which are consistently over 90 percent of all email on the Internet? Probably not. If the government gets tough in probing private registrations, it will probably discourage the innocent from engaging in the practice  while Black Hats, who live by subterfuge, will continue to keep it in their bag of dirty tricks.

One thing is certain, if the courts continue to crackdown on private registrations, it won’t favorably impact the registrars who turn a buck on them. As one attorney waggishly observed in his blog, “I don’t see the domain name proxy business as a growth industry.”

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Private registration no defense for spammers

Facebook announced on Thursday that it has won its lawsuit against notorious spammer Sanford Wallace. A judge in San Jose, CA awarded the site a $711 million judgement, the second largest in history to be awarded under the CAN-SPAM Act.

“While we don’t expect to quickly collect the full amount, we’ll work hard to get everything we can,” Simon Axten, a privacy and public policy associate at Facebook, said in a statement.

The suit was filed in February and accused Wallace and his accomplices Adam Arzoomanian and Scott Shaw of running a spamming and phishing scheme on the site. The trio sent messages to Facebook members that contained links leading to malicious sites that stole their login info. They used that info to spam everyone on the compromised account’s friends list. In addition to the hefty judgement the three spammers face possible prison sentences.

Wallace is no stranger to the legal system. MySpace won a $234 million judgement against him last year and in the last decade he has been sued by AOL, CompuServe, Earthlink and many other ISPs. He usually ignores the suits and refuses to show up in court. Earlier this year he filed for bankruptcy to avoid MySpace’s attempts to collect their judgement.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Facebook Wins Suit Against Spammer

A Washington lawyer had an idea. He wanted to sue spammers but since the CAN-SPAM law allows only ISPs to do so, he decided to become an ISP. He set up a domain and gave email accounts to his friends and family. When emailed, the accounts sent an auto-response that claimed the sender would either agree to stop spamming or pay $500 per spam message. The lawyer, James Gordon, then sued email marketing firm Virtumundo for $10 million dollars claiming damages under the CAN-SPAM Act.

Gordon lost. The court rejected his suit, saying it was without merit because he had not been able to show proof he had suffered harm or been adversely affected as a result of the spam. He was ordered to pay Virtumundo over $100,000 in damages. He refused to pay and the firm promptly sued and ended up sending the debt to a collections agency. That agency in turn showed up at Gordon’s house and seized his possessions. Virtumundo offered to return them if he agreed to drop his appeal.

Gordon refused.

Before you feel sorry for him, it’s important to note that although he claims to be a lawyer, his sole source of income for 2006 and 2007 was from “settlements and disputes”.

The moral of the story? Don’t try and get around a law, because it just might backfire horrendously.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Lawyer’s Spam Fighting Idea Backfires

A Michigan man faces up to 3.5 years in prison for his part in a penny stock spam scheme that involved the sending of millions of emails.  63-year-old Alan Ralsky and his son-in-law Scott Bradley faced a 41 count indictent under the CAN-SPAM Act. Ralsky also pleaded guilty to stock fraud and money laundering.

          “Alan Ralsky was at one time the world’s most notorious illegal spammer,” U.S. Attorney Terrence Berg said after the plea. “Today Ralsky, his son-in-law Scott Bradley, and three of their co-conspirators stand convicted for their roles in running an international spamming operation that sent billions of illegal e-mail advertisements to pump up Chinese ‘penny’ stocks and then reap profits by causing trades in these same stocks while others bought at the inflated prices.”

The pair and nine others operated a penny stock pump and dump scheme. They sent out unsolicited emails to millions hyping a worthless Chinese penny stock. When unsuspecting victims fell for the come ons and bought shares, it artificially inflated the stock’s worth. Ralsky and the others then sold their shares for huge profits and left their victims hanging.

They used forged headers, proxy computers and domains registered under fake names to send their spam without being detected. Prosecutors plan to recommend 35 to 43 months in prison, a term Ralsky agreed to as part of his plea deal. The deal also includes a fine of up to $1 million and an agreement on Ralsky’s part to assist government in future investigations.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spammer Faces Up to Three Years in Prison

Former Senator Bill Bradley sits on the board of a company called QuinStreet, which has been identified as a major spammer. It labels itself as a leading “vertical marketer” but experts say that’s frequently a code word for spamming. QuinStreet’s clients include trade school DeVry, several dating websites, and credit card and gaming companies.

          “There’s a class of company called ‘affiliates,’ and they’re basically organizations that send spam for some other company that holds the product,” said Adam O’Donnell, Director of Emerging Technologies at Cloudmark Inc., an Internet security firm. “Think of it as a third-party marketing firm that does the dirty work of sending spam.”

The company has been the target of many complaints about its allegedly aggressive spamming activities, both under the QuinStreet name and under aliases such as VendorSeek, and it’s likely they could be in violation of the CAN-SPAM Act as some of the complaints say the company refused to stop sending junk mail even after they clicked the opt out link.

While companies like QuinStreet try to hide their spamming behind affiliates and shell companies, the fact remains that spamming is spamming and the CAN-SPAM Act isn’t to be taken lightly. It carries an $11,o00 fine per offense. Before you begin any kind of email marketing plan, review the law with your legal department and make sure your company is following it to the letter!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Former Senator On Board of Major Spammer

Disgraced former FL District Attorney Jack Thompson is facing spam charges for flooding a Utah State Senator with complaints about the CAN-SPAM Act. Oh the irony!  Thompson was disabarred last September for making false statements to tribunals, disparaging litigants and other lawyers, and improperly practicing  law outside the state of Florida.

The possible spam charges come as a result of another barrage of emails he sent in an attempt to pursuade Utah lawmakers to override a veto of a law that would have made the sale of video games labled Mature illegal. Thompson is a rabid anti-video game activist.

          “In the grip of such legislative ignorance, Mr. Waddoups has today threatened Mr. Thompson with criminal prosecution by Utah’s Attorney General for writing him, the ultimate purpose of which is to encourage Utah legislature to override Gov. Huntsman bizarre veto,” reads Thompson’s press release. “Thompson also informed Sen. Waddoups that the same Attorney General he wants to have prosecute Thompson has received thousands of dollars from the video game industry whom Mr. Shurtleff now helps protect. Gov. Huntsman has received their money as well. What a surprise. This is pay to play in Utah. Maybe the whistle blowing as to this is what concerns Mr. Waddoups the most.”

The email in question included an image of two barely clad women about to give a Grand Theft Auto IV character a lap dance. When State Senate President Waddoups asked to be removed from Thompson’s email list, he refused, leading Waddoup to seek charges under the CAN-SPAM Act, which carries fines of up to $11,000. Thompson pledges to fight any charges and keep his vendetta against video games going strong.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Former Florida DA Faces Spam Charges

The CAN-SPAM (The Controlling the Assault of Non-Solicited Pornography and Marketing) Act is celebrating its 5th birthday. President Bush signed it into law in December 2003. The act mandated that marketers comply with the following mandates:

• Ensure that the “FROM” line clearly reflects the sender’s identity
• Include subject line text consistent with message content
• Include their valid postal address
• Contain a working opt-out mechanism as a way for the consumer to decline to receive further commercial email from the sender. (Although most experts advise never clicking an opt out link in a spam message as it usually just tells a spammer your address is active and actually reads spam!)

The act also authorized the FTC to create a “Do Not Email” registry. So has the act really done much to stem the flow of spam? Not really, because most spammers simply locate their business in countries with no or very lax anti-spam laws or use methods like forged headers and spoofed addresses to hide under. Actual CAN-SPAM compliance is less than 1%. Dismal. There have been a few prosecution and multi-million dollar settlements (which the plaintiffs are highly unlikely to ever see) but for the most part CAN-SPAM is ignored by spammers and has become the “YES-I-CAN-SPAM” Act.

Until there is a global anti-spam initative in place and spammers can no longer hide in obscure Eastern European locals, the flood of spam is not going to be stemmed anytime soon.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Happy Birthday CAN-SPAM!

Facebook won its case against a spammer, Adam Guerbuez and his company, Atlantis Blue Capital, for violations of the CAN-SPAM Act. The courts awarded Facebook an incredible $873 million in damages, the largest award under the Act to date. According to reports, his business involved phishing Facebook user logins, and then using other peoples’ accounts to send spam to other Facebook users, selling various pharmaceuticals and male enhancement drugs. Guerbuez never showed up for his hearing.

It is of course, a symbolic gesture. Facebook is not likely to get a dime from Mr. Guerbuez. Although I’m sure he’s made some money from his spam business, I doubt it’s anywhere near $873 million. And by now, if he’s smart, both he and his money are far outside of United States jurisdiction. Besides the monetary judgment, he also received an injunction preventing him from using Facebook in the future. This too, is a symbolic gesture, and one that would be impossible to enforce.

Max Kelly, Facebook’s Director of Security, entered in his blog yesterday a bit of insight into what transpired, but even Facebook is realistic about its prospects of collecting anything. According to Kelly, “It’s unlikely that Guerbuez and Atlantis Blue Capital could ever honor the judgment rendered against them (though we will certainly collect everything we can).” Kelly remains “confident that this award represents a powerful deterrent to anyone and everyone who would seek to abuse Facebook and its users.” As for me, I think, not so much.

That is the problem with CAN-SPAM legislation, which although well-meaning, doesn’t accomplish its intended purpose. Legislation and the prospect of heavy fines and jail time should intimidate would-be criminals, and hopefully prevent them from perpetrating their crimes out of fear of consequences. But the Internet world transcends jurisdictional borders, and so one country’s anti-spam legislation will be largely ineffective unless all other countries join in. Although I certainly support CAN-SPAM and encourage other countries to enact similar legislation, the real prevention is going to be in technological prevention, education, and to a lesser degree, shutting down ISPs that cater to spammers, which recently happened.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Facebook gets judgment against spammer

Some or all provisions of some individual state laws may be preempted by the United States federal CAN-SPAM Act of 2003, including provisions regarding a private right of action.  Although not part of any platforms with the upcoming United States election, how does each of the presidential candidates’ individual state fare with spam legislation? Only the highlights of the state spam laws are presented.

Barrack Obama – Illinois
Running mate for Vice President: Joe Biden
(815 ILCS 511/10)
Sec. 10. Unsolicited or misleading electronic mail; prohibition.
(a) No individual or entity may initiate or cause to be initiated an unsolicited electronic mail advertisement if the electronic mail advertisement (i) uses a third party’s Internet domain name without permission of the third party, or otherwise misrepresents any information in identifying the point of origin or the transmission path of an electronic mail advertisement or (ii) contains false or misleading information in the subject line.

(b) This Section applies when the unsolicited electronic mail advertisement is delivered to an Illinois resident via an electronic mail service provider’s service or equipment located in this State.
(c) Any person, other than an electronic mail service provider, who suffers actual damages as a result of a violation of this Section committed by any individual or entity may bring an action against such individual or entity. The injured person may recover attorney’s fees and costs, and may elect, in lieu of recovery of actual damages, to recover the lesser of $10 for each and every unsolicited electronic mail advertisement transmitted in violation of this Section, or $25,000 per day. The injured person shall not have a cause of action against the electronic mail service provider that merely transmits the unsolicited electronic mail advertisement over its computer network.
(d) Any electronic mail service provider who suffers actual damages as a result of a violation of this Section committed by any individual or entity may bring an action against such individual or entity. The injured person may recover attorney’s fees and costs, and may elect, in lieu of recovery of actual damages, to recover the lesser of $10 for each and every unsolicited electronic mail advertisement transmitted in violation of this Section, or $25,000 per day.

John McCain – Arizona
Running mate for Vice President: Sarah Palin
44-1372.01. Regulations; powers of attorney general; cumulative remedies; applicability

A. A person shall not knowingly transmit commercial electronic mail if any of the following apply:

1. The person falsifies electronic mail transmission information or other routing information for unsolicited commercial electronic mail.

2. The mail contains false or misleading information in the subject line.

3. The person uses a third party’s internet address or domain name without the third party’s consent for the purpose of transmitting electronic mail in a way that makes it appear that the third party was the sender of the mail.

B. If a person sends unsolicited commercial electronic mail or maintains a database for the purpose of sending unsolicited commercial electronic mail, the person shall do the following:

C. Failure to comply with this article is an unlawful practice pursuant to section 44-1522. The attorney general may investigate and take appropriate action as prescribed by chapter 10, article 7 of this title.

D. This article is in addition to all other causes of action, remedies and penalties available to this state.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

U. S. Presidential Candidates’ State Spam Legislation