Suing Spammers for
Fun and Profit
Serge Egelman
Background


Over 50% of all mail
Less than 200 people responsible
Technical Means



Text recognition
Black hole lists
SpamAssassin




Header analysis
Text analysis
Black hole lists
Bayesian filters
The Hunt

Contact Info




WHOIS/DNS
USENET


URLs
Email Addresses
news.admin.net-abuse.email
Databases:



Spews.org
Spamhaus.org
OpenRBL.org
Legal Means




Foreign spam, local companies
CAN-SPAM Act
35 State laws
Two types:


Forged headers
“ADV” subject line
Telecommunications
Consumer Protection Act

The TCPA (U.S.C 47 §227):



"equipment which has the capacity to transcribe
text or images (or both) from an electronic signal
received over a regular telephone line onto
paper.“
$500 or $1500 fine per message
Mark Reinertson v. Sears Roebuck

Michigan small claims
Telecommunications
Consumer Protection Act




ErieNet, Inc. v. VelocityNet, Inc.
 US Court of Appeals, 3rd Circuit, No. 97-3562
 September 25, 1998
“it is my hope that the States will make it as easy as possible for
consumers to bring such actions, preferably in small claims
court.” –Senator Hollings
“The question, therefore, is whether Congress has provided for
federal court jurisdiction over consumer suits under the TCPA.”
28 U.S.C. §1331: “The district courts shall have original
jurisdiction of all civil actions arising under the Constitution, laws,
or treaties of the United States”
S. 877: The CAN-SPAM Act



Requirements:
 Deceptive Subjects
 Falsified Headers
 Valid Return Address
 Postal Address
 Opt-Out (sender has 10 days to stop)
Sender: “a person who initiates such a message and whose product,
service, or Internet web site is advertised or promoted by the message.”
Enforcement:
 FTC
 States
 ISPs ($25-100/message)

47 U.S.C. 231(e)(4): “…a service that enables users to access content,
information, electronic mail, or other services offered over the Internet.”

Do-Not-Email List
Bounty Hunters

Pennsylvania Laws


The Unsolicited Telecommunication
Advertisement Act (73 Pa.C.S. §2250)
Deceptive messages:




Forged headers
Misleading subjects
Invalid return address
Remedies:


10% up to $100 for consumers
$1/message for ISPs
Virginia Laws




The VA Computer Crimes Act (18.2-§152)
 Forged headers
 $10/message or $25,000/day
 AOL and Verizon
Verizon v. Ralsky: $37M
AOL v. Moore: $10M
28 U.S.C. §1332: “The district courts shall have original
jurisdiction of all civil actions where the matter in
controversy exceeds the sum or value of $75,000,
exclusive of interest and costs, and is between citizens
of different States.”
Small Claims Court




Warrant in Debt: $22
Affidavit for Service of Process: $28
Maximum claim: $2000
Winning by default because the spammer
didn’t bother to show up: Priceless
So you’ve won a judgment…





Domesticate the judgment
Summons to Answer Interrogatories
Abstract of Judgment
Writ of Fieri Facias
Garnishment Summons
Questions?
•More Information:
•http://www.guanotronic.com/~serge/login.pdf
•http://www.spamlaws.com/
•http://www.spamhaus.org/
•http://www4.law.cornell.edu/
•http://www.pacode.com/