Menu Bar
Netlitigation
Topics
brought to you by
SRBC


Spamming and Spoofing:

Overview
ISP and Consumer Cases
FTC Actions
State Actions
Statutes
Background Notes

Overview

Spam, unsolicited commercial e-mail, is the Internet analog to junkmail and telemarketing. The moniker “spam” originates with the infamous Monty Python restaurant skit involving two diners, a wait staff, a chorus of Vikings, and a menu featuring spam in various gastronomic combinations and ever increasing quantities. To date, lawsuits concerning spam have occupied a fair chunk of the Internet litigation landscape. Although ISPs have taken the lead in prosecuting such cases, the Federal Trade Commission and state governments have also joined the fray with enforcement actions of their own and by enacting statutes (including the Can-Spam Act) geared to protect consumers and ISPs from the negative aspects of spam.

For a more detailed discussion of this topic see our Background Notes.

up

ISP and Consumer Cases


Unlike its more traditional cousins, spam imposes its transactional costs on the consumer e-mail recipient and the ISPs who must direct, redirect, and process spam. These costs, which are frequently increased through the spammers' use of “spoofed” return paths, headers and return addresses, have been the driving force behind the numerous lawsuits prosecuted by ISPs and consumers.

up

Cyber Promotions, Inc. v. America Online, Inc., 948 F.Supp. 436 (E.D.Pa. 1996)

The core issue presented in this consolidated action was whether Cyber Promotion’s freedom of speech provided it with an unfettered right to access AOL’s system and spam AOL’s e-mail customers. The court held that AOL was not the equivalent of a “state actor” and that, as a private actor, AOL had a right to block Cyber Promotion’s spam from its network.

For further information about this case see our in-depth analysis.

up

CompuServe, Inc. v. Cyber Promotions, et al., United States District Court for the Southern District of Ohio, Civil Action No. C2-96-1070

This case followed the Cyber Promotions v. America On Line lawsuit. Here, Cyber Promotions argued that CompuServe’s “intimate” involvement with the Internet left it open to possible future regulation which might well determine that CompuServe’s system was, in fact, “open.” This assertion was rejected with the court again affirming a private actor’s right to control and limit access to its personal property, i.e., its computer equipment.

For further information about this case see our in-depth analysis.

up

Concentric Network Corporation, Inc. v. Sanford Wallace and Cyber Promotions, Inc., United States District Court for the Northern District of California, Civil Action Number C-96-20829-RMV

In this lawsuit, Concentric Networks, a large California based ISP, alleged that Cyber Promotions committed trespass to chattel and violated both the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act by using Concentric e-mail accounts as the spoofed return addresses on Cyber Promotions’ spam. In November 1996, the parties settled the case with Cyber Promotions agreeing to not to use Concentric’s equipment for any e-mail related activity and to cease spoofing with Concentric account addresses.

up

Bigfoot Partners, L.P. v. Cyber Promotions and Sanford Wallace, United States District Court for the Southern District of New York, Civil Action Number 97 CIV 7397

Another in the line of cases successfully brought against Cyber Promotions as a result of its spamming and spoofing practices. The case settled just weeks before Cyber Promotions was put out of business by the Earthlink lawsuit.

For further information about this case see our in-depth analysis.

up

Earthlink Networks v. Cyber Promotions., No. BC 167502 (Cal. Super. Ct. L.A. County, March 30, 1998

Although, as described in this section, other networks and ISPs have successfully sued Cyber Promotions, in this action, Earthlink, a California ISP, is credited with, as Sanford Wallace himself stated as part of the settlement agreement, “put[ting] Cyber Promotions out of the spamming business.”

For further information about this case see our in-depth analysis.

up

Matthew L. Seidl v. Greentree Mortgage Co., United States District Court for teh District of Colorado, Civil Action Number 97-WY-2087-AJ

In this action, the plaintiff seeks compensatory and punitive damages under Colorado consumer protection statutes and for trespass and invasion of privacy arising from the defendant bulk e-mailer's use the plaintiff's e-mail address as the falsified return address on its spam. Perhaps the most interesting aspect of this case is the defendant's counterclaim and third party complaint which alleges that the plaintiff’s ownership of the domain name “localhost.com” and the system administrator e-mail address “Nobody@localhost.com” is, in essence, a conspiracy to extort money from bulk e-mailers who frequently use that domain and address in their spam.

For further information about this case see our in-depth analysis.

up

Typhoon, Inc. v. Kentech Enterprises, United States District Court for the Central District of California, Number CV 97-6270

In this case, the plaintiff, a Japanese ISP, filed suit against the defendants after the defendants, on more than one occasion, allegedly hacked their way into the plaintiff’s system and then used the plaintiff’s servers to send out thousands of pieces of spam. The case was resolved by the entry of a permanent injunction along with an agreement by one defendant to pay the plaintiff $5,000 in damages and provide it with deposition testimony in related litigation.

For further information about this case see our in-depth analysis.

up

RustNet, Inc. v. Benjamin and Randall Bawkon, United States District Court for the District of Eastern Michigan.

Unlike most ISP/spammer litigation, this case did not arise from the spammer's use of the plaintiff ISPs’ equipment. Here, RustNet filed suit because the defendants’ spam contained a RustNet spoofed return address which RustNet alleged was damaging its reputation and causing a loss of customers. The case settled with all parties agreeing not to comment on the settlement or lawsuit.

For further information about this case see our in-depth analysis.

up

Adam Engst, et als. v. Christopher Lee Knight, et als., Superior Court of the State of Washington, Kings County, Civil Action Number 98-2-17831-1.

This is the first action brought by a web site owner under Washington states’ recently enacted Unsolicited Electronic Mail Act. The plaintiffs operate an online electronic magazine, TidBITS, with two dedicated Internet servers and are owners of the domain “tidbits.com.” The lawsuit alleges that the defendants violated the statute by sending the plaintiffs dozens of pieces of spam with altered headers and false return addresses.

For further information about this case see our in-depth analysis.

up

FTC Actions

The FTC has not yet been granted specific authority to regulate spam directly, although several of the proposed spam related bills in Congress would provide such authority. Relying on its powers under the FTC Act, the FTC has aggressively pursued spammers who send false, misleading or deceptive spam. Here, we will summarize a few of these cases.

up

FTC v. Dixie Cooley, United States District Court for the District of Arizona.

In this action, the FTC filed suit against the defendant, an Arizona resident who used spam to advertise so-called “legal” credit repair services. These services included obtaining “new” social security or tax identification numbers to create and establish new credit profiles for clients. According to the FTC, this process, known as “file segregation,” is illegal. The FTC based its action on the FTC Act and the recently enacted Credit Repair Organizations Act. The defendant failed to appear and defend. In August 1998, the court entered an order prohibiting the defendant from representing that her “file segregation” services were legal.

up

In the Matter of Kalvin P. Schmidt, et als., FTC Enforcement Action No. C-3834.

The defendant operated two web sites, “www.mkt-america.com” and “www.mkt-usa.com” from which he promoted two multi-level marketing programs. In addition, the defendant advertised his web sites and programs by sending hundreds of thousands of pieces of spam. According to the FTC, the defendant’s programs did not earn participants “substantial amounts of money” as the spam and web site advertising suggested. The FTC served the defendant with a draft complaint and, after a settlement agreement was reached, issued a formal complaint, decision and order. The order precluded the defendant from any future involvement in certain marketing practices.

up

State Actions

Although there have been very few cases brought by attorneys general to date, as consumer protection laws are applied to the Internet and the area of e-commerce and, as more states enact laws regulating spam, this number will undoubtably rise.

up

Washington v. Jason Heckel, d/b/a Natural Instincts, Superior Court of the State of Washington, Kings County

The first action brought by Washington’s Attorney General against an alleged spammer pursuant to Washington’s Unsolicited Electronic Mail Act.

For further information about this case see our in-depth analysis.

up

Statutes

There are literally dozens of bills pending in Congress and in various state houses around the nation which seek, in one way, or another to regulate spam. Provided here are summaries of a few such efforts that have become law.

up

Nevada: Electronic Mail Act. Enacted July 8, 1997.

This statute forbids the sending of e-mail that includes an advertisement unless the sender and recipient have a pre-existing relationship or the recipient has consented to the receipt of the e-mail or the advertisement is clearly identified as such and provides the name, street and e-mail address of the sender and a notice providing the recipient with an “opt out” option. The Act also does not apply to e-mail messages voluntarily downloaded by the recipient from, for instance, a bulletin board. Recipients of e-mail in violation of this statute can recover actual damages or damages in the amount of $10.00 per item, whichever is greater, as well as attorney’s fees and costs.

up

Section 8 of the Act provides ISPs with immunity from liability for damages, unless the ISP includes its own advertisement in the e-mail.

up

Maryland: Electronic Mail Misuse Act. Enacted April 13, 1998.

This statute prohibits the sending of any e-mail to one or more persons with the intent to harass or by sending lewd, lascivious, or obscene material. The statute contains a broadly worded exception covering e-mail that is merely a “peaceable activity intended to express political views or provide information to others.” The penalty for violating this statute is a fine of not more than $500 or imprisonment for not more than 1 year, or both.

up

Washington: The Unsolicited Commercial Electronic Mail Act. Effective June 11, 1998.

This statute makes it illegal to misrepresent or falsify the domain name, the return path information, the return address, or to include false or misleading information in the subject line in any e-mail sent by a Washington resident or to a Washington resident’s e-mail address. Under the Act, the sender is assumed to know or have reason to know that a Washington resident is the recipient of such an e-mail if the information identifying the recipient as a Washington resident is available from the registrant of the domain name contained within the recipient’s e-mail address.

up

A violation of the Act is considered a violation of the Washington Consumer Protection Act and thus enforceable by the Attorney General, recipient, or ISP. Recoverable damages include $500 per spam to the recipient and $1,000 to the ISP. Under the Act, ISPs are permitted to block messages which the ISP reasonably believes to be in violation of the Act and provides a safe harbor for any good faith blocking effort.

up

California: The Miller Bill. Effective January 1, 1999.

One of two spam regulating bills that became law on January 1, 1999. The Miller Bill amends California’s law prohibiting unsolicited advertising material via facsimile, unless certain conditions are met, to also prohibit the sending of unsolicited e-mail advertisements unless the recipient and sender have an existing relationship or the recipient has consented to the receipt of the e-mail. A related provision criminalizes the spoofing practice of using domain names without the registrant owner’s knowledge and consent. Such use is punishable by a fine of up to $250 for the first violation and up to $5,000 for each succeeding violation.

up

The most interesting aspect of the Miller Bill is that it achieves its goals by recognizing the right of ISPs to create policies forbidding or restricting the use of its computer equipment for the sending of spam. Under the law, if an ISP’s equipment is utilized by a registered user to send spam or, if anyone uses an ISP's equipment to send spam to the ISP's registered users, in violation of the ISP's policy against such actions, the sender may be found liable to the ISP for damages of $50 for each e-mail up to a maximum of $25,000 per day. It is worth noting as well that the statute does not compel ISPs to create “limitations on use” policies.

up

California: The Bowen Bill. Effective January 1, 1999.

The second California statute that went into effect January 1, 1999, the Bowen Bill, requires that spammers identify their spam as advertising by including “ADV:” or, in the case of adult materials, “ADV: ADLT” in the subject line of the spam. The Bowen Bill also requires the sender to provide the recipient with the ability to “opt out” either by reply or through the use of a toll free number which is to be included in the content of the spam. The “opt out” option of course requires that the return address be accurate. The Bowen Bill is considered more controversial than the Miller Bill because its “labeling” provisions implicate First Amendment issues.

up

Can Spam Act. Effective December 16, 2003.

The Controlling the Assault of Non-Solicited Pornography and Marketing ("Can-Spam") Act is intended to regulate "interstate commerce by imposing limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet". Restrictions are placed on the transmission of unsolicited commercial electronic mail (spam). It requires the Federal Trade Commission to enforce its provisions. It also forbids the sale or other transfer of an e-mail address obtained through an opt-out request. The first criminal charges were filed under the CAN-SPAM act in April 2004.
External resources: Can-Spam Act Toolkit

Copyright SRBC
1998 up