Andy,
You are right.
I wasn't suggesting that prosecution under Virginia law was incorrect,
clearly they have more qualified people than myself arguing and
deciding such cases and they have concluded that they do. For what it
matters, I also have no doubt that it is illegal, but no state can
charge a spammer with a crime just for simply spamming because that is
preempted by federal law. Spammers as I pointed out however almost
always break other laws that are clearly under state jurisdiction.
I was really just sharing some things that I came up with along with a
couple of opinions as to why maybe there isn't more prosecution. I've
long wondered why the criminal justice system can't track down people
hijacking tens of thousands of computers, hammering our servers with
bad addresses, and all the while leaving an evidence trail back to
themselves by way of the products that they advertise, most of which
are illegal in one form or another. These people are big time
criminals.
I commented on the general lack of clarity in how these laws are being
applied because I thought that it might help to explain why there isnt'
more prosecution of spammers. Unlike stealing a car or robbing a bank,
these cases are destined to go on for years in appeals if convicted as
they argue things as basic as proper jurisdiction. Precedent is also
loopy, evidence of which was the Iowa court that awarded damages of $1
billion to an ISP that was spammed by a guy in Florida. My thought is
that these things just simply take time for the courts to come up with
standard ways to treat such matters, and that the same thing happened
with crimes involving telephones and computers, and both are still
rather difficult to prosecute based on the complexities and lack of
understanding of technology.
Sorry, I didn't mean to make this into a debate.
Matt
Andy Schmidt wrote:
Hi:
Draw whatever conclusions you choose for
yourself. I have not taken the bar in any state and am not qualified to
enter into any argument. I reserve the right to base my lay-person opinion on the anecdotal evidence
from the first-hand and personal conversation with active spam
operators who feared AOL due to VA law.
a) You may wish to consider, whether "using" a
computer that is located in VA gives VA courts jurisdiction.
b) Note that "using" a computer is defined as
"causing or attempt to cause" a computer to "perform or stop performing
... operations"
You may wish to consider whether that helps to
allege an offense that is not limited by CAN-SPAM, e.g. claiming
service disruptions due to spam volume or usability impairments for end
users who have too much Spam in their mailbox.
c) "Uses a
computer or computer network with the intent to falsify or forge
electronic mail transmission information or other routing information
in any manner..."
(You may wish to consider, whether this goes towards your "exception"
that you cited.)
d) "Knowingly sells, gives, or otherwise
distributes or possesses with the intent to sell, give, or distribute
software that
(i) is primarily designed or produced for the
purpose of facilitating or enabling the falsification of electronic
mail transmission information or other routing information;
(ii) has only limited commercially significant
purpose or use other than to facilitate or enable the falsification of
electronic mail transmission information or other routing information;
or
(iii) is marketed by that person acting alone or
with another for use in facilitating or enabling the falsification of
electronic mail transmission information or other routing information
is guilty of a Class 1 misdemeanor."
(You may wish to consider, whether this defines
offenses that CAN SPAM does not cover/limit.)
I'm not asking or expecting anyone's agreement.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20
(Business)
Fax: +1 201 934-9206
Andy,
Yes, there are many different laws that spammers break, most of which
are not covered under CAN-SPAM. CAN-SPAM does though preempt many
state anti-spam laws, or at least parts of them. The courts are
working out what is and is not preempted. For better or worse, some of
these state convictions might be overturned based on jurisdiction as
things progress through the appeal's system. Having spammers held to
50 different standards for conduct without a good method of identifying
who is where is a bit unfair, kind of like expecting an ecommerce site
to collect taxes according to every county tax rate in the country. It
all depends on who they are going after of course. The groups that are
dictionary attacking servers all over the place with as many as 3
million random addresses per day are clearly going beyond simple
spamming, and other things like fraud and false advertising also extend
beyond CAN-SPAM, though have been specified in parts of state anti-spam
laws. CAN-SPAM's state law preemption reads as follows:
"This Act supersedes any statute, regulation, or rule
of a State or political
subdivision of a State that expressly regulates the use of electronic
mail to send
commercial messages, except to the extent that any such statute,
regulation, or
rule prohibits falsity or deception in any portion of a commercial
electronic mail
message or information attached thereto."
The North Carolina residents that were prosecuted under Virginia's spam
laws recently were primarily flagged for fraud. They were advertising
scams promoting $75/hour FedEx refund processor software, and received
about $400,000 in orders for it. To quote one Web source, "VA
authorities were able to assert long-arm jurisdiction over them since
they derived economic benefit and caused tortious harm to Virginia
residents as well as Virginia equipment." (of course I can't vouch for
the accuracy of that statement)
I personally would like to see clear as day laws governing spam so that
authorities wouldn't be apprehensive to go after these people, or
turned off by the never-ending appeal process as the vaguest parts of
the laws are tested. Maybe they aren't prosecuting these people for
other reasons such as a lack of focus on the problem. Neither Bill
Clinton nor George Bush had an appreciation for E-mail. I think that
Bill Clinton was only known to have sent a single E-mail while in
office. I doubt that most of those in Congress read their own E-mail,
and they aren't likely exposed to the people blocking the spam for them
(why else would they have legalized half of it with a preemptive law?).
I don't believe marketing a legitimate product or service from one's
own servers would constitute a violation of either law. The trouble
with doing it that way is that anything that is static and comes with
significant volume is generally widely blacklisted within the first
week of activity, often the first 24 hours. It makes being a static
spammer kind of tough. I've noted more and more that static spammers
are moving their hosting to other countries and service providers that
don't sub-delegate IP space, and don't require or oversee the reverse
DNS information. Some even set themselves up as fake hosting
operations and then jump around their IP space with spam blocks
pretending to not be directly associated with the activity. None of
this seems to constitute breaking the law, though I'm sure that almost
all of them are in other ways (like not honoring opt-outs, subject
tagging themselves, etc.).
Matt
Andy Schmidt wrote:
The motivation for cleaning was not
black-listing, it was AOLs aggressive pursuit of Spammers supported by
VA state law that is one of the (if not "the") toughest with regards to
computer abuse (including SPAM). Since many Spammers DO operate out of
the U.S. and/or market goods that are delivered from the U.S., it
doesn't matter much if they were trying to hide behind a China server.
Abusing a computer system in VA is subject to VA
law - even if the other party sits in another state. Has nothing to do
with Interstate commerce.
Heck, I have to file sales tax returns in many
states that I've never set foot in - just as long as THEIR state law
finds some way to define "nexus".
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201
934-3414 x20 (Business)
Fax: +1 201 934-9206
http://www.HM-Software.com/
Anyone can spam legally under CAN-SPAM, however almost no one follows
the exact letter of the law (for instance adding "ADV" to subject
lines). I'm not sure where federal and state law intersect on this
one, but it would seem to be primarily a federal issue since it
generally involves interstate commerce.
My own personal experience is that the clearly illegal stuff
(forging/zombie spam) that CAN-SPAM definitely targets has grown
immensely in the last year, and their tactics have become effectively
DDOS attacks on mail servers (violating yet other laws). Spamhaus has
pictures of some of these guy's houses even (tape recordings of threats
too), yet all we hear about are these occasional civil lawsuits, and a
smattering of criminal actions while they keep going with impunity.
The RIAA has been more effective at stopping file sharing than the
government has been in stopping spam, and that's not saying much. In
fact the most remarkable thing that the government has done is cave
into industry and draft a law called CAN-SPAM that legalizes half of
it, and supersedes many state laws that went further.
I don't doubt that you were told this however. Spamming AOL without
some form of obfuscation is pretty much going to be useless because
they will get blacklisted rather quickly otherwise.
Matt
Andy Schmidt wrote:
Well, I CAN tell you that I have personal
contacts with Spammers (who keep wanting me to take their business) -
and from casual conversations about the "industry" I know
that several DO clean any AOL mailboxes from their lists before doing
campaigns out of fear of litigation based on VA law.
Best Regards
Andy Schmidt
H&M Systems Software,
Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201
934-3414 x20 (Business)
Fax: +1 201 934-9206
http://www.HM-Software.com/
This sounds like an urban legend to me. Keep in mind that there was
some news release a few weeks ago that indicated AOL was seeing
dramatically less spam traffic. I think it is likely that AOL has
succeeded in blocking more spam, and the article was rehashed by
someone that didn't understand the topic and assumed that this meant a
drop in spam. This used to happen all the time, even in industry mags,
back when the Internet was becoming a big deal. Same thing with spam
now. I'm sure that they mess up articles about medicine, astronomy,
etc., and we just don't know enough to see through the mistakes.
Matt
Dan Geiser wrote:
I don't get this article at all. How is this any different then sending
e-mails with using domains that you have no intention of ever using? Why
would you want to register the domain name and then associated yourself with
a domain used in a spam mailing? And from a technical standpoint why would
a distributed DNS system be overloaded by trying to lookup bogus domain
names?
----- Original Message -----
From: "Kami Razvan" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, January 11, 2005 2:50 PM
Subject: [Declude.JunkMail] Interesting tactic..
<http://www.eweek.com/article2/0,1759,1749328,00.asp>
http://www.eweek.com/article2/0,1759,1749328,00.asp\
"One troublesome technique finding favor with spammers involves sending
mass
mailings in the middle of the night from a domain that has not yet been
registered. After the mailings go out, the spammer registers the domain
early the next morning."
Hmmmm
Kami
-------------------------------------------------------------------
E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan)
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
|
