The Spamhaus case, a spam-savvy Illinois lawyer perspective
October 7th, 2006 by Matthew Prince, Filed under: Web, Commentary, Spam, Law, Culture
I’ve been following the Spamhaus case with some interest. You see, I am a lawyer, and even an active member of the Illinois Bar. I happen to teach as an adjunct professor at the same law school where the judge in the case also teaches as an adjunct. And the class I’m
teaching next week is all about what behavior by a defendant in the online world is sufficient to establish a jurisdictional hook. Gadi Evron invited me to contribute and, before too much misinformation gets circulating, I feel compelled to chime in with my 2 cents.
As lawyers always do, let me caveat this with the usual disclaimers:
I know only the bare minimum of details about the case, this message should not be construed in any way as legal advice, and no one should mistake me for a qualified trial lawyer. As someone, probably a law professor, once said: those who can do, do; those who can’t, teach.
With that said, below is my take on some of the recent questions that have arisen over the Spamhaus case:
1. Make no mistake: this is serious. To make that point, consider what is likely to come next. When Spamhaus continues to operate, the plaintiffs will implore the court to enter criminal contempt charges against the company and its principals. It’s not clear how broadly such charges could be, but this judge has certainly not shied away from broad orders to this point. At the very least, this could mean that Mr. Linford will be at risk if ever he decides to pay a visit to the United States. The worst case, of course, is that U.S.-based volunteers could be criminally at risk as well. I doubt the worst case is likely to happen, but make no mistake that it is possible.
2. Moreover, this judgment will likely follow “Spamhaus” in perpetuity. Even if it shuts down and later some of the same people reconstitute “SpecialHamHouse” to publish similar data, the judgment will almost certainly stick to the new entity. In the long run, cute arguments and legal slight of hand don’t work. Look at an organization like KaZaA, which spent a significant percentage of their significant revenues on the smartest lawyers in the world to avoid jurisdiction. Even with those resources they were eventually hailed into court and effectively shut down. Even if e360 is not the RIAA, Spamhaus, unfortunately, does not have anywhere near resources as KaZaA.
3. That said, Spamhaus had a likely winner of an argument if they’d made it from the beginning: the U.S. court does not properly have jurisdiction over the U.K.-based company. While this is an evolving area of law, what Spamhaus does is, in my mind, most analogous to the London Times publishing a “Worst Dressed Celebrities” list. If Joan Cusack feels slighted by the Times’ characterization of her choice of ball gowns, it is fairly well settled law that a court in Illinois is not going to have jurisdiction to hear the case. In the Spamhaus case, it would have been possible for an attorney to make what is known as a “special appearance” before the court without acknowledging the court’s jurisdiction in the case. Reading the record, I’m puzzled that this wasn’t the strategy Spamhaus’s counsel chose.
4. Unfortunately, since that’s not what happened, Spamhaus may have waived personal jurisdiction as a defense early on in the case when they not only appeared, but then asked for the case to be removed from state court (where it was originally filed) and moved to federal district court (where it is today). Arguably, and this makes sense intuitively even if you don’t understand the finer points of U.S. civil procedure, doing so inherently acknowledged the jurisdiction of the federal court. In the beginning of a case like this there are two choices: a) you can fight it, or b) you can claim the court doesn’t have jurisdiction and, basically, ignore it. You can do one or the other, but you cannot do both. The pickle Spamhaus is in right now is largely caused because they appear to have initially tried strategy (a) then switched to strategy (b). There may be a way to still raise the jurisdiction issue, but make no mistake, it’s an uphill battle at this point.
5. In terms of today’s action by the judge it appears that this is, currently, just a “proposed” order. I would imagine it is, in part, the judge’s gambit to get Spamhaus to come back to the table to that the real issues in the case can be resolved. But, so long as Spamhaus doesn’t show up, I don’t see anything that will prevent this order from being entered as final. In other words, there may be some time before ICANN is formally ordered to shut down the Spamhaus domain, but make no mistake that ICANN’s lawyers will be considering their options beginning first thing Monday, if they haven’t already begun the conference calls tonight. One more thing to consider: the fact that the order isn’t final means that e360’s lawyers can review it for loopholes and make suggestions on how to make it even more onerous on Spamhaus. In other words, if you’re a friend to Spamhaus, I wouldn’t be posting in any public fora comments like: “At least the judge didn’t…..”
6. When the order is final, I don’t know what ICANN will do, but I bet they’ll at least consider complying. In the end their decision is likely to be much more about setting a general policy than the specific details of who Spamhaus is or why they are critical for the Internet. ICANN will desperately want to stay out of this dispute, but they are subject to U.S. law and they will probably have attorneys who will argue they need to follow it. All it will take for this to end badly for Spamhaus is one lawyer at ICANN getting a little bit spooked and Spamhaus could lose not only it’s .org but potentially any other TLD that ICANN controls. (This probably wouldn’t include CCTLDs like .UK which are governed by their own controlling entities.)
By the way, does any part of this whole thing strike anyone else as a bit ironic? It’s usually the spammers setting up non-traditional TLDs and claiming that U.S. courts cannot assert jurisdiction over them. I’ve been amazed how many times with Project Honey Pot
(www.projecthoneypot.org), an anti-spam service my company created, we’ve used spammers’ tricks in order to catch spammers. Now it seems we need to use spammers’ legal arguments in order to defend the anti-spammers. Like a bad episode of Superman where he realizes Lex Luthor is his half brother, or something.
7. Even if ICANN holds firm and doesn’t shut down Spamhaus’s domain, I would imagine the plaintiffs will ask the judge to go after other vulnerable points in the Spamhaus chain of command and control. Based on the rulings I’ve seen so far, the judge may agree to go along. He seems pissed, and, frankly, reading the record I can understand why. As you all intuitively know, judges don’t like people ignoring their orders, especially when the people specifically asked for the case to be moved to the judge’s court and are now making public statements effectively calling the judge a buffoon. Everyone involved needs to be careful.
8. How could this end well? The good news is that the 7th Circuit is full of some of the smartest and most powerful judges in the country, so if there’s a way out of this mess Spamhaus could be in far worse places to find it. That said, appealing a default judgment is unusual and not a strong position to start from. Even after the notice of appeal is filed, an actual appeal is probably, in reality, just the backup, long-shot option. The primary option I think Spamhaus should be discussing with counsel is asking the district court judge to set aside the default judgment. My guess — only a guess — is that he’d probably do that if Spamhaus asked, apologized, and plead that they got some bad legal advice and were rectifying the situation as quickly as possible. However, and I’m sure this is going to be the sticking point, getting the default judgment lifted would require Spamhaus go against some of their core principles and eat some crow.
What do I mean? As far as I can tell from the record, back when the case first started the judge issued a Temporary Restraining Order (TRO) that required Spamhaus to remove the e360 listings from ROKSO and other places. Initially it appears Spamhaus complied with the
TRO, probably on advice of counsel. Then, according to the record, around the same time Spamhaus shifted from strategy (a) to strategy (b), Spamhaus put e360’s listings back up on their site and, essentially, gave the judge the finger. Just a guess, but in order to get the default judgment lifted, Spamhaus is probably going to have to at least comply with the judge’s original TRO order. While I know that removing someone Spamhaus is convinced is a spammer from their blocklist goes against the very core of the organization’s being, it is hard for me to see any way to get to a happy ending for Spamhaus without (hopefully temporarily) compromising this principle.
Do note that the TRO is not the same thing as the permanent injunction which the judge issued after Spamhaus stopped complying with the TRO. The permanent injunction was issued after Spamhaus violated the TRO. My quick reading of the record is that it is the permanent injunction, not the TRO, where Spamhaus was required to put up the notice in big type on their home page that the plaintiffs really weren’t such bad guys after all. I know doing that would be
far too much crow for Spamhaus to bear eating, but my guess is that it won’t be necessary in order to at least get back to where Spamhaus was before they switched to strategy (b).
But here’s the real problem: even if the default judgment is lifted and Spamhaus gets a real day in court, they’re in for a very, very expensive, very fact-intensive trial to prove e360 really is what they say they are. In the end, from what little I know, it seems likely that they have a good case and stand a good chance to win: this is, after all, no different than the London Times publishing the Worst Dressed Celebrities list. It still may be possible to shoe-horn the jurisdictional argument back into play, in which case you’d never get to the really expensive part (discovery) of the trial. Unfortunately, even that’s going to take some serious billable hours from some serious legal firepower (read: $$$). I’ve been thinking about this for at least a week now and, to be honest, I can’t see a lot of ways this ends well.
9. Finally, one last point: anyone who has a chance to talk publicly about this, if you are a friend to Spamhaus I would strongly urge you to refrain from making derogatory statements about the judge or the legal system in the U.S. Talk all you want about the evidence that you believe demonstrates e360 is a spammer. Talk about how important Spamhaus is to the functioning of email. But calling the judge stupid doesn’t help the case. Given the record, the judge had little choice other than to do what he did. So far as I can tell, Spamhaus presented no argument that would let him get out of this case, even withdrawing the answer that had been filed from the proceedings.
Instead of badmouthing the judge, what I would imagine is far more productive are letters from ISPs around the world attesting to the importance of Spamhaus as an organization and emphasizing how it is the individual ISP, not Spamhaus, making the affirmative choice to
stop e360s messages from entering your servers and your property. Maybe counsel for one of the larger ISPs would be willing to act as a clearinghouse and file the letters, en masse, with the court. But, whatever you do, don’t go out and talk about how the judge is too old and too stupid to understand how the internet works — having read some of his other cases, I can guarantee you he is not. Instead, politely educate him on why Spamhaus is more than what the plaintiffs have painted it as: a punk organization based out of the U.K. that doesn’t respect U.S. law and actively interferes in the business operations of a legitimate Illinois company.
An update to the Spamhaus story can be found here:
http://blogs.securiteam.com/index.php/archives/688
Matthew Prince.
CEO, Unspam Technologies, Inc.
Adjunct Professor of Law
John Marshall Law School
Hmm. “Worst dressed list” sounds very naive. As any lawyer should know, it’s more than that.
A worst dressed list does not conspire with wholesalers, distributors, freight companies and store owners throughout the entire supply chain to block the sale, transport and other commerce of the clothing worn by the worst dressed celebrities. Nor does it publish the list with such intent.
Nor do the subscribers to the paper subscribe for the sole purpose of identifying targets to block by reading the list.
Nor do they block wholesale other trade by the manufacturers and stores. With a worst dressed list there is no conspiratorial intent to block trade as there is with Spamhaus and its subscribers.
A worst dressed list is an act of publishing, a blacklist is an act of techno-thuggery. Big, big difference. I can’t wait to see the letters from the co-conspirator-ISP’s confessing to their crimes! I can see why you say you are not providing legal advice!
As a lawyer, you should be far more concerned about private interests like Spamhaus and its conspirators taking the law into their own hands and acting willy nilly as judge, jury and executioner with no recourse, no due process, and no right of appeal by their victims.
Now, what is it you wanted to tell us about your company?
Taking what law into their own hands?
Please show us the code chapter that requires that mail servers accept mail from all comers, with no right to block mail.
A mail server is private property, and as such, the owner is not breaking the law when he/she chooses not to accept mail from a specific party.
If the owner decides to delegate that decision making to another person, that’s their right, as well.
There has grown up around the world the misconception that email is a right, and that service providers and mail server owners cannot interfere in the right of others to send any message that they choose.
It surely sucks that you’re finding it hard to make a living by sending special marketing emails. But that’s life. I’m also not going to allow you into my house. So sue me, demand your right to enter my house at will and leave your marketing materials on my coffee table. I dare you.
Nice write up, but I think you missed one major problem. Spamers use a method called “death from a thousand cuts”. This particular spammer has offered this advice to other spammers on public message boards. The advice is this, you can file a complaint for minimal expense, while coming up with a defense is a costly affair. If a thousand spammers all sue you (with a cost negligable to themselves) and force you to go overseas to defend your service in a country that doesnt have jurisdiction, then you go bankrupt. Death from a thousand cuts.
How do you defend from this? I dont know, but maybe ICANN doesnt need to be based in a country with such a flawed legal system..
-JP
Dear nameless,
While I’ll agree that “worst dressed list” may be a bit naive, the rest of your message is a half bubble off level.
Spamhaus is more akin to a credit reporting agency. Spamhaus monitors known spam organizations, and provides factual reports on them to anyone who cares to ask.
I don’t see any conspirators. If we decide to direct our mail servers to block the known IP spaces of e360, it is well established that e360 has no viable recourse to force us to accept their e-mail. To force us to accept it could place an unreasonable burden on us.
We are allowed to decide whether or not to accept mail based on algorithms which we choose. Some clever monkeys automated the process of gathering that data from public spam reports. Spamhaus further refined that process and made it more reliable. Yet Spamhaus cannot force mail to be blocked. As mail server owners, that is our perogative, and if we choose to query the Spamhaus data, it isn’t a “conspiratorial intent to block trade” - it’s a legally recognized right for us to block e-mail that we choose not to accept. We can block mail because it’s coming from an IP on the SBL, or because the moon is full, or because it contains three instances of the character N, and there’s not a damn thing a blocked sender can do about it. There is little recourse, no due process, and no right of appeal. If a blocked sender feels wronged, they can contact us at Postmaster@ and discuss the issue - that’s the extent of their recourse.
Spamhaus provides a valuable and impartial service to the community. While we don’t use the SBL, we do recognize the usefulness of the service, and recognize that it is one of the best services out there, with a strong track record of carefully researching those organizations who are listed, and providing those facts so that subscribers may independently see what caused a listing.
The day we no longer have the right to determine who we can block is the day we are going to stop running mail servers. We are watching this with much interest.
BTW “nameless” is the spammer in question, I wouldnt bother responding to the posts or taking them seriously.
No, no, no. Blacklists are not techno-thuggery. As anyone can tell you, SPAM is the thuggery — consuming resources, computer, router, switch, light cycles. Numbers I have seen as recently as July pegged world-wide spam at 60% of all email.
Imagine if you were walking down the street and were accosted by 3 viagra sales men, 2 pornographers, and 1 salesman for the next widget on your way to meet 4 friends. Sounds pretty annoying to me.
Blacklists exist for the reason that we don’t want these “businesses” to enter our lives, premises, or personal space. The legitimate ones use tactics just short of illegal, and our way is to put a selective moat around our space.
This is no different than my city passing a law forbidding flyers or solicitors at my doorstep if I display the proper signage. I’ve reported violators to the city and they get fines and eventually forbidden from doing business in the city.
Spammers know what they are doing is tresspass, and use dirty tricks and tactics to portray themselves as hapless victims.
Arrgh,
to waste time arguing logic with one who has an agenda,…
… that is truely a waste
-JP
Why in god’s name isn’t someone attempting to pursue these organizations under CAN-SPAM? From a quick perusal of the logs, it’s quite plain that what they are doing is not opt-in in the least. Haven’t a few big spammers been sued? Anybody with AOL legal wanna pin this spammer’s nuts to the wall? Has anybody called the IL Attorney General about this guy? I’m sure it’d backup Spamhaus’ position that their blocking of this guy’s emails is legit if the AG opened an investigation on Mr. Nameless up there and proceded to press charges.
http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.htm
Seems pretty cut and dried to me… and it wouldn’t be hard via honeypotting or other means to collect more information on Mr. Nameless’ illegal activities.
Interesting view on the Spamhouse case ……
… many people are blaming the judge in the US for Spamhouse’s problems. However, here is a different view on the case.
If you are not familiar. An US-based company has sued UK-based Spamhouse - well-known antispam fighters - because Spamhou…
I’m going to take the author’s advice, and comment on why “blacklists” are so important. I own a small web design and hosting company, Godmoma’s Forge, LLC. We host approximately a hundred domains, and manage several more.
My itsy bitsy little company was being literally driven out of business by spammers… first the flood of spam emails forced us to abandon Baysian spam filtering, becasue the CPU cycles required to do so on the server were excessive and repeatedly induced crashes (which, in the process, forced us to move many clients to a third party hosting service, sacrificing a significant amount of income in the process). Then, after we turned spam filtering on the server off, the flood of emails began to overwhelm our email client programs ability to handle the volume of email (let alone that of the people reading it) - the sheer number of emails (tens of thousaneds) in the various boxes caused them to break. Finally, the flood of emails begain to get so bad that our email client programs simply could not download the spam as fast as it arrived.
Without email, we could not communicate with our customers - and we were spending endless hours every day doing nothing but deleting spam or waiting for our email programs to process incoming email through their spam filters. We were having a very difficult time operating our business as a result.
I’d resisted implementing block lists, because I was afraid the number of false positives would be too high, but…
When I finally gave in and did so (in addition to some other mechanisms) - thereby blocking email at the SMTP server, the volume of email in one particular person’s email box went from 28,000+ messages a day to less than a thousand… my own personal email box went from 20 spams for every 1 legit email, to 1 spam for every 4 or 5 legitimate emails.
I know a local ISP that devotes 7 dual processor high end systems to doing nothing but filtering email (for just 1800 domains)… and another half dozen CPUs to do nothing but store all the email (mostly spam).
Spamhaus and other block lists are the only practical way to manage the flood of spam. Without them, small companies like my own would simply be unable to run our own email servers.
Bluntly - the only reason email exists, today, as a functional medium, is “blacklists” of companies, sites, servers, etc. engaging in practices that are unacceptable to the subscribers to those blacklists.
Take the blacklists away, and overnight, email servers across the world will choke, fall over from the CPU and other load induced by the increased volume of mail, and the amount of labor required to manage them would go up astronomically. Customers will start screaming bloody murder to ISP and corporate help desks about having to sort through hundreds upon hundreds of spam messages for the few dozen valid emails they want. How many untold billions of dollars in additional lost productivity would be incurred? The sum is incalculablely large.
I have no resources of my own, but I would be glad to submit a statement reflecting the above facts and concerns to the court for its consideration.
Mr. Prince:
Could you please post specific information as to submit comments to the judge on this case? We are a small “mom and pop” ISP which simply could not do without their service.
Thanks to Spamhaus and other lists of spam sources, our mail servers reject more than 95% of all attempts to send them mail — and we do notreceive complaints of false positives, so it is liklly all of those attempts are not legitimate. Yet, even after filtering by the blacklists, fully 30% of the mail we receive is spam! Our Internet connection, for which we pay thousands of dollars per mointh, is severely taxed by spammers and their “zombies” (innocent users’ systems which have been commandeered to send spam). We want to tell the judge this so that he understands how destructive a ruling adverse to Spamhaus would be. Again, please post information on how to contact the judge and any points of etiquette of which we ordinary laymen might not be aware.
… i’m astounded by the arrogance of the court:
1 - the spammer would have (by way of researching their filing) determined that spamhouse is a UK-registered business adn this information must have been in the initial claim
2 - the judge could have asked some basic questions about the complainant e.g. ‘where are they’ and got an answer from filings
3 - the judge could have determined (by using some basic common sense) that the venue might not have been the right location given the location of the alleged defendant.
Where does this assumption that a court can arbitrarily assumption juristiction over a business or individual in a foreign land come from?
If i was defrauded by an EBay seller in the USA (i’m in Australia) my only avenues for action are via Ebay’s local corporate presence or by taking action in the location of the person who defrauded me (e.g. get the local USA police or better business bureau involved somehow).
why does this realistic scenario suddenly become reversed because some scammer decides a overseas agency is undoing their nefarious work? or does USA litigation permit this other-worldiness?
Look, if you take a UK company to a US court on a civil matter, the UK company is not going to hear you. Has no reason to.
It might cause problems if the UK company wants to start doing business in the future; but as far as I know they have no plans to, and if they ever make such plans they would address the US position at the time.
Blacklists aren’t the only option for dealing with the high CPU load of fighting spam. You might want to look at what MailChannels are doing. Rather than relying on blacklists alone, they’re using behaviour and fingerprinting to detect potentially spammy hosts and then only allow them a minimal amount of bandwidth. It solves the problem of high CPU loads caused by content filtering, but doesn’t require the same reliance on a 3rd parties blacklist. I think the case that mail servers around the world will fall over if blacklists suddenly are made illegal is more than a bit overstated.
theChuckster and Chris: the jurisdiction issue is an issue that is common to all common law countries, and as far as I know, any common law country will treat the matter the same way. This isn’t a matter of how the US courts are out of line, or whether the court has properly seised the case. The US case is the proper venue because the defendant submitted to the court’s jurisdiction.
When you get served in a foreign jurisdiction, you can do two things. Either you refuse to submit to the court’s jurisdiction, or you submit to the court’s jurisdiction. If you refuse to submit to the court’s jurisdiction, you do one of two things.
Either don’t turn up until after the judgment, then you can turn up and challenge the court’s jurisdiction; or turn up and enter a conditional appearance, and the _only_ thing you can plead is the court’s lack of jurisdiction, or that it is an inappropriate forum.
That’s the position in Australia, at any rate. If you do anything else, you are taken to have implicitly submitted to the court’s jurisdiction. Put it this way, you cannot have your cake and eat it too. So, why should you be allowed to make any legal arguments about the case, and simultaneously claim that the court doesn’t have the jurisdiction to hear the case?
The problem with Spamhaus is that they starting off doing acts which clearly showed that they were impliedly submitting to the court’s jurisdiction (they submitted written argument about law, for one thing). So, once they submitted, they have to go on, or face the consequences.
The judge didn’t really have much choice except grant default judgment based on defendant’s non-appearance.
It seems that Spamhaus’s and its principals’ only worries are:
1. Not stepping foot in the USA again. Nowadays, many would see this as no real disadvantage.
2. Losing its smamhaus.org URL .
At a guess the main reason Spamhaus probably walked away from the Illinois litigation is that they found it was going to be horrendously expensive which ever way they looked at it and after sizing up the pro’s and con’s including the probably enforceability of any Illinois judgement in UK courts, decided the best thing to was to cut losses and walk away.
Funny thing, that a US Court is trying to reach off-shore like this. Compare this to high level attempted pressure from the USA Government on the EU to go easy on Microsoft in EU courts. Should not the US Government mind its own business - it would soon object to other countries telling it how to run its justice system.
Pity the good Professor did not give the matter a bit more discussion from an international ‘comity of nations’ approach rather than dwelling merely on what the Federal Court in Illinois could do.
I must confess to being perplexed by all this. Leaving out any consideration of whether e360 is a spammer, as I understand it, Spamhaus “publishes” a list of what they consider to be spam sources.
Email providers are free to consult this list and use it to block spam. Spamhaus have published their criteria for listing spam sources. Any email provider who disagrees with these criteria is free to not use Spamhaus.
So what is Spamhaus’ crime? Can a Telco be sued for publishing a Phone Directory because pranksters use it to make calls?
But spamhaus is an “organization based out of the U.K. that doesn’t respect U.S. law”. They presumably respect US law about as much as I do (that is, not at all) because it is irrelevant. They have had legal advice in the UK that “Default judgments obtained in U.S. … courts have no validity in the United Kingdom and can not be enforced under the British legal system”. For all practical purposes, the judgement does not exist.
Consider this scenario. A company finds itself subject to a trade sanction in a foreign country. Officials of that foreign country threaten all officers of that company with sanctions wholely disproportionate to the companies resources. The only way to avoid these sanctions in the foreign country were to invest sums of money beyond the resources of the company. What should the company do?
How about take action in the UK courts to require the foreign official to defend their action?
Would a US judge drop all his cases to turn up at the High Court in London to explain why he did what he did and why he should not have to pay the company compensation out of his own pocket? Obviously not. Ask then why this particular sauce tastes so good with goose, and yet not with gander.
This whole article is silly.
Spamhaus is quite right to ignore the whole thing. The worst that can
happen is that the US courts force ICANN to shut down Spamhaus’ domain.
In which case, all Spamhaus needs to do is move to a .uk or .eu or .de
domain which is not controlled by ICANN. End of story.
Of course a US lawyer would recommend that Spamhaus hire a US lawyer,
at a cost of at least $1000 per appearance in court. That’s a lot of
money for an outfit like Spamhaus.
The final silliness:
“At the very least, this could mean
that Mr. Linford will be at risk if ever he decides to pay a visit to
the United States.”
Strictly speaking, any non-US citizen is at risk if he ever decides to
pay a visit to the United States, because the Bush regime has decided
that foreigners are not subject to the same protection of the law as
citizens. This means that any foreigner unwise enough to visit US
territory can simply be made to disappear. All the government has to do
is allege
that said foreigner is a terrorist and an enemy combatant. Yes, I know
this is still being fought in the courts, but at least until the
government loses and exhausts all appeals, the position is as I have stated.
But apart from that, why on earth would Mr Linford want to visit the
United States? Do you have any idea how intrusive and unpleasant border
controls are for (legal) visitors to the US these days?
De facto, a US court has no power to enforce its decisions in a civil
matter outside the US. The judge and the lawyers can foam and froth all
they want. Spamhaus can, should, and I suspect will, ignore them.
With the current one sided extradition treaty between the US and UK I’d be worried if I was involved in Spamhaus. All the US has to do is ask the UK to put someone on a plane for trial in the US and they are sent over. No evidence of any kind has to be provided. If the UK wants to extradite a US citizen then evidence is required.
So you don’t even have to visit the US to have US law visited upon you if you are resident in the UK.
I think the phrase may be ‘Vassal State’.
I think this is intriguing. Call me destructive if you will, but the possibility of a court ordering the termination of the “spamhaus.org” domain name on the basis of false testimony and a default judgment without jurisdiction has a morbid appeal, like a train wreck. It would certainly cast new light on the “Internet governance” issue, even from the perspective of Americans. “Obvious bad guy manipulates US justice system and Internet oversight body into facilitating spam.” Very tasty.
After reading all of these comments, I’ve not seen one supporter of Spamhaus articulate the actual dispute here - no one is arguing spam is/ is not bad, even e360. What is being argued in the courst case is whether e360 is in fact “spamming”. So disputed facts include whether or not e360 is a spammer, or is in fact a legitimate, opt-in e-mail marketer that Spamhaus has deemed not acceptable for their own reasons. In the U.S., when there are disupted facts, arbitrary vigilantism is not lawful, taking the dispute before an impartial judge is. If e360 was violating U.S. CAN-SPAM legislation I’m sure the federal judge presiding over this case would have deduced that, and Spamhaus’ legal representation would have trumpeted that in their initial response, and this case would be over, or would never have been brought by e360. (Please actually read the CAN-SPAM act to see what is required of e-mail marketers for e-mails to meet the U.S. legal standard, there have been some significant judgements won against e-mailers who violate these requirements.)
From what I’ve seen thus far, it appears the facts specific to e360’s e-mail use do not support Spamhaus (and ISPs affirmatively using the Spamhaus service) restraining trade in the U.S. by arbitrarily defining e360 as a ’spammer’, blocking e360’s e-mail. I’ve noted the comments by a couple of ISP representatives, and would only respond that when they set up to do interstate business in the U.S., they become bound by U.S. interstate commerce laws. And I’m certain a federal judge is better versed (and more engaged in that area) than ISPs are. If the Spamhaus position regarding e360’s e-mail usage is so strong factually, I’m sure a large group of right-thinking U.S. ISPs will file an amicus brief in the U.S. on Spamhaus’ behalf. I do think there will be U.S. appeals court case precedent regarding this issue in the near term (maybe via this case), and I think Spamhaus and ISPs will be surprised at the determination, in terms of rights of e-mail marketers who comply with U.S. federal law.
Frankly,
the courts in Illinois will have to fix this, or they will look like the city manager of Tuttle OK
JWW jr.: E-mail marketers don’t have any rights under U.S. law. If they’re sending mail to my server, I’m free to block it on any grounds I choose. I can block e-mails that arrive on Wednesday, for that matter. The fact that I let Spamhaus decide what e-mails I need to block (at one level, anyway) doesn’t change that fact. There’s absolutely NO law that permits the judge to order Spamhaus to remove e360 from ROKSO. There’s no harm to e360’s business, because I don’t want their e-mails, and neither does anyone who signed up for ISP-level junk mail filters. The only claim e360 has is that being labelled “spammers” hurts their business. In order to make that claim, they have to prove a) that Spamhaus is unjustified and b) that people would otherwise buy their crap. They might win B, but could never prove A. Spamhaus documents on its web site the use of (probably illegal) unsolicited e-mail by e360. They are not legitimate opt-in marketers — they’ve been shuttered by several ISPs for unsolicited e-mail.
JWW misses the point.
CAN-SPAM is irrelevant, US criminal law is irrelevant.
All that Spamhaus do is provide an advisory service, that this IP address is one you may prefer not to receive email from.
They don’t stop email, other than by other people trusting their advice (which is almost universally agreed to be the best such service on the planet - at least of those provided free or largely free).
Going to ICANN is irrelevant distraction, but what makes the story interesting. It is irrelevant because ICANN don’t have a relationship with Spamhaus, anymore than the people who allocate telephone number blocks to phone companies are responsible for blocking phones. It is a bit like approaching the ITU because someone said something bad about you using a telephone.
If the company was genuinely interested in resolving the issue, they would seek legal representation in the UK, where I’m sure the issue would be covered by slander or libel law.
Although Spamhaus, and Steve, are easy to contact, and I’m sure if there was any doubt that the IP addresses concerned are/were spamming they would have pulled the listing.
Indeed the main problem with Spamhaus is that there are large chunks of IP address space, ‘obviously’ owned by spammers, that haven’t triggered Spamhaus’s criteria for inclusion. I suspect this is due to the spammer being careful with their address harvesting.
So this is just someone abusing the US legal system to generate publicity. I seem to remember from the Randi/Geller case that a judge can stop someone from pursuing vexous or frivolous suits, at least in some US jurisdictions.
Spamhouse is a small low budget organisation of volunteers performing a valuable service. E360 has more money. In any fight in the US legal sysyem E360 would win. The only way Spamhaus can win is to walk away.
E360 obviously has a ridiculous case. But that doesn’t matter. Look at SCO. You can bring a suit in the US with absolutely no evidence or rational reason whatsoever and force someone to spend tens of millions of US dollars defending themselves over five or six years before you even get to trial. Spamhaus doesn’t have the money to fight so E360 will win.
Furthermore the interim injunction is absolutely intolerable! Courts mean interim as in maybe five or six years. To Spamhaus and E360 there is nothing ‘interim’ about such a time period. Interim on the internet means several hours, or perhaps a day. Something lasting for years is permanent. Ergo E360 wins absolutely totally and completely by simply bringing the case.
In my opinion Spamhaus was wise to refuse to play. They would have wasted millions of dollars that didn’t have and the absurd `interim’ injunction meant they would have lost before the case even starts. And E360 would have been only the first. Having set themselves up in the business of issuing `spam licenses’, the Illinois court would soon have been doing a brisk business in these interim injunctions as every spamming sleazeball on the net hastened to bring a suit. Death by a thousand cats indeed.
I hear that France has something called the “Toubon Law” requiring that all websites be in French, with translated pages allowed in other languages. Are you blocking access to your webpage from France? If not, your website is non-compliant with French law. What would be your reaction be to a lawsuit against you, filed in France, demanding that you translate all your web writings into French?
I note that http://www.firstgov.gov (the US government website) has a display of female-facial-frontal-nudity, i.e. “The Statue of Liberty”. Female-facial-frontal-nudity is illegal in many “Islamic Republics”. Therefore the US government should place a large burka over top of the Statue of Liberty to remain in compliance with the laws of nations thousands of miles away.
Do you appreciate the above results of your so-called logic? No? How do you think the rest of the world feels about your ideas?
The judge had no other choice?
That is a seriously twisted view of the law.
If ICANN feels they have to comply with a judge’s order, spamhouse simply drops their .com and operates under .uk . In the end, if all blacklist operators exit the non-country TLDs, it would be a loss to the market of the non-country TLDs, and to the country which has the largest share of domains directly under them.
A judge should consider himself to have some responsibility to investigate the plaintiff and the reasons behind the defendent’s failure to show before he gets his pride hurt. Too many judges are losing track of the idea that rule of law is not rule by law.
The only way for those without money to get some defense from those with is that the government must provide some antidote. Either it needs to reign in the courts’ tendencies to legislate, or it needs to provide elected public defenders for both criminal and civil cases, lawyers who can at least advise the court on the validity of a complaint.
joudanzuki, you are totally misconceived as to the role of courts in common law jurisdictions. What we have in the common law world is an adversarial system, not an inquisitorial system. The judge cannot do any fact finding himself. It’s against the rules.
Both parties represent a position, and the judge decides between them. That’s one defining difference between the common law system and the civilian system.
In this case, much as I dislike the decision, what the court did was correct. We cannot have a judge going in there and taking sides on the issue without argument.
What Spamhaus has done is that they have decided that the penalties associated with a default judgment are less onerous to bear than the risk of losing if they had gone to court. If they go to court in the US and lose, that (non-default) judgment may well be enforceable in the UK.
So I guess what the article is really debating is the relative merits of Spamhaus’ decision. Are the consequences really worth it? Did Spamhaus really intend that its officers should never visit the US? Did Spamhaus really think that losing the .org domain was acceptable?
If so, then I think Spamhaus’ decision is justified. However, that’s the CHOICE of Spamhaus. You cannot blame the judge for that. Nor can you blame the legal system.
nudd said
> What Spamhaus has done is that they have decided
> that the penalties associated with a default
> judgment are less onerous to bear than the risk
> of losing if they had gone to court.
Wrong. What Spamhaus has decided is that the cost of *WINNING* the judgement would be too great. All it takes is several spammers to co-ordinate a bit. Set up shell companies and file SLAPP lawsuits here, there, and everywhere. Spamhaus would go bankrupt defending itself in courts all over the place. You don’t hear of MAPS any more. nuff said.
I don’t blame the judge, I blame the b0rk3n American system, where SCOX went 3 years, and forced IBM to spend millions of dollars in legal fees, before even telling IBM why SCOX had filed the lawsuit in the first place.
If you are managing a mail server for yourself or for the use of your own company’s email, by all means, feel free to subscribe to whatever blacklists you like.
But if you are an ISP, managing the servers for customers, you are in a different category.
Only by experiencing blocking can you truly understand the issue. So, I propose we try this little exercise which will make my point. Just post here the ip addresses of all your mail servers. I will then submit them as a complaint to SpamCop, another blacklisting service, one that is notoriously lax in applying due diligence to spam complaints and could care less whether it blocks legitimate companies. Because it does not do much in the way of evaluating, your IP address will almost certainly appear on their blacklist. As a result, you and your customers will experience great difficulty in sending and receiving mail.
When the exercise is complete, come back here and tell me that you think blacklists are a great idea.
Well, what would happen if US based spammers are brought in EU courts that usually have far more restrictive rules against spam than CAN-SPAM act?
Could EU courts rule that US spammers should stop immediately to spam and pay huge fees, or be terminated by ICANN - and if ICANN does not complain, raise the question that the Internet can no longer be US controlled?
The US judge should be very careful, because he could start a conflict between US and EU - and not only - that could go far beyond this case.
I am going to file as much as I can against US spammers in EU courts. Maybe I can become rich…
No, assuming that the law in the US is anything like the law in other common law countries, from what I recall from my (admittedly sketchy) conflict of laws classes, all Spamhaus would have to do is not turn up in court, in which case I think the onus would be on the plaintiff to show that the US is not an inappropriate forum.
This strategy has its advantages. If the court decided that it had jurisdiction, Spamhaus can still wait for default judgment in relation to jurisdiction to be rendered, and then apply for leave to set aside the judgment on the limited ground that the court had no jurisdiction.
Or it could have entered a conditional appearance for the specific purpose of challenging jurisdiction or have the proceeding indefinitely stayed on the basis of forum non conveniens.
Once the judge had decided that it was an inappropriate forum, it is unlikely that any copy cat filings by other plaintiffs would be able to succeed.
The issue here is that Spamhaus should not have submitted to the courts jurisdiction in the first place.
The problem with Nudd’s comment, and the article and probably the court system too. Is that it assumes that foreign individuals know how the US court system works. We don’t! Most of us also can’t afford US lawyers and have no way to judge if we have hired a competant one if we do.
Yes the system in use is an adversarial one and once battle is joined the court must, to some extent, allow the two sides to present evidence and precedent and law and judge based on what is presented. That however is not the limit to what judges in common law systems can and should do.
They are in control of their courts, not the lawyers, they are allowed, indeed required, to ask questions to find out what they need to know. All the judge here had to say was “Where are Spamhaus based?” “Why have you not taken action there?”. He (or she) could have asked more than that and done even better but those two questions would have been enough to stop the US court system looking silly again.
Actually, from personal experience, Spamhaus seems to me to be a bunch of punks who justify abusive behavior because they believe in their cause so deeply.
A data center where I used to host our business was blocked by a number of ISPs after Spamhaus listed one of our Sysadmins (who’s identity they confused with that of a notorious spammer) as a “Spammer Stooge”. This listing was then picked up by SPEWS and added to blacklists all over the country. Let me clarify that the listing was NOT in response to an actual spam complaint of any sort, but to the NAME of a sysadmin working for us, who was NOT the same person as the spammer in question.
We spent thousands of dollars and weeks of our time dealing with the problems that were caused by this, and our innocent computer-tech came under fire from our ISP/Data Center as though he were the cause of the problem. Maybe e360 is a spammer. I don’t have the facts. But I can tell you I will be happy to see Spamhaus go down the drain because it is a fact that their mistakes result in attacks on all kinds of innocent business.
Many of the blacklist operators RELY on the reaction of innocent bystanders who have their IPs blocked. They say things like “You bed with spammers, you are a spammer.” (A direct quote from the SPEWS newsgroup when we posted to try to resolve the mistaken blocking issue, explaining that we weren’t sending spam.) Well, I don’t put up with collateral damage from self-appointed anti-spam guerrillas. Spamhaus sometimes attacks people without just cause or provocation, and I hope to see their moronic organization brought down. If the actual spammers manage to put these self-centered fools out of business for good, I will be happy that they are gone.
I am not saying that Spam is ok, but rather that it is inevitable, and that the vitriolic and almost religious response of groups like SPEWS and Spamhaus only make solving the problem much harder by excluding all legitimate advertisers from having an interest in solving it. Oh, and also, that they have, in fact, failed to stop spammers. I still get spam in my inboxes every day.
There are organizations run by more reasonable folks. Julian Haight from SpamCop is one example, and their model is based on a statistical sampling of complaints rather than half-baked guesses and unfounded accusations. Spamhause is a menace to the internet and we will be better of without them.
The problem is that if they succeed in shutting down spamhaus, by association/ precedent the activities of other blacklists (i.e Spamcop) will be on equally questionable legal ground.
IANAL, but here are my opinions anyways…
nudd said…
> No, assuming that the law in the US is anything like the law
> in other common law countries, from what I recall from
> my (admittedly sketchy) conflict of laws classes, all
> Spamhaus would have to do is not turn up in court, in
> which case I think the onus would be on the plaintiff
> to show that the US is not an inappropriate forum.
No, it isn’t…
a) you can file the stupidest lawsuit you want that barely meets technical requirements; if the defendant doesn’t defend, you get a default judgement.
b) in British Commonwealth countries (UK, Canada, Australia, etc) a losing plaintiff is required to pay *ALL* of the victorious defendant’s expenses. This would include legal fees, time off work, travel and hotel expenses for a distant venue, etc, etc. In the US, that is *NOT* the case. With literally “nothing to lose”, people can file all sorts of stupid lawsuits, and face no consequences. The defendant is out-of-pocket for a lot of money, simply to have a lawyer show up and spend 5 minutes destroying the suit. Rinse, lather, repeat, and a defendant can be financially destroyed by a bunch of spammers, each of whom would need to spend approx $100 filing virtually identical lawsuits all over the place.
> Once the judge had decided that it was an inappropriate
> forum, it is unlikely that any copy cat filings by other
> plaintiffs would be able to succeed.
Wrong again. Another judge *IN THE SAME STATE*, may decide differently. Only if the case goes to state appeals court, and judgement is pronounced, only then is it binding precedent on all courts/judges *IN THAT STATE*. There are 50 states with different laws, and their decisions are not binding on each other.
Even if the matter is forced to federal court, things aren’t clear. A decision by a lowest-level federal court is not binding on other lowest-level federal courts. A little-known fact is that the US federal court system is divided in geographical areas called “Circuits”. A decision in the US 6th Circuit, appealed and ruled on by the 6th Circuit Appeals Court, is binding precedent on federal courts in the 6th Circuit. It is *NOT* binding precedent on courts in the US 9th Circuit. Different circuits can, and often do issue different rulings on virtually identical cases. One common reason for taking a case to the US SUpreme Court is because different circuits have conflicting rulings. Only after being upheld by the US Supreme Court, will a ruling in the 6th Circuit be binding precedent across the rest of the country.
ICANN To Suspend spamhaus.org?…
Over on Techdirt, this entry suggests that UK-based Spamhaus, a publisher of a widely used list of known spammers, may be in trouble after failing to defend themselves in a US court in a case brought against them by an alleged spammer.
The suit was ori…
what would be interesting is for Spamhaus to file in the UK alleging that the Illinois court is interfereing with business. e360’s case seems as well-planned and thought out as SCOs .. corporate blackmail .. and for a court to support that does indeed show the judge to be ignorant. Since when did US judges have jurisdiction over UK citizens, corporate or real?
I’m a sysadmin at a small ISP. We are not located in, nor do we operate in the US or the UK. Also IANAL.
The services that Spamhaus and other reputable black list services offer is invaluable to the Internet community. The scourge of Spam makes the valuable tool of email almost unusable. One of the biggest complaints we get is that our customers receive too much Spam and why can’t we do more to stop it. Blacklists are currently one of the easiest and most cost efficient ways to combat Spam and to help keep our customers as our customers. Spamhaus is to be complimented for the way in which they identify and report Spam.
Spamhaus is a non-profit organization, partly volunteer staffed, working co-operatively in the Internet Community to reduce Spam. It gets much of its funding from donations and sponsors. This type of organization cannot possibly attempt to defend itself against lawsuits in far away places, nor should it have to. One would hope that the judge in this case takes this into consideration and finds a way out of this mess. The judge has been placed in a bad situation that he can make much worse if he continues on his current course.
I wouldn’t want to allow mail from e360 on my systems. Spamhaus is showing that they’ve been terminated by 6 ISP’s for abuse, plus there are samples of the Spam and history of David Linhardt operations. In the published emails, Lindhardt does not deny the spamming, he offers excuses, blames it on someone else and makes a lot of threats. There is no doubt that a lot of Spam came from systems he was responsible for, over a number of years.
Politically, this case is not like KaZaA. This is a non-profit, volunteer, Spam fighting organization being sued by the one most despised creatures of the Internet world .. a spammer. Spamhaus has all the high ground, e360/Linhardt has the low ground.
The judge would be well advised to step back and take a look at the bigger picture. He would also be well advised to avoid being ‘pissed’. Judges really need to avoid emotions in their decisions.
He also needs to know that many parts of the world are watching his decision and his handling of the case. As such, the judge is very much a representative of the US. Since it is obvious to most of the world, that a UK company operating in the UK, not in the US or even Illinois, should not be under the jurisdiction of US law, the judge’s decision(s) and actions very much reflects upon the US as a whole. To be blunt, the US is despised in much of the world and has very few true friends, a decision against Spamhaus only adds to the US’s woes abroad, particularly when the decision(s) and actions potentially violate the laws/sovereignty of one of the US’s few true friends (is it legal in the UK to obey a foreign court order? Some countries don’t allow it).
Another issue is that the UK is about to get a new Prime Minister. Tony Blair has become increasingly unpopular because of his support for the Iraq war and his close ties with the US. It is unlikely that the next UK Prime Minister will be as accommodating. Here is a perfect case that a government could use to show citizens that it isn’t just a US lackey. A government could (and should) raise this to a international incident level. Here we have a spammer suing a volunteer, non-profit organization in a foreign court. If the judge thinks that a few bloggers calling him ’stupid’ is bad, just wait until it hits the mainstream press. Headlines like ‘US Judge supports spammer’ or ‘US Court fines UK Non-profit’ or ‘US Judge violates UK Sovereignty’ would just be the beginning. The fine points of US Civil Procedure won’t matter one bit. The decision(s) will be an embarrassment to the US and the US Federal Government will have to get involved to somehow resolve the situation. In addition, if ICANN is forced to remove the .org by the Court, the US will be under a lot more international pressure to release control of ICANN. What happens to judges that embarrass the government? Probably nothing overt because of judicial independence. But when it comes to re-appointment and promotion to appellate positions it could be a completely different story. The decision(s) that this Judge is making could be very career limiting.
How can the judge get our of this? If I was a judge, one of the things that would get me ‘pissed’ is being lied to. If Linhardt has certified, under oath, that Spamhaus does business in the state of Illinois or the US, then the Judge should be able to examine that statement and impose sanctions if it is misleading or if it is not true. (The statement apparently in the complaint is an outright lie.) I’m sure the Judge has already been advised that jurisdiction is in dispute. If he finds that Linhardt’s complaint is partly false, he could impose sanctions, like dismissing with or without prejudice. If he dismisses without prejudice, the process gets to restart and Spamhaus can handle it correctly at very low cost. If Linhardt appeals to the 7th Circuit, worst case is that it gets sent back for retrial and Spamhaus can handle it correctly at very low cost.
This Judge is in a lot of hot water. The best thing he can do for his country, his judicial system, his court and himself is to get rid of this case.
I manage a system that gets 250,000 emails a day. Over half is spam. IP blacklists are the single most efficient way to deal with this spam.
Our company sometimes gets listed on these blacklists as well. This is because some of our customers do in fact send unsolicited email. But I don’t rail against Spamhaus and the like when that happens. They are doing exactly what they say they are doing!
If you look at the websites of some of these blacklists, they explicitly say that there will be false positives. ISPs choose to use them anyway, because more often than not they are correct.
Bottom line, they are not blocking email. People freely use their service, among many others like it, to block email for themselves. I wonder how many of those other services are also blocking “Nameless”?
I run a small ISP — with a couple of dozen mail servers. We utilize Spamhaus as one method to classify spam on a number of our servers. We are responsible to our customers; thus, if we let too many UCEs into our servers, our customers complain; if we block too many legitamate e-mails, customers complain. Spamhaus serves as an excellent resource for for those sending questionable mail. No one forces me to use the Spamhaus list, or any other list. We operate our own internal RBLs and RHBLs as well. We reserve the right to deny network traffic from any source, for any reason - as most ISPs do. If I wish to deny all e-mails with the subect lines containing the word viagra, I am perfectly in my right to do so; If I wish to block all email sourcing from APNIC address I am perfectly within my rights to do so; If I want to compile a list of mail servers run by jackasses and publish that list as an rbl, I am still within my rights. I am not forcing my list upon any other postmasters, and if my users complain about not getting e-mail then I have to respond to them as my customers, but I have no reason to respond to the jackasses who run the mail servers I am blocking. That said. Spamhaus obviously make a mistake by first accepting the jurisdiction of the court and then denying it. Mr. Prince has done us a service by placing these issues in the proper perspective, and I thank him for that. I am curious about something though: Insight’s argument is that they have been damaged by being labeled a ’spammer’ by Spamhaus — if, however, Spamhaus had simply published a dnsrbl of sites that they do not accept mail from — for whatever reason — then could Insight claim that Spamhaus was libel for other sites using its list?
Joshua: I was following along with your attack on Spamhaus nicely until you spoiled it by using the phrase “legitimate advertisers”. Bzzzt! Sorry. Please play again.
There ain’t no such animal as a `legitimate advertiser’ when it comes to email. It is my machine and my email account. I pay for the storage. You want to put advertising on my machine without paying?
Email `advertising’ is like spray painting a graffiti advertisement on all the fences in the neighbourhood. Find another way to sell your VI4GRA.
I get something on the order of 180 spam messages per day. My patience for anyone who thinks this is a method of `legitimate advertising’ is exhausted.
A few comments:
1. Spamhaus (and most RBL’s) don’t have an objective, effective way of appealing being labled as a spammer. Lets fase it, RBL’s have ammassed a great deal of power on the internet. Abuse of that power happens (can you say colatteral dammage?). This is, simply put, wrong, and thats made worse by there being no accontability of any kind in the process. Power corrupts, especially when unchecked.
If an orginization sets itself up to make judgements of others, then it really needs to have a system in place for dealing with the abuses that do occur.
2. The claim that mail admins choose to impliment the SERVICE is true, as is the claim that mail admins are free to impliment it in a number of ways. I see this leading to claims that this takes the RBL off the hook - after all, they don’t choose what to block. That would be true, if that was how the RBL’s actually work, but the argument doesn’t hold water.
For the argument to hold water, the mail admins would have to be involved in accepting or rejecting lists on an ongoing basis, that is they would have to activly be involved in the process, or at least be advised of what is in the lists. As we all know, the majority of those admins using the RBL’s don’t - they use it as an automated system, and only look at it when a complaint is made or something breaks. Because it is used by so many in this automated way, the claim of RBL’s blocking mail is not as out there as many claim, and could (in my opinion) be proven in court.
3. Spamhaus does enough buisness in the US that a claim of juristiction could likely be upheld. they have distributers and clients in the US, US based volunteers, etc. In other words, I think there is ample contact to assert juristiction.
4. The court has a lot of options in addition to taking away the domain name. The court could order all US based ISP’s to reroute all Spamhaus domains and IP addresses to /dev/null or even to a site controled by 360.
Sorry, that’s one of the silliest things I’ve read in along time. There exists, in the US, no statatory control over routing tables - no court has any right to compel a third party to enforce a ruling in a civil case. Finally, I am fairly certain that such an order would violate several FCC reglations, as well as standard inter-exchange contracts.
The fact that many administrators don’t understand how their systems work simply speaks to sad state of systems administration on the Internet and not the culpability of Spamhaus. If we were to blacklist the IPs of all poorly administerd servers on the Internet, 70% of the Windows nodes would disappear.
Good postmasters monitor their mail systems regularly and are quite aware of what’s being rejected and what’s being accepted. If, as I stated before, they are too aggressive or lax then their user base will complain. I have never heard a user complain they did not recieve an UCE. What you are suggesting is that Spamhaus sould be held responsible for the way people use the information they provide. As I recall, a similar tactic was was used to sue Consumer Reports — that suit failed.
US courts have to operate under the false assumption that their control extends to the ends of the earth. So someone sends a summons via regular airmail to (this is the correct spelling, btw, prof) a defendant from, I dunno, Timbuktu, and the court, especially a first-level superior court somewhere, pretends that the poor Malian textile designer has an obligation to drag herself to Ohio. And even if she does, and makes a “special appearance” to argue lack of jurisdiction, the court is going to rule that it has jurisdiction and she’ll have to fight it up to, at minimum, the state appeals court.
Spamhaus did something very sensible for a non-profit org dragged in front of an alien court, they told it (in essence) that its writ doesn’t extend beyond the borders of the USA. What they should have done is say this from the beginning - they probably could have saved a couple of thousand dollars to boot.
I’m tired of Americans being self-important.
Spamming people has the same rights has repeatedly blowing an airhorn at 3am in a suburban street.
Let the Americans have their American spam. The rest of us can use Spamhaus.
When the US Judges’ children and grandchildren are bombarded with pornographic spam then maybe they’ll make the obvious decision.
Spamhaus should just open the gates to the American people - then watch the lawsuits fly.
Despite you not wanting people to make disparaging remarks about the judge who teaches at the same law school as you the fact remains the judge IS an idiot.
This is a clear example about why having ICANN under USA jurisdiction is a bad thing.
Hi Matthew,
Thanks for your views. I see no reason to “politely educate” the judge. If he has any intention to do the right thing, all the information he needs is already available. I will say one thing though. I run my own mailservers and I use Spamhaus. Spamhaus is not blocking anything. I AM !.
I get my advice from spamhaus, yes, but if I really believed e360 was not a spammer I would whitelist him. I don’t though.
If spamhaus really did list people who was not spammers, I would also quickly stop using their advice. Spamhaus has NO interest in listing non-spammers. It would undermine their whole raison-d’etre and people would stop using them.
So given that the judge has no jurisdiction over the U.K.-based company and that spamhaus is not blocking anyone (the users are) it should be pretty clear for the judge to throw e360 out of the courtroom a make them pay for waisting the courts time. - regardless of what Spamhaus has made of technical legal mistakes !!!
If however, he does not do that and demands that ICANN delists spamhaus.org, it would in my oppinion become a political question. We in Europe can NOT have the twisted workings of the US legal system unilaterally affecting the Internet in this way. It would be a very good reason to move the root-servers under UN control or even fork the root-servers.
You say that we should not speak badly about the US legal system. Well.. I won’t then, but I’d say that this would be a nice chance for the US legal system to show us that it is really not as bad as the rumor in Europe says it is.
Spamhaus should have just ignored this lawsuit all together.
SK:
I know of a person who insisted that he should recieve all mail addressed to him.
The reason was that he was a public servant and some poorly drafted legislation that required some public servants to retain all their commucations. I don’t remember the specifics and this was a long time ago.
This was in Finland and the guy was an idiot but
just so that you know there is a person somewhere in the world that wants to recieve UCEs.
Ian - on a personal level, I feel the same way you do about spam. I get a lot of it, and because I can’t afford the risk of false positives (blocking an important message from my customers), I wade through it by hand every day. I don’t think you are being fair to discard all of my points so quickly.
I understand that you feel that receiving a piece of email without your permission violates your personal rights. I do too. if you are like me, you probably also feel that way about the 30-50 pieces of junk snail mail you get every week, or the barrage of phone calls from telemarketers. It’s invasive and annoying, and we also bear part of the cost of that junk mail and those phone calls.
What I am saying is that if we intend a solution to the problem, we have to set aside some of our personal indignation and think about the problem realistically. We can stop people from advertising to us via any means of communication available, from billboards to spam to multi-level marketing. Selling things to people is the basis of our entire economic system, and the pressure to advertise is incredible. As far as I know, every medium of communication is littered with advertisements ad product placements.
I agree that spam is annoying, invasive, and unfair. But many of the anti-spam groups are annoying, invasive, and unfair. Although they are often correct in identifying spammers, they are self-righteous and unapologetic when they are wrong. Worse, they form part of a group of RBL’s who often intentionally target innocent bystanders in order to put pressure on ISPs. They intend to punish, not just to block illegitimate traffic.
These groups will often ban a significant IP range in order to “strike back” at an ISP they feel is “helping” a spammer. In the real world, we label the targeting of innocent bystanders to get attention and force change as “terrorism”. Many of the anti-spam groups take the stance of judge, jury, and executioner, with the thin excuse of “Well, we don’t make people block your site. We just libelously told them you’re a SPAMMER STOOGE. They can react to that however they want.”
Ian, I agree with you deeply on a personal level, but your reaction that “anyone who would advertise by email is illegitimate” is a purely emotional one, and it won’t help us get less spam. A spam-free e-mail system will require a serious re-engineering of the way e-mail fundamentally works. And it will cost us a lot more money.
EVERY MAJOR COMPANY IN THE WORLD WOULD LIKE TO ADVERTISE BY EMAIL TO WILLING RECIPIENTS. Less legitimate companies and less moral people will send it to whoever they want. Governing bodies and vigilantees alike rarely succeed in getting rid of something by banning it. Spamhaus has failed to stop my inbox from filling with spam. I think we will solve the problem much better if we keep our feelings out of it as much as we can and aim at practical, objective solutions. If legitimate business interests thought they were going to get voluntray advertising opportunities out of it, I think they would spend a lot of money on modifying or redesigning the infrastructure of email to lock out the less legitimate ones.
Walter, what you’re missing is that this is fundamentally a jurisdiction question. Spamhaus could have let the plaintiffs obtain default judgment and _still_ challenge the judgment on the question of jurisdiction so long as it _handn’t_ submitted to the court’s jurisdiction. This would have been far cheaper than having to argue the case on it merits. (eg, you don’t have to go to discovery, trial, etc)
As to the question of costs and copycat litigation, judgments may not be binding, but they _are_ highly persuasive. The fact of the matter is that once you win on your jurisdiction question, you can apply to have any other lawsuits struck out as an abuse of process, and in that case, you _can_ ask for indemnity costs against the plaintiffs who are bringing suit in bad faith.
I just don’t think people who criticise the judge or the legal system really understand the issue. Spamhaus had bad legal advice, and as a result, has made a crucial tactical error at the start of the case that has painted it into this corner.
nudd,
It really doesn’t matter if Spamhaus had “bad legal advice”. Any legal system not capable of taken the right decision regardsless of “tactical errors” is fundamentally broken. So what if Spamhaus made an error by requesting the case moved from state court? Any non-broken legal system would be able to sit down, look at the facts which are:
1) Spamhaus is not blocking anyone. Blocking is done by those who choose to trust spamhaus.
2) e360 _is_ a spammer and have obviously lied about how and where spamhous operates
3) Spamhaus is a UK organisation which a US court can do nothing about - except taking the utterly controversal move to tell ICANN to remove the domain - which again will have NO EFFECT, since Spamhouse will function just as well with an org.uk domain (or other ccTLD). The only effect from this will be increased political pressure to move the domain system to UN control.
Instead, the US should do something about their spammers. US ranks alone on the top-10 spamming countries at Spamhaus.org
In Denmark we have practically no problem with danish spam. One of the reasons are that anti-spam laws are effective and it actually matters if you complain to the authorities. Spammers are stopped by an effective enforcement of the law. Unfortunately we can do little about US spam coming to Denmark - except use Spamhaus or another RBL.
Boy, this is a perfect example of just how broken the legal system (maybe ANY legal system) is. It’s all about blind adherence to rigid rules. (”Counsel failed to wear the BLACK loafers to court, wearing instead the BROWN loafers. Judgment for the other side!”)
Just to be clear, I’m not calling this particular judge stupid. I’m declaring moot the question of participants’ intelligence when the system itself is all about form and nothing about substance.
AFAIK from reading documents about the case, the only action of the Spamhaus lawyer in the US was to request a dismissal on the grounds of no jurisdiction (as Spamhaus is entirely in the UK). This was denied so Spamhaus’ lawyers said they would withdraw.
If the a US Court would like to establish the position that foreign entities can be pursued in this manner, does this mean , by quid pro quo, that courts in the EU can pursue US spammers for breaking EU anti-spam laws even though they have no presence here?
Maybe the best scenario is that Spamhaus does lose their domain and email systems everywhere are flooded with spam to the extent that they become unusable. Maybe that would provoke more sensible anti-spam legislation in the USA.
I note that the website of the Illinois court concerned does not publish individuals email addresses - perhaps they have experienced problems with spam.
I am a system administrator for a small email server (at its peak, it had about 300-400 email users). Spamhaus has been an invaluable resource for reducing spam as had been other blocklists.
The other very effective method I have is to use blocklists that list “dynamic IP address” such as modem pools, cable modems and ADSL lines. These are the single largest sources of spam in my logs. I have also created tables of hostnames that I consider to be associated with dynamic hosts for the purposes of blocking. These tables have only rejected mail from TWO legitimate hosts, which a whitelist resolved in a hurry.
As a consequence of e360’s lawsuit against spamhaus, they have not only been entered into my postfix access tables as “REJECT” entries, I have entered them into IPTables as “DROP” entries. IOW, their packets are dropped before the SMTP daemon sees them. Everytime e360 shows up
If it wasn’t for my need to accept email from US-based servers, I would very strongly consider blocking all US-based addresses, whitelisting where necessary.
One thing I think that people like Linhardt from e360 should consider is that if Spamhaus gets shut down, they will make some very powerful enemies. Companies like AOL and Microsoft, who have successfully sued spammers in the past, and won.
How about instead of bad mouthing the judge, we take a good hard look at the utterally deplorable state of the judicial system in the U.S. (where I live and am a native born citizen) that allows a procuedural detail to completely screw over a foreign company who does not even operate in the U.S.
Perhaps the judge had no choice, but shouldn’t that right there tell us the system is completely broken?
This whole case is stupid, and personally, I think the spammer who started should be extradited to the UK for trial on spamming charges. If not just banned from using computers. We do it to hackers all the time…
Hasn’t anyone noticed that the original decision came from a civil court? How can Mr. Linford be at risk in the US over a civil court matter? If that is the case, then millions of dead-beat parents in the US should be extremely concerned!
This “proposal” to the judge is just that, nothing but a proposal from e360’s lawyers. No one has even produced the real and actual court documents, and no matter how much searching I do, I cannot find one single comment from the judge in this matter.
How can everyone state so decidedly that the judge is angry, that the judge is going to do something about it, etc etc when the judge hasn’t said anything about it?
Oh, wait. You must be reading (and believing) what the spammers are posting online.
All the judge needs to employ is common sense and applicable laws (such as CAN-SPAM, duh).
Many people here are missing the legal point this is placed, Spamhaus did acknowledge the US legal system applies to them. Simply put:
Spamhaus: “Mr State Court, we think this issue is under the jurisdiction of the Federal courts.”
State judge: “I agree, we’ll move this to Federal court as you requested.”
Spamhaus: “We don’t think any US courts have jurisdiction, we are not showing up.”
Federal judge: “Not true, I have this case because you put it here.”
I’m sorry, you don’t need to be skilled in US law to see the flaw in that attempt. Further, ignorance of the law is not a valid defense.
Since Spamhaus did not show, and did request the hearing, the judge had to enter a judgement. You can know e360 is evil, but the law has to error on the side of caution. If you were being ripped off by a foreign company you would be right in getting a default judgement that could be enforced later if/when the foreign company got involved on US soil.
So now the order is to “seize the US assets” of Spamhaus, which is their domain name. The case for ICANN is to decide if a domain name is considered a US asset.
It’s important to understand that the facts of the case (e360 is a spammer, spamhaus doesn’t block anything, “worst dressed list”, etc) will not be part of the case unless spamhaus shows up to enter them.
“Spamhaus had a likely winner of an argument if they’d made it from the beginning: the U.S. court does not properly have jurisdiction over the U.K.-based company.”
Erm… so that means that any US citizen or other entity can demand that I, a citizen of another country, show up in a US court or otherwise spend resources (money, time, firstborn etc.) to defend myself against a frivolous lawsuit, even though the court has absolutely no jurisdiction? That’s broken. Severely. Common sense has obviously fled the scene a long time ago. I should not have to make any argument anywhere except in front of a judge in my own country as long as my actions are performed within the borders of same. Otherwise I’d very much like to see how the US authorities would go about handling all the blasphemy spewing from the televangelists in the US - as the Iranian courts would no doubt call it…
Another thought….
If I’m unable to utilize the SBL/XBL to filter my e-mail, am I going to be able to hold e360 responsible for the hundreds of man-hours that are going to be spent by all of my users when they get hit with a flood of spam? Even though I’ve already manually blocked every single IP address that has a hint of e360 on it, if I am unable to utilize a blocklist that I *choose* to utilize, someone has got to be responsible.
Right?
What I don’t understand is this:
Why should spamhaus have to show that e360 are spammers? The lists belong to spamhaus. Shouldn’t they be able to put whomever they want on them? If this isn’t the case, spam listing will soon be impossible for anyone. (Well, at least “legitimately” spam listing will be.)
As to spamhaus actually justifying their position and showing that their list is good and/or useful. Isn’t that between spamhaus and the community?
Isn’t anything else blatent US government enforced censorship? (vs personally chosen filtering)
Now, if e360 wants to sue comcast (and every other large semi-monopoly ISP they can find) for making use of spamhaus “unfair” list. I suppose that might be a different matter altogether.
What’s really missing in US law? A way to punish frivilous lawsuits. As pointed out much earlier with the “thousand cuts” reference. Neither spamhaus nor any other spam list can afford to operate in the US under current law no matter how good they are.
Assuming a legal precendent where they must “prove in court” someone is a spammer (a practical impossibility) no black hole list of any useufulness will be able to operate. I should think that’s blatantly obvious to any onlooker. Perhaps someone needs to file a “friend of the court” brief about it.
Spamhaus has gone too far, thats why this whole problem is here. Spamhaus does a LOT more then just run a list. They go after upstreams and have them yank internet connections and guess what? Sometimes Spamhaus is WRONG, dead wrong, and then when you try and correct them you get a big FU from them. I like what they are doing, but they got to not be NAZI’s about thier list and work with people when they have tons of evidence to prove that IP’s banned and associated with a ISP are not.
Honestly, after dealing with Spamhaus for the last couple of years I think they have either got some bad data or dont have enough time to really dedicate to having a good clean list, and as a result they will be pushed off the Internet. That’s great, cause someone else will come in and do the job they claim to be doing better.
Even though I’ve already manually blocked every single IP address that has a hint of e360 on it
Oooh!! I’ve got it. Someone make a “this is related to e360″ factlist (”whitelist”?) that we can all choose to negatively or positively subscribe to at our own discretion.
I guess this is along the lines of putting up a list that says: “This is a wonderful list of quality doubly verified opt-in marketing sites.” “Please whitelist all of them so you can recieve their wonderfully useful content”.
Heck, spamhaus could do this themselves, and probably adhere to the letter of the restraining order at the same time. All they have to do is make a new “white” list for “doubly verified opt-in quality marketing firms related to or similar to e360″.
Doublespeak. If it can cut us it can cut them.
I am disappointed that no friends of the court appeared. It seems to me that if the United States themselves do not feel they have an interest, there should be other agencies and bodies who have a reasonable excuse to attempt to assist the court with some of the things that it is not permitted to investigate itself.
Most arguments/discussions seem beside the point. At the first court appearance SPAMHOUSE should have argumented that this case belongs in a UK court.
You can’t blame anybody for the consequences of not doing so except SPAMHOUSE and/or their legal advisors.
My servers have been blocked by Spamhaus due to a blocked IP range from someone else’s servers I had no control over. I had to actually get new IP’s and put in hours and hours of work to get off the IP that Spamhaus blocked. During trying to work with Spamhaus I was treated like SH&T and basically given the FU. I hope Spanhaus get the FU back ASAP.
We run our mailserver as part of the communications infrastructure of our business. We agressively protect this business asset by employing vigorous anti spam policies. Our staff are being paid to work, respond to business emails. So we protect them from all distracting emails. We own our server. We pay for the bandwidth between us and the internet. We have an inalienable right to decide who/what uses our bandwidth/server time up. We do not want to receive spam. Therefore Mr 360 can go and boil his head as far as I am concerned. He has no rights to make us read his trash any more than the postal junkmailers can “make” us open their envelopes after they fall into our mailbox!!
Chris
If the spamhaus domain is actually taken off, and if this is not immediately fixed by providing the same lists from a different domain, then perhaps it is time to look for a more reliable way to provide the info, that is not so easily taken down with an arbitrary court order. Perhaps something more “peer to peer”.
Anyway, I’m not sure that the effectiveness of Spamhaus blocking has a lot to do with the case in question. Almost all spam I see is sent using exploits (open proxies or “zombie PCs”) and the Spamhaus XBL is a list of such IPs. The e360 case is about them being included in ROSKO and subsequently on SBL - this is a list of static IP addresses used by spammers - old fashioned spammers that are still honestly paying for their half of the connection. Most spammers now just steal those resources (spreading computer viruses, using them to take over PCs and then using the resources they’ve taken over). So perhaps this part of Spamhaus’ activity is not needed so much as in the past, and probably it is much less significant than what it was in the past relative to the effectiveness of XBL..
What amazes me is that those spammers are doing all this illegal activity: breaking into millions of computer systems, overtaking them, using their resources, and then send millions of messages gforging the sender’s identity by using the identities of real people/organizations as the “sender”, and yet everybody is just shouting “unsolicited, unsolicited. unsolicited…”. Are all these activities legal? Is it ok to use viruses to take over PCs and use them to send mail with forged origin if there is a “remove” link or some other CAN-SPAM required stuff?
There are criminals out there, what they do is punishable by many years in jail, and there’s plenty of evidence out there in the form of billions of spam messages with headers showing they were sent from various PCs around the world. Those people who hired the criminals to provide this service should be punished for the crimes commited in their names and their contact info is in the spam. I think there are plenty of ways to put spammers behind bars that have nothing to do with “how spam is defined” or whether their stuff is solicited or not, whether avoiding it is costing lots of money or not. What they are doing in the process of sending their spam should be enough to put them in jail with no special anti-spam legislation. So what’s needed here is perhaps some kind of collaboration on collecting the evidence showing that a certain business is paying for spreading their ads using “zombie PCs”, or that they are paying to have email with forged origin sent on their behalf.
Maybe Spamhaus should just shut down for a few days and let the rest of the world see what happens. Lets see how many unsolicited emails come from the e360 domain and the subsequent domains/ISP’s they are in business with. Maybe the Judge gets soo much Spam from e360 that he finally sees the light. I’m also wondering if he even looked at any of the accusations as to why this company was even listed. This is the same thing that happend with thepiratebay.org who is clearly facilitating the illegal trade of copyrighted material. The RIAA lost after thousands of threats. They finally saw fit to litigate in that organizations country. what was determined was that the only thing they had was a list. Though this is different the premise is the same Spamhaus provides a list of potential spammers defined by an algorithm the subscribing ISP’s can choose to honor this list, modify it or ignore it. Ultimately it’s up to the ISP to allow or deny email from a particular host. Lets face it if your running an internet marketing company you should probably have a full time mail admin that knows how to deal with this type of thing. I wonder how many emails AOL bounced do to not being in compliance with RFC
This should have never have made it into the US court systems. Hey isn’t this the same state in which Judge Julius Hoffman was impeached after the trial of the Chicago 8?
Mike,
Yes… that’s the summary. And you would probably be right, if Spamhaus was a local US company. But it is not. It’s a non-profit UK based organisation and it makes absolutely no sense to issue a “default judgement” in Illinois to make them pay $$$ to a spammer who is obviously abusing the US legal system. … not matter how mush spamhaus could have acted smarter.
So go along… seize the US assets of spamhaus. If that means the spamhaus.org domain, you’re just going to piss of a lot of Europeans.
Why would Europeans be pissed off by the loss of spamhaus.org? It’s an American domain. I would think Europeans would be indifferent, not pissed off.
As the email solutions designer for a rather largish ISP I have a few comments. Spamhaus provides a list. We have found a blocks of our IP’s on the list due to some of our users getting infected. Our abuse department gets ahold of them, we explain and get removed. I wont say whether we use spamhaus but we do use blacklists. 85% of inbound traffic is defined as spam and dropped and we still get lots of complaints about folks getting spam.
Since each $Buy $Me message costs about $1.50 to pass on to our endusers spam is something we dont want. I have no obligation to send anything to my customer that they havnt specifically asked for. If they dont complain that they are not getting it, they didnt ask for it and I can flush it as needed.
If I lived in Illinois I would be suing this guy on behalf of my own person for sending me unsolicited material that I pay for via a monthy subscription fee. In small claims court, with thousands of likeminded people a slapp in reverse. Perhaps that is what is needed here. The court system would bog down, crawl to a halt and perhaps then, people would notice what a real problem it is.
I run a blacklist (TQMcube). We don’t take the same risks as Spamhaus because listings are based either on spam receipts (spam list) or dynamic ranges (dhcp). There’s not much that is discretionary.
That said, it seems perfectly clear that the judge was obliged to follow the law. While probably incorrect, the plaintiff had a valid theory of jurisdiction. HOWEVER, Mr. Lawyer, when that is the only means of establishing jurisdiction (”doing business in”) then damages are limited to those within that jurisdiction.
It would be sad if a presumed spammer could do this on a specious claim of jurisdiction and a case that would unltimately fail at trial.
It seems contrary to public policy. I recommend that those who feel - as I do - that Spamhaus is an important endeavor, contact ICANN, TuCows and the Judge to ecpress, in business-like terms, how valued an asset SpamHaus really is to the Internet community.
Two points from the article:
1) e360 was never listed in rosko.
2) they probably should have been, given the amount of spam in my corpus from them specifically.
Yes, Linford got some bad legal advise from his lawyers. But while you point to the changing of jurisdiction and then trying to say that the court had no jurisdiction, is indicitive of something else.
One needs to see the court filings to know for sure and they are a matter of public record.
What is curious is the question of jurisdiction on a willful tort. Is it in the UK where the list is maintained, or where the injured party lives?
One also has to ask, can an ISP be held liable for the same wilful tort? The CAN SPAM Act as well as several cases say no.
Lindhardt’s lawyer made several overreaching statements regarding what constitutes a going concern within the US, specifically IL. (The use of a .org,.net,.com (Controlled by the US ICANN), along with product offering and pricing in US dollars? If that’s all it takes … Well, things could get ugly…
There’s a reason why spamhaus walked away. And its that advice which was wrong.
But hey! What do I know?
Note to elf.
Not true.
E360 was listed as part of another spam organization.
E360’s sites were spamvertised using this illegal software.
So while no spam was sent from E360’s servers, it doesn’t mean he’s not a spammer. But that doesn’t mean he’s in the clear. Companies that hire services to blast advertising junk faxes are liable for any judgements arising from violating the junk fax law(S). By the same logic, those that advertise by Spam would be held accountable too.
The US thinks it runs the world. Spamhaus should just move to a non-US domain and block users registered in control-freak juristictions which permit nuisance-grade court actions (and idiotic patent registrations).
The sad thing is that using a black list is a protected right of an ISP or site admin under the CAN-SPAM ACT. (Prior Case law also supports this.)
Its your property so you can determine what IP traffic you will allow and from whom.
Running a black list site is also not against the law.
Spamhaus’s blacklist is a very well run list and has been above board and ethical.
With respect to the ROSKO which is not a black list in and of its self (Not used for filtering e-mail), it too is a very well run list where care is taken.
If you see the list of Law Enforcement partners, you can see the immediate value Spamhaus brings to the ‘net.
While the judge had no choice but to find in favor of the plaintiff by DEFAULT, their latest motion clearly indicates that the actions of Spamhaus were by no means either a willfull or intentional tort.
Spamhaus clearly indicates who, what, where, when and why anyone is added to the ROSKO. In consideration of the person listed, if they do not spam or are involved in spam activities for the period of 6 months, they are removed from the public view. This policy is clearly stated on the Spamhaus site.
Additionally, if as the plaintiff has constantly challenged that Spamhaus has a business presence in the US, then why did they have to notify and serve Spamhaus in the UK?
There’s more to it, however, it would not be proper to address those issues in this formum.
Bob,
Spamhaus was accused of a willful tort because Lindhardt claimed he was unfairly listed on the ROSKO.
Spamhaus has to therefore show that there was just cause to list Lindhardt.
But Spamhaus left the building.
Again, the issue isn’t that Spamhaus ran a black list. That *is* a *legal* activity. Where they ran afoul is that Lindhardt claimed that he was falsely listed and that he had no other recourse but to sue Spamhaus to correct the situation. And that he experienced damages for being wrongfully listed. NOTE: THIS IS WHAT HE CLAIMED. HE won by default.
By the sounds of things, there are a few people here that feel that Spamhaus is out to destroy all people who send UCE (or anything that looks like UCE).
I work for a company half-way around the world from where Spamhaus is. We were added to its lists not long ago, because some in-house testing accidentally sent a bunch of spam messages into the wild. We contacted Spamhaus, and were taken off with hours.
I agree that the US legal system seems flawed in this case. If the defendent is innocent, and wants to prove this in court, they must fly to the US and show up in court *at their own expense*. It wouldn’t be so bad if the plaintiff had to pay costs.
I also agree that Spamhaus did the wrong thing by initially acting like there was jurisdiction, then changing their minds. At this point in time, they need to appeal to the judge and co-operate with the precedings. Perhaps there’s a lawyer out there who’s willing to act pro-bono on this case.
The most important facts here are:
(1) Spamhaus don’t block anyone. They simply provide a list of IP addresses that their data shows as being sources of spam. In this light, they’re like a credit reporting agency, and should be treated in a similar matter.
(2) The criteria that Spamhaus use for adding someone to their list are fairly well documented. It’s possible that there are a handful of unusual cases, but most of the time they play by their own rules.
(3) Spamhaus have a course of action that organizations can take if they’re listed. If a company gets themselves de-listed, then continues to spam, they can get re-listed.
If I was the lawyer, I’d also advise the judge to look at the bigger picture here. RBL lists like Spamhaus help to minimize the amount of spam that end users receive. Any ruling on this case is likely to be used as precedent in future cases.
If spamhaus does lose their domains, would the hour of pandora be far away?