Microsoft Files More CAN-SPAM Suits

Microsoft has filed eight lawsuits under the federal CAN-SPAM act against so-called top spammers. The suit alleges violations of the act including spoofing and falsifying of domains, routing email through open proxies and using misleading subject lines.

The lawsuits, filed in King County Superior Court in Washington state this week and last, seek to bar the defendants from continuing their alleged violations of the act and to collect damages totaling in the millions of dollars. Violations of state laws are alleged as well.

This is the online giant’s latest anti-spam effort in the legal arena. Altogether, the company has filed 51 anti-spam lawsuits in the United States. These include an $18 million suit filed in December 2003 in concert with New York Attorney General Eliot Spitzer and the first CAN-SPAM suits, a coordinated filing with three other major ISPs in March.

The company also combats spam through technological means. Microsoft recently announced that it is merging its email authentication scheme, Caller ID for E-Mail, with another plan, SPF, which stands for sender policy framework. Both add the identity element to email, seen as a critical first step to fighting spoofing, phishing, and spam.

All of the suits allege spoofing and falsifying of domain names. Most of the suits target John Does, or unnamed defendants the company plans to name as the suits progress. Two of the actions target specific entities. One is Pin Point Media, LLC, based in Coral Springs, Florida. The other is John Hites, who is listed on the Register of Known Spam Operations (ROKSO), a list of alleged spammers operated by British consumer advocacy group Spamhaus. The action against Hites and related companies alleges that he used hijacked computers and false subject lines.

Microsoft alleges that the defendants’ actions required the company to process millions of spam emails. This has “taken up substantial amounts of Microsoft’s finite computer space and has resulted and continues to result in significant costs to Microsoft,” the suits allege.

A Microsoft attorney on the case acknowledged that collecting the damages sought might not be practicable. “It’s the recognition that Microsoft and a number of other ISPs are being vigilant about spam and if you violate those statutes, it’s likely you will be sued,” said Tim Cranton, senior attorney at Microsoft.

Reviews of CAN-SPAM’s performance six months after it went into effect are mixed.

However, at least one industry figure applauded Microsoft’s CAN-SPAM suits, saying this was what he had hoped CAN-SPAM would be used for — to go after “the biggest and the baddest.

“More power to them,” said Dave Lewis, co-chair of the E-Mail Service Provider Coalition (ESPC) vendor relations committee and VP of deliverability management for Digital Impact. “I’m pleased they’re going after the most egregious spammers under CAN-SPAM.”

Cranton said, “There is an important distinction between deceptive and illegal spamming and legitimate commercial email marketing. Filtering and enforcement empower users to decide what they want to receive. Combining these things will enable legitimate email marketers to reach people who want to receive mail from them.”

Lewis said, “We (the ESPC) have always looked at the problem as requiring a multi-pronged approach. Legislation such as CAN-SPAM, technology such as the blended Caller ID and SPF, and finally, self-regulation, will solve the spam problem and change the way the medium is used.”

Related reading