[ale] OT: pursuing spammers through the legal system

Transam bob at verysecurelinux.com
Fri Apr 11 15:54:08 EDT 2003


Don't waste your time even thinking about it.  All that stuff you learned
about justice and "suing the bastards" is nonsense.  Ask anyone who
actually has sued someone.  I speak from experience.  Install the best
Spam filter you can find and live with the results.  If it bothers you,
take a valium.

Regarding the "Long arm of the law", the jurisdiction of a state's laws
ends at its borders.  This is made quite clear in the U.S. Constitution
and has stood the test of time.

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002

On Thu, Apr 10, 2003 at 01:55:20PM -0400, Benjamin Scherrey wrote:
> 4/9/2003 3:20:22 PM, Fulton Green <ale at FultonGreen.com> wrote:

> >I'm beginning to see quite a few bouncebacks from a spam campaign that
> >surrepitiously generated, for the mail envelope and other origination
> >address headers, random addresses based on my domain (e.g.,
> >" f0ls53lfkj at fulton green dot com ").

> >Obviously, this is an especially henious act, and I'd like to see justice
> >served for this crime, whether through the criminal or civil avenues of
> >the law.

> >So here are a few questions:

> >1) Who could I consider the perps in this case?  The ones actually
> >   spamming me, or the ones paying that spammer (whether it's the
> >   advertiser or a "middleman" "spam-broker"), or both?  The advertiser
> >   is pretty easy to track down; the spammer will be more difficult
> >   unless the advertiser cooperates in the investigation.

> 	Possibly both - certainly the ones who represented their content as coming from your 
> domain. As far as the advertiser is considered, it falls under the question of plausible deniability and 
> negligence. You will just have to prove that the advertiser "did or should have known" about the 
> "Crime". Contracts between the advertiser and spammer may provide them some indemnity clause 
> for protection but that can be overcome by demonstrating negligence on their part.

> >2) Is there a good "e-attorney" in town that knows enough about situations
> >   like this that could take on my case?

> 	Good question. Let me know if you find one.

> >3) If the spam originated from a person living out-of-state (or even out-
> >   of-country), how does that effect the viability of my case against the
> >   perps?

> 	Georgia has "long arm" laws that bring such things under their jurisdiction fairly easily. 
> However, it's questionable what Georgia laws have been broken here and you might have the 
> opportunity to sue in a state with better laws if you can show jurisdiction (like physical location of 
> servers, source of email, etc..). Otherwise you might have a federal case for wire fraud or something 
> of that ilk. The big thing is that you won't get any enforcement help unless you can show a loss of 
> over $5k and a good chance of finding the perps. Going civil will be quite expensive (not less than 
> $10k - prolly close to $30 to get to trial) since I doubt any lawyer will take it on contingency early on 
> (perhaps after the case develops) since these are new, somewhat untested laws. My advice is the 
> be tenacious if you really want to do something about it but don't expect much beyond a pyrric 
> victoriy.

> 	Good luck,

> 		Ben Scherrey
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list