Bad day for E360 (but a good one for the rest of us)

I just got back from vacation to a passel of delightful news. First is word that E360, not to put too fine a point on it, got their ass handed to them in the E360 vs Comcast lawsuit.

A copy of the decision can be found at SpamSuite. It's seven pages long and very worth reading. It starts out:

Plaintiff e360Insight, LLC is a marketer. It refers to itself as an Internet marketing company. Some, perhaps even a majority of people in this country, would call it a spammer.

Now there's an opening paragraph that has Bad Day written all over it for E360.

Anyway, the entire opinion is well worth reading and is clearly the work of a judge who Gets It.

Bottom line: Comcast is immune from lawsuit under the Good Samaritan provision of the CDA, § 230(c). E360's claim that being CAN-SPAM compliant removes that immunity is rubbish. E360's Denial Of Service claims are rubbish. E360's Tortious Interference with Prospective Economic Advantage claim is likewise nonsense. E360's first ammendment rights have nothing to do with Comcast, a private enterprise.

Entire lawsuit is dismissed on the grounds that § 230(c) grants immunity to Comcast.

This is a very good outcome. It reinforces the precedent that § 230(c) immunity is absolute and applies to spam-blocking, and it establishes that CAN-SPAM compliance does not affect that immunity.

All that remains is to see what happens with Comcast's countersuit.

More coverage:

• J.D. Falk: If It Spams Like a Duck...
• John Levine: Comcast 1, E360 0
• Slashdot: Judge In e360 Vs. Comcast Rules e360 a Spammer

Comcast strikes back against E360

Some quick background: alleged spammer E360 has sued internet provider Comcast because of Comcast's refusal to deliver E360 spam to Comcast customers. See my March 4 entry for more information and Comcast's response.

This week, the other shoe dropped as Comcast has filed a countersuit against E360, David Linhardt, and many of its related companies (Maverick Direct Marketing, Bargain Depot, Northshore Hosting, etc.) for spamming, computer fraud, abuse of process and other violations. The full text of the lawsuit can be found at Spamsuite, and it's a doozy.

Some of the highlights:

• Comcast states in no uncertain terms that E360 et al are spammers.
• E360 fabricates opt-in records (¶29).
• In 2006, Linhardt called Comcast and "fraudulently represented to a Comcast employee that all of the intended recipients of e360's email messages have opted-in to receive such messages" (¶34).
• In 2007, Linhardt sent a letter claiming the same thing (Exhibit A).
• Comcast offered to help them with their email practices but E360 refused, asserting that they would learn how to circumvent Comcast's filtering system through discovery (¶35)
• After obtaining a court order preventing Spamhaus from listing them as spammers, E360 began marketing their "IP Protection Services" in which they would arrange for third-parties to be included in the court order for a fee (¶41-45, Exhibit B) [I've written about this elsewhere].
• Virtumundo, a spammer, has purchased E360's IP Protection Services (¶46-48, Exhibit C)
• E360 keeps filing, dropping, and re-filing lawsuits against spam-fighters. (¶49-50)
• E360 filed its lawsuit against Comcast knowing it was without merit (¶76)
• E360 filed the lawsuit in order to use the discovery process to learn how to circumvent Comcast's filtering system. (¶77)

Comcast asks that E360 be enjoined from sending spam, that E360 pay damages, that E360 return their illegal profits, and that E360 pay Comcast's legal costs.

What I find most interesting is Comcast's assertion in paragraph 76 that E360 filed this lawsuit in order to use the discovery process to learn how to circumvent Comcast's spam filters.

Ever since this lawsuit was filed by E360, I've been wondering what their motivation was, since they must have known they could never win. It seems that we now have at least part of the answer.

Soloway pleads guilty

Spammer Robert Soloway, who was arrested in May of last year has pled guilty in U.S. District Court in Seattle. He's pled guilty to fraud, CAN-SPAM violations, and failure to file an income tax return. The feds dropped the charge of aggravated identity theft in a plea bargain. He faces up to 26 years total on the three charges. He will also have to forfeit roughly $10,000 in property and sit through a polygraph test on the issue of his other assets.

Coverage:

• Seattle PI: Spam king pleads guilty
  
• Seattle Times: Man dubbed "spam king" pleads guilty to three charges
• Digital Trends: Seattle-based spam king Robert Soloway pleaded guilty to three counts in U.S. District Court, including email fraud.
  

Wikileaks calls for boycott of domain registrar eNom

In the aftermath of the shutdown of Wikileaks.org by a court order issued at the request of Swiss Bank Julius Baer, Wikileaks has called for the boycott of registrar eNom.

eNom is best known as the domain registrar that complied with the federal government's order to shut down a Spanish travel agency because it did business with Cuba — the agency was not under U.S. jurisdiction and so was hardly violating U.S. law, but their domain was registered in the United States, and that was good enough for the feds.

Although eNom's culpability in that incident is doubtful, since they were probably under orders from the federal government, their involvement in the shutdown of Wikileaks.info was not so innocent.

In a nutshell, bank Julius Baer was able to get a court order shutting down Wikileaks.org, but not wikileaks.info, which was a mirror site not mentioned in the TRO. However, learning of the court order against wikileaks.org, eNom apparently took it upon themselves to shutdown wikileaks.info as well — without a court order of any kind.

Wikileaks made repeated requests — and then demands — to eNom asking them to identify who, if anybody, had told them to lock the wikileaks.info registration, and what claims had been made. When eNom failed to answer, Wikileaks issued their call to boycott. Wikileaks accuses eNom, and their parent company Domain Media, Inc. , of a pattern of censorship and other unethical practices that goes beyond the shutdowns of Wikileaks.info and the Spanish travel agency.

Related link: CNET: Survey: Are domain registrars free-speech friendly?

Off-topic: I would be remiss if I didn't mention the apparent misogyny in the Wikileaks press release. The call for boycott gives the names and photographs of four people they seem to find particularly culpable, three men and one woman. With the men, Wikileaks used their full names and described their offenses against Wikileaks and the internet community as a whole. For the woman, they referred to her by first name only, and described only the way she met her husband. I found this strange, and a little disturbing.

ComplaintRemover in the news again

In June of last year, I wrote about Bill Stanley's "ComplaintRemover" service which was slapped down by an Arizona judge. The idea behind the service was that if you were a business owner and you wanted negative customer feedback removed from the internet, you'd contract with ComplaintRemover who would then cajole, bully, or threaten the offending website into removing the unwanted comment. Their services even extended to making death threats.

Well, today's Consumerist has an article that shows that ComplaintRemover is still in business. They have an amusing chat transcript in which "Kelly" from ComplaintRemover assures a potential client that they can arrange to have LOLCats removed from the internet.

Comcast answer to E360

Spamsuite has published Comcast's response in the E360 vs Comcast lawsuit (in which E360 is suing Comcast for blocking E360's spam.) The document is a long, slow read, since the Comcast lawyers are being very careful to dot all their t's and cross all their i's. Either that, or they're being paid by the word. For the fun part, skip ahead to their Memorandum of law, below.

Allow me to summarize: most E360 allegations are facts about E360, for which Comcast says they don't have any first-hand information to form a belief and therefore deny.

E360 makes many allegations of harm they've suffered because of the spam blocking, and Comcast says they don't have any first-hand information to form a belief and therefore deny.

E360 quotes the law in several places, and Comcast admits that E360 is quoting the law. Except where E360 gets it wrong, in which case Comcast denies.

E360 claims they don't spam, and that they follow the rules. Comcast responds that because they get hundreds of thousands of emails to its subscribers, some of which are forged, and therefore they don't have any first-hand information to form a belief and therefore deny.

E360 claims that Comcast is deliberately and maliciously attacking them. Comcast denies this.

Paragraph 60 is interesting. E360 alleges that Comcast writes pink contracts. Comcast denies this.

Things get interesting in the "Affirmative Defenses" section of Comcast's response (starting at paragraph 63).

Naturally, Comcast starts right out with the section of the Communications Decency Act that immunizes isps that use technical means (e.g. filtering) to protect their subscribers from spam. They go on to state that CAN-SPAM and various state laws also immunize them.

They then point out that E360 has unclean hands based on their violations of CAN-SPAM, the Computer Fraud and Abuse act, and the Illinois Electronic Mail Act.


Next on the docket is Comcast's Memorandum in Support of their motion. This is where the fun begins. This is the document where Comcast calls a spammer a spammer.

The memorandum starts out Plaintiff is a spammer who refers to itself as a “internet marketing company,” and takes off from there.

Of special interest is Comcast's reminder to the court that even if spam doesn't actually violate the CAN-SPAM act, it's still spam and isps still have the right to block it.

Don't register or host your domain in the U.S. if it's controversial

In the news lately have been a number of incidents where U.S. courts, or the U.S. government itself has ordered domain registrars to shut down free speech.

First was the E360 vs Spamhaus case, in which accused spammer E360 Insight sued anti-spam organization Spamhaus for labeling them as spammers and won by default when Spamhaus insisted that U.S. courts did not have jurisdiction over them in England and didn't appear. Unfortunately, U.S. courts did have jurisdiction over Spamhaus' domain registrar, who was nearly ordered to shut Spamhaus down (a court order was under consideration). Fortunately, Spamhaus was able to move their registration overseas before any shutdown order could be issued.

Not so lucky was WikiLeaks, a whistle-blowing web site which blew the whistle against Swiss Bank Julius Baer, publishing documents that supposedly provided evidence of asset hiding, money laundering and tax evasion. Julius Baer sued in retaliation and was able to convince U.S. judge Judge Jeffrey White to order Wikileaks' domain registrar to shut them down a few weeks ago. Although Wikileaks was foolish enough to have a registrar in U.S. jurisdiction, they were at least wise enough to have their servers in Sweden and to have mirrors in other countries, and so the organization was able to stay on the air. Shortly after, the judge reversed his decision.

Probably better known is the Pakistani censorship of YouTube. Late last month, the Pakistani government decided that some of the material hosted on YouTube was too offensive to be allowed inside the country, and ordered Pakistan Telecom to block YouTube at the border. Unfortunately, the method used by Pakistan Telecom was to advertise false domain routing for IP addresses owned by YouTube. This would have worked fine if not for the fact that the false routing information leaked out of Pakistan and shut down routing world-wide, knocking YouTube off the air for a couple hours.

But far worse than any of these is the outright censorship of a Spanish travel agency by the United States Government.

The travel agency in question — run by an Englishman named Steve Marshall who lives in Spain — specializes in trips to Cuba. Even though though the web site is not run by a U.S. citizen, is not based in the U.S., and is targeted at European travelers and not Americans, Marshall made one fatal mistake: he registered his domains in the United States.

That was enough for the U.S. government. In October, the U.S. Treasury Department ordered Marshall's domain registrar, eNom, to not only pull the plug on Marshall's domains, but to lock them down to prevent him from transferring them to a registrar outside of the United States.

The full story can be found in the New York Times article A Wave of the Watch List, and Speech Disappears. The article is well worth reading, and details abuses of the watch list the government uses to punish people who do business with Cuba.

Update: Add Network Solutions to the list of registrars not to do business with if you have a controversial web site. In April 2008, they shut down a web site which promoted a controversial anti-islam film. It didn't even take a court order to do it. See E Commerce Times article Domain Name Registrars: The Weakest Link in Online Free Speech

Barack Obama thinks my name is "StupidSpamSucker SlutFace"

Spammer revenge or Republican dirty trick? Too early to tell, but either way, it's incompetence at the Democrat's email provider.

Well, it's not every day that you get called a nasty name by a major presidential candidate, but there's a first time for everything, I suppose.

Here's the latest missive from Barack Obama (or his campaign staff, to be precise):

Subject: Major news
From: Barack Obama <info@barackobama.com>
Date: 13:04
To: StupidSpamSucker SlutFace <falk@...net>

StupidSpamSucker --

We learned something extraordinary since I wrote to you last night.

We've crunched all the numbers and discovered that we are within striking distance of something historic: one million people donating to this campaign.

[request for donation deleted]

Paid for by Obama for America

This email was sent to: falk@....net

Reading the net-abuse newsgroups, I see that I'm not the only one who got this. Clearly this is the deliberate work of someone delibarately adding anti-spam activists to Obama's "spread the word" web page. The only question that remains is: is this the work of a spammer making life a little harder on anti-spam activists, or a Republican dirty trick (it does sort of have Karl Rove's stench)?

But the thing is, either way, it points to gross incompetence on the part of the Democratic mass mailing provider, "Blue State Digital".

One thread in the discussion includes a response from an admin at Blue State who is quoted as saying

We don't confirm ownership of the subscribed email address -- no need, as there's nothing to be gained from submitting fake signups.

I don't know how to respond to this. Sad to see that someone can be so naive in this day and age and in this political climate. Here's a hint: "Swift Boating". Look it up.

Anyway here's to hoping that the Obama campaign wises up and fires Blue State's sorry asses before this goes any further. In the meantime, my "StupidSpamSucker SlutFace" will live in my file of truly memorable spams.

Terry Zink has a good post on the Ritz case

From Terry Zink's anti-spam blog: Maybe the North Dakota judge should watch more South Park...

In a nutshell, Terry comments on the judge's ruling that David Ritz was guilty, in part, because he used tools the average user wouldn't have known about; as if expertise in a subject was criminal all by itself.

Terry compares the case to an episode of South Park which is a parody of the TV series 24, but in which the kids perform their investigation with the tools already in everybody's hands.

The point being that maybe David knows what the whois database is, or how to do a zone transfer, while the average end-user (or North Dakota judge) has no clue, but the fact remains that these tools are in every internet user's hands and their use for what they were intended is not a criminal act.

And while I'm on the subject, I'd like to remind my readers that David's defense fund still does not have the money required to defend against the oncoming criminal case, let alone to appeal this inane decision.

Please take a minute and donate to David's defense fund, either at this web page or by sending a check directly to his lawyers at:

David Ritz
c/o Debra S. Koenig
Godfrey and Kahn, S.C.
780 N Water Street
Milwaukee WI 53202

Verizon/UUNet drops off of Spamhaus top-ten list

I never dreamed I'd see this day, but Verizon/UUNet, former bane of the internet, has managed to get themselves removed from the Spamhaus Rokso top-10 list of worst service providers (currently in the #11 position.) It wasn't very long ago that they were in the #1 position (and had been for a decade) by a very wide margin.

Kudos to the abuse staff at Verizon, who did what no other abuse staff had ever done before — gotten UUNet under control.

Read Steve Linford's message about it in the net-abuse newsgroups.

E360 sells affiliate status to other spammers — CONFIRMED

Just announced publicly on the net-abuse newsgroups: Some time ago, someone phoned Kelly Hale at E360 pretending to be someone being blocked by Spamhaus and answering E360's ad for Spamhaus removal services. Hale explained in some detail how, for $7500 per block of IP addresses, E360 would force Spamhaus to stop listing the caller's addresses by claiming that the caller is an affiliate of E360.

Hale explained at some length as to how it would be done, leveraging off of their previous lawsuit against Spamhaus (which they won by default when Spamhaus failed to show up, claiming lack of jurisdiction). Hale also offered quantity discounts if the caller wanted to unlist more than a "C" block (256 addresses) of IP space.

An advertising brochure for E360's service offers three options: The first is called "IP Identity Management" and involves modifying the Arin (master registry of all IP blocks) database so make spammer IP addresses look like they belong to E360. This is the service we knew E360 was offering.

The second service they offer is IP Tunneling. In a nutshell, this allows spammer email servers to connect to the internet over a virtual private network to E360's servers in order to hide the spammer's true IP addresses and make them appear to come from E360.

The third option is for the senders to pay E360 to send the spam for them.

A copy of the audio recording can temporarily be found at yousendit.com, along with copies of E360's brochures advertising the services [1], [2]. (Yousendit.com has a download limit, so these links won't work for very long, but I expect mirrors will appear shortly and will update this post as that happens.)

Anyway, very little of this comes as a surprise; it was pretty obvious that E360 was gaming the legal decision as a money-making scheme, having already sold affiliate status to Virtumundo at least, but this audio recording and these brochures are an undeniable smoking gun.

The only real questions that remain are: was this what they had in mind all along when they sued Spamhaus or did they only think of it later? And: how will the judge react when he sees and hears this?

Sanford Wallace and Walter Rines in trouble with FTC again

This just in from the UK Register. The FTC is asking the courts to find Sanford Wallace and Walter Rines in contempt of court.

In 2006, Wallace and Rines settled with the FTC on charges of distributing spyware, agreeing to stop doing it and paying a slap-on-the-wrist $50,000 fine. Within months they were at it again, this time attacking MySpace with Malware and social engineering.

As the Register puts it: "Now the FTC is trying to grow a pair". The FTC is asking the judge in the spyware case to find Wallace and Rines in contempt for violating their 2006 agreement. The FTC also wants to seize over $500,000 in profits from the MySpace caper.

For the full story, including many details on Wallace and Rines' attacks on MySpace users, see Register article Spamford Wallace's MySpace riches come under attack.

Two strikes against Domain Kiting

Domain Kiting (also known as Domain Tasting) is a practice that exploits a loophole in ICANN rules which allows a domain owner to return the domain name within five days for a full refund. This loophole allows spammers, speculators and other bad-faith actors to register tens of thousands of domains for no cost. The practice is primarily used by spammers hiding their origins, by search-engine spammers trying to game search engine rankings, and by speculators hoping that typos or other misguided links will bring enough traffic to the domain to make it worth keeping (domain tasting).

This week, two seperate announcements may have heralded an end to the practice.

First, Google announced that their AdSense program would exclude domains that fit the pattern of domains being repeatedly dropped and re-registered, thus taking away the financial incentive for search-engine spammers and domain tasters. See Yahoo! article Google combats domain name loophole.

The second, and more significant, word comes from ICANN. In their 23 January 2008 meeting, they voted to make their 20-cent-per-domain fee nonrefundable (see items 5 and 6). This fee may not sound like much, but when domain kiters are registering thousands and tens of thousands of domains every week, it may be enough to make the practice unprofitable.

This may also have an effect on Network Solutions' new policy of grabbing up domains it discovers people are thinking of registering.

Direct magazine picks up the Linhardt story

Direct magazine has picked up the story: Linhardt Sues Anti-Spammers…Again. The article contains a fair amount of detail on the story and its history. There's also a link to Linhardt's explanation as to why he claimed to have Sender Score certification from Return Path, which Return Path has denied.

E360 files third SLAPP suit against Susan Gunn and others

Three days ago, I asked rhetorically where E360 gets the money to file all these harassing lawsuits. That question becomes more serious with the news that Linhardt has filed yet a third lawsuit against Susan Gunn along with Mark Ferguson and Kelly Chien.

Details of the lawsuit can be found at SpamSuite. In a nutshell, it's the same lawsuit as before, claiming defamation because the defendants called them spammers.

There's no way that E360 can win this case on the merits given the abundant evidence of their spamming, and even Ferguson's proof that E360 falsified op-in records. This is clearly just another lawsuit intended to harass anti-spam activists.

One major question: How many times are the courts going to allow Linhardt to keep re-filing the same lawsuit before they put a stop to it.

Where is the money coming from?

This brings us to the question: Where does E360 get the money for all these lawsuits? The one against Comcast certainly will go nowhere unless E360 spends significant money pursuing it.

One theory I've heard is that, like the Mark Felstein lawsuit against Spamhaus in 2003, this lawsuit is quietly being backed by a coalition of spammers. In this case, the spammers are hoping for a legal precedent which will force Comcast, and by extension other ISPs, to accept spam without any blocking.

E360 back in court; suing Comcast this time

Where do they get the money for all this litigation?

According to Direct magazine, E360 is suing Comcast for blocking E360 spam.

E360 CEO Dave Linhardt insists that E360 does not spam, and that they've been Sender Score Certified by Return Path. Oddly enough, however, Return Path says that E360 has not been certified.

E360 is asking for more than $20M in damages. Perhaps this is their new business model? Send spam, then sue whoever blocks them.

Update: Spamsuite has the paperwork.

Their comments:

Of all of the pathetic lawsuits I've seen....

Well, this one's got it all.

Deferring a connection is tarpitting and is a denial of service attack. Not delivering mail is a denial of service attack. Using a spam filter is not legal (or maybe it's just that it's not kosher -- we'll have to find a rabbi to rule on that one). Not telling a sender how to evade filters is fraudulent. A sender's inability to design a system that can cope with sending more email while waiting for deferred messages to timeout and retry is a denial of service attack caused by the receiver. e360Insight has even tossed in a First Amendment claim and I was pretty sure that we moved past that by 1999. And finally, having a whitelist or a feedback loop that you don't let everyone have is a violation of fair trade rules.

It's stunning. It really is. I'm not entirely sure how you get to be this dense, but I suspect that it's a painstaking (and probably painful) process involving frontal lobotomies and maybe electroshock treatments.

My own comments: This isn't the first time a spammer has sued someone for blocking spam. About two years ago, a spammer called Longhorn Singles sued the University of Texas over spam blocking. They lost.

More coverage in the blogosphere

• A Technocrat's Blog: Couldn’t make it up: Anti-spammer fined $60K for DNS lookup ‘hack’
• Mail Channels: Breaking the Law

Heise Security picks up the story

Anti-spammer fined for accessing DNS records of private network

UK Inquirer picks up the story

DNS zone transfers ruled illegal.

Money quote:

What worried the judge was if she didn't convict Ritz of being a hacker, then the computer crime laws in the Land of the Free would be turned on their head.

It was much tidier to make it a crime to access a server on the internet that is set up to provide that public info. It seems that no one explained to the judge what the Internet was.

Citizen Media law project carries the case

This has actually been up for months, but I just found out about it.

• Reynolds v. Falk (lawsuit)
• Sierra Corporate Design v. Falk & Ritz