Tag Archive for 'Legal'

e360 v. Comcast: part 2

Published
by
laura
07Mar
in Legal
.

Yesterday, I talked about e360 filing suit against Comcast. Earlier this week, Comcast responded to the original filing with some filings of their own.

  1. Response to the original complaint and affirmative defense.
  2. Motion for judgment on the proceedings
  3. Memo of law supporting the motion for judgment

In this set of filings, Comcast argues that even if everything e360 says is true, they are doing nothing wrong by blocking e360’s email to their users. The filings themselves are well crafted and tell a clear narrative. There is quite a bit of case law in the memorandum of law, demonstrating that ISPs have the right to protect their users from objectionable material.

The motion for judgment asks the court to rule on the pleadings without any further legal proceedings. Comcast states that they are immune under the Communications Decency Act of 1996 (“CDA”), 47 U.S.C. § 230. They also argue e360 has failed to state a claim upon which relief can be granted. In the memo of law to support the motion Comcast states:

Through this lawsuit, Plaintiff seeks to hold Comcast liable for legally and effectively managing the amount of spam and junk mail received by its subscribers. Plaintiff advances four theories of liability for Comcast’s alleged blocking of Plaintiff’s emails: (1) tortious interference with prospective economic advantage under Illinois common law; (2) violation of the federal Computer Fraud and Abuse Act (“CFAA”); (3) infringement of Plaintiff’s free speech rights in violation of the First Amendment; and (4) deceptive or unfair practices under the Illinois Consumer Fraud Act (“ICFA”).

Plaintiff’s claims are barred by federal law which preempts such attempts to put spammers’ pecuniary interests above those of consumers and the ISPs who endeavor to protect them while effectively manage their networks. Under the Communications Decency Act of 1996 (“CDA”), 47 U.S.C. § 230, Comcast is immune from liability for its actions to block objectionable material like Plaintiff’s mass e-mails. Also, all of Plaintiff’s claims fail as a matter of law.

After that introduction, Comcast presents a number cases which support their claims. The Comcast memo of law seems to me to hit the right points. Venkat, over on the Spam Notes blog reluctantly agrees that the Comcast motion might win. However, he does offer the following advice to the Comcast lawyers.

Throwing around the “s” word has not proven to be particularly effective in unsolicited email litigation (see, e.g., Virtumundo; Mummagraphics). Whether or not they hate spam, judges have shown that they are more interested in applying the technical requirements of the law, as opposed to whether someone has been labeled as a “well known spammer” by a certain organization based in the UK.

I do not think that Comcast is relying on Spamhaus’ statements about e360 for blocking. My experience suggests that Comcast’s filtering is more granular and specific than Spamhaus. A number of my clients, who never have any problems with Spamhaus occasionally run into delivery problems at Comcast. Futhermore, I think Venkat misses the underlying reason the Mummagraphics and Virtumundo cases were lost by the people throwing the “s” word around. I think they lost because the technical requirements of the law were on the side of the groups labeled as spammers. In this case, however, it seems to me that the technical requirements of the law fall squarely on the Comcast side.

The above statement also suggests to me that Venkat seems to buy into the mythology that blocking decisions by ISPs and/or major blocking organizations (like Spamhaus) are capricious and uninformed. Nothing could be further from the truth. I have spent a lot of time with people running incoming ISP filters and blocklists. Most of those individuals, and particularly those with large user bases, are very cognizant of their responsibility to their users. They do not want to block mail users want and set the parameters such that they block as much unwanted mail as possible and let through as much wanted mail as possible. These groups collect reams and reams of data on their blocking and feedback from users in order to make sure their blocking is as accurate as possible.

If it comes down to it, I have no doubt that Comcast will be able to produce hard numbers demonstrating that mail from e360 did not meet their standards for acceptance or delivery. The case may get to that point, depending on what the judge rules. In this case, the law seems solidly on the side of Comcast.

6 Comments

e360 v. Comcast: part 1

Published
by
laura
06Mar
in Legal
.

A few weeks ago I very briefly touched on the recent lawsuits filed by e360 against Comcast and a group of anti-spammers. In the Comcast suit (complaint here) e360 argues that Comcast is unfairly and incorrectly blocking e360’s email and are liable for damages to e360’s business.

They have a number of claims, including

  1. Comcast cannot block e360’s mail because it is CAN SPAM compliant
  2. e360 complies with Comcast’s AUP
  3. Comcast lets e360’s competitors send mail to Comcast’s users
  4. Comcast is lying to e360 when they reject mail, causing e360 to delete valid addresses from their email list
  5. Comcast is committing a denial of service attack against e360 by tarpitting email.
  6. Comcast is mean and will not tell e360 exactly why the mail is being refused.

The original complaint seems to be a list of complaints that e360 cannot effectively send mail to Comcast. Because other mailers can meet Comcast’s standards, this leaves e360 at a competitive disadvantage and therefore Comcast must change their filtering policies to allow e360 to send mail into Comcast users.

Two of the claims are peculiar. One that Comcast is lying to e360 with their block messages. As an example, e360 claims that

Comcast has transmitted fraudulent bounce information to e360’s mail servers specific to email addresses contained on e360’s opt-in marketing list. The responses sent by Comcast mail servers to e360 are fraudulent because they contain information indicating that the email address is invalid and not active.

Elsewhere in the filing e360 says:

e360 received the following error message from Comcast for all of the messages e360 attempted to send. “550 5.2.0 63.210.103.209 blocked by ldap:ou=rblmx,dc=comcast,dc=net -> BL004 Blocked for spam. Please see http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18628”

I see what e360 is trying to claim here, that a 550 response means the address is invalid according to RFC821/2821. I do not think they are going to get very far with this claim, as a plain reading of the response text makes it clear why the mail is not being accepted and provides a path to resolution. Furthermore, close reading of the RFCs makes it clear that 550 is a response used for unknown users or access denied. Clearly, Comcast refusing email from e360 falls into the access denied category of the RFCs.

The other peculiar claim is that Comcast is committing a denial of service attack against e360 by tarpitting e360’s servers. There is absolutely no way that Comcast can cause a problem for e360 in this manner unless e360 cooperates. If any connection is open and little or no traffic has been sent and this is causing you problems then drop the connection. There is no reason to hurt your own systems by keeping silent connections open.

To my non-legal eyes, I do not think e360 has much of a case. Not only is Comcast protected by statute, including the CDA, there is also case law going back more than 10 years saying that ISPs can block mail. This seems to be an attempt by e360 to force ISPs to accept unwanted email.

Comcast responded to the suit earlier this week. Tomorrow I will post about their response, and oh, what a response!

1 Comment

e360… AGAIN

Published
by
laura
29Jan
in Legal
.

This time e360 is in court suing a number of individuals for calling him a spammer.

Mickey has docs up on SpamSuite.com and Ken Magill has written about it as well.

Dave has also responded to ReturnPath, through Ken, with a public letter explaining why his statement disagrees with ReturnPath’s statement about his acceptance into the SenderScore Certified program.

Rumor has it that Dave is claiming he is out of money. If that’s true, who is funding these cases?

0 Comments

e360 in court again

Published
by
laura
22Jan
in Legal
.

Today’s edition of Magilla Marketing announced that Dave Linhardt and e360 have sued Comcast. Spamsuite.com has the text of the complaint up.

On the surface this seems quite silly. e360 is alleging a number of things, including that Comcast is committing a denial of service attack against e360 and locking up e360’s servers for more than 5 hours. Additionally, e360 is laying blame at the feet of multiple spam filtering companies, including Spamhaus, Trend Micro and Brightmail.

One of the more absurd claims is that Comcast is fraudulently transmitting ‘user unknown’ messages. At no point do they explain how or why they think this is the case, but simply assert:

Comcast has transmitted fraudulent bounce information to e360’s mail servers specific to email addresses contained on e360’s opt-in marketing list. The responses sent by Comcast mail servers to e360 are fraudulent because they contain information indicating that the email address is invalid and not active. As an email marketer, e360 relies on bounce information from Comcast’s mail servers to determine whether e360’s customer email addresses are still active and deliverable. e360 has information and reason to believe Comcast is intentionally transmitting fraudulent bounce information to e360 in an attempt to discourage e360 from sending additional email messages. By transmitting fraudulent bounce information, Comcast is effectively destroying e360’s proprietary assets and the value contained in e360’s opt-in database of email addresses. Such statements are made on information and belief as only Comcast has access to and knowledge of the accounts it has and will not allow e360’s emails to be delivered regardless of account activity.

I really do not think that Comcast is maliciously and deliberately faking that addresses are dead in order to destroy e360’s business. It just does not pass the sniff test. Why would Comcast do that? What possible benefit could there be to doing that?

Another interesting bit of the complaint is e360’s assertion they have been approved for the SenderScore Certified program offered through ReturnPath. Ken interviewed George Bilbrey. According to Ken

However, George Bilbrey, head of Return Path’s delivery assurance unit said e360 had not been certified.
“He applied and didn’t gain admittance to the program,” Bilbrey said, declining to elaborate.

The punchline is e360 is suing Comcast for around 21 million dollars because Comcast is being MEAN and, well, here’s what e360 has to say:

58. At the same time that Comcast is blocking e360’s email messages that are compliant with Comcast’s polices, Comcast is allowing other email marketers with substantially similar business practices as those employed by e360 to send email messages to Comcast’s customers.
59. Comcast’s refusal to deliver email sent by e360 while allowing its competitors to freely transmit email puts e360 at a disadvantage and creates an un-level playing field on which e360 must compete.
60. Upon information and belief, Comcast has made agreements, either written or verbal, to allow certain email marketers to send or transmit email without interruption regardless of whether such email meets Comcast’s Acceptable Use policy. Based on these agreements, Comcast has applied its policies with certain email marketers in a way that is materially different than Comcast’s application of its policies to e360’s email messages. Such statement is made upon information and belief because only Comcast can verify with whom they have agreements with to allow mail to be sent to their customers.

It will be interesting to see what happens once the judge reads the complaint. In my very non-legal opinion I am not seeing a real cause of action here. There is case law and statutory law that says ISPs have the ability to filter mail to their subscribers. Apparently e360 thinks they can convince a judge to ignore facts and law in order to make Comcast stop being mean to them.

0 Comments

Al Ralsky Indicted

Published
by
laura
03Jan
in Legal
.

Al Ralsky is a very prolific spammer and his name is well known among ISP abuse desks.  Along with 10 other people he was indicted today after a 2 year investigation by the Justice Department, according to an article published today by  the Detroit Free Press.

U.S. Attorney Stephen J. Murphy said, “Today’s charges seek to knock out one of the largest illegal spamming and fraud operations in the country, an international scheme to make money by manipulating stock prices through illegal spam e-mail promotions. I commend the excellent investigative work of the FBI, Postal Inspection Service, and the IRS-Criminal Investigation Division. I also wish to recognize the significant support and expertise provided by the Computer Crime and Intellectual Property Section of the Criminal Division of the Department of Justice.”

Al has a long history of spamming, and has been involved in legal actions with ISPs in the past, including one suit where he was sued by Verizon for sending spam to Verizon subscribers. That suit was eventually settled.

This suit can only be good for legitimate email senders. Gangs like Al Ralsky’s make it much more difficult for ISPs to selectively block spam, and trying to combat their use of botnets has resulted in legitmate email being blocked. Removing them as a source of spam will make it easier for ISPs to segregate good mail from bad mail.

1 Comment

Useful websites

Published
by
laura
26Nov
in Legal
.

I’ve been working on a document discussing laws relevant to email delivery and have found some useful websites about laws in different countries.

US Laws from the FTC website.

European Union Laws from the European Law site.

Two documents on United Kingdom Law from the Information Commissioner’s Office and the Data Protection Laws

Canadian Laws from the Industry Canada website.

Australian Laws from the Australian Law website

1 Comment

7th circuit court ruling in e360 v. Spamhaus

Published
by
laura
30Aug
in Legal
.

Mickey has some commentary and the full ruling up on Spamsuite. In short the appeals court affirmed the default judgment, vacated the judgment on damages and remanded the case back to the lower court to determine appropriate damages.

There are a couple bits of the ruling that stand out to me and that I think are worthy of comment.

Spamhaus made a very bad tactical decision by initially answering and then withdrawing that answer. The appeals court ruled that action signaled that Spamhaus waived their right to argue jurisdiction and that they submitted to the jurisdiction of the court. Based on this, the appeals court upheld the default judgment against Spamhaus. Not necessarily the outcome any of us wanted, but that doesn’t set any precedent for future cases unless defendants answer and then withdraw the answer. Specifically on page 12 of the ruling the court says:

We perceive no error in the district court’s conclusion that Spamhaus intentionally elected to abandon its available defenses when it withdrew those defenses from consideration by the court and indicated that it was prepared to accept a default. Spamhaus’ then-counsel confirmed that it wished to “participate in the defense no further” and “do absolutely nothing.” See R.56-1 at 3, 5. It was not erroneous to treat this kind of voluntary abandonment of defenses, raised but not pursued, as a waiver.

Score one for e360. The judgment against Spamhaus stands. Disappointing for them I’m sure, and frustrating that it was bad legal advice and judgment that resulted in them submitting to a foreign court’s jurisdiction.

The appeals court determined that the lower court erred by accepting e360’s statements on damages and that more investigation should have been done by the lower court before the 11.7 million dollar award. Thus the appeals court charged the lower court to revisit the question of damages.

I would call this a win for Spamhaus, particularly given the decision says, “Generally, this court will not reverse a damages award in a default judgment unless it is clearly excessive.” Clearly the court thinks the damages were excessive. I expect there is going to be significant legal wrangling around the real damages. Discovery should be an interesting process, clarifying business processes of both e360 and Spamhaus.

Perhaps the most important ruling, for other DNSBLs, is found in this quote:

According to the complaint, however, Spamhaus lists entities on the ROKSO for violating ISP terms of use, not “United States law.” The complaint does not allege that Spamhaus defamed e360 by claiming that e360 operated in violation of law. The facts supporting the default judgment, therefore, show only that e360 improperly was listed as a “spammer” by Spamhaus, applying Spamhaus’ own criteria. There is no basis in the judgment for an injunction that modifies Spamhaus’ generally applicable criteria for determining what entities qualify as spammers.

This affirms that Spamhaus can list spammers and spam sources even if the mail complies with CAN SPAM. As long as listings follow the published guidelines of a DNSBL, then the DNSBL can list mailers who comply with CAN SPAM. Even better the court sees no basis for the lower court modifying Spamhaus’ listing criteria. Definitely a win for Spamhaus.

Overall I think the ruling is generally what we could have expected. I’m quite pleased that the court affirmed that Spamhaus may legally list senders that comply with CAN SPAM. I am also eager to see what happens during discovery for damages.

5 Comments