Spamming and Spoofing Background Notes Spam arguably stands on more tenuous legal footing than its more conventional cousins, direct mail and telemarketing. There are two primary reasons for this. The first is that spam imposes transactional costs directly on the recipient. Direct mail and telemarketing calls might fill your snail mailbox or spoil a quiet dinner at home, but it is the sender or caller who pays the postage or the phone bill to get its message to you.
Spam, on the other hand, arrives at your e-mail in box postage due, or as a collect call, because you, the recipient, pay to download the piece of spam or incur an additional online charge as a result. While direct mailers and telemarketers communicate their message only through quasi-public means, the postal system and telephone lines, spammers rely, in part, on the equipment and services of private “actors” - ISPs, online communities, and networks - to deliver the spam.
Understanding that many Netizens object to spam, spammers employ a variety of methods to disguise their spam. One common method involves constructing the e-mail message so that it appears to the recipient to come from a someone other than the actual sender. Known as “spoofing,” this method allows the spammer to hide his own identity and avoid dealing with the inevitable angry replies which are routed to the innocent third party or a nonexistent address. Another common identification avoidance method is to alter or remove part of the return path information. This method is referred to by some as “cloaking” and by others as merely another version of “spoofing.”
Compared to most issues discussed on netlitigation, the intersection between law and spam is a well worn path. To date, the mostly successful efforts to contain or limit spam demonstrate that legal concepts, even ancient common law concepts such as trespass, are sometimes better suited than technology for achieving results.
This is amply demonstrated by the litigation-driven fall of one time spam king Cyber Promotions which spent several years spamming millions and winning its war against the various filters and blocks set up by ISPs, online communities, and networks. In truth, Cyber Promotions only ceased spamming after a series of lawsuits by networks, such as Compuserve, Inc. v. Cyber Promotions and Sanford Wallace, and ISPs, such as Earthlinks Networks v. Cyber Promotions, destroyed Cyber Promotions ability to efficiently and cheaply reach millions of netizens and resulted in substantial monetary judgments and settlements against Cyber Promotions that, in Sanford Wallace’s own words, “put Cyber Promotions out of the spamming business.”
Like many other areas of Internet law, spam lawsuits frequently raise constitutional questions. For instance, in Cyber Promotions, Inc. v. America Online, Inc., the clash between Cyber Promotions’ freedom of speech and AOL’s right to control and limit access to its private property served to reconfirm a bedrock principle of American jurisprudence: freedom of speech will not trump a private actor’s right to control who accesses its private property and how that property is utilized.
Courts are not alone in imposing limits on spam. Congress and many state legislatures have, or are seeking to, enact laws regulating spam. On the federal level, the House Commerce Committee has rejected several proposed bills that would have preempted state regulation of spam and required spammers to include an identifying label within the body of the message.
Various congressional committees are reviewing other bills that also attempt to regulate spam. The “antislamming” bill, for instance, contains a provision that, in essence, outlaws spoofing and cloaking and requires spammers to honor “remove” or “opt out” requests from recipients. The Bill also empowers the FTC with regulatory authority over spam, although the FTC, using other tools, has already taken action in some cases.
California has enacted two statutes that became law in 1999 and have been billed by some to be the most advanced in the nation. The “Miller bill” outlaws cloaking and spoofing and allows ISPs whose equipment is trespassed upon to recover damages in the amount of $50 per piece of unsolicited e-mail, up to $25,000 per day. The “Bowen bill” requires spammers to label their bulk e-mail “ADV” and requires spammers to set up toll free numbers or accurate return addresses for recipients who wish to be taken off the bulk e-mailers list. Because spammers have proven difficult to locate, the state’s and consumer’s ability to effectively enforce these laws may prove difficult. Moreover, civil liberty groups have already indicated that the labeling requirement of the Bowen bill will be challenged on the constitutional ground that this form of labeling is, in essence, impermissibly compelled speech.
Indeed, although antispam groups have pushed for the outlawing of spam, the vast majority of proposed or pending legislation seeks only to outlaw spoofing practices and eliminate spam’s wholly “unsolicited” nature. Thus, while clearly private actors and, to some extent, the states and federal government will regulate spam through enforcement, legislating it entirely out of existence is not likely. By the same token, technology, even with constantly improving filtering software, is not likely to eliminate spam on its own, either. In all probability, the extent to which spam is eventually controlled or limited will be, in large part, defined by future litigation between spammers, ISPs, consumers, online communities, and government enforcement agencies.