Don’t legitimate emailers have enough to worry about with CAN-SPAM, blocklists, and erroneous spam reports? Increasingly, spammers, who scatter millions of pieces of uninvited email to the Internet wind, ruin legitimate mailers’ names by using those mailers’ domains as the sender address in their spam runs.
Known as spoofing, the practice of hijacking someone else’s good name to avoid detection and evade spam filters can have devastating effects for the unsuspecting emailer who’s been spoofed. It creates a public relations nightmare for the spoofed company. And it can cause the victim company’s legitimate email to be rejected or eaten by spam filters when receiving sites equate the domain with spam, and the domain name is disseminated among the anti-spam technology gatekeepers.
Spoofing can also lead to the functional equivalent of a DOS attack, as the victim domain’s inbound mail servers are bombarded with the bounce notices generated by hosts who were the spam run’s targets.
Last week, Florida ISP Tallahassee Telephone Exchange (TTE) revealed a spoofer led to the clogging of a number of TTE’s customers’ inboxes as bounce messages poured in. AOL has included damages incurred when dealing with bounce notices as part of its anti-spam lawsuit strategy since at least 1998.
To add insult to injury, the law with which these legitimate mailers must comply, CAN-SPAM, offers no relief when their own domains are used for nefarious purposes. CAN-SPAM only allows lawsuits to be brought by the Federal Trade Commission, state attorneys general, and ISPs. There’s no private right of action for businesses or individuals.
The secret weapon that protects your domain name and even allows you to pursue someone who spoofs your domain name? Trademark law.
Register your domain as a trademark (in this context, a “service mark”). Then, if you want, you can sue spoofers for trademark infringement.
Yes, it’s really that simple. Run, don’t walk, to get your domain registered. Assuming that your trademark application is approved (no trademark application is guaranteed automatic approval), you’ll have a good way to try to stop the spoofer.
Trademark law has been around for years. It’s an area of law that’s well understood by judges (unlike this newfangled Internet). Trademark infringement is fairly well defined, with generally accepted definitions (unlike, say, spam).
Here’s how it works. Let’s say I own the domain “sueaspoofer.com” (because I do). I’ve registered the domain, I use it in business (this is key), and I’ve registered it as a service mark for trademark protection.
Joe Spoofer sends out a spam run of a bazillion pieces of spam, using the sender address email@example.com. He’s trying to trick innocent consumers into accepting his spam because they think it’s from sueaspoofer.com
Because I use my domain in business and Spoofer used my trademark, attempting to capitalize on my trademark to get his own mail delivered, Spoofer is guilty of trademark infringement.
“But,” you say, “how will I ever find Joe Spoofer? He’s probably offshore in Slobovakistan.”
This is one of the beauties of using trademark law. You can sue not only Spoofer, but also anyone who benefited from the infringement. Most spam is in English, and most English-language spam has some connection to the United States, usually through the merchant whose goods or services are advertised in the spam. Thus, it becomes relatively easy to find a culpable party on whom to serve a lawsuit. And if the party isn’t the actual spoofer it will, in fairly short order, lead you to the spoofer. Plus, you may recover some of your financial losses by suing for damages.
Registering a trademark costs only $335.00, plus whatever fees you pay to the attorney or service that prepares the application. Trademark registration services can be found online for as little as $200.00. It’s a small price to pay for such a big and potentially effective insurance policy.