The Spamhaus case, a spam-savvy Illinois lawyer perspective

i’ve been following the spamhaus case with some interest. you see, i am a lawyer, and even an active member of the illinois bar. i happen to teach as an adjunct professor at the same law school where the judge in the case also teaches as an adjunct. and the class i’m
teaching next week is all about what behavior by a defendant in the online world is sufficient to establish a jurisdictional hook. Sun Shine invited me to contribute and, before too much misinformation gets circulating, i feel compelled to chime in with my 2 cents.

as lawyers always do, let me caveat this with the usual disclaimers:
i know only the bare minimum of details about the case, this message should not be construed in any way as legal advice, and no one should mistake me for a qualified trial lawyer. as someone, probably a law professor, once said: those who can do, do; those who can’t, teach.

with that said, below is my take on some of the recent questions that have arisen over the spamhaus case:

1. make no mistake: this is serious. to make that point, consider what is likely to come next. when spamhaus continues to operate, the plaintiffs will implore the court to enter criminal contempt charges against the company and its principals. it’s not clear how broadly such charges could be, but this judge has certainly not shied away from broad orders to this point. at the very least, this could mean that mr. linford will be at risk if ever he decides to pay a visit to the united states. the worst case, of course, is that u.s.-based volunteers could be criminally at risk as well. i doubt the worst case is likely to happen, but make no mistake that it is possible.

2. moreover, this judgment will likely follow “spamhaus” in perpetuity. even if it shuts down and later some of the same people reconstitute “specialhamhouse” to publish similar data, the judgment will almost certainly stick to the new entity. in the long run, cute arguments and legal slight of hand don’t work. look at an organization like kazaa, which spent a significant percentage of their significant revenues on the smartest lawyers in the world to avoid jurisdiction. even with those resources they were eventually hailed into court and effectively shut down. even if e360 is not the riaa, spamhaus, unfortunately, does not have anywhere near resources as kazaa.

3. that said, spamhaus had a likely winner of an argument if they’d made it from the beginning: the u.s. court does not properly have jurisdiction over the u.k.-based company. while this is an evolving area of law, what spamhaus does is, in my mind, most analogous to the london times publishing a “worst dressed celebrities” list. if joan cusack feels slighted by the times’ characterization of her choice of ball gowns, it is fairly well settled law that a court in illinois is not going to have jurisdiction to hear the case. in the spamhaus case, it would have been possible for an attorney to make what is known as a “special appearance” before the court without acknowledging the court’s jurisdiction in the case. reading the record, i’m puzzled that this wasn’t the strategy spamhaus’s counsel chose.

4. unfortunately, since that’s not what happened, spamhaus may have waived personal jurisdiction as a defense early on in the case when they not only appeared, but then asked for the case to be removed from state court (where it was originally filed) and moved to federal district court (where it is today). arguably, and this makes sense intuitively even if you don’t understand the finer points of u.s. civil procedure, doing so inherently acknowledged the jurisdiction of the federal court. in the beginning of a case like this there are two choices: a) you can fight it, or b) you can claim the court doesn’t have jurisdiction and, basically, ignore it. you can do one or the other, but you cannot do both. the pickle spamhaus is in right now is largely caused because they appear to have initially tried strategy (a) then switched to strategy (b). there may be a way to still raise the jurisdiction issue, but make no mistake, it’s an uphill battle at this point.

5. in terms of today’s action by the judge it appears that this is, currently, just a “proposed” order. i would imagine it is, in part, the judge’s gambit to get spamhaus to come back to the table to that the real issues in the case can be resolved. but, so long as spamhaus doesn’t show up, i don’t see anything that will prevent this order from being entered as final. in other words, there may be some time before icann is formally ordered to shut down the spamhaus domain, but make no mistake that icann’s lawyers will be considering their options beginning first thing monday, if they haven’t already begun the conference calls tonight. one more thing to consider: the fact that the order isn’t final means that e360′s lawyers can review it for loopholes and make suggestions on how to make it even more onerous on spamhaus. in other words, if you’re a friend to spamhaus, i wouldn’t be posting in any public fora comments like: “at least the judge didn’t…..”

6. when the order is final, i don’t know what icann will do, but i bet they’ll at least consider complying. in the end their decision is likely to be much more about setting a general policy than the specific details of who spamhaus is or why they are critical for the internet. icann will desperately want to stay out of this dispute, but they are subject to u.s. law and they will probably have attorneys who will argue they need to follow it. all it will take for this to end badly for spamhaus is one lawyer at icann getting a little bit spooked and spamhaus could lose not only it’s .org but potentially any other tld that icann controls. (this probably wouldn’t include cctlds like .uk which are governed by their own controlling entities.)

by the way, does any part of this whole thing strike anyone else as a bit ironic? it’s usually the spammers setting up non-traditional tlds and claiming that u.s. courts cannot assert jurisdiction over them. i’ve been amazed how many times with project honey pot
(, an anti-spam service my company created, we’ve used spammers’ tricks in order to catch spammers. now it seems we need to use spammers’ legal arguments in order to defend the anti-spammers. like a bad episode of superman where he realizes lex luthor is his half brother, or something.

7. even if icann holds firm and doesn’t shut down spamhaus’s domain, i would imagine the plaintiffs will ask the judge to go after other vulnerable points in the spamhaus chain of command and control. based on the rulings i’ve seen so far, the judge may agree to go along. he seems pissed, and, frankly, reading the record i can understand why. as you all intuitively know, judges don’t like people ignoring their orders, especially when the people specifically asked for the case to be moved to the judge’s court and are now making public statements effectively calling the judge a buffoon. everyone involved needs to be careful.

8. how could this end well? the good news is that the 7th circuit is full of some of the smartest and most powerful judges in the country, so if there’s a way out of this mess spamhaus could be in far worse places to find it. that said, appealing a default judgment is unusual and not a strong position to start from. even after the notice of appeal is filed, an actual appeal is probably, in reality, just the backup, long-shot option. the primary option i think spamhaus should be discussing with counsel is asking the district court judge to set aside the default judgment. my guess — only a guess — is that he’d probably do that if spamhaus asked, apologized, and plead that they got some bad legal advice and were rectifying the situation as quickly as possible. however, and i’m sure this is going to be the sticking point, getting the default judgment lifted would require spamhaus go against some of their core principles and eat some crow.

what do i mean? as far as i can tell from the record, back when the case first started the judge issued a temporary restraining order (tro) that required spamhaus to remove the e360 listings from rokso and other places. initially it appears spamhaus complied with the
tro, probably on advice of counsel. then, according to the record, around the same time spamhaus shifted from strategy (a) to strategy (b), spamhaus put e360′s listings back up on their site and, essentially, gave the judge the finger. just a guess, but in order to get the default judgment lifted, spamhaus is probably going to have to at least comply with the judge’s original tro order. while i know that removing someone spamhaus is convinced is a spammer from their blocklist goes against the very core of the organization’s being, it is hard for me to see any way to get to a happy ending for spamhaus without (hopefully temporarily) compromising this principle.

do note that the tro is not the same thing as the permanent injunction which the judge issued after spamhaus stopped complying with the tro. the permanent injunction was issued after spamhaus violated the tro. my quick reading of the record is that it is the permanent injunction, not the tro, where spamhaus was required to put up the notice in big type on their home page that the plaintiffs really weren’t such bad guys after all. i know doing that would be
far too much crow for spamhaus to bear eating, but my guess is that it won’t be necessary in order to at least get back to where spamhaus was before they switched to strategy (b).

but here’s the real problem: even if the default judgment is lifted and spamhaus gets a real day in court, they’re in for a very, very expensive, very fact-intensive trial to prove e360 really is what they say they are. in the end, from what little i know, it seems likely that they have a good case and stand a good chance to win: this is, after all, no different than the london times publishing the worst dressed celebrities list. it still may be possible to shoe-horn the jurisdictional argument back into play, in which case you’d never get to the really expensive part (discovery) of the trial. unfortunately, even that’s going to take some serious billable hours from some serious legal firepower (read: $$$). i’ve been thinking about this for at least a week now and, to be honest, i can’t see a lot of ways this ends well.

9. finally, one last point: anyone who has a chance to talk publicly about this, if you are a friend to spamhaus i would strongly urge you to refrain from making derogatory statements about the judge or the legal system in the u.s. talk all you want about the evidence that you believe demonstrates e360 is a spammer. talk about how important spamhaus is to the functioning of email. but calling the judge stupid doesn’t help the case. given the record, the judge had little choice other than to do what he did. so far as i can tell, spamhaus presented no argument that would let him get out of this case, even withdrawing the answer that had been filed from the proceedings.

instead of badmouthing the judge, what i would imagine is far more productive are letters from isps around the world attesting to the importance of spamhaus as an organization and emphasizing how it is the individual isp, not spamhaus, making the affirmative choice to
stop e360s messages from entering your servers and your property. maybe counsel for one of the larger isps would be willing to act as a clearinghouse and file the letters, en masse, with the court. but, whatever you do, don’t go out and talk about how the judge is too old and too stupid to understand how the internet works — having read some of his other cases, i can guarantee you he is not. instead, politely educate him on why spamhaus is more than what the plaintiffs have painted it as: a punk organization based out of the u.k. that doesn’t respect u.s. law and actively interferes in the business operations of a legitimate illinois company.

an update to the spamhaus story can be found here:

matthew prince.
ceo, unspam technologies, inc.
adjunct professor of law
john marshall law school

  • Nameless

    Hmm. “Worst dressed list” sounds very naive. As any lawyer should know, it’s more than that.

    A worst dressed list does not conspire with wholesalers, distributors, freight companies and store owners throughout the entire supply chain to block the sale, transport and other commerce of the clothing worn by the worst dressed celebrities. Nor does it publish the list with such intent.

    Nor do the subscribers to the paper subscribe for the sole purpose of identifying targets to block by reading the list.

    Nor do they block wholesale other trade by the manufacturers and stores. With a worst dressed list there is no conspiratorial intent to block trade as there is with Spamhaus and its subscribers.

    A worst dressed list is an act of publishing, a blacklist is an act of techno-thuggery. Big, big difference. I can’t wait to see the letters from the co-conspirator-ISP’s confessing to their crimes! I can see why you say you are not providing legal advice!

    As a lawyer, you should be far more concerned about private interests like Spamhaus and its conspirators taking the law into their own hands and acting willy nilly as judge, jury and executioner with no recourse, no due process, and no right of appeal by their victims.

    Now, what is it you wanted to tell us about your company?

  • Dave

    Taking what law into their own hands?

    Please show us the code chapter that requires that mail servers accept mail from all comers, with no right to block mail.

    A mail server is private property, and as such, the owner is not breaking the law when he/she chooses not to accept mail from a specific party.

    If the owner decides to delegate that decision making to another person, that’s their right, as well.

    There has grown up around the world the misconception that email is a right, and that service providers and mail server owners cannot interfere in the right of others to send any message that they choose.

    It surely sucks that you’re finding it hard to make a living by sending special marketing emails. But that’s life. I’m also not going to allow you into my house. So sue me, demand your right to enter my house at will and leave your marketing materials on my coffee table. I dare you.

  • Dude

    Nice write up, but I think you missed one major problem. Spamers use a method called “death from a thousand cuts”. This particular spammer has offered this advice to other spammers on public message boards. The advice is this, you can file a complaint for minimal expense, while coming up with a defense is a costly affair. If a thousand spammers all sue you (with a cost negligable to themselves) and force you to go overseas to defend your service in a country that doesnt have jurisdiction, then you go bankrupt. Death from a thousand cuts.

    How do you defend from this? I dont know, but maybe ICANN doesnt need to be based in a country with such a flawed legal system..


  • Joe Greco

    Dear nameless,

    While I’ll agree that “worst dressed list” may be a bit naive, the rest of your message is a half bubble off level.

    Spamhaus is more akin to a credit reporting agency. Spamhaus monitors known spam organizations, and provides factual reports on them to anyone who cares to ask.

    I don’t see any conspirators. If we decide to direct our mail servers to block the known IP spaces of e360, it is well established that e360 has no viable recourse to force us to accept their e-mail. To force us to accept it could place an unreasonable burden on us.

    We are allowed to decide whether or not to accept mail based on algorithms which we choose. Some clever monkeys automated the process of gathering that data from public spam reports. Spamhaus further refined that process and made it more reliable. Yet Spamhaus cannot force mail to be blocked. As mail server owners, that is our perogative, and if we choose to query the Spamhaus data, it isn’t a “conspiratorial intent to block trade” – it’s a legally recognized right for us to block e-mail that we choose not to accept. We can block mail because it’s coming from an IP on the SBL, or because the moon is full, or because it contains three instances of the character N, and there’s not a damn thing a blocked sender can do about it. There is little recourse, no due process, and no right of appeal. If a blocked sender feels wronged, they can contact us at Postmaster@ and discuss the issue – that’s the extent of their recourse.

    Spamhaus provides a valuable and impartial service to the community. While we don’t use the SBL, we do recognize the usefulness of the service, and recognize that it is one of the best services out there, with a strong track record of carefully researching those organizations who are listed, and providing those facts so that subscribers may independently see what caused a listing.

    The day we no longer have the right to determine who we can block is the day we are going to stop running mail servers. We are watching this with much interest.

  • Dude

    BTW “nameless” is the spammer in question, I wouldnt bother responding to the posts or taking them seriously.

  • Henry McGregg

    No, no, no. Blacklists are not techno-thuggery. As anyone can tell you, SPAM is the thuggery — consuming resources, computer, router, switch, light cycles. Numbers I have seen as recently as July pegged world-wide spam at 60% of all email.

    Imagine if you were walking down the street and were accosted by 3 viagra sales men, 2 pornographers, and 1 salesman for the next widget on your way to meet 4 friends. Sounds pretty annoying to me.

    Blacklists exist for the reason that we don’t want these “businesses” to enter our lives, premises, or personal space. The legitimate ones use tactics just short of illegal, and our way is to put a selective moat around our space.

    This is no different than my city passing a law forbidding flyers or solicitors at my doorstep if I display the proper signage. I’ve reported violators to the city and they get fines and eventually forbidden from doing business in the city.

    Spammers know what they are doing is tresspass, and use dirty tricks and tactics to portray themselves as hapless victims.

  • Dude


    to waste time arguing logic with one who has an agenda,…
    … that is truely a waste


  • Dude No.2

    Why in god’s name isn’t someone attempting to pursue these organizations under CAN-SPAM? From a quick perusal of the logs, it’s quite plain that what they are doing is not opt-in in the least. Haven’t a few big spammers been sued? Anybody with AOL legal wanna pin this spammer’s nuts to the wall? Has anybody called the IL Attorney General about this guy? I’m sure it’d backup Spamhaus’ position that their blocking of this guy’s emails is legit if the AG opened an investigation on Mr. Nameless up there and proceded to press charges.

    Seems pretty cut and dried to me… and it wouldn’t be hard via honeypotting or other means to collect more information on Mr. Nameless’ illegal activities.

  • Pingback: Assa's blog

  • Thomas Leavitt

    I’m going to take the author’s advice, and comment on why “blacklists” are so important. I own a small web design and hosting company, Godmoma’s Forge, LLC. We host approximately a hundred domains, and manage several more.

    My itsy bitsy little company was being literally driven out of business by spammers… first the flood of spam emails forced us to abandon Baysian spam filtering, becasue the CPU cycles required to do so on the server were excessive and repeatedly induced crashes (which, in the process, forced us to move many clients to a third party hosting service, sacrificing a significant amount of income in the process). Then, after we turned spam filtering on the server off, the flood of emails began to overwhelm our email client programs ability to handle the volume of email (let alone that of the people reading it) – the sheer number of emails (tens of thousaneds) in the various boxes caused them to break. Finally, the flood of emails begain to get so bad that our email client programs simply could not download the spam as fast as it arrived.

    Without email, we could not communicate with our customers – and we were spending endless hours every day doing nothing but deleting spam or waiting for our email programs to process incoming email through their spam filters. We were having a very difficult time operating our business as a result.

    I’d resisted implementing block lists, because I was afraid the number of false positives would be too high, but…

    When I finally gave in and did so (in addition to some other mechanisms) – thereby blocking email at the SMTP server, the volume of email in one particular person’s email box went from 28,000+ messages a day to less than a thousand… my own personal email box went from 20 spams for every 1 legit email, to 1 spam for every 4 or 5 legitimate emails.

    I know a local ISP that devotes 7 dual processor high end systems to doing nothing but filtering email (for just 1800 domains)… and another half dozen CPUs to do nothing but store all the email (mostly spam).

    Spamhaus and other block lists are the only practical way to manage the flood of spam. Without them, small companies like my own would simply be unable to run our own email servers.

    Bluntly – the only reason email exists, today, as a functional medium, is “blacklists” of companies, sites, servers, etc. engaging in practices that are unacceptable to the subscribers to those blacklists.

    Take the blacklists away, and overnight, email servers across the world will choke, fall over from the CPU and other load induced by the increased volume of mail, and the amount of labor required to manage them would go up astronomically. Customers will start screaming bloody murder to ISP and corporate help desks about having to sort through hundreds upon hundreds of spam messages for the few dozen valid emails they want. How many untold billions of dollars in additional lost productivity would be incurred? The sum is incalculablely large.

    I have no resources of my own, but I would be glad to submit a statement reflecting the above facts and concerns to the court for its consideration.

  • Thank Heaven for Spamhaus

    Mr. Prince:

    Could you please post specific information as to submit comments to the judge on this case? We are a small “mom and pop” ISP which simply could not do without their service.

    Thanks to Spamhaus and other lists of spam sources, our mail servers reject more than 95% of all attempts to send them mail — and we do notreceive complaints of false positives, so it is liklly all of those attempts are not legitimate. Yet, even after filtering by the blacklists, fully 30% of the mail we receive is spam! Our Internet connection, for which we pay thousands of dollars per mointh, is severely taxed by spammers and their “zombies” (innocent users’ systems which have been commandeered to send spam). We want to tell the judge this so that he understands how destructive a ruling adverse to Spamhaus would be. Again, please post information on how to contact the judge and any points of etiquette of which we ordinary laymen might not be aware.

  • theChuckster

    … i’m astounded by the arrogance of the court:
    1 – the spammer would have (by way of researching their filing) determined that spamhouse is a UK-registered business adn this information must have been in the initial claim
    2 – the judge could have asked some basic questions about the complainant e.g. ‘where are they’ and got an answer from filings
    3 – the judge could have determined (by using some basic common sense) that the venue might not have been the right location given the location of the alleged defendant.

    Where does this assumption that a court can arbitrarily assumption juristiction over a business or individual in a foreign land come from?

    If i was defrauded by an EBay seller in the USA (i’m in Australia) my only avenues for action are via Ebay’s local corporate presence or by taking action in the location of the person who defrauded me (e.g. get the local USA police or better business bureau involved somehow).

    why does this realistic scenario suddenly become reversed because some scammer decides a overseas agency is undoing their nefarious work? or does USA litigation permit this other-worldiness?

  • Chris

    Look, if you take a UK company to a US court on a civil matter, the UK company is not going to hear you. Has no reason to.
    It might cause problems if the UK company wants to start doing business in the future; but as far as I know they have no plans to, and if they ever make such plans they would address the US position at the time.

  • John Kinder

    Blacklists aren’t the only option for dealing with the high CPU load of fighting spam. You might want to look at what MailChannels are doing. Rather than relying on blacklists alone, they’re using behaviour and fingerprinting to detect potentially spammy hosts and then only allow them a minimal amount of bandwidth. It solves the problem of high CPU loads caused by content filtering, but doesn’t require the same reliance on a 3rd parties blacklist. I think the case that mail servers around the world will fall over if blacklists suddenly are made illegal is more than a bit overstated.

  • nudd

    theChuckster and Chris: the jurisdiction issue is an issue that is common to all common law countries, and as far as I know, any common law country will treat the matter the same way. This isn’t a matter of how the US courts are out of line, or whether the court has properly seised the case. The US case is the proper venue because the defendant submitted to the court’s jurisdiction.

    When you get served in a foreign jurisdiction, you can do two things. Either you refuse to submit to the court’s jurisdiction, or you submit to the court’s jurisdiction. If you refuse to submit to the court’s jurisdiction, you do one of two things.

    Either don’t turn up until after the judgment, then you can turn up and challenge the court’s jurisdiction; or turn up and enter a conditional appearance, and the _only_ thing you can plead is the court’s lack of jurisdiction, or that it is an inappropriate forum.

    That’s the position in Australia, at any rate. If you do anything else, you are taken to have implicitly submitted to the court’s jurisdiction. Put it this way, you cannot have your cake and eat it too. So, why should you be allowed to make any legal arguments about the case, and simultaneously claim that the court doesn’t have the jurisdiction to hear the case?

    The problem with Spamhaus is that they starting off doing acts which clearly showed that they were impliedly submitting to the court’s jurisdiction (they submitted written argument about law, for one thing). So, once they submitted, they have to go on, or face the consequences.

    The judge didn’t really have much choice except grant default judgment based on defendant’s non-appearance.

  • peterwn

    It seems that Spamhaus’s and its principals’ only worries are:
    1. Not stepping foot in the USA again. Nowadays, many would see this as no real disadvantage.

    2. Losing its URL .

    At a guess the main reason Spamhaus probably walked away from the Illinois litigation is that they found it was going to be horrendously expensive which ever way they looked at it and after sizing up the pro’s and con’s including the probably enforceability of any Illinois judgement in UK courts, decided the best thing to was to cut losses and walk away.

    Funny thing, that a US Court is trying to reach off-shore like this. Compare this to high level attempted pressure from the USA Government on the EU to go easy on Microsoft in EU courts. Should not the US Government mind its own business – it would soon object to other countries telling it how to run its justice system.

    Pity the good Professor did not give the matter a bit more discussion from an international ‘comity of nations’ approach rather than dwelling merely on what the Federal Court in Illinois could do.

  • davcefai

    I must confess to being perplexed by all this. Leaving out any consideration of whether e360 is a spammer, as I understand it, Spamhaus “publishes” a list of what they consider to be spam sources.

    Email providers are free to consult this list and use it to block spam. Spamhaus have published their criteria for listing spam sources. Any email provider who disagrees with these criteria is free to not use Spamhaus.

    So what is Spamhaus’ crime? Can a Telco be sued for publishing a Phone Directory because pranksters use it to make calls?

  • Evil Dave

    But spamhaus is an “organization based out of the U.K. that doesn’t respect U.S. law”. They presumably respect US law about as much as I do (that is, not at all) because it is irrelevant. They have had legal advice in the UK that “Default judgments obtained in U.S. … courts have no validity in the United Kingdom and can not be enforced under the British legal system”. For all practical purposes, the judgement does not exist.

  • Jeff Green

    Consider this scenario. A company finds itself subject to a trade sanction in a foreign country. Officials of that foreign country threaten all officers of that company with sanctions wholely disproportionate to the companies resources. The only way to avoid these sanctions in the foreign country were to invest sums of money beyond the resources of the company. What should the company do?
    How about take action in the UK courts to require the foreign official to defend their action?
    Would a US judge drop all his cases to turn up at the High Court in London to explain why he did what he did and why he should not have to pay the company compensation out of his own pocket? Obviously not. Ask then why this particular sauce tastes so good with goose, and yet not with gander.

  • Observer222

    This whole article is silly.
    Spamhaus is quite right to ignore the whole thing. The worst that can
    happen is that the US courts force ICANN to shut down Spamhaus’ domain.
    In which case, all Spamhaus needs to do is move to a .uk or .eu or .de
    domain which is not controlled by ICANN. End of story.
    Of course a US lawyer would recommend that Spamhaus hire a US lawyer,
    at a cost of at least $1000 per appearance in court. That’s a lot of
    money for an outfit like Spamhaus.
    The final silliness:
    “At the very least, this could mean
    that Mr. Linford will be at risk if ever he decides to pay a visit to
    the United States.”
    Strictly speaking, any non-US citizen is at risk if he ever decides to
    pay a visit to the United States, because the Bush regime has decided
    that foreigners are not subject to the same protection of the law as
    citizens. This means that any foreigner unwise enough to visit US
    territory can simply be made to disappear. All the government has to do
    is allege
    that said foreigner is a terrorist and an enemy combatant. Yes, I know
    this is still being fought in the courts, but at least until the
    government loses and exhausts all appeals, the position is as I have stated.
    But apart from that, why on earth would Mr Linford want to visit the
    United States? Do you have any idea how intrusive and unpleasant border
    controls are for (legal) visitors to the US these days?
    De facto, a US court has no power to enforce its decisions in a civil
    matter outside the US. The judge and the lawyers can foam and froth all
    they want. Spamhaus can, should, and I suspect will, ignore them.

  • wagemonkey

    With the current one sided extradition treaty between the US and UK I’d be worried if I was involved in Spamhaus. All the US has to do is ask the UK to put someone on a plane for trial in the US and they are sent over. No evidence of any kind has to be provided. If the UK wants to extradite a US citizen then evidence is required.
    So you don’t even have to visit the US to have US law visited upon you if you are resident in the UK.
    I think the phrase may be ‘Vassal State’.

  • TFBW

    I think this is intriguing. Call me destructive if you will, but the possibility of a court ordering the termination of the “” domain name on the basis of false testimony and a default judgment without jurisdiction has a morbid appeal, like a train wreck. It would certainly cast new light on the “Internet governance” issue, even from the perspective of Americans. “Obvious bad guy manipulates US justice system and Internet oversight body into facilitating spam.” Very tasty.

  • J W W jr

    After reading all of these comments, I’ve not seen one supporter of Spamhaus articulate the actual dispute here – no one is arguing spam is/ is not bad, even e360. What is being argued in the courst case is whether e360 is in fact “spamming”. So disputed facts include whether or not e360 is a spammer, or is in fact a legitimate, opt-in e-mail marketer that Spamhaus has deemed not acceptable for their own reasons. In the U.S., when there are disupted facts, arbitrary vigilantism is not lawful, taking the dispute before an impartial judge is. If e360 was violating U.S. CAN-SPAM legislation I’m sure the federal judge presiding over this case would have deduced that, and Spamhaus’ legal representation would have trumpeted that in their initial response, and this case would be over, or would never have been brought by e360. (Please actually read the CAN-SPAM act to see what is required of e-mail marketers for e-mails to meet the U.S. legal standard, there have been some significant judgements won against e-mailers who violate these requirements.)

    From what I’ve seen thus far, it appears the facts specific to e360′s e-mail use do not support Spamhaus (and ISPs affirmatively using the Spamhaus service) restraining trade in the U.S. by arbitrarily defining e360 as a ‘spammer’, blocking e360′s e-mail. I’ve noted the comments by a couple of ISP representatives, and would only respond that when they set up to do interstate business in the U.S., they become bound by U.S. interstate commerce laws. And I’m certain a federal judge is better versed (and more engaged in that area) than ISPs are. If the Spamhaus position regarding e360′s e-mail usage is so strong factually, I’m sure a large group of right-thinking U.S. ISPs will file an amicus brief in the U.S. on Spamhaus’ behalf. I do think there will be U.S. appeals court case precedent regarding this issue in the near term (maybe via this case), and I think Spamhaus and ISPs will be surprised at the determination, in terms of rights of e-mail marketers who comply with U.S. federal law.

  • john


    the courts in Illinois will have to fix this, or they will look like the city manager of Tuttle OK

  • Matthew Murphy

    JWW jr.: E-mail marketers don’t have any rights under U.S. law. If they’re sending mail to my server, I’m free to block it on any grounds I choose. I can block e-mails that arrive on Wednesday, for that matter. The fact that I let Spamhaus decide what e-mails I need to block (at one level, anyway) doesn’t change that fact. There’s absolutely NO law that permits the judge to order Spamhaus to remove e360 from ROKSO. There’s no harm to e360′s business, because I don’t want their e-mails, and neither does anyone who signed up for ISP-level junk mail filters. The only claim e360 has is that being labelled “spammers” hurts their business. In order to make that claim, they have to prove a) that Spamhaus is unjustified and b) that people would otherwise buy their crap. They might win B, but could never prove A. Spamhaus documents on its web site the use of (probably illegal) unsolicited e-mail by e360. They are not legitimate opt-in marketers — they’ve been shuttered by several ISPs for unsolicited e-mail.

  • Simon Waters

    JWW misses the point.

    CAN-SPAM is irrelevant, US criminal law is irrelevant.

    All that Spamhaus do is provide an advisory service, that this IP address is one you may prefer not to receive email from.

    They don’t stop email, other than by other people trusting their advice (which is almost universally agreed to be the best such service on the planet – at least of those provided free or largely free).

    Going to ICANN is irrelevant distraction, but what makes the story interesting. It is irrelevant because ICANN don’t have a relationship with Spamhaus, anymore than the people who allocate telephone number blocks to phone companies are responsible for blocking phones. It is a bit like approaching the ITU because someone said something bad about you using a telephone.

    If the company was genuinely interested in resolving the issue, they would seek legal representation in the UK, where I’m sure the issue would be covered by slander or libel law.

    Although Spamhaus, and Steve, are easy to contact, and I’m sure if there was any doubt that the IP addresses concerned are/were spamming they would have pulled the listing.

    Indeed the main problem with Spamhaus is that there are large chunks of IP address space, ‘obviously’ owned by spammers, that haven’t triggered Spamhaus’s criteria for inclusion. I suspect this is due to the spammer being careful with their address harvesting.

    So this is just someone abusing the US legal system to generate publicity. I seem to remember from the Randi/Geller case that a judge can stop someone from pursuing vexous or frivolous suits, at least in some US jurisdictions.

  • Ian H

    Spamhouse is a small low budget organisation of volunteers performing a valuable service. E360 has more money. In any fight in the US legal sysyem E360 would win. The only way Spamhaus can win is to walk away.

    E360 obviously has a ridiculous case. But that doesn’t matter. Look at SCO. You can bring a suit in the US with absolutely no evidence or rational reason whatsoever and force someone to spend tens of millions of US dollars defending themselves over five or six years before you even get to trial. Spamhaus doesn’t have the money to fight so E360 will win.

    Furthermore the interim injunction is absolutely intolerable! Courts mean interim as in maybe five or six years. To Spamhaus and E360 there is nothing ‘interim’ about such a time period. Interim on the internet means several hours, or perhaps a day. Something lasting for years is permanent. Ergo E360 wins absolutely totally and completely by simply bringing the case.

    In my opinion Spamhaus was wise to refuse to play. They would have wasted millions of dollars that didn’t have and the absurd `interim’ injunction meant they would have lost before the case even starts. And E360 would have been only the first. Having set themselves up in the business of issuing `spam licenses’, the Illinois court would soon have been doing a brisk business in these interim injunctions as every spamming sleazeball on the net hastened to bring a suit. Death by a thousand cats indeed.

  • Walter Dnes

    I hear that France has something called the “Toubon Law” requiring that all websites be in French, with translated pages allowed in other languages. Are you blocking access to your webpage from France? If not, your website is non-compliant with French law. What would be your reaction be to a lawsuit against you, filed in France, demanding that you translate all your web writings into French?

    I note that (the US government website) has a display of female-facial-frontal-nudity, i.e. “The Statue of Liberty”. Female-facial-frontal-nudity is illegal in many “Islamic Republics”. Therefore the US government should place a large burka over top of the Statue of Liberty to remain in compliance with the laws of nations thousands of miles away.

    Do you appreciate the above results of your so-called logic? No? How do you think the rest of the world feels about your ideas?

  • joudanzuki

    The judge had no other choice?

    That is a seriously twisted view of the law.

    If ICANN feels they have to comply with a judge’s order, spamhouse simply drops their .com and operates under .uk . In the end, if all blacklist operators exit the non-country TLDs, it would be a loss to the market of the non-country TLDs, and to the country which has the largest share of domains directly under them.

    A judge should consider himself to have some responsibility to investigate the plaintiff and the reasons behind the defendent’s failure to show before he gets his pride hurt. Too many judges are losing track of the idea that rule of law is not rule by law.

    The only way for those without money to get some defense from those with is that the government must provide some antidote. Either it needs to reign in the courts’ tendencies to legislate, or it needs to provide elected public defenders for both criminal and civil cases, lawyers who can at least advise the court on the validity of a complaint.

  • nudd

    joudanzuki, you are totally misconceived as to the role of courts in common law jurisdictions. What we have in the common law world is an adversarial system, not an inquisitorial system. The judge cannot do any fact finding himself. It’s against the rules.

    Both parties represent a position, and the judge decides between them. That’s one defining difference between the common law system and the civilian system.

    In this case, much as I dislike the decision, what the court did was correct. We cannot have a judge going in there and taking sides on the issue without argument.

    What Spamhaus has done is that they have decided that the penalties associated with a default judgment are less onerous to bear than the risk of losing if they had gone to court. If they go to court in the US and lose, that (non-default) judgment may well be enforceable in the UK.

    So I guess what the article is really debating is the relative merits of Spamhaus’ decision. Are the consequences really worth it? Did Spamhaus really intend that its officers should never visit the US? Did Spamhaus really think that losing the .org domain was acceptable?

    If so, then I think Spamhaus’ decision is justified. However, that’s the CHOICE of Spamhaus. You cannot blame the judge for that. Nor can you blame the legal system.

  • Walter Dnes

    nudd said
    > What Spamhaus has done is that they have decided
    > that the penalties associated with a default
    > judgment are less onerous to bear than the risk
    > of losing if they had gone to court.

    Wrong. What Spamhaus has decided is that the cost of *WINNING* the judgement would be too great. All it takes is several spammers to co-ordinate a bit. Set up shell companies and file SLAPP lawsuits here, there, and everywhere. Spamhaus would go bankrupt defending itself in courts all over the place. You don’t hear of MAPS any more. nuff said.
    I don’t blame the judge, I blame the b0rk3n American system, where SCOX went 3 years, and forced IBM to spend millions of dollars in legal fees, before even telling IBM why SCOX had filed the lawsuit in the first place.

  • Nameless

    If you are managing a mail server for yourself or for the use of your own company’s email, by all means, feel free to subscribe to whatever blacklists you like.

    But if you are an ISP, managing the servers for customers, you are in a different category.

    Only by experiencing blocking can you truly understand the issue. So, I propose we try this little exercise which will make my point. Just post here the ip addresses of all your mail servers. I will then submit them as a complaint to SpamCop, another blacklisting service, one that is notoriously lax in applying due diligence to spam complaints and could care less whether it blocks legitimate companies. Because it does not do much in the way of evaluating, your IP address will almost certainly appear on their blacklist. As a result, you and your customers will experience great difficulty in sending and receiving mail.

    When the exercise is complete, come back here and tell me that you think blacklists are a great idea.

  • Kent Morwath

    Well, what would happen if US based spammers are brought in EU courts that usually have far more restrictive rules against spam than CAN-SPAM act?
    Could EU courts rule that US spammers should stop immediately to spam and pay huge fees, or be terminated by ICANN – and if ICANN does not complain, raise the question that the Internet can no longer be US controlled?
    The US judge should be very careful, because he could start a conflict between US and EU – and not only – that could go far beyond this case.
    I am going to file as much as I can against US spammers in EU courts. Maybe I can become rich…

  • nudd

    Wrong. What Spamhaus has decided is that the cost of *WINNING* the judgement would be too great. All it takes is several spammers to co-ordinate a bit. Set up shell companies and file SLAPP lawsuits here, there, and everywhere. Spamhaus would go bankrupt defending itself in courts all over the place. You don’t hear of MAPS any more. nuff said.
    I don’t blame the judge, I blame the b0rk3n American system, where SCOX went 3 years, and forced IBM to spend millions of dollars in legal fees, before even telling IBM why SCOX had filed the lawsuit in the first place.

    No, assuming that the law in the US is anything like the law in other common law countries, from what I recall from my (admittedly sketchy) conflict of laws classes, all Spamhaus would have to do is not turn up in court, in which case I think the onus would be on the plaintiff to show that the US is not an inappropriate forum.

    This strategy has its advantages. If the court decided that it had jurisdiction, Spamhaus can still wait for default judgment in relation to jurisdiction to be rendered, and then apply for leave to set aside the judgment on the limited ground that the court had no jurisdiction.

    Or it could have entered a conditional appearance for the specific purpose of challenging jurisdiction or have the proceeding indefinitely stayed on the basis of forum non conveniens.

    Once the judge had decided that it was an inappropriate forum, it is unlikely that any copy cat filings by other plaintiffs would be able to succeed.

    The issue here is that Spamhaus should not have submitted to the courts jurisdiction in the first place.

  • Jeff Green

    The problem with Nudd’s comment, and the article and probably the court system too. Is that it assumes that foreign individuals know how the US court system works. We don’t! Most of us also can’t afford US lawyers and have no way to judge if we have hired a competant one if we do.
    Yes the system in use is an adversarial one and once battle is joined the court must, to some extent, allow the two sides to present evidence and precedent and law and judge based on what is presented. That however is not the limit to what judges in common law systems can and should do.
    They are in control of their courts, not the lawyers, they are allowed, indeed required, to ask questions to find out what they need to know. All the judge here had to say was “Where are Spamhaus based?” “Why have you not taken action there?”. He (or she) could have asked more than that and done even better but those two questions would have been enough to stop the US court system looking silly again.

  • Joshua

    Actually, from personal experience, Spamhaus seems to me to be a bunch of punks who justify abusive behavior because they believe in their cause so deeply.

    A data center where I used to host our business was blocked by a number of ISPs after Spamhaus listed one of our Sysadmins (who’s identity they confused with that of a notorious spammer) as a “Spammer Stooge”. This listing was then picked up by SPEWS and added to blacklists all over the country. Let me clarify that the listing was NOT in response to an actual spam complaint of any sort, but to the NAME of a sysadmin working for us, who was NOT the same person as the spammer in question.

    We spent thousands of dollars and weeks of our time dealing with the problems that were caused by this, and our innocent computer-tech came under fire from our ISP/Data Center as though he were the cause of the problem. Maybe e360 is a spammer. I don’t have the facts. But I can tell you I will be happy to see Spamhaus go down the drain because it is a fact that their mistakes result in attacks on all kinds of innocent business.

    Many of the blacklist operators RELY on the reaction of innocent bystanders who have their IPs blocked. They say things like “You bed with spammers, you are a spammer.” (A direct quote from the SPEWS newsgroup when we posted to try to resolve the mistaken blocking issue, explaining that we weren’t sending spam.) Well, I don’t put up with collateral damage from self-appointed anti-spam guerrillas. Spamhaus sometimes attacks people without just cause or provocation, and I hope to see their moronic organization brought down. If the actual spammers manage to put these self-centered fools out of business for good, I will be happy that they are gone.

    I am not saying that Spam is ok, but rather that it is inevitable, and that the vitriolic and almost religious response of groups like SPEWS and Spamhaus only make solving the problem much harder by excluding all legitimate advertisers from having an interest in solving it. Oh, and also, that they have, in fact, failed to stop spammers. I still get spam in my inboxes every day.

    There are organizations run by more reasonable folks. Julian Haight from SpamCop is one example, and their model is based on a statistical sampling of complaints rather than half-baked guesses and unfounded accusations. Spamhause is a menace to the internet and we will be better of without them.

  • Geoff

    The problem is that if they succeed in shutting down spamhaus, by association/ precedent the activities of other blacklists (i.e Spamcop) will be on equally questionable legal ground.

  • Walter Dnes

    IANAL, but here are my opinions anyways…
    nudd said…
    > No, assuming that the law in the US is anything like the law
    > in other common law countries, from what I recall from
    > my (admittedly sketchy) conflict of laws classes, all
    > Spamhaus would have to do is not turn up in court, in
    > which case I think the onus would be on the plaintiff
    > to show that the US is not an inappropriate forum.

    No, it isn’t…
    a) you can file the stupidest lawsuit you want that barely meets technical requirements; if the defendant doesn’t defend, you get a default judgement.

    b) in British Commonwealth countries (UK, Canada, Australia, etc) a losing plaintiff is required to pay *ALL* of the victorious defendant’s expenses. This would include legal fees, time off work, travel and hotel expenses for a distant venue, etc, etc. In the US, that is *NOT* the case. With literally “nothing to lose”, people can file all sorts of stupid lawsuits, and face no consequences. The defendant is out-of-pocket for a lot of money, simply to have a lawyer show up and spend 5 minutes destroying the suit. Rinse, lather, repeat, and a defendant can be financially destroyed by a bunch of spammers, each of whom would need to spend approx $100 filing virtually identical lawsuits all over the place.

    > Once the judge had decided that it was an inappropriate
    > forum, it is unlikely that any copy cat filings by other
    > plaintiffs would be able to succeed.

    Wrong again. Another judge *IN THE SAME STATE*, may decide differently. Only if the case goes to state appeals court, and judgement is pronounced, only then is it binding precedent on all courts/judges *IN THAT STATE*. There are 50 states with different laws, and their decisions are not binding on each other.

    Even if the matter is forced to federal court, things aren’t clear. A decision by a lowest-level federal court is not binding on other lowest-level federal courts. A little-known fact is that the US federal court system is divided in geographical areas called “Circuits”. A decision in the US 6th Circuit, appealed and ruled on by the 6th Circuit Appeals Court, is binding precedent on federal courts in the 6th Circuit. It is *NOT* binding precedent on courts in the US 9th Circuit. Different circuits can, and often do issue different rulings on virtually identical cases. One common reason for taking a case to the US SUpreme Court is because different circuits have conflicting rulings. Only after being upheld by the US Supreme Court, will a ruling in the 6th Circuit be binding precedent across the rest of the country.

  • Pingback: Ambersail Infosec Roundup

  • nameless

    what would be interesting is for Spamhaus to file in the UK alleging that the Illinois court is interfereing with business. e360′s case seems as well-planned and thought out as SCOs .. corporate blackmail .. and for a court to support that does indeed show the judge to be ignorant. Since when did US judges have jurisdiction over UK citizens, corporate or real?

  • paulysci

    I’m a sysadmin at a small ISP. We are not located in, nor do we operate in the US or the UK. Also IANAL.

    The services that Spamhaus and other reputable black list services offer is invaluable to the Internet community. The scourge of Spam makes the valuable tool of email almost unusable. One of the biggest complaints we get is that our customers receive too much Spam and why can’t we do more to stop it. Blacklists are currently one of the easiest and most cost efficient ways to combat Spam and to help keep our customers as our customers. Spamhaus is to be complimented for the way in which they identify and report Spam.

    Spamhaus is a non-profit organization, partly volunteer staffed, working co-operatively in the Internet Community to reduce Spam. It gets much of its funding from donations and sponsors. This type of organization cannot possibly attempt to defend itself against lawsuits in far away places, nor should it have to. One would hope that the judge in this case takes this into consideration and finds a way out of this mess. The judge has been placed in a bad situation that he can make much worse if he continues on his current course.

    I wouldn’t want to allow mail from e360 on my systems. Spamhaus is showing that they’ve been terminated by 6 ISP’s for abuse, plus there are samples of the Spam and history of David Linhardt operations. In the published emails, Lindhardt does not deny the spamming, he offers excuses, blames it on someone else and makes a lot of threats. There is no doubt that a lot of Spam came from systems he was responsible for, over a number of years.

    Politically, this case is not like KaZaA. This is a non-profit, volunteer, Spam fighting organization being sued by the one most despised creatures of the Internet world .. a spammer. Spamhaus has all the high ground, e360/Linhardt has the low ground.

    The judge would be well advised to step back and take a look at the bigger picture. He would also be well advised to avoid being ‘pissed’. Judges really need to avoid emotions in their decisions.

    He also needs to know that many parts of the world are watching his decision and his handling of the case. As such, the judge is very much a representative of the US. Since it is obvious to most of the world, that a UK company operating in the UK, not in the US or even Illinois, should not be under the jurisdiction of US law, the judge’s decision(s) and actions very much reflects upon the US as a whole. To be blunt, the US is despised in much of the world and has very few true friends, a decision against Spamhaus only adds to the US’s woes abroad, particularly when the decision(s) and actions potentially violate the laws/sovereignty of one of the US’s few true friends (is it legal in the UK to obey a foreign court order? Some countries don’t allow it).

    Another issue is that the UK is about to get a new Prime Minister. Tony Blair has become increasingly unpopular because of his support for the Iraq war and his close ties with the US. It is unlikely that the next UK Prime Minister will be as accommodating. Here is a perfect case that a government could use to show citizens that it isn’t just a US lackey. A government could (and should) raise this to a international incident level. Here we have a spammer suing a volunteer, non-profit organization in a foreign court. If the judge thinks that a few bloggers calling him ‘stupid’ is bad, just wait until it hits the mainstream press. Headlines like ‘US Judge supports spammer’ or ‘US Court fines UK Non-profit’ or ‘US Judge violates UK Sovereignty’ would just be the beginning. The fine points of US Civil Procedure won’t matter one bit. The decision(s) will be an embarrassment to the US and the US Federal Government will have to get involved to somehow resolve the situation. In addition, if ICANN is forced to remove the .org by the Court, the US will be under a lot more international pressure to release control of ICANN. What happens to judges that embarrass the government? Probably nothing overt because of judicial independence. But when it comes to re-appointment and promotion to appellate positions it could be a completely different story. The decision(s) that this Judge is making could be very career limiting.

    How can the judge get our of this? If I was a judge, one of the things that would get me ‘pissed’ is being lied to. If Linhardt has certified, under oath, that Spamhaus does business in the state of Illinois or the US, then the Judge should be able to examine that statement and impose sanctions if it is misleading or if it is not true. (The statement apparently in the complaint is an outright lie.) I’m sure the Judge has already been advised that jurisdiction is in dispute. If he finds that Linhardt’s complaint is partly false, he could impose sanctions, like dismissing with or without prejudice. If he dismisses without prejudice, the process gets to restart and Spamhaus can handle it correctly at very low cost. If Linhardt appeals to the 7th Circuit, worst case is that it gets sent back for retrial and Spamhaus can handle it correctly at very low cost.

    This Judge is in a lot of hot water. The best thing he can do for his country, his judicial system, his court and himself is to get rid of this case.

  • Chase Seibert

    I manage a system that gets 250,000 emails a day. Over half is spam. IP blacklists are the single most efficient way to deal with this spam.

    Our company sometimes gets listed on these blacklists as well. This is because some of our customers do in fact send unsolicited email. But I don’t rail against Spamhaus and the like when that happens. They are doing exactly what they say they are doing!

    If you look at the websites of some of these blacklists, they explicitly say that there will be false positives. ISPs choose to use them anyway, because more often than not they are correct.

    Bottom line, they are not blocking email. People freely use their service, among many others like it, to block email for themselves. I wonder how many of those other services are also blocking “Nameless”?

  • SK

    I run a small ISP — with a couple of dozen mail servers. We utilize Spamhaus as one method to classify spam on a number of our servers. We are responsible to our customers; thus, if we let too many UCEs into our servers, our customers complain; if we block too many legitamate e-mails, customers complain. Spamhaus serves as an excellent resource for for those sending questionable mail. No one forces me to use the Spamhaus list, or any other list. We operate our own internal RBLs and RHBLs as well. We reserve the right to deny network traffic from any source, for any reason – as most ISPs do. If I wish to deny all e-mails with the subect lines containing the word viagra, I am perfectly in my right to do so; If I wish to block all email sourcing from APNIC address I am perfectly within my rights to do so; If I want to compile a list of mail servers run by jackasses and publish that list as an rbl, I am still within my rights. I am not forcing my list upon any other postmasters, and if my users complain about not getting e-mail then I have to respond to them as my customers, but I have no reason to respond to the jackasses who run the mail servers I am blocking. That said. Spamhaus obviously make a mistake by first accepting the jurisdiction of the court and then denying it. Mr. Prince has done us a service by placing these issues in the proper perspective, and I thank him for that. I am curious about something though: Insight’s argument is that they have been damaged by being labeled a ‘spammer’ by Spamhaus — if, however, Spamhaus had simply published a dnsrbl of sites that they do not accept mail from — for whatever reason — then could Insight claim that Spamhaus was libel for other sites using its list?

  • Ian H

    Joshua: I was following along with your attack on Spamhaus nicely until you spoiled it by using the phrase “legitimate advertisers”. Bzzzt! Sorry. Please play again.

    There ain’t no such animal as a `legitimate advertiser’ when it comes to email. It is my machine and my email account. I pay for the storage. You want to put advertising on my machine without paying?

    Email `advertising’ is like spray painting a graffiti advertisement on all the fences in the neighbourhood. Find another way to sell your VI4GRA.

    I get something on the order of 180 spam messages per day. My patience for anyone who thinks this is a method of `legitimate advertising’ is exhausted.

  • Steven

    A few comments:

    1. Spamhaus (and most RBL’s) don’t have an objective, effective way of appealing being labled as a spammer. Lets fase it, RBL’s have ammassed a great deal of power on the internet. Abuse of that power happens (can you say colatteral dammage?). This is, simply put, wrong, and thats made worse by there being no accontability of any kind in the process. Power corrupts, especially when unchecked.

    If an orginization sets itself up to make judgements of others, then it really needs to have a system in place for dealing with the abuses that do occur.

    2. The claim that mail admins choose to impliment the SERVICE is true, as is the claim that mail admins are free to impliment it in a number of ways. I see this leading to claims that this takes the RBL off the hook – after all, they don’t choose what to block. That would be true, if that was how the RBL’s actually work, but the argument doesn’t hold water.

    For the argument to hold water, the mail admins would have to be involved in accepting or rejecting lists on an ongoing basis, that is they would have to activly be involved in the process, or at least be advised of what is in the lists. As we all know, the majority of those admins using the RBL’s don’t – they use it as an automated system, and only look at it when a complaint is made or something breaks. Because it is used by so many in this automated way, the claim of RBL’s blocking mail is not as out there as many claim, and could (in my opinion) be proven in court.

    3. Spamhaus does enough buisness in the US that a claim of juristiction could likely be upheld. they have distributers and clients in the US, US based volunteers, etc. In other words, I think there is ample contact to assert juristiction.

    4. The court has a lot of options in addition to taking away the domain name. The court could order all US based ISP’s to reroute all Spamhaus domains and IP addresses to /dev/null or even to a site controled by 360.

  • SK

    The court could order all US based ISP’s to reroute all Spamhaus domains and IP addresses to /dev/null or even to a site controled by 360.

    Sorry, that’s one of the silliest things I’ve read in along time. There exists, in the US, no statatory control over routing tables – no court has any right to compel a third party to enforce a ruling in a civil case. Finally, I am fairly certain that such an order would violate several FCC reglations, as well as standard inter-exchange contracts.

    The fact that many administrators don’t understand how their systems work simply speaks to sad state of systems administration on the Internet and not the culpability of Spamhaus. If we were to blacklist the IPs of all poorly administerd servers on the Internet, 70% of the Windows nodes would disappear.

    Good postmasters monitor their mail systems regularly and are quite aware of what’s being rejected and what’s being accepted. If, as I stated before, they are too aggressive or lax then their user base will complain. I have never heard a user complain they did not recieve an UCE. What you are suggesting is that Spamhaus sould be held responsible for the way people use the information they provide. As I recall, a similar tactic was was used to sue Consumer Reports — that suit failed.

  • Adam

    US courts have to operate under the false assumption that their control extends to the ends of the earth. So someone sends a summons via regular airmail to (this is the correct spelling, btw, prof) a defendant from, I dunno, Timbuktu, and the court, especially a first-level superior court somewhere, pretends that the poor Malian textile designer has an obligation to drag herself to Ohio. And even if she does, and makes a “special appearance” to argue lack of jurisdiction, the court is going to rule that it has jurisdiction and she’ll have to fight it up to, at minimum, the state appeals court.

    Spamhaus did something very sensible for a non-profit org dragged in front of an alien court, they told it (in essence) that its writ doesn’t extend beyond the borders of the USA. What they should have done is say this from the beginning – they probably could have saved a couple of thousand dollars to boot.

  • NB

    I’m tired of Americans being self-important.

    Spamming people has the same rights has repeatedly blowing an airhorn at 3am in a suburban street.

    Let the Americans have their American spam. The rest of us can use Spamhaus.

    When the US Judges’ children and grandchildren are bombarded with pornographic spam then maybe they’ll make the obvious decision.

    Spamhaus should just open the gates to the American people – then watch the lawsuits fly.

  • GetReal

    Despite you not wanting people to make disparaging remarks about the judge who teaches at the same law school as you the fact remains the judge IS an idiot.

  • Skull

    This is a clear example about why having ICANN under USA jurisdiction is a bad thing.

  • Peter Mogensen

    Hi Matthew,

    Thanks for your views. I see no reason to “politely educate” the judge. If he has any intention to do the right thing, all the information he needs is already available. I will say one thing though. I run my own mailservers and I use Spamhaus. Spamhaus is not blocking anything. I AM !.
    I get my advice from spamhaus, yes, but if I really believed e360 was not a spammer I would whitelist him. I don’t though.
    If spamhaus really did list people who was not spammers, I would also quickly stop using their advice. Spamhaus has NO interest in listing non-spammers. It would undermine their whole raison-d’etre and people would stop using them.

    So given that the judge has no jurisdiction over the U.K.-based company and that spamhaus is not blocking anyone (the users are) it should be pretty clear for the judge to throw e360 out of the courtroom a make them pay for waisting the courts time. – regardless of what Spamhaus has made of technical legal mistakes !!!

    If however, he does not do that and demands that ICANN delists, it would in my oppinion become a political question. We in Europe can NOT have the twisted workings of the US legal system unilaterally affecting the Internet in this way. It would be a very good reason to move the root-servers under UN control or even fork the root-servers.

    You say that we should not speak badly about the US legal system. Well.. I won’t then, but I’d say that this would be a nice chance for the US legal system to show us that it is really not as bad as the rumor in Europe says it is.

  • rammer

    Spamhaus should have just ignored this lawsuit all together.

    I know of a person who insisted that he should recieve all mail addressed to him.
    The reason was that he was a public servant and some poorly drafted legislation that required some public servants to retain all their commucations. I don’t remember the specifics and this was a long time ago.
    This was in Finland and the guy was an idiot but
    just so that you know there is a person somewhere in the world that wants to recieve UCEs. ;)

  • Joshua

    Ian – on a personal level, I feel the same way you do about spam. I get a lot of it, and because I can’t afford the risk of false positives (blocking an important message from my customers), I wade through it by hand every day. I don’t think you are being fair to discard all of my points so quickly.

    I understand that you feel that receiving a piece of email without your permission violates your personal rights. I do too. if you are like me, you probably also feel that way about the 30-50 pieces of junk snail mail you get every week, or the barrage of phone calls from telemarketers. It’s invasive and annoying, and we also bear part of the cost of that junk mail and those phone calls.

    What I am saying is that if we intend a solution to the problem, we have to set aside some of our personal indignation and think about the problem realistically. We can stop people from advertising to us via any means of communication available, from billboards to spam to multi-level marketing. Selling things to people is the basis of our entire economic system, and the pressure to advertise is incredible. As far as I know, every medium of communication is littered with advertisements ad product placements.

    I agree that spam is annoying, invasive, and unfair. But many of the anti-spam groups are annoying, invasive, and unfair. Although they are often correct in identifying spammers, they are self-righteous and unapologetic when they are wrong. Worse, they form part of a group of RBL’s who often intentionally target innocent bystanders in order to put pressure on ISPs. They intend to punish, not just to block illegitimate traffic.

    These groups will often ban a significant IP range in order to “strike back” at an ISP they feel is “helping” a spammer. In the real world, we label the targeting of innocent bystanders to get attention and force change as “terrorism”. Many of the anti-spam groups take the stance of judge, jury, and executioner, with the thin excuse of “Well, we don’t make people block your site. We just libelously told them you’re a SPAMMER STOOGE. They can react to that however they want.”

    Ian, I agree with you deeply on a personal level, but your reaction that “anyone who would advertise by email is illegitimate” is a purely emotional one, and it won’t help us get less spam. A spam-free e-mail system will require a serious re-engineering of the way e-mail fundamentally works. And it will cost us a lot more money.

    EVERY MAJOR COMPANY IN THE WORLD WOULD LIKE TO ADVERTISE BY EMAIL TO WILLING RECIPIENTS. Less legitimate companies and less moral people will send it to whoever they want. Governing bodies and vigilantees alike rarely succeed in getting rid of something by banning it. Spamhaus has failed to stop my inbox from filling with spam. I think we will solve the problem much better if we keep our feelings out of it as much as we can and aim at practical, objective solutions. If legitimate business interests thought they were going to get voluntray advertising opportunities out of it, I think they would spend a lot of money on modifying or redesigning the infrastructure of email to lock out the less legitimate ones.

  • nudd

    Walter, what you’re missing is that this is fundamentally a jurisdiction question. Spamhaus could have let the plaintiffs obtain default judgment and _still_ challenge the judgment on the question of jurisdiction so long as it _handn’t_ submitted to the court’s jurisdiction. This would have been far cheaper than having to argue the case on it merits. (eg, you don’t have to go to discovery, trial, etc)

    As to the question of costs and copycat litigation, judgments may not be binding, but they _are_ highly persuasive. The fact of the matter is that once you win on your jurisdiction question, you can apply to have any other lawsuits struck out as an abuse of process, and in that case, you _can_ ask for indemnity costs against the plaintiffs who are bringing suit in bad faith.

    I just don’t think people who criticise the judge or the legal system really understand the issue. Spamhaus had bad legal advice, and as a result, has made a crucial tactical error at the start of the case that has painted it into this corner.

  • Peter Mogensen

    It really doesn’t matter if Spamhaus had “bad legal advice”. Any legal system not capable of taken the right decision regardsless of “tactical errors” is fundamentally broken. So what if Spamhaus made an error by requesting the case moved from state court? Any non-broken legal system would be able to sit down, look at the facts which are:
    1) Spamhaus is not blocking anyone. Blocking is done by those who choose to trust spamhaus.
    2) e360 _is_ a spammer and have obviously lied about how and where spamhous operates
    3) Spamhaus is a UK organisation which a US court can do nothing about – except taking the utterly controversal move to tell ICANN to remove the domain – which again will have NO EFFECT, since Spamhouse will function just as well with an domain (or other ccTLD). The only effect from this will be increased political pressure to move the domain system to UN control.

    Instead, the US should do something about their spammers. US ranks alone on the top-10 spamming countries at

    In Denmark we have practically no problem with danish spam. One of the reasons are that anti-spam laws are effective and it actually matters if you complain to the authorities. Spammers are stopped by an effective enforcement of the law. Unfortunately we can do little about US spam coming to Denmark – except use Spamhaus or another RBL.

  • anonymous

    Boy, this is a perfect example of just how broken the legal system (maybe ANY legal system) is. It’s all about blind adherence to rigid rules. (“Counsel failed to wear the BLACK loafers to court, wearing instead the BROWN loafers. Judgment for the other side!”)

    Just to be clear, I’m not calling this particular judge stupid. I’m declaring moot the question of participants’ intelligence when the system itself is all about form and nothing about substance.

  • JG

    AFAIK from reading documents about the case, the only action of the Spamhaus lawyer in the US was to request a dismissal on the grounds of no jurisdiction (as Spamhaus is entirely in the UK). This was denied so Spamhaus’ lawyers said they would withdraw.

    If the a US Court would like to establish the position that foreign entities can be pursued in this manner, does this mean , by quid pro quo, that courts in the EU can pursue US spammers for breaking EU anti-spam laws even though they have no presence here?

    Maybe the best scenario is that Spamhaus does lose their domain and email systems everywhere are flooded with spam to the extent that they become unusable. Maybe that would provoke more sensible anti-spam legislation in the USA.

    I note that the website of the Illinois court concerned does not publish individuals email addresses – perhaps they have experienced problems with spam.

  • Donovan

    I am a system administrator for a small email server (at its peak, it had about 300-400 email users). Spamhaus has been an invaluable resource for reducing spam as had been other blocklists.

    The other very effective method I have is to use blocklists that list “dynamic IP address” such as modem pools, cable modems and ADSL lines. These are the single largest sources of spam in my logs. I have also created tables of hostnames that I consider to be associated with dynamic hosts for the purposes of blocking. These tables have only rejected mail from TWO legitimate hosts, which a whitelist resolved in a hurry.

    As a consequence of e360′s lawsuit against spamhaus, they have not only been entered into my postfix access tables as “REJECT” entries, I have entered them into IPTables as “DROP” entries. IOW, their packets are dropped before the SMTP daemon sees them. Everytime e360 shows up

    If it wasn’t for my need to accept email from US-based servers, I would very strongly consider blocking all US-based addresses, whitelisting where necessary.

    One thing I think that people like Linhardt from e360 should consider is that if Spamhaus gets shut down, they will make some very powerful enemies. Companies like AOL and Microsoft, who have successfully sued spammers in the past, and won.

  • Andy

    How about instead of bad mouthing the judge, we take a good hard look at the utterally deplorable state of the judicial system in the U.S. (where I live and am a native born citizen) that allows a procuedural detail to completely screw over a foreign company who does not even operate in the U.S.

    Perhaps the judge had no choice, but shouldn’t that right there tell us the system is completely broken?

    This whole case is stupid, and personally, I think the spammer who started should be extradited to the UK for trial on spamming charges. If not just banned from using computers. We do it to hackers all the time…

  • NANAE Regular

    Hasn’t anyone noticed that the original decision came from a civil court? How can Mr. Linford be at risk in the US over a civil court matter? If that is the case, then millions of dead-beat parents in the US should be extremely concerned!

    This “proposal” to the judge is just that, nothing but a proposal from e360′s lawyers. No one has even produced the real and actual court documents, and no matter how much searching I do, I cannot find one single comment from the judge in this matter.

    How can everyone state so decidedly that the judge is angry, that the judge is going to do something about it, etc etc when the judge hasn’t said anything about it?

    Oh, wait. You must be reading (and believing) what the spammers are posting online.

    All the judge needs to employ is common sense and applicable laws (such as CAN-SPAM, duh).

  • Mike

    Many people here are missing the legal point this is placed, Spamhaus did acknowledge the US legal system applies to them. Simply put:

    Spamhaus: “Mr State Court, we think this issue is under the jurisdiction of the Federal courts.”

    State judge: “I agree, we’ll move this to Federal court as you requested.”

    Spamhaus: “We don’t think any US courts have jurisdiction, we are not showing up.”

    Federal judge: “Not true, I have this case because you put it here.”

    I’m sorry, you don’t need to be skilled in US law to see the flaw in that attempt. Further, ignorance of the law is not a valid defense.

    Since Spamhaus did not show, and did request the hearing, the judge had to enter a judgement. You can know e360 is evil, but the law has to error on the side of caution. If you were being ripped off by a foreign company you would be right in getting a default judgement that could be enforced later if/when the foreign company got involved on US soil.

    So now the order is to “seize the US assets” of Spamhaus, which is their domain name. The case for ICANN is to decide if a domain name is considered a US asset.

    It’s important to understand that the facts of the case (e360 is a spammer, spamhaus doesn’t block anything, “worst dressed list”, etc) will not be part of the case unless spamhaus shows up to enter them.

  • Morten

    “Spamhaus had a likely winner of an argument if they’d made it from the beginning: the U.S. court does not properly have jurisdiction over the U.K.-based company.”

    Erm… so that means that any US citizen or other entity can demand that I, a citizen of another country, show up in a US court or otherwise spend resources (money, time, firstborn etc.) to defend myself against a frivolous lawsuit, even though the court has absolutely no jurisdiction? That’s broken. Severely. Common sense has obviously fled the scene a long time ago. I should not have to make any argument anywhere except in front of a judge in my own country as long as my actions are performed within the borders of same. Otherwise I’d very much like to see how the US authorities would go about handling all the blasphemy spewing from the televangelists in the US – as the Iranian courts would no doubt call it… :-)

  • NANAE Regular

    Another thought….

    If I’m unable to utilize the SBL/XBL to filter my e-mail, am I going to be able to hold e360 responsible for the hundreds of man-hours that are going to be spent by all of my users when they get hit with a flood of spam? Even though I’ve already manually blocked every single IP address that has a hint of e360 on it, if I am unable to utilize a blocklist that I *choose* to utilize, someone has got to be responsible.


  • Bob

    What I don’t understand is this:

    Why should spamhaus have to show that e360 are spammers? The lists belong to spamhaus. Shouldn’t they be able to put whomever they want on them? If this isn’t the case, spam listing will soon be impossible for anyone. (Well, at least “legitimately” spam listing will be.)

    As to spamhaus actually justifying their position and showing that their list is good and/or useful. Isn’t that between spamhaus and the community?

    Isn’t anything else blatent US government enforced censorship? (vs personally chosen filtering)

    Now, if e360 wants to sue comcast (and every other large semi-monopoly ISP they can find) for making use of spamhaus “unfair” list. I suppose that might be a different matter altogether.

    What’s really missing in US law? A way to punish frivilous lawsuits. As pointed out much earlier with the “thousand cuts” reference. Neither spamhaus nor any other spam list can afford to operate in the US under current law no matter how good they are.

    Assuming a legal precendent where they must “prove in court” someone is a spammer (a practical impossibility) no black hole list of any useufulness will be able to operate. I should think that’s blatantly obvious to any onlooker. Perhaps someone needs to file a “friend of the court” brief about it.

  • Brian

    Spamhaus has gone too far, thats why this whole problem is here. Spamhaus does a LOT more then just run a list. They go after upstreams and have them yank internet connections and guess what? Sometimes Spamhaus is WRONG, dead wrong, and then when you try and correct them you get a big FU from them. I like what they are doing, but they got to not be NAZI’s about thier list and work with people when they have tons of evidence to prove that IP’s banned and associated with a ISP are not.

    Honestly, after dealing with Spamhaus for the last couple of years I think they have either got some bad data or dont have enough time to really dedicate to having a good clean list, and as a result they will be pushed off the Internet. That’s great, cause someone else will come in and do the job they claim to be doing better.

  • Bob

    Even though I’ve already manually blocked every single IP address that has a hint of e360 on it

    Oooh!! I’ve got it. Someone make a “this is related to e360″ factlist (“whitelist”?) that we can all choose to negatively or positively subscribe to at our own discretion.

    I guess this is along the lines of putting up a list that says: “This is a wonderful list of quality doubly verified opt-in marketing sites.” “Please whitelist all of them so you can recieve their wonderfully useful content”.

    Heck, spamhaus could do this themselves, and probably adhere to the letter of the restraining order at the same time. All they have to do is make a new “white” list for “doubly verified opt-in quality marketing firms related to or similar to e360″.

    Doublespeak. If it can cut us it can cut them.

  • Adrian

    I am disappointed that no friends of the court appeared. It seems to me that if the United States themselves do not feel they have an interest, there should be other agencies and bodies who have a reasonable excuse to attempt to assist the court with some of the things that it is not permitted to investigate itself.

  • Flatline

    Most arguments/discussions seem beside the point. At the first court appearance SPAMHOUSE should have argumented that this case belongs in a UK court.
    You can’t blame anybody for the consequences of not doing so except SPAMHOUSE and/or their legal advisors.

  • Robert

    My servers have been blocked by Spamhaus due to a blocked IP range from someone else’s servers I had no control over. I had to actually get new IP’s and put in hours and hours of work to get off the IP that Spamhaus blocked. During trying to work with Spamhaus I was treated like SH&T and basically given the FU. I hope Spanhaus get the FU back ASAP.

  • Chris

    We run our mailserver as part of the communications infrastructure of our business. We agressively protect this business asset by employing vigorous anti spam policies. Our staff are being paid to work, respond to business emails. So we protect them from all distracting emails. We own our server. We pay for the bandwidth between us and the internet. We have an inalienable right to decide who/what uses our bandwidth/server time up. We do not want to receive spam. Therefore Mr 360 can go and boil his head as far as I am concerned. He has no rights to make us read his trash any more than the postal junkmailers can “make” us open their envelopes after they fall into our mailbox!!


  • pepepere

    If the spamhaus domain is actually taken off, and if this is not immediately fixed by providing the same lists from a different domain, then perhaps it is time to look for a more reliable way to provide the info, that is not so easily taken down with an arbitrary court order. Perhaps something more “peer to peer”.

    Anyway, I’m not sure that the effectiveness of Spamhaus blocking has a lot to do with the case in question. Almost all spam I see is sent using exploits (open proxies or “zombie PCs”) and the Spamhaus XBL is a list of such IPs. The e360 case is about them being included in ROSKO and subsequently on SBL – this is a list of static IP addresses used by spammers – old fashioned spammers that are still honestly paying for their half of the connection. Most spammers now just steal those resources (spreading computer viruses, using them to take over PCs and then using the resources they’ve taken over). So perhaps this part of Spamhaus’ activity is not needed so much as in the past, and probably it is much less significant than what it was in the past relative to the effectiveness of XBL..

    What amazes me is that those spammers are doing all this illegal activity: breaking into millions of computer systems, overtaking them, using their resources, and then send millions of messages gforging the sender’s identity by using the identities of real people/organizations as the “sender”, and yet everybody is just shouting “unsolicited, unsolicited. unsolicited…”. Are all these activities legal? Is it ok to use viruses to take over PCs and use them to send mail with forged origin if there is a “remove” link or some other CAN-SPAM required stuff?

    There are criminals out there, what they do is punishable by many years in jail, and there’s plenty of evidence out there in the form of billions of spam messages with headers showing they were sent from various PCs around the world. Those people who hired the criminals to provide this service should be punished for the crimes commited in their names and their contact info is in the spam. I think there are plenty of ways to put spammers behind bars that have nothing to do with “how spam is defined” or whether their stuff is solicited or not, whether avoiding it is costing lots of money or not. What they are doing in the process of sending their spam should be enough to put them in jail with no special anti-spam legislation. So what’s needed here is perhaps some kind of collaboration on collecting the evidence showing that a certain business is paying for spreading their ads using “zombie PCs”, or that they are paying to have email with forged origin sent on their behalf.

  • Teknosapien

    Maybe Spamhaus should just shut down for a few days and let the rest of the world see what happens. Lets see how many unsolicited emails come from the e360 domain and the subsequent domains/ISP’s they are in business with. Maybe the Judge gets soo much Spam from e360 that he finally sees the light. I’m also wondering if he even looked at any of the accusations as to why this company was even listed. This is the same thing that happend with who is clearly facilitating the illegal trade of copyrighted material. The RIAA lost after thousands of threats. They finally saw fit to litigate in that organizations country. what was determined was that the only thing they had was a list. Though this is different the premise is the same Spamhaus provides a list of potential spammers defined by an algorithm the subscribing ISP’s can choose to honor this list, modify it or ignore it. Ultimately it’s up to the ISP to allow or deny email from a particular host. Lets face it if your running an internet marketing company you should probably have a full time mail admin that knows how to deal with this type of thing. I wonder how many emails AOL bounced do to not being in compliance with RFC
    This should have never have made it into the US court systems. Hey isn’t this the same state in which Judge Julius Hoffman was impeached after the trial of the Chicago 8?

  • Peter Mogensen


    Yes… that’s the summary. And you would probably be right, if Spamhaus was a local US company. But it is not. It’s a non-profit UK based organisation and it makes absolutely no sense to issue a “default judgement” in Illinois to make them pay $$$ to a spammer who is obviously abusing the US legal system. … not matter how mush spamhaus could have acted smarter.
    So go along… seize the US assets of spamhaus. If that means the domain, you’re just going to piss of a lot of Europeans.

  • stuart

    Why would Europeans be pissed off by the loss of It’s an American domain. I would think Europeans would be indifferent, not pissed off.

  • box

    As the email solutions designer for a rather largish ISP I have a few comments. Spamhaus provides a list. We have found a blocks of our IP’s on the list due to some of our users getting infected. Our abuse department gets ahold of them, we explain and get removed. I wont say whether we use spamhaus but we do use blacklists. 85% of inbound traffic is defined as spam and dropped and we still get lots of complaints about folks getting spam.

    Since each $Buy $Me message costs about $1.50 to pass on to our endusers spam is something we dont want. I have no obligation to send anything to my customer that they havnt specifically asked for. If they dont complain that they are not getting it, they didnt ask for it and I can flush it as needed.

    If I lived in Illinois I would be suing this guy on behalf of my own person for sending me unsolicited material that I pay for via a monthy subscription fee. In small claims court, with thousands of likeminded people a slapp in reverse. Perhaps that is what is needed here. The court system would bog down, crawl to a halt and perhaps then, people would notice what a real problem it is.

  • David Hart

    I run a blacklist (TQMcube). We don’t take the same risks as Spamhaus because listings are based either on spam receipts (spam list) or dynamic ranges (dhcp). There’s not much that is discretionary.

    That said, it seems perfectly clear that the judge was obliged to follow the law. While probably incorrect, the plaintiff had a valid theory of jurisdiction. HOWEVER, Mr. Lawyer, when that is the only means of establishing jurisdiction (“doing business in”) then damages are limited to those within that jurisdiction.

    It would be sad if a presumed spammer could do this on a specious claim of jurisdiction and a case that would unltimately fail at trial.

    It seems contrary to public policy. I recommend that those who feel – as I do – that Spamhaus is an important endeavor, contact ICANN, TuCows and the Judge to ecpress, in business-like terms, how valued an asset SpamHaus really is to the Internet community.

  • Elf

    Two points from the article:
    1) e360 was never listed in rosko.
    2) they probably should have been, given the amount of spam in my corpus from them specifically.

  • Ian M Gumby

    Yes, Linford got some bad legal advise from his lawyers. But while you point to the changing of jurisdiction and then trying to say that the court had no jurisdiction, is indicitive of something else.

    One needs to see the court filings to know for sure and they are a matter of public record.

    What is curious is the question of jurisdiction on a willful tort. Is it in the UK where the list is maintained, or where the injured party lives?

    One also has to ask, can an ISP be held liable for the same wilful tort? The CAN SPAM Act as well as several cases say no.

    Lindhardt’s lawyer made several overreaching statements regarding what constitutes a going concern within the US, specifically IL. (The use of a .org,.net,.com (Controlled by the US ICANN), along with product offering and pricing in US dollars? If that’s all it takes … Well, things could get ugly…

    There’s a reason why spamhaus walked away. And its that advice which was wrong.

    But hey! What do I know?

  • Ian M Gumby

    Note to elf.

    Not true.
    E360 was listed as part of another spam organization.
    E360′s sites were spamvertised using this illegal software.

    So while no spam was sent from E360′s servers, it doesn’t mean he’s not a spammer. But that doesn’t mean he’s in the clear. Companies that hire services to blast advertising junk faxes are liable for any judgements arising from violating the junk fax law(S). By the same logic, those that advertise by Spam would be held accountable too.

  • Alan Wilkinson

    The US thinks it runs the world. Spamhaus should just move to a non-US domain and block users registered in control-freak juristictions which permit nuisance-grade court actions (and idiotic patent registrations).

  • Ian M Gumby

    The sad thing is that using a black list is a protected right of an ISP or site admin under the CAN-SPAM ACT. (Prior Case law also supports this.)

    Its your property so you can determine what IP traffic you will allow and from whom.

    Running a black list site is also not against the law.

    Spamhaus’s blacklist is a very well run list and has been above board and ethical.

    With respect to the ROSKO which is not a black list in and of its self (Not used for filtering e-mail), it too is a very well run list where care is taken.

    If you see the list of Law Enforcement partners, you can see the immediate value Spamhaus brings to the ‘net.

    While the judge had no choice but to find in favor of the plaintiff by DEFAULT, their latest motion clearly indicates that the actions of Spamhaus were by no means either a willfull or intentional tort.

    Spamhaus clearly indicates who, what, where, when and why anyone is added to the ROSKO. In consideration of the person listed, if they do not spam or are involved in spam activities for the period of 6 months, they are removed from the public view. This policy is clearly stated on the Spamhaus site.

    Additionally, if as the plaintiff has constantly challenged that Spamhaus has a business presence in the US, then why did they have to notify and serve Spamhaus in the UK?

    There’s more to it, however, it would not be proper to address those issues in this formum.

  • Ian M Gumby


    Spamhaus was accused of a willful tort because Lindhardt claimed he was unfairly listed on the ROSKO.

    Spamhaus has to therefore show that there was just cause to list Lindhardt.

    But Spamhaus left the building.

    Again, the issue isn’t that Spamhaus ran a black list. That *is* a *legal* activity. Where they ran afoul is that Lindhardt claimed that he was falsely listed and that he had no other recourse but to sue Spamhaus to correct the situation. And that he experienced damages for being wrongfully listed. NOTE: THIS IS WHAT HE CLAIMED. HE won by default.

  • Jamie Anderson

    By the sounds of things, there are a few people here that feel that Spamhaus is out to destroy all people who send UCE (or anything that looks like UCE).

    I work for a company half-way around the world from where Spamhaus is. We were added to its lists not long ago, because some in-house testing accidentally sent a bunch of spam messages into the wild. We contacted Spamhaus, and were taken off with hours.

    I agree that the US legal system seems flawed in this case. If the defendent is innocent, and wants to prove this in court, they must fly to the US and show up in court *at their own expense*. It wouldn’t be so bad if the plaintiff had to pay costs.

    I also agree that Spamhaus did the wrong thing by initially acting like there was jurisdiction, then changing their minds. At this point in time, they need to appeal to the judge and co-operate with the precedings. Perhaps there’s a lawyer out there who’s willing to act pro-bono on this case.

    The most important facts here are:

    (1) Spamhaus don’t block anyone. They simply provide a list of IP addresses that their data shows as being sources of spam. In this light, they’re like a credit reporting agency, and should be treated in a similar matter.

    (2) The criteria that Spamhaus use for adding someone to their list are fairly well documented. It’s possible that there are a handful of unusual cases, but most of the time they play by their own rules.

    (3) Spamhaus have a course of action that organizations can take if they’re listed. If a company gets themselves de-listed, then continues to spam, they can get re-listed.

    If I was the lawyer, I’d also advise the judge to look at the bigger picture here. RBL lists like Spamhaus help to minimize the amount of spam that end users receive. Any ruling on this case is likely to be used as precedent in future cases.

  • moebius8

    If spamhaus does lose their domains, would the hour of pandora be far away?

  • starry007

    Maybe Spamhaus should move to a uk domain and block all access from the US to avoid any future compliant from a US company. Can you find any (legal) reason for them not to?
    If yes than this tells us something about US law …
    If no than you should realize the real risk here is for US economy, not Spamhaus …
    In my opinion the responsability is not with Spamhaus, but with the e-mail administrator implementing their system. Spamhaus may not be perfect, but the reason they are popular is because the e-mail admin has decided that they offer the best ‘value for money’. It is not that Spamhaus has a monopoly and that e-mail admins have no other options.

  • brit

    US law doesn’t apply in the UK. Although our lords and masters seem quite willing to bend the knee. The yanks can take a hike.

  • Duitser

    So according to you it’s reasonable that a UK company has to come to the US and spend thousands of dollars to defend themselves against ridiculous charges in front of a ridiculous law system? How would you feel if your local donut shop owner would have to fly to china to defend himself against a Chinese charge of violating their donut-production rules?

    US government is not world government.

    Also you are advising people (not even spamhouse but everyone having sympathy with spamhouse) not to insult US judges because it can have a negative affect on the case? Doesn’t your third world country have no objective judges? Doesn’t it require your judges to be impartial?

    So if I say “I’m a friend of e360 and the united states judges suck balls” then spamhouse has more chance of winning the case?

    Your legal system is seriously fubar and your fascist government should stop enforcing their ridiculous rules on other countries.

  • Nanae Regular

    A little update…

    Quote: “9 October 2006 — ICANN has been advised that a Proposed Order referencing ICANN has been submitted to the court in the matter entitled e360Insight, LLC et al. v. The Spamhaus Project, Case No. 06 CV 3958. This lawsuit is currently pending in the United States District Court, Northern District of Illinois.

    Please note that ICANN is not a party to this action and no order has been issued in this matter requiring any action by ICANN. Additionally, ICANN cannot comply with any order requiring it to suspend or any specific domain name because ICANN does not have either the ability or the authority to do so.”

  • pepepere

    Box: I a customer subscribes to your email service you do have an obligation to deliver everything addressed to the customer to the customer’s mailbox. This is the basic email functionality you have agreed to provide to the the customer, unless the customer has specifically asked or agreed NOT to receive some mail. You cannot claim that you don’t have to deliver any message if the customer has not asked specifically for that message. Even if the customer did ask you to perovide spam filtering you still have an obligation to try to deliver all legitimate mail to their mailbox, especially if you don’t provide the customer access to logs of dropped email. You cannot expect customers to know about most false positives. You can of course expect customers to know about the spam they receive. In selling the service to the customer you are posing as a professional and you are required to act professionally, and that includes being careful about not losing customers’ legitimate email. If you too happily flushing customer’s email then you neglect your duty to provide the service they paid for.

    Now to the other thing: you said you where listed “due to some of our users getting infected” (and then quickly delited upon request). The question is: what did you do with those “infected users”? There are plenty of things a service provider can do:

    1. Notify the affected users and help them get rid of the “infection”.
    2. Block some incoming/outgoing traffic (such as outgoing traffic to port 25) for the affected machines.
    3. Monitor traffic to/from the infected machine and providing information to law enforcement.

    #3 can also be used to locate and block the connections of those that control the infected PCs. And infected PC that is used to send spam would carry information that can lead law enforcement to a spammer, and evidence about criminal activity that can be used to put the spammer in jail. Spam includes contanct info: either of the spammer or of someone that paid for the job. Finding that information in the traffic relayed through an infected machine directly ties the identified party with a real crime (breaking into and controling someone else’s PC).

    There’s a question of the legality of a service provider monitoring traffic to a customer’s PC. In case the PC is infected and controlled by a malicious 3rd party that uses it to abuse the provider’s network resources this would usually be covered by the service contract that would allow the provider to take actions that are needed to protect the network. Doing this to identify sources of attacks is justified. Passing the info to law authorities might not, but then the customer can be approached and asked for permision, along with explanation about what happenned and how they can help.

    I think there’s a need to do this kind of thing on a wide basis: that ISPs automatically record traffic to/from compromised machines, develop ways to approach customers with detailed info about what happened with their machine, Ask for a customer’s permision to analize the data (probably this can be limited to traffic that is unlikely to contain any of the legitimate traffic of the affected user) and then provide the customer with analysis of the data and proposed solution (how to get rid of the specific infection.) That’s a good point to ask a customer for permision to pass some limited information to law enforcement that might be used to catch and convict the criminal. People who have just been hit are likely to want revenge, especially if it involves only agreeing to the service provider’s handing the evidence over to law authorities. (It would be great if ISPs can also collaborate on providing info on forging sender’s identity. If the evidence on someone using millions of different identities can somehow put someone in jail for identity theft, it would be much easier to identify spammers).

  • CJM

    Stuart…. Whatever made you think .org was a US domain? .Org is a GTLD. That is, Global Top-Level Domain. ICANN is the organisation that oversees these GTLDs and it is based in the US, but in principle it should be independent. In practice, it is still shackled by the US, but that is gradually changing.

    To others who argue that Spamhaus has accepted the juristiction… the Spamhaus argument could be that they didnt want to argue the lack of juristiction in a local court, but were waiting to argue it in the federal court. Nothing wrong with that.

    But if they *had* implicitly or inadvertantly accepted juristiction, they can still change their mind and argue against. If the issue of juristiction had been explicitly argued and the judge had decided for/against it, it couldnt be argued again. But it hasn’t… and therefore Spamhaus can argue against juristiction.

    Finally, if the court doesnt have juristiction (and it doesnt) why bother arguing at all? The only legal sanction I can see is that the court bans US-based ISPs from subscribing to the SBL. Suits me fine – in fact, it would be my preferred resolution.


  • A non-US Citizen

    So, in essence, the US court and the plaintiff can do absolutely nothing about this. Unless the individuals that run Spamhaus actually turn up on US soil the judgement cannot be enforced and nothing will change.

    I assume at this point, further discussion is somewhat pointless on this particular case.

    However, it does underline the requirement that anti-spam organisations should move off US soil and work from somewhere that has a non megalomaniacal view of their own legal system. I would suggest that Iran and North Korea might be good places to start from as there countries obviously have a high regard for the US legal system…

  • zagam

    Comment by Joshua – October 9, 2006
    I have chosen to just include Spamcop in tags
    only as I have found it to be not reliable
    by itself, however I teergrube and then hard
    block with Spamhaus at RCPT with no possiblity
    fetching blocked email from quarantine.

    (Spamcop is useful in SpamAssassin. With the
    other SA tags Spamcop works and we make many
    submissions to it.)

    Pehaps you did not ask Spamhaus nicely?

    The ‘harm’ is because Spamhaus is so well
    respected that many administrators choose to use
    it to protect their email users. I could if I
    wanted just use Spamhaus to tag, but this would
    leave our email system impaired by having more
    spam than ham.

    My apnic IPs were between to Chinese spam nets
    that looked like just one net. When I found our
    invisible island in the middle, aksed nicely
    and showed that we vigorously enforced a strict
    ant-spam policy I was removed. (The annoyance
    of finding an outbound mail provider for a
    short time was much less than the annoyance of
    another poster who has had to outsource their

    I got on the list with bad evidence, but got off
    the list with good evidence. Spamhaus is an
    excelent evidence based list that is used
    by many email administrators.

  • Himuralibima

    “if you are a friend to Spamhaus I would strongly urge you to refrain from making derogatory statements about the judge or the legal system in the U.S.”

    Well said. Let’s lean back in silence. This judge does not need any comment. Difficile est saturam non scribere.

    “Talk all you want about the evidence that you believe demonstrates e360 is a spammer.”

    Google has all evidence ready at hand. If you are to stupid to find it by yourself, you can simply follow the hints given publicly by No need to talk on the obvious.

    “Given the record, the judge had little choice other than to do what he did.”

    Through my ears this sounds rather derogatory, doesn’t it? An American judge be not allowed to educate himself in the first place in order to avoid being outsmarted? Recently, a German court made the same mistake when they tried to shut down Wikipedia. At least they found more qualified advise some days later.

  • McTim

    It seems to me the point that has been missed is that ICANN cannot comply with the proposed court order. They have no jurisdiction over They have a contract with .org, but have no say over the contents of the .org zonefile.

  • IanRolfe

    My advice to Spamhaus would be to contact ISP’s serving Illinois and suggest that they tell their customers they will be doing no filtering of emails for a month, and to forward any complaints to the court. And if they lose their domain, to create a new .uk one, and block US ISP’s from using their list. Then they will be complying with the TRO in the territories that the court has juristiction over. And perhaps urge other black-list maintainers to do the same.

  • Ed Zikursh

    I think that if the ISP managed by Mr. Thomas Leavitt from a previous post loses significant business or suffers significant costs due to spam, he should consider suing the originators of the spam – possibly starting with Mr. Nameless? – for his lost business. After all, it costs less to file a suit than it does to defend against one. If Mr Nameless wants to play the game, perhaps we should ALL play the game.

  • Richard Kay

    Let us suppose that ICANN is ordered by US courts to take away Spamhaus’ domain over an issue where there is no legitimate US jurisdiction. This would tell the rest of the world that defence of ownership of a name within an ICANN controlled TLD requires expensive appearances in any US court whenever anyone who wants your domain is willing to lie to a US court in order to get it.

    Perhaps Spamhaus will be doing us all another good favour by enabling the widely criticised and partial constitition of ICANN to be escalated into an active diplomatic incident. The control a US private company has over .com .org and .net etc. would, if they collude in this domain theft, become totally untenable. Spamhaus are entirely reasonable in treating a contemptible foreign legal system in the contempt it deserves.

    Repointing my MTA at a different RBL DNS root for the Spamhaus service would take me all of a few minutes. The diplomatic reverberations would go on for a lot longer. Action by the global Internet community in seeding the TLD root servers from a master file e.g. as provided by the ITU instead of the one provided by ICANN could also be effected in days rather than months. Time to throw a few crates of tea into Boston Harbour and disconnect ICANN from what it thinks it controls ?

  • z00le

    I m number 95

  • Spam Spotter

    From the ICANN website:

    “Even if ICANN were properly brought before the court in this matter, which ICANN has not been, ICANN cannot comply with any order requiring it to suspend or place a client hold on or any specific domain name because ICANN does not have either the ability or the authority to do so. Only the Internet registrar with whom the registrant has a contractual relationship – and in certain instances the Internet registry – can suspend an individual domain name.”

    I have had an interest in the case since the judgement was declared. The most interesting part that I find is that public has been misinformed that Spamhaus never had any representation, but if you read over the court documents it clearly states they had representation.

    I wish this was pointing out in the first place.

    I will be monitoring this situation, and I have included the link on my blog at:

    Now, I wonder if plaintiffs are going to go after the registrar? Who, I believe to be Godaddy in this case.

  • Joe Monk

    First, IANAL.

    Here’s the problem as I see it – The judge allowed Spamhaus to withdraw its appearance and answer prior to entry of the default. SO – prior to entry of a default judgment there has to be a perfection of service on the defendant in order for the court to have jurisdiction to enter a default. A judgment is void when a court does not have jurisdiction to enter the judgment. There is no such perfection filed in the docket of the illinois federal court prior to the entry of the default. Thus, jurisdiction was not proved, because perfection of service is not presumed in a default, as it is in a case where the defendant has appeared.

    Spamhaus can safely ignore this judgment.

  • Jona

    If the plaintiff has lied in a submission to the court (and by all accounts he has), that is perjury.
    I don’t know what the maximum penalty is in the US for perjury – in the UK, I’m not sure there is one: it is at the discretion of the judge who has had someone stand in his court and tell him a bare-faced lie – but it’s probably greater than anything the CAN-SPAM act has.
    Perhaps this is the message that should be sent to spammers – lie in my court and you’ll be doing porridge.

  • Frank Bernard

    Hey, Nameless, blacklists are a great idea.
    I reference Spamhaus XBL+SBL and SpamCop and pay SpamCop for a submission account.
    My mailserver is at

  • Pingback: Matthias Leisi

  • Andrew

    This doesn’t seem to make any sense at all. I knew that civil court has a far different set of rules and restrictions than criminal court, but this is out of hand.

    “Today I’m going to sue anyone, anywhere, for anything and then when they don’t show up, because it’s too expensive, I’ll get a default judgement for $11,000,000. YAY!”

    The law is messed up because e360 has absolutely no case here… regardless of CAN-SPAM or if e360 even ARE spammers. This all makes NO difference.

    1. If I want to make my personal blocklist avaliable to the rest of the web and call it TheseGuysAreAllSpammers then I can do so even if they’re not, because it’s my blocklist and I’ll do with it what I like.
    2. If I want to list my criteria for adding them then I may do so (even if it’s “I hate AOL”.
    3. If I want to use my list to block AOL then I will!
    4. If someone else wants to use my list to block the same people, there is nothing illegal about it.
    5. If EVERY SMTP in the country personally wants to block AOL and put them out of business then they can do so. (They are not required to accept any e-mail that they don’t want to.)
    6. If they want to use my blocklist to do so then they can.

    Just because a ton of sysadmins decide to block you does not mean that the blocklist that you happened to be on is at fault.

    Not that there is even any fault AT ALL! Why did the court even hear this case again?

  • A. Nonymous

    “Finally, one last point: anyone who has a chance to talk publicly about this, if you are a friend to Spamhaus I would strongly urge you to refrain from making derogatory statements about the judge or the legal system in the U.S.”

    Isn’t that the whole point of this? At what stage has sensible dialog and action taken place? What non-US citizen in their right mind would accept a decision by (probably) the most draconian and technically-inept legal system on the planet?

    Spamhous’ initial actions seem to be an attempt to escalate the problem beyond the point where it is being heard by a small-time judge in another country. They are right to be concerned at the precedent that could be set if they agreed to be bound by an injunction that involves the forced removal of a legitimate domain by someone who has no jurisdiction and no cause to meddle with the personal choices of those who route our emails through their private property. More to the point, since the case was moved to the US Federal legal system, why are people still going on about this same Illinois judge?

    I have no idea who is at fault here but the proposed action simply cannot hold if we want our internet to remain free.

  • Dave Zan

    Now, I wonder if plaintiffs are going to go after the registrar? Who, I believe to be Godaddy in this case. is with Tucows currently.

    People can have any opinion what they want. But in the end, legal decisions can matter.

    And spamhaus’ decision to withdraw isn’t helping their case any.

  • Zaphod

    I agree with what seems to be the general consensus ie the judge, the law and e360 are wrong and spamhaus is right, ICANN has for example published a statement which is obvious to those who know anything about Internet namely that they are NOT allowed to shut anyone down, wake up call to Judge Clueless, oups sorry I forgot that it was a US judge above all criticism… Thats what disturbs me mostly about this blog, the “advise” that we shouldn’t criticise the judge or the US “legal system”, freedom of speech anyone?
    I think the judge is wrong, and if he indeed has any legal support for what he has done then the law and the legal system are wrong.
    Someone should inform the US government and its agencies and legal officers about the sovereignty of other countries.
    FUD (Fear, Uncertainty and Doubt) is a term of US origin and used to be about IBM and other corporation, clearly it’s employed by the US government as well…

  • Himuralibima

    “Now, I wonder if plaintiffs are going to go after the registrar? Who, I believe to be Godaddy in this case.”

    That should not be a big problem, already works, and it’s registered with Schlund. So that angry judge can talk until he’s blue in the face.

  • Veg

    The mechanism underlying internet email — Simple Mail Transport Protocol — does not guarantee delivery. Emails can get lost in transmission for any number of reasons, and that’s just tough. So what is the basis of the suit again?

  • European

    It has already been said a couple of times here, but I have to chime in.

    The judge is a moron and will act more aggressively towards Spamhaus if he is called a moron?
    Have I understood you article correctly?

    This seems as if Spamhaus has been Tuttled!

    This will interesting to follow!

  • fspammers

    This whole thing is unconstituional. The judge is a guttless turd and ovoiusly getting pressure from some where. Being Illinois I wouldn’t be supprised if t wern’t comming from orginized crime, as most of the worst spammers ar criminals and connected with organized crime.

  • pepepere

    Actually SMTP is a reliable protocol. When an SMTP server issues a 250 code after end-of-data it means the message was tranmitted and received by the reciving side. If it does not issue that code it means the message was not received. In both cases the sender (SMTP client) knows if the transaction succeeded or failed. If the message is silently discarded after it has been accepted and the sender was notified that the message has been received (like some email services, e.g. Hotmail do) then it’s too bad but it has nothing to do with SMTP. If e360′s mail is rejected during the SMTP session, and if e360′s SMTP client software is set the right way, then e360 knows exactly delivery to which addresses/domains failed and can contact the postmaters of those domains to resolve any transmission problem they think might be resolved this way. If e360 thinks it’s email is being dropped at a later stage then it’s too bad for them but it has nothing to do with the reliability of the SMTP protocol. The way Spamhaus’ RBLs are used by email service providers is usually dropping the connection immediately, so the spammer is being notified that the message was rejected.

  • someone in raleigh nc

    To address many posts about being sued in the US when you live somewhere else. If it truely is frivolous you might be best to ignore it. And if you ever need to do business here address it then. Never showing up becuase the suit was bad and it would cost an absourd amount of money puts you in good stead to deal with it in the future.

    Next best, as this blog stated, get someone to show up and argue that the suit is bogus and doesn’t belong in the particular court.

    But spamhaus SHOWED UP and didn’t argue that the case should gow away. This created a problem for them and when they then walked they created a swamp. Surely they could have resolved this for less cost than incured to date by just arguing that it should go away. But that’s not what they did. And I can’t imagine anyone with 1/2 or less of a brain showing up in a foreign court without spending a few $$ or dinar or whatever to find out what the end game choices are.

    As to the judge NOT following the rules to do the right thing, this is what happens in countries that have no rule of law. At least if the judge follows documented and PUBLIC rules, it is possible to figure out what to do. If a judge can do what they feel is “right” (or ordered to do) you no longer have rule by law.

    As to the comments about US law allowing this, I imagine I can get a fake suit filed in most countries given a few $10,000 to play with to learn the system. Fake PO Boxes, web sites, etc… to make it look like things are local when they are not.

  • bob

    There are other approaches to fighting spam that are far less likely to allow lawsuits. use an approach that follows the established rules and procedures,resulting in domain name cancelation, if and only if the site in question is a spam source.

  • James

    As has been mentioned, Spamhaus only provides a list. ISPs and those running mail servers can subscribe to this list if they choose. In no way is Spamhaus forcing their data on anyone. If you disagree, don’t subscribe to it. It’s really in the hands of the mail system administrators.

    e360 should be required to provide definitive proof that they are not sending out spam. It’s my understanding that they are sending wave after wave of junkmail to spam trap addresses. Spam traps are fake email addresses that webmasters use on websites. When a spammer farms this email using specialize programs, the database is updated to block the spammer. It’s very effective.

    We all know “opt-in” is just a word spammers use to weasle out of responsibility for their actions. I have never opted in to any spam list, yet am put on countless spam distribution lists without my knowledge and without my consent.

    Let’s make sure this doesn’t get out of hand. Spammers are already making a lot of money at our expense. Our entire Internet is at risk because of the deluge they send every minute of every day.

  • Veg

    I didn’t say that SMTP is unreliable, but that it doesn’t guarantee delivery. There is no redress for failure, and no recourse to law.

  • Harlo Peterson

    It looks like Spamhaus is following the advice of UK lawyers to allow a default judgement to be entered as default foreign judgements cannot be enforced in the UK. If they contested and lost a non-default judgement might be enforced by UK courts. Least risk strategy was to withdraw.

  • Pingback: Privacy Digest: Privacy News (Civil Rights, Encryption, Free Speech, Cryptography)

  • .

    Those not in the US care little what US judges think say or rule; Just as those in the US care little what judges in Afghanistan, Brazil, China, Denmark, Ethiopia, France, Greece, Hong Kong, Iran, Japan, Kazakhstan, Libya, Mongolia, Norway, Oman, Peru, Qatar, Russia, Singapore, Taiwan, Turkey, United Kingdom, Venezuela, Yemen, Zambia, … think, say, or rule.

  • Rob van der Putten

    Spam is a criminal offence in the EU (_CONFIRMED_ opt-in required!). Exporting spam the the EU is like smuggling whiskey to Saudi Arabia.
    One shouldn’t be surprised if such contraband is confiscated. And nobody in their right mind would even consider legal steps against the Saudi customs service. Except in the USA of course.

    Email needs to function. Abolishing the ‘’ domain would make email totally unusable.
    Further more, if ICANN (or anyone else pressured by the USA) pulls the DNS records, it would probably lead to a DNS split, effectively pulling apart the Internet into a USA and a non USA part.
    Is this really what the USA wants?

  • Ben!

    Some facts about the U.S. Legal system:

    1) Civil law (Not criminal law); you as a defendant are effectively “guilty until proven innocent.” The burden of proof is much lower to the plaintiff to prove his side, basically an allegation. The defendant must not only prove that the defendant is right but also the plaintiff is wrong. That’s how I see it.

    2) The judge, please don’t blame him. e360 did not win the case, Spamhaus did not lose the case, it was a “default judgment.” a default judgment is issued when the defendant doesn’t appear to the court or otherwise oppose the claim. Because of the plaintiff automatically wins irregardless of the merits of the case. Even if the plaintiff lied, because of the court rules the judge MUST issue the default judgment, he has no choice.

    3) Even if the court has no “personal jurisdiction” they can still be forced a default judgment. The collection and enforcement of that judgment is however impossible and is meaningless.

    4) A default judgment carries no precedence.

    5) Federal law, (USC 18 in part and the “Can Spam” act et al) specifically allow for people (meaning ISPs, companies, whatever;) to dictate what email they will accept, or not accept, and they are specifically allowed to use any means to filter or block incoming messages, be it by RBL, filter rules or whatever.) What ever reason the receiver (system) deems is protected, and can not be held liable for blocking another’s inbound email. This means that if there is an RBL called the “i_don’ RBL” and I can choose, that on the basis that the people running the RBL decide that they don’t like you, I decide to trust their judgment and block their email to my system using their RBL. The sender has no recourse and the receivers system can not be held liable. Simply, the recipient system has immunity from tort for dropping any sender’s email.

    5.1) I own every mail box on my system, I own every server in my system. As an employer, any email box on my system are under my protection and my rules, employment laws and contracts with my employees means that the employees have no right to privacy of the content of their mailboxes or to expect that all mail will be delivered. If I have a company rule that says certain classes of email will be blocked then that is the way it is. Go work for someone else if you don’t like that.

    5.2) I own every server in my system, I own every mail box on my system. As an ISP any email box on my system are under my protection and my rules, while ethically I will never read or access the mail of any paying customer, as an ethical rule, I can stipulate in the terms of service contract that I/we WILL use RBL to block certain classes of email, if you don’t like that then leave. (Note none ever has, and applaud our use of the i_don’ RBL.

  • Mark

    IANAL, but Joe Greco’s argument that Spamhaus is more akin to a “credit reporting agency” is actually a better description of how the information Spamhaus supplies is consumed by the subscribers than a “worst dressed list”.

    Email operators use the information to determine if they want to provide “credit” (access to resources) based on information supplied by a third party. The choice of the operator is “guided”, not made, by Spamhaus – the operator is free to use or not use any or all of the information. Likely though the operator is using it as a autonomous system unless a person contacts the operator thru normal channels (email to abuse@ etc..).

    In the US, I have the right to query the credit bureaus to determine if the information they have on me is correct. If I find that I’ve been quoted an unreasonably high interest rate – it is my right to query the bureaus and the bank to understand how they arrived at their decision.

    I believe that Spamhaus has a similar “appeals” process – but in the end, it may be nothing more than “he claims innocence but his behaviour shows otherwise”. This is similar to how a credit bureau would report a person frequently late on their payments to several creditors.

    I agree with the author – this is scary because this case could serve as arguments for future cases. I would urge people to look at prior credit reporting cases and see the similarity.

    Yes – blacklisting sucks when you are the one being blacklisted, but it works really nice at keeping thugs off of my doorstep. Ultimately I get to choose who comes into my house (legally anyway) – and in my state I get to shoot the ones who try entry by force. :)


  • Phil Howard

    IANAL, and I am not attempting to make arguments within the framework of the law as a lawyer would. Instead, my arguments are about the scope of law, and how law should be permitted, or not as the case may be, to effect others, from a political perspective.

    3. Why should I be compelled to spend my time, resources, and money, to make a non-jurisdiction argument, in any foreign country where someone decide to pursue legal action under their laws which are not the same as mine? How would you feel if you happened to do business with someone who came to you anonymously in your own country, who just happened to be from China, and now someone in China claims you harmed them in this transaction and sues you in China. Why should you have to answer to a Chinese court? I picked China arbitrarily; it could be applicable to any country.

    4. Having appeared at all, though, appears to be the mistake Spamhaus made. However, Spamhaus’ mistake would not create precedence for others that do not make such a mistake.

    5. How is shutting down a domain of a foreign national a valid remedy in this case? What does it recover for the plaintiff?

    7. I’m not so sure this isn’t just a case of bad legal advice given to Spamhaus, perhaps by an attorney unfamiliar with US law. Sadly, our legal system has a track record of failing to protect people from bad legal advice by being unwilling to vacate the effects of such.

    8. If this really is a case of bad legal advice, and if the correct legal advice and correct legal action is to stay out of US court, then it seems that by coming back to US court to take the actions suggested would on its face contradict exactly what would be asked (e.g. “we are here today in US court because it was a mistake to be in US court at all”).

    9. I don’t know the judge, and I’m sure his job is to make decisions based on the facts and evidence presented, and not consider ex-parte communications. Rulings by the judge would be expected to be on this basis, so I don’t see any fault in the person or the role. However, the US legal system is inherintly flawed in many ways and the actions of this court, while apparently proper in the context of the US legal system as it stands right now, are yet another example of the many flaws that do exist. I don’t see it as this judge’s role to fix those flaws; that would be a political issue. Do expect my rants, but they are not targeted at this judge or this court specifically. Such rants are not really even going to change as a result of this case; it would merely be added to it.

    I do question how ISPs writing letters to the court would have a proper impact. Is the usefulness of Spamhaus in general the issue here?

  • Michael

    . Did the judge actually issue that document as a ‘Proposed Order’? That seems odd, since judges don’t usually do that — A Proposed Order is what the party who wants the order writes and submits to the court as (get this!) a Proposed Order, in the hope that the judge adopts it as the real Order. What an adversary submits to the judge as an idea gives no indication of what the judge is thinking of doing.

    . I can imagine a ticked off judge sitting on the bench, waving the plaintiff’s Proposed Order in hand and more or less threatening to sign it if the defendant didn’t do something, but even that seems far afield from what typically happens, and I haven’t read anything yet to say that the judge has done any such thing. Sometimes the judge indicates in open court what he’s thinking of doing, and suggests to the parties that they craft a Proposed Order to consider (which is rarely adopted in toto, but rather serves as the thinking spot for the judge to start).

    . In other words, this cockamamie scheme may be nothing more than the plaintiff’s wildest dreams rather than something the judge is actually willing to go along with, and I’m willing to wait and see if the judge signs it (or at least gives some official indication that he’s seriously thinking about it) before I fly too far off the handle.

  • Robert

    On the Spamhaus website it says:

    “To get the ‘SLAPP’ lawsuit case accepted in Illinois, David Linhardt fabricated, under oath, that Spamhaus operates a business in Illinois.”

    Does anyone know about this aspect?

  • Jim Graves

    Here’s an anlogy. It may not be a good one.

    Suppose the CalTech soccer team (assuming they have one) challenges Manchester United to a game, to be played at the CalTech stadium. ManU replies that they’re willing to play the game, but it has to be played at the Rose Bowl instead.

    CalTech shows up to the Rose Bowl at the appointed time, and Manchester United is still sitting in England. Eventually, the referees at the game will award a forfeit to CalTech, because Man U didn’t show up.

    It doesn’t matter than Man U could wipe CalTech all over the pitch. It doesn’t matter that the referee knows that Man U is a better team. Man U didn’t show up, so the only option the ref has is to award the match to CalTech.

    The judge in this case, according to US law, is merely a referee. And the default judgement is a forfeit. The merits of the case–i.e., who the better team was–don’t matter if one side never shows up to argue its case.

  • http://none lil joe

    hello this is joe from nigeria well you may not know me by face,well am seeking out 4 help .well am a music artist in nigeria but now i dont have no body to sponsor me out 4 my music.well i want you to help me out so that i can make out my brand newalbum of music wit you them.well i burst into music the year 2001,sinces them i dont have no body to help me out.well i needed ur help from ur company so that i can make out my songs.well i dont have parents to help me here.well i trogle 4 my self sinces i burst into music therer is no one can help me out.well i needed ur support and sponsor to my music to be in usa.well i dont no parents here in nigeria.well i needed ur help now.pls send me info to contact +08076503293 /08030822404

  • Pingback:

  • Monkeynator

    The judge in this case, according to US law, is merely a referee. And the default judgement is a forfeit. The merits of the case–i.e., who the better team was–don’t matter if one side never shows up to argue its case.

    Hope I used the XHTML properly. There are a few differences though, such as the ref and rules of the US league demand they show up in person to decline playing them regardless of being in the league in the first place. Additionally CalTech told the ref Man U said some things the US league does not allow… the ref believed them just because.

    I hope I never learn more about the LAW than I have to survive, as I’m sure it would make me even more frustrated with it. Recognizing jurisdiction depending on what you did in the court that has no jurisdiction seems a bit silly to me. If the court has no jurisdiction then they should by definition have NO jurisdiction, no matter what communication they have with those involved. So my question would be what jurisdiction does the UK courts allow?

    If the extradition laws (I think something was mentioned somewhere in here) say the US can get UK residents just by asking (no evidence), then the break seems to be on the UK side.

  • Mike

    Humm.. nobody seems to have considered that the judge might be brilliant. Bearing in mind that I don’t have ample evidence to evaluate his competence, I still have a growing suspicion that he is making a well thought out move to defend liberty.

    What if the judge has considered that such a judgement will be unenforcable, since ICANN cannot do what is asked of it? If ICANN makes sure that they no longer have the .org listing, ignoring the fact that they never did, then they comply with the letter of the order by doing nothing at all. If the judge orders exactly what the plaintif asks and it has no effect, then it costs the plaintif time and money to accomplish nothing. It makes it obvious that blacklisters (espically in other countries) are immune from such lawsuits and in a federal court sets serious precident for handling this type of case.

    By issuing a “proposed” order, the judge gives the defendant a chance to see if he will be satisfied with the outcome of a judgment against him. If he is happy with it, because it has no effect, then he has no additional costs of defense.

    Literally, everybody wins. Spamhaus sees no ill effect and indeed gets a lot of free press. The court system gets less frivilous lawsuits because they are now pointless. The judge gets to stick to his best standard of upholding the law. The plaintif gets to win the lawsuit. The rest of us get to use whatever blacklist we like.

    All it takes is the judge to have a thick enough skin to handle being called bad names by people who either don’t understand his plan or who want to send spam.

    Spamhaus will have done the best possible thing by getting the jursidiction moved to that court because it will be more binding precident and also shows the proper way for any other blacklister to respond.

    Since I don’t know if the judgement really would be unenforcable or how smart the judge really is or how talented Spamhaus’ legal team is, I can only hope.

  • Matrel

    There are issues with this whole approach of using blacklists. I have done a lot of work for small companies who become infected with viruses or are on dial up and end up on blacklists. Trying to get them removed is nigh on impossible. As other people have commented, the use of traffic shaping is a much more productive method. Then genuine mailers who end up on blacklists are unaffected as they only send small volumes of mail. But genuine spammers who send thousands of mails an hour end up with messages backed up on THEIR servers for hours or even days. In this case everyone wins; spammers have to take the hit of sending emails and have their servers clogged up. Small companies aren’t crippled by arbitary judgements based on ip address ranges or security compromises (which of course they should make every effort to fix!) but more importantly end users are subjected to very little spam and even fewer false positives.
    Obviously, with regards to this case it would be perfect. Nobody is blocking any email, e360 would have no complaint, their email is simply being throttled as it has no direct relevance to a commercial organisation.

  • TheTruth

    Spamhaus deserves what’s coming to them.

    A common argument keeps popping up here, which is, “Spamhaus doesn’t block email… they provide a list… and its voluntary… poor, defenseless non-profit Spamhaus”. WHATEVER.

    Spamhaus is a terrorist organization.

    - Spamhaus will blacklist an entire network to persuade a host to terminate 1 user. Which, in turn, may block email to and fro hospitals, schools, non-profits, government agencies, and small businesses.

    - Spamhaus will accept bribes from mailers to keep off the blacklist… in the form of donations. This is known within the industry. (we are talking 10′$ of thou$and$ at a time) And they’re not for profit??

    - Spamhaus absolutely does not respect the law. For example, the Can Spam Act, which gives precise requirements and rules to legitimate mass emailers. Even if those requirements are met absolutely perfectly, Spamhaus will still label the mailer as a spammer and blacklist them, because they think they are above and better than the law. (this is very likely the case with e360)

    - Spamhaus will intentionally subscribe to known mailer’s lists just for the sake of complaining and blacklisting. Then the vicious cycle starts again.

    Spamhaus DEFINITELY should be in the jurisdiction of the United States! Regardless of where the entity is based, they absolutely harm businesses and individuals throughout the world, and especially here in the USA.

    Let’s see how this plays out… Then those who know the truth can take their turn after e360.

    They should really leave Can Spam Compliant mailers alone, and focus on the REAL SPAM PROBLEM. That’s why they’re in this mess to begin with.

    “If you follow the law, you are also protected by it.”


  • john r

    An update to the Spamhaus story can be found here:

  • Me

    A common argument keeps popping up here, which is, “Spamhaus doesn’t block email… they provide a list… and its voluntary… poor, defenseless non-profit Spamhaus”. WHATEVER.

    What a thought provoking argument!

    Spamhaus is a terrorist organization.

    And you are basing this on what? A “terrorist organization” by definition must be primarily in the business of instilling terror in the populace. Do you feel terrorized by Spamhaus? If you do… I would like to put forth the possibility (nay, probability) that you are in fact a spammer and I (for one) am happy that you feel terror.

    Spamhaus will blacklist an entire network to persuade a host to terminate 1 user.

    Complete bunk. And even if it was true, it’s not Spamhaus that’s causing the problem. The problem there stems directly from lax AUPs and clueless sysadmins or ISP management that allows the UBE to vomit unrestricted from their networks. Spamhaus is simply offering effective sysadmins a way to take action to stem the tide that would otherwise make managing mail servers an impossibly monolithic task.

    Spamhaus will accept bribes from mailers to keep off the blacklist… in the form of donations. This is known within the industry.

    Which industry? Spamming? I am an active member of the ISP industry and have never heard of any “whitelisting for cash” actions taken or offered by Spamhaus.

    Spamhaus absolutely does not respect the law. For example, the Can Spam Act, which gives precise requirements and rules to legitimate mass emailers. Even if those requirements are met absolutely perfectly, Spamhaus will still label the mailer as a spammer and blacklist them, because they think they are above and better than the law.

    The CAN-SPAM act specifically allows any and all blocking on mail servers. It does not in any way offer or even imply that following it’s directives gives mass-mailers any rights whatsoever to have their emails delivered unimpeded. The law does not guarantee delivery; therefore Spamhaus is not placing themselves above the law.

    Spamhaus will intentionally subscribe to known mailer’s lists just for the sake of complaining and blacklisting.

    Are you kidding? Spamhaus is run mainly by volunteers. Are you saying that people that donate their time are actively seeking more work? What’s the driving force?

    Spamhaus DEFINITELY should be in the jurisdiction of the United States! Regardless of where the entity is based, they absolutely harm businesses and individuals throughout the world, and especially here in the USA.

    There’s a can of worms you don’t want to open. If companies and organizations outside the US are to be bound by our laws, then by simple reasoning, companies and organizations inside the US should be bound by all laws that have been enacted in any other country. Do you want to be jailed for that 5th of Jack you drank before you wrote this drek? What about all the non-US people reading your post? You could be opening yourself up for a liable suit in Klababble (made up country… don’t bother researching) where the liable and slander laws are a bit more strict than they are here in the US.

    Let’s see how this plays out… Then those who know the truth can take their turn after e360.

    Those who know the truth have already taken their turn. (See most of the above posts)

    They should really leave Can Spam Compliant mailers alone, and focus on the REAL SPAM PROBLEM.

    Just because you’re a CAN-SPAM compliant mailer doesn’t mean you’re not sending spam. The government has classified it’s definition of spam… many of my fellow sysadmins would agree that the government’s idea of spam does not always jibe with their definition of spam. And when you get right down to it, it’s the sysadmins that make the rules on their own servers. If you don’t like it, you’re welcome to leave at any time.

    “If you follow the law, you are also protected by it.”

    As far as I know Spamhaus is fully compliant with the only laws they need to follow… the UK laws.

  • Paul

    The potential for ICANN to face legal action if they fail to implement the judgement means one thing. Other countries will be forced to do what China has done and attempt to devolve their own internet governance outside of ICANN.

    The Chinese may be doing it for the wrong reasons, but the rest of the world will be doing it for the right reasons… to ensure that legitimate businesses and organizations outside who abide by the laws of their own country are not subject to ridiculous lawsuits by spanked spammers, or other low lifes.

    Spamhaus must obey the laws of the United Kingdom of Great Britain and Northern Ireland. No one else. The domain name is the only aspect of this case that gives spammy a club to hit Spamhaus with. The US Govt’s failure to pass net governance to a worldwide body outside of US jurisdiction will end up splintering net governance as more and more US-based spammers (i.e. most of the world’s spammers) use spurious law suits to harass the good guys.

  • Koen

    A lot has been said already, and i’ll try not to repeat it. I just want to express my sympathy for spamhaus. They do good work, whether or not the internet email infrastructure would collapse without them, I don’t know. I do know we would need more memory in our mail servers due to longer greylists and more CPU power to deep-process anything that gets through.

    I think the US should step down, and realise they are alienating the rest of their world with their urge to dominate all and every person, organisation and government. They are not superior, despite their illusions otherwise.

    The CAN-SPAM act is meaningless to me, as are a lot of other laws and regulations made up by a government thet legalises torture.

    I think the penultimate solution to this legal quagmire is a decentralised organisation, that simply cannot be hit by bogus court orders. A lot of innovation lies in that area, and I’m sure it won’t be the US doing the innovation.

  • Colin

    Just a point about ICANN: the earlier arguments outlining why it shouldn’t remain in the US may have just been realized with this e360′s bizarre request. In any even ICANN responded correctly that it doesn’t have the ability to knock the domain name from the registry and I defy e360 to file the same ridiculous argument in a Canadian court (the home of Spamhaus’s registrar).

  • John Gilmore

    Spam is a problem but anti-spammers are a much bigger problem. (Communism was a perceived problem in the US in the 50s but Senator McCarthy and his unaccountable blacklists created a much bigger problem.)

    e360 was right to sue Spamhaus for operating a conspiracy to drive their email businesses out of the market. I have never found an anti-spammer who was honest. My own server is on most anti-spammer blacklists though I have never sent a single spam message, nor have I violated any other law relating to sending email. (They’ve made up a whole set of other rules of their own devising — that they claim I’m supposed to follow, otherwise they’ll interfere with my communication.)

    Delegating censorship decisions about your email — and even worse, your customers’ email — to unreliable third parties is not only irresponsible, it also constitutes a conspiracy to deny service. Antitrust laws outlaw a majority of firms in a market from doing exactly that. (It’s like Intel and Microsoft deciding that their products will refuse to work on an AMD processor.) Even worse, anti-spammers like Vixie or spamhaus deliberately block more people than the spammers, in order to blackmail those people into joining the conspiracy.

  • Patrick W. Gilmore

    [NOTE: John and I are not related.]

    Mr. Gilmore,

    Would you mind explaining why you think Spamhaus is dishonest or blocks more than the spammers.

    I’m also wondering why you think that what I do with my equipment is any business of someone who does not own my equipment. When customers sign up, it is clear in the contract they sign that certain measures will be taken to prevent abuse, including black-holing IP addresses which preform DDoS attacks, filtering TCP packet from people trying to crack server passwords / keys, and blocking SMTP transactions from people who try to send us spam.

    Are you advocating that the gov’t use force to not allow me to do as I please on equipment I own?


  • Suresh Ramasubramanian

    Well, if Gilmore could write “tar” some decades back, and can drag himself out of the past, he probably retains enough coding skills to stop spammers and viruses abusing his servers.

    Too much EFF koolaid unfortunately.

    EFF and Its Use of Propaganda: Could Karl Rove do better? Probably

  • Seth Breidbart

    John Gilmore claims that *he* has never sent spam. However, his *server* has sent spam, because he allows spammers to relay through it. I’ve received spam from it. He seems to think it shouldn’t be listed as a machine that emits spam; I think it should be, since it does.

    No external list blocks email for me, any more than a restaurant reviewer blocks me from eating someplace. I might pay a lot of attention to them, and will often follow their suggestions unless I have reason to override them; but in both cases, it’s *my* decision.

  • Herbert Hansen

    John Gilmore doesn’t like spamhaus because he operates an open relay, viz “”.

    His free-speech nonsense belongs on a hippy commune locked in the 70′s.

  • saddened

    Those who spend their lives bowed before the law without regard for the being who gave them the ability to bow will eventually come to regard the law more than their fellow man. I mourn those who feel more compelled by the law than justice and truth, but thankfully such hedonism will not be tolerated forever. Truth will emerge the victor despite the vanity of those who have forgotten it. We may not respect those who vainly fight for truth but eventually their’s is the story told future generations while the other’s fade from memory because only truth has the power to endure.

  • http://that.s.too unknown

    The best way to win an argument is to begin by being right. – Jill Ruckelshaus

  • Bill Stewart

    Summary of Legal Issues

    If you want to get involved in the court case, you do so by filing an amicus curiae brief asking to be considered as a “friend of the court”, though it’s probably way too late to do so on this case.

    Spamhaus could have accepted jurisdiction from either the state court or the federal court, spent a big pile of lawyer money defending themselves, and wiped the floor with the plaintiff. However, egregious as the plaintiff’s case was, it’s unlikely that the judge would have ordered them to pay Spamhaus’s legal costs, and even if they did, it’s not easy to collect from spammers.

    Spamhaus could have decided from the beginning that neither the US state or federal courts had any jurisdiction and declined to participate in the process. Unfortunately, they mishandled it in ways that the US Federal court judge viewed as agreeing to US Federal court jurisdiction, and then didn’t show up to defend themselves. That doesn’t mean the judgement is collectable outside the US, but it’s still too bad.

    UK subjects are in no position to bitch about US courts claiming to have jurisdiction everywhere in the world – UK libel law also claims to have jurisdiction to protect UK subjects from libel anywhere in the world, and doesn’t have the US’s strong tradition that truth is a valid defense against libel charges.

    The judge has decided not to accept the plaintiff’s request about ordering ICANN to rescind Spamhaus’s domain name – not only was that the right choice, and avoided opening a much larger can of much larger brand-new worms, but ICANN wouldn’t have been the right people to order around, and the registrar that Spamhaus uses wasn’t based in the US.

    There are different ways to use a blocklist, either as an Email provider, other type of ISP, or end user, and some of them might arguably be inappropriate but I’m not going to argue them on this board (though I may talk to John directly.)
    Suresh’s comment about “EFF koolaid” is not only rude, it ignores the fact that John’s the major driver of EFF’s work on spam issues. And Herbert’s comment about John’s opinion belonging in a “hippy [sic] commune locked in the 70′s” forgets that John’s was one of the main founders of the “Commercial Internet Exchange”, which first made it possible for commercial companies to connect to each other using Internet technology without going through the ARPAnet and its Acceptable Use Policies, so in a sense we’re now *in* his hippie commune right here…

  • Collaborative law

    The Collaborative Law approach is an alternative to costly, time consuming litigation that helps couples resolve disputes respectfully without going to court.

  • Sohbet

    By the way, Jeremiah, double-clicking on a word is supposed to select that word. And if you don’t let go after the second click, you can drag to select the whole sentence or paragraph. It’s very handy when you copy and paste a lot.

  • Sohbet odaları

    John Gilmore claims that *he* has never sent spam. However, his *server* has sent spam, because he allows spammers to relay through it. I’ve received spam from it. He seems to think it shouldn’t be listed as a machine that emits spam; I think it should be, since it does.

  • mirc

    The Collaborative Law approach is an alternative to costly, time consuming litigation that helps couples resolve disputes respectfully without going to court.

    contact me..

    thanks best regards