[ale] OT: pursuing spammers through the legal system

Benjamin Scherrey scherrey at proteus-tech.com
Sat Apr 12 16:33:45 EDT 2003 

4/11/2003 3:54:08 PM, Transam <bob at verysecurelinux.com> wrote:

>Don't waste your time even thinking about it.  All that stuff you learned
>about justice and "suing the bastards" is nonsense.  Ask anyone who
>actually has sued someone.  I speak from experience.  Install the best
>Spam filter you can find and live with the results.  If it bothers you,
>take a valium.

	Indeed I have sued and been sued (cost of doing business they say - right) and its 
something not to be entered into lightly. However, a SPAM filter won't fix his problem because 
people are faking "From:" headers and pretending to send from his domain. Unlike the receipt of 
nominal amounts of SPAM, this kind of action can potentially result in significant damages in terms 
of finance and reputation. It certainly needs some kind of action taken - whether or not that be legal 
action is another issue entirely.

	best regards,

		Ben Scherrey

>
>Regarding the "Long arm of the law", the jurisdiction of a state's laws
>ends at its borders.  This is made quite clear in the U.S. Constitution
>and has stood the test of time.

	Oh - well yes but when something crosses into a state's border, most states grab some 
type of jurisdiction. Electronic communications fall in this category as I was fortunate to discover 
when I was forced to take action against a company in a far off state (they quickly settled). Indeed, 
when dealing with an entity that has ever done business in the state in question, most "long arm" 
statutes provide for juridiction and these have been help up time and time again.

>
>Bob Toxen
>bob at verysecurelinux.com               [Please use for email to me]
>http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
>http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
>Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
>
>"Microsoft: Unsafe at any clock speed!"
>   -- Bob Toxen 10/03/2002
>
>On Thu, Apr 10, 2003 at 01:55:20PM -0400, Benjamin Scherrey wrote:
>> 4/9/2003 3:20:22 PM, Fulton Green <ale at FultonGreen.com> wrote:
>
>> >I'm beginning to see quite a few bouncebacks from a spam campaign that
>> >surrepitiously generated, for the mail envelope and other origination
>> >address headers, random addresses based on my domain (e.g.,
>> >" f0ls53lfkj at fulton green dot com ").
>
>> >Obviously, this is an especially henious act, and I'd like to see justice
>> >served for this crime, whether through the criminal or civil avenues of
>> >the law.
>
>> >So here are a few questions:
>
>> >1) Who could I consider the perps in this case?  The ones actually
>> >   spamming me, or the ones paying that spammer (whether it's the
>> >   advertiser or a "middleman" "spam-broker"), or both?  The advertiser
>> >   is pretty easy to track down; the spammer will be more difficult
>> >   unless the advertiser cooperates in the investigation.
>
>> 	Possibly both - certainly the ones who represented their content as coming from your 
>> domain. As far as the advertiser is considered, it falls under the question of plausible deniability 
and 
>> negligence. You will just have to prove that the advertiser "did or should have known" about 
the 
>> "Crime". Contracts between the advertiser and spammer may provide them some indemnity 
clause 
>> for protection but that can be overcome by demonstrating negligence on their part.
>
>> >2) Is there a good "e-attorney" in town that knows enough about situations
>> >   like this that could take on my case?
>
>> 	Good question. Let me know if you find one.
>
>> >3) If the spam originated from a person living out-of-state (or even out-
>> >   of-country), how does that effect the viability of my case against the
>> >   perps?
>
>> 	Georgia has "long arm" laws that bring such things under their jurisdiction fairly easily. 
>> However, it's questionable what Georgia laws have been broken here and you might have the 
>> opportunity to sue in a state with better laws if you can show jurisdiction (like physical location of 
>> servers, source of email, etc..). Otherwise you might have a federal case for wire fraud or 
something 
>> of that ilk. The big thing is that you won't get any enforcement help unless you can show a loss 
of 
>> over $5k and a good chance of finding the perps. Going civil will be quite expensive (not less 
than 
>> $10k - prolly close to $30 to get to trial) since I doubt any lawyer will take it on contingency early 
on 
>> (perhaps after the case develops) since these are new, somewhat untested laws. My advice is 
the 
>> be tenacious if you really want to do something about it but don't expect much beyond a pyrric 
>> victoriy.
>
>> 	Good luck,
>
>> 		Ben Scherrey
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>



_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list