The news is slowly trickling through the news outlets so I would like to comment on it a little bit. For those not familiar with the story yet, a major anti-spam lawsuit has been filed in the U.S. District Court in Alexandria, Virginia. The suit was filed by Project Honeypot and seeks the identity of individuals responsible for harvesting millions of email addresses on behalf of spammers.

The lead attorney is Jon Praed, with whom I had the privilege to work, and I can only confirm what Honeypot are saying about him, [i]n the world of anti-spam lawyers, Jon is the best of the best.” I am sure that Jon would help the Internet community at large by taking this novel case to a success.

Now about the case. I do not have the complaint yet (will post it here as soon as I have it) but and the news sources provide sufficient initial information on the details. The complaint is filed on behalf of 20,000 honeypot users who have “installed” honeypots on their web pages. The honeypots are designed to be hidden from plain view so that only spiders can see them. Once a spider sees a honeypot, the honeypot issues a new and unique email address for the particular spider and then records the spider’s information. Project Honeypot then monitors the email addresses which were issued to spiders for spam. If a piece of spam comes then it can be linked to the spider and this allows Project Honeypot to identify spam email harvesters.

The lawsuit goes after the harvesters, and not the spammers. In fact, the harvester and the spammer may be the same person, but under CAN-SPAM Section 5(b)(1) it is unlawful to send spam if the spammer has actual knowledge or knowledge fairly implied from the circumstances that the spammed email address was obtained “using an automated means from an Internet website or proprietary online service operated by another person, and such website or online service included, at the time the address was obtained, a notice stating that the operator of such website or online service will not give, sell, or otherwise transfer addresses maintained by such website or online service to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.”

Based on this section, the lawsuit can target the harvesters and the spammers. As it is a “John Doe” lawsuit, the initial phase of the litigation will likely be to unmask the identities of the people standing behind the harvesters. According to Project Honeypot statistics, close to 23% of the harvesters are U.S.-based and subject to the District Court’s jurisdiction. It may be harder to unmask the Romanian (10%) or Chinese (7%) harvesters, but out of 15,610 total spam harvesters identified, this makes at least 3,000 harvesters that are based in the United States. Once the identify of the harvesters is verified, the next step is probably to see whether they are the actual spammers or they resell the email addresses to a third party. My hunch is that under the threat of large civil damages and an expensive lawsuit, a harvester is likely to disclose any relationship he or she may have with a spammer.

The strategy behind the lawsuit is brilliant and it shows what Jon Praed and Honeypot can do very well - find novel ways to gain an advantage in the increasingly difficult war against spam. Because this lawsuit is of enormous importance and magnitude, feel free to check back as I will be updating as often as I can about the status of the case and I will try to throw some of my thoughts into it as well.

No Responses to “Major anti-spam lawsuit filed”

No comments yet

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>