Suing spammers

I’m off to MAAWG next week and seem to have had barely enough time to breathe lately, much less blog. I have a half written post, but it’s taking a little more research to put together. That can wait until I get the chance to do the research.
Instead I thought I’d talk about the North Coast Journal article “The Rise and Fall of a Spam Crusader.” It’s quite an interesting article and looks into the personal and business sacrifices that people make in order to chase down spammers.
In my experience a lot of the serial litigators have very poor practices around data collection and analysis. They don’t collect evidence, they just collect email and then make assertions and assumptions. This not every effective when having to convince a judge that you are right.
The article actually does nothing to change this impression. The cases ASIS won are the cases where the defendants didn’t respond. That also means that ASIS couldn’t collect.
I do disagree with Mr. Singleton, the lawyer, where he says CAN SPAM is dead. In many cases I’ve seen there aren’t clear CAN SPAM violations. So if he’s trying to sue these spammers under CAN SPAM his cause of action is wrong. Secondly, the article goes on to talk about the broader implications.

what’s most galling, [Singleton] said, is how the ruling effectively eliminated ISPs’ ability to be bounty hunters, the role to which they were duly anointed by the CAN-SPAM Act.

Uh. No. ISPs are allowed to legally prosecute spammers, but no ISP I know of that has successfully gone after spammers has actually treated this as a bounty hunt. Sure, there have been some court wins and some settlements, but I don’t believe any ISP has won enough money to cover all their legal expenditures. And one time there was an actual transfer of property from spammer to ISP and the ISP raffled off the spammer’s Porsche to its users.

Related Posts

What Happens Next…

or Why All Of This Is Meaningless:
Guest post by Huey Callison
The analysis of the AARP spam was nice, but looking at the Mainsleaze Spammer Playbook, I can make a few educated guesses at what happens next: absolutely nothing of consequence.
AARP, if they acknowledge this publicly (I bet not) has plausible deniability and can say “It wasn’t us, it was an unscrupulous lead-gen contractor”. They probably send a strongly-worded letter to SureClick that says “Don’t do that again”.
SureClick, if they acknowledge this publicly (I bet not) has plausible deniability and can say ‘It wasn’t us, it was an unscrupulous affiliate”. They probably send a strongly-worded letter to OfferWeb that says “Don’t do that again”.
OfferWeb, if they acknowledge this publicly (I bet not) has plausible deniability and can say ‘It wasn’t us, it was an unscrupulous affiliate”. And maybe they DO fire ‘Andrew Talbot’, but that’s not any kind of victory, because he probably already has accounts with OTHER lead-gen outfits, which might even include those who also have AARP as
a client, or a client-of-a-client.
So the best-case result of this analysis being made public is that two strongly-worded letters get sent, the URLs in the spam and the trail of redirects change slightly, but the spam continues at the same volume and with the same results, and AARP continues to benefit from the millions of spams sent on their behalf.
I’m not a lawyer, but I was under the impression that CAN-SPAM imposed liability on the organization that was ultimately responsible for the spam being sent, but until the FTC pursues action against someone like this, or Gevalia, corporations and organizations will continue to get away with supporting, and benefiting from, millions and millions of spams.
As JD pointed out in a comment to a previous post: sorry, AARP, but none of us are going to be able to retire any time soon.

Read More

Reputation monitoring sites

There are a number of sites online that provide public information about reputation of an IP address or domain name.

Read More

Spam isn't a best practice

I’m hearing a lot of claims about best practices recently and I’m wondering what people really mean by the term. All too often people tell me that they comply with “all best practices” followed by a list of things they do that are clearly not best practices.
Some of those folks are clients or sales prospects but some of them are actually industry colleagues that have customers sending spam. In either case, I’ve been thinking a lot about best practices and what we all mean when we talk about best practices. In conversing with various people it’s clear that the term doesn’t mean what the speakers think it means.
For me, best practice means sending mail in a way that create happy and engaged recipients. There are a lot of details wrapped up in there, but all implementation choices stem from the answer to the question “what will make our customers happy.” But a lot of marketers, email and otherwise, don’t focus on what makes their recipients or targets happy.
In fact, for many people I talk to when they say “best practice” what they really mean is “send as much mail as recipients will tolerate.” This isn’t that surprising, the advertising and marketing industries survive by pushing things as far as the target will tolerate (emphasis added).

Read More