spam
for a list of resources on this topic, see the technology policy bibliography
by Jennifer Rowland
Introduction
As the famous Monty Python mantra goes, "Spam, lovely Spam, wonderful Spam". Unfortunately, today Monty Python and his band of Vikings are among very few spam enthusiasts and the hazards it creates. Spam, which got its start back in 1978 as an advertisement from Digital Equipment Corporation over a primitive Internet,[i] has blossomed into a multi-billion dollar industry which costs billions of dollars per year to the government, corporations, and individuals alike. The advent of spam and its popularity come from the fact that the burden of the cost of advertisement is shifted from the marketer to the audience. Spam reaches billions of potential customers every day. Even if only .05% of messages result in purchases, which is absurdly low for normal businesses, that spam will be considered successful and worth the price.
While it is easy to quantify the damages and market power of spam, it is much harder to define. Definitional uncertainties have caused problems in legislation. Spam is commonly defined as "unsolicited, often bulk e-mails"[ii]. Most often the terms ‘unsolicited commercial e-mail' and ‘unsolicited bulk e-mail' are used interchangeably. Unfortunately, this still raises many questions: how many recipients does it take before spam becomes "bulk"? Can non-commercial emails be spam? In a perfect world, spam would include all e-mails that are of no obvious benefit to the recipient but this still raises issues with what defines benefit and if all emails can really be policed.
Legal uncertainties also plague the battle against spam. Because the Internet and email are global, a spammer in Europe can send millions of messages to users in America. If these spammers are caught, whose jurisdiction do they fall under? If the country that they reside in has different legislation and punishments regarding spam than the country of the victims, whose law applies? Who should bear the cost of litigation? Who should bear the brunt of the cost to prevent spam from happening in the first place? Finally, does banning spam interfere with the right to free speech? Spam certainly oversteps others' rights to privacy. But how do you choose one civil liberty over the other?
All of these questions raise difficult issues for legislators. There are many gray areas when it comes to spam. However, most countries do agree that standing together in the fight against spam is the only way to defeat it. Separately, they do not stand a chance, but as a collaborative effort they can make an impact.
This paper will discuss many different aspects of spam. I will first start off by giving a brief history of spam and the early fights against it. I will then talk about exactly what spam is: how it is implemented, by whom, what are the contents, other spam-related computer nuisances, and what this all means to Internet users. Following this will be a discussion on the economic, moral, and relational reasons to eliminate spam and the challenges that arise in trying to eliminate it, including current efforts. I will explain the significance of the CAN-SPAM Act, other related acts, and the success and failure of such legislation. Finally, I will conclude with actual cases that have been fought and are being fought against spammers around the world, evaluating what more is needed to truly bring an end to spam.
The issues surrounding spam come in three harms: economic, relational s, and moral. It is important to realize which of these harms is at the forefront of legislative action compared to the forefront of commercial combat and yet again compared to the forefront of spam's defense. These three harms force some very hard questions to be answered and not all of these have been answered correctly if at all. When reading through this paper, keep those harms in the back of your mind when analyzing different grounds and tactics for spam removal.
A very brief history
Mischievous Internet users rapidly discovered that the Internet and email were great ways to make some quick cash. The relative comfort and safety felt by users, companied by their ignorance because of its novelty, made it a prime place to deceive people out of their money. Through charity and money-making scams, spam forced its way into our lives.
In the 1980s, many messages via chain letters made their way into inboxes, asking for money for causes which were both legitimate and fraudulent. A famous example is Jay-Jay's College fund[iii]. In 1988, a college student struggling to pay for school and bills sent a message to several newsgroups asking for financial help. He pleaded with his audience that he was not a bum who did not know the value of hard work; instead, he worked several jobs while maintaining a high grade-point average. He appealed to people's consciences, stating that "I'm sure a dollar is not much to any of you, but just think how it could change a person's life"[iv]. He finished his letter with a post-script claiming that any extra funds would go to a "scholarship fund" to help other despondent students like himself. Whether fraudulent or not, this type of correspondence was contagious.
The popularity of chain letters and "Jesus Spam"[v] inspired entrepreneurs and computer programmers alike to come up with lucrative business plans to cash in on this new Internet phenomenon. Thus, the first spamware was born. The first marketed spamware, Floodgate, provided tools at a fee of $100 to create your own spam empire from home. Ironically, it used mass email messages to advertise its product. The fact that such a product legally made its way into the market then shows just how quickly spam caught on.
Floodgate opened many avenues for an entire spam market to emerge. In 1995, the first known list of public email addresses was offered for sale.[vi] This sale reportedly auctioned two million addresses. In response to the recent onslaught of email messages, the first "abuse@" email addresses were used to report spam abuses. In November 1995, the first "please remove" lists were created to eliminate unwanted messages. However, this is debated as legitimate, as some believe it was used to further collect email addresses for spammers to sell.
Quickly following the advent of this new industry, spam wars started in 1996. Spam-blocking programs were created, such as Spamblock, Internet Death Penalty, and other such network abuse newsgroups. Along with these came early spam filters, such as Lightning Bolt, Ready-Aim-Fire, and E-Mail Blaster.[vii] Unfortunately, these tools were manipulated by new spam masterminds to further penetrate and flood Inboxes.
Spam has blossomed since those early years with only a hand full of legal cases to counter its growth. During 1997, reports estimate that more than two-hundred million email addresses were sold on a handful of CDs[viii]. This number has grown exponentially since, despite FTC hearings on "consumer online privacy". Though spammer havens have legally been shut down and blacklists formed, there was a massive spike in 2001 after a small decline. In 2001, the infamous Nigerian scam was born, which announced users the lucky inheritor of Nigerian royalty but, in order to get the Nigerian inheritance, the user needed to send over money to help with legal and transfer fees. Coupled with this, 419 scams encouraged users to share personal information through the use of deception and fraud.
While spam continues to grow, websites such as SPEWS (Spam Prevention Early Warning System) have tried to provide services to blacklist known spammers. More effective spam filters have been created and used. However, spam is still estimated to be about 80% of all email received today, with an annual growth rate of 15-20%.[ix] The history of spam has just begun. The question is: when will it end?
What is spam?
Spam, at the heart of it, is a quick, easy, and most importantly cheap way to send advertisements and other unsolicited, possibly fraudulent, material. It is sent by the thousands and sometimes millions simultaneously, usually only by a handful of culprits. The definition of spam is important in legal contexts. However, whether we define it as ‘unsolicited bulk material' or ‘unsolicited commercial material' is immaterial to knowing what it is and the damage it causes for the average user. Ordinary users readily recognize it by "its use of multiple exclamation marks and capital letters..., or by enticing subject lines such as ‘get rich quick' or ‘hot sex here'."[x]
We could idealize that spam started out as a genuine way to market products and services at a reduced price as compared to physical, bill-board advertisements. However, users usually did not seek out these goods or promotions but instead had them thrust into their inboxes by the hundreds and thousands. Spam to the spammer can on the surface be seen as an easy way to make money by advertising for others who do not want to do so themselves. The smallest proportions of sales can result in nice paychecks for spammers who send out millions of messages, hence the attraction. However, below the surface lies the true value of spam. The messages displayed are "often misleading or outright fraudulent, and they are very often offensive, obscene, disgusting, or illegal in content"[xi]. Unsuspecting email users often get caught in various ploys that range from Nigerian and 419 scams, to ‘phishing' emails, and get-rich-quick pyramid scams that trick the user to invest large amounts of capital into a non-existent endeavor.
To spammers, email addresses are gold. Spammers typically value an email "between 1 and 5 cents as is, but this quickly increases if a spammer knows your habits and can predict what interests you have or what products you like to buy; then your e-mail is worth up to 20 cents". [xii] Users often think: who actually buys the stuff advertised or believes in the scams? Obviously, there are people out there because a list of twenty million e-mails could bring up to $2000 cash at a minimum price, with each address only worth one cent. [xiii] Companies clearly think your e-mail and the spam sent to you is valuable, and spammers are more than willing to provide that service at little cost to themselves.
Again, users say: but I have not given out my email address except to companies I have done business with and others that I am interested in, why am I getting all of these random emails? Here enters the role of the hackers or "spackers", as some spam-hacker tradesmen call themselves. Spackers study websites and security codes to find flaws in order to exploit the databases which are filled with personal and financial information. These "black hat" hackers, known for not worrying about legal or moral ramifications, then steal millions of emails, along with personal information such as names, ages, addresses, and consumer habits, selling all of this to interested companies who like to keep their hands clean of spam and harvesting. Imagine how valuable hacking into Target's online database that stores all online transactions within the past six months. Spammers would have trillions of pieces of information to sell at top prices.
Another tactic spammer's use is called harvesting. Spammers will search different online communities that contain mailing lists, walls, and discussion forums in order to find email addresses.[xiv] This might seem tedious, however millions of addresses can be obtains in a matter of seconds. Effective programs have been created that sift through the Internet to find legitimate email addresses[xv] in a fraction of a second. This is how your email might be found and sold to companies and spammers.
Besides commercial purchases and scams through spam, there are other jobs to occupy the spammer's day. Account fraud and identity theft have become among the most prevalent scams on the Internet. The easiest way to get your money is for someone to pretend that they are authorized to get it. "Phishing" for account information has turned into a serious problem and users have only made it easier for such scammers by blindly trusting anyone carrying a reliable company's name. Account fraud and identity theft are defined as the use of someone's personal information to drain an account and to obtain new accounts in that person's name, respectively. Unfortunately, we all can all fall prey to hackers who infiltrate the bank's website, obtained our information, and then created false accounts in our name. Other possible ways to get information is for a crooked employee to sell your data, a major database to be compromised, a waiter to write down your credit card information at a restaurant, or a roommate to copy your SSN for your college papers[xvi]. In 2003, the FTC found that 9% of victims had their identities stolen by relatives! Ways to protect yourself include shredding documents, not using your SSN or other pertinent information, such as your mother's maiden name or city of birth, unless it is absolutely necessary, and making sure websites are safe to do transactions with. But remember: just because a website has a legitimate-looking security badge promising your security, be wary. Security badges can either be bought at a cheap price, easily copied, or often enough a website has already been attacked by an experienced hacker with you or the website knowing.
Spam has even spread to cell phones. "From a marketer's standpoint, [your cell phone] is very personally yours"[xvii]; it reveals where you live and who you talk to daily. The upside is that "carriers charge their customers for data services on cell phones, and customers don't want to pay for ads they haven't requested"[xviii], making mobile marketing less attractive than email but still alluring to some.
It might seem distressing that simply by using the Internet users are exposed to a myriad of risks and that companies will buy personal information for a price and users have become a commodity. Spam has evolved from random operations by spammers in basements to a major enterprise for organized crime. Mobs try to gain control of computers and use them to build botnet armies to do their bidding. They send out malicious code in spam that can do a variety of detrimental things to computers. Typically, a computer is turned into a zombie or becomes part of a bot army. A zombie is "a computer that has been taken over by someone else via the Internet and that works like a robot on behalf of the person who has taken it over."[xix] Botnets, networks of zombie computers, can have good purposes, such as relaying information and downloads. However, the most common and evil purpose is to use the infected computers to send out more spam to others. This provides a buffer from being caught for the spammer.
Other typical mob-related spam, apart from bot armies, includes spam which directs users to a seemingly legitimate site for Internet auctions or credit cards, then tricking the user into giving up credit card and other personal information which is maliciously used by the host of the illegitimate website.[xx] Though the ‘masters of the bots' used to be teenager pranksters, today it is more likely that sophisticated crime networks are behind the sophisticated and well-designed plans for personal financial gain. Vint Cerf, one of the so-called fathers of the Internet, estimated that as many as a quarter of all computers connected to the Internet in 2007 may be connected to a botnet used by criminals.[xxi]
Zombies present certain moral harms that make up the foundation of arguments against spam. How moral is it to use other people's information for financial gains? How moral is it to conspicuously use others to create a secret army to scam other people out of their money? To uphold this country's fundamental principles, people are entitled to their privacy and protection under law. Thus, there is a duty by the government to protect its citizens from such moral harms, ensuring safe and fair business practices. The crimes being committed today by different gangs are in the same scope as their former crimes, making mob spam just as dangerous as any prior mob activities.
The economic benefits of eradicating spam
Spam changes the realm of the Internet, email, and business as we know it. Email is no longer the safe, easy, and cheap way to communicate with friends and family. It is a hazardous playground full of scammers and thieves. Small businesses have carried a huge burden in the evolution of spam. Email messages are a great way to advertise and promote business. Unfortunately, it is hard to develop a legitimate relationship with customers when spam filters weed out the legitimate commercial messages and the annoying ones. Furthermore, there are ISP traffic jams because spam, which accounts for the majority of messages relayed through systems, slows servers. ISPs then have to pay more money to develop better systems to be unaffected by spam traffic as well as install sophisticated spam filters for their users. Therefore, there are huge incentives on the parts of individuals, start-ups, large businesses like different ISPs (Microsoft, Google), and the government to get rid of spam. The economic harms are enough to spur any movement against it.
Reportedly two and a half billion spam messages were sent in June 2006. As of November 2006, seven billion messages were sent. Because spam contributes around eight in ten of all emails and is expected to jump to thirty-eight billion messages per day in 2010, ISPs have a serious problem on their hands.[xxii] With spam flooding servers, companies like Microsoft and Amazon have teamed up to bring spam down. Spam has doubled every six months since 2002,[xxiii] causing serious concern with these companies. MSN reports that it blocks about two and a half billion spam emails each day and 80% of unfiltered emails coming into MSN and AOL are spam.[xxiv]
Businesses also worry about the high price of spam. According to a Reuters report, "spam costs firms up to $1000 a year per employee in lost productivity and higher computing bills",[xxv] not including the costs of having their databases hacked into. More pessimistic reports peg costs to U.S. businesses at $10 million in lost productivity, just in 2003, which jumped to $75 billion in 2007! The cost of merely trying to block spam for U.S. businesses in 2003 was $653 million on spam filters which increased to $2.4 billion last year. And the cost to protect their servers and databases? Companies supposedly spent $41 billion in 2004 just to combat hackers and spam-related viruses.[xxvi] Clearly, eradicating spam should be a top priority for these companies. The amount of capital and labor wasted on spam is destructive to the free economy and capitalism. It disrupts fair trade and daily business transactions. As David Bateman, a partner in Preston, Gates & Ellis said, "The more companies join together to work on the spam problem, the more notice it will give to spammers that they are going to be pursued".[xxvii] There is great incentive for individuals to support anti-spam movements and legislation. Thus, it will take a collaborative effort to really put an end to spam.
Finally, there is an obvious cost to ordinary users. The Internet and email is the cheapest form of long-distance communication available. Without it, the world would surely be thrown back into the Dark Ages of Information-businesses could not communicate and stock markets would have to shut down. Spam threatens the global community which the Internet created. Unfortunately, people no longer view email as safe and personal. Personal information is at stake, t time is wasted, and identities and money stolen because of spam. With the removal of spam, a restoration in the faith of online vendors will also be restored.
The moral arguments for eradicating spam
Other difficulties in getting rid of spam include the threats to free speech and civil liberties, who has the burden of prosecution, how to establish a global force against spam and the cost benefit analysis of actually getting rid of spam. The Bill of Rights ensures the right to free speech and expression. Is that not exactly what spam is? It is a person acting upon that right by sending their "beliefs", or more likely their products and services, to others. What makes spam different than flyers on ours cars or in our mailboxes? How is it that advertisements on television are not construed as evil but instead a valuable commodity in the free economy, yet spam is tagged as an evil monster that carries around destruction?
Spammers often make these arguments to support their actions. These arguments are legitimate: spam is a right of free speech. However, spammers need to consider another important right guaranteed by the Bill of Rights: that of the right to privacy. What spammers do in order to obtain email addresses is highly illegal, immoral, and violates the right to privacy and free trade, while also burdening the recipients of their messages. Sending spam can be equated with falsely shouting "fire" in a crowded theater. The shouter is exercising his right to free speech yet is doing so at the cost, both financial because of the time and money lost that would have been devoted to the movie and personal because of the risk to other viewers' safety. Because it costs others harm for no apparent reason except for a gain to the shouter, this act is illegal. Spam has the same set of circumstances. Spam burdens the receivers who suffer financially, because of increased user costs, and personally, because their computers are overrun, their time is wasted, and potentially their identities are stolen. The only benefit gained from spam is by the spammers themselves who profit at others' miseries. Yes, some users actually like to receive spam but the vast majority of people does not and should not be burdened any longer.
It is hard to quantify whose civil liberties are more important. Obviously, spammers are benefiting and consumers hurting but it is not so black and white to legislators. If spammers were absolutely denied their rights, where would it end? Any nuisances in our lives could then be eliminated. However, legislators have come up a solution by focusing on the means of spam rather than the spam itself.
Another moral harm caused by spam stems from the obtainment and use of personal information. Spam has created a multi-billion dollar industry that thrives off of and depends upon the theft of users' personal information. Spammers often collect large amounts of data about users and sell them to companies who use this information to develop marketing strategies and targets. The theft and selling of others' information is similar to someone telling a mass murderer the exact habits of his next victim for a fee. The circumstances are exaggerated but it is obvious that the informant, regardless of what the law says, is doing something morally wrong. He is benefitting from others' afflictions. The informant could even be convicted of aiding and abetting in the crime. Spammers create the same situation. They steal others' information that is vital for marketing companies to succeed, knowing that the users would not want their information given away and that the users will be directly harmed because of this sale of information.
Whatever way spammers try to spin their stories, it is clear that what they are doing is morally wrong and socially disruptive. The law was created to maintain social stability and faith. However, spam has single-handedly disrupted this harmony. It should be purged to reestablish faith in society's ability to maintain order.
The relational arguments for eradicating spam
Spam has created a visible tension between consumers and online companies. Consumers no longer fully trust those whom they do business with. They fear that their credit card information might be stolen and abused or that their personal spending habits will be sold to other companies for marketing purposes. Worse yet, they fear that the companies they do business with will come back and haunt them with innumerable amounts of emails about different products. The implications of such damage to online commercial relationships are a gradual decrease in online commerce and a backwards step in business, back to bricks-and-mortar companies with regular paper transactions. The effects to GDP at this step back would be disastrous to the economy. The lost surplus, commerce, and productivity would inevitably cause a great recession that could only recover with the restored faith amongst online vendors and buyers.
Furthermore, spam creates a sense of mistrust amongst users. Email is a great, cheap way for people to communicate with each other. However, spam has made this much more difficult. It not only makes it harder for users to communicate by slowing down servers and stuffing inboxes, but it also threatens users' computers because of the potential for an email from a friendly user to contain a Trojan or other virus that originated from spam. These strains on relationships that the Internet once nurtured are yet another reason to get rid of spam. One of legislation's purposes is to foster these relationships thus it should not stand by and watch these relational dilemmas occur.
The challenges of eradicating spam with technology
There have been many different attempts to curb the flow of spam. They all use various techniques to separate "solicited" from "unsolicited" and "commercial" from "noncommercial" messages. The problems with these methods typically are the effectiveness, the costs, and the time required.
Many different nations have implemented laws in which "opt-in" or "opt-out" messages must be used with spam. Opt-out methods include having specific language in messages where to opt-out, "Do Not Spam" lists, clear and real identification of the sender, and obedience to the requests of recipients to stop receiving spam. These methods have been implemented in different forms, such as through the US CAN-SPAM act, which will be discussed later.
The problem with opt-out systems is the administrative efforts required to create and maintain them, individually and globally. Individually, preferences differ on how much and what kind of spam should be blocked; however, being placed on an all-encompassing ‘Do Not Spam' list would hinder these individual preferences. For global opt-out systems, all types of communication, including cell phones, must be considered and administrations need to be vigilant and honest in their upkeep of their systems. Fake opt-out lists might be created by spammers only to do the exact opposite of their intended goal thus rendering useless the faith in the opt-out system. An opt-out system must fulfill certain criteria too. It would be prudent for 1) all subscribers to be aware of it, 2) it to be simple and free to join, 3) it to become effective within a reasonable time of joining, 4) it to require companies engaged in telemarketing to update their lists regularly in the light of subscribers' notifications, and 5) it to have adequate complaint-handling mechanisms.[xxviii]
The amount of responsibilities an opt-out provider would have to deal with is huge. Some of the tasks would also require great time and money. For the service to be free, someone else would have to bear the burden of implementation and upkeep costs. Updating the system regularly as well as handling complaints would require huge amounts of research. There would also have to be a global movement to make this a reality with serious repercussions for those criminals who attempt to contact ‘Do Not Spam'-listed users. Finally, this system would essentially curtail free enterprise which might cause some debate among different nations, complicating the global effort for such a list. The restraints on free enterprise would be criticized because marketers could feel unfairly discriminated against and that their name or products were slandered because they were associated with spam.
For higher levels of protection, opt-in regimes have been seen as legitimate approaches against spam. With opt-in regimes, "users must have given their prior consent before such messages are sent to them".[xxix] According to French legislation, prior consent is "every free, specific and informed act of will, by which a person accepts that his or her personal data be used for direct marketing purposes."[xxx] There must be a requirement for marketers to label their advertisements as such so that the receiver can either delete the message or block it before its arrival. Exceptions to prior consent include 1) that a person has obtained contact information of recipient in the course of sale or negotiations for sale of a product, 2) direct marketing of a product that is similar to that person's products and services, and 3) the recipient has been given a simple means of refusing the use of contact details and at the time did not initially refuse.[xxxi] These exceptions contain some legal uncertainties, such as what constitutes a product that is ‘similar' to another. However, the general message is clear-to leave users alone unless they directly contact a company asking for product information.
A general rule of thumb considering consent to spam is whether or not a business relation existed in the first place. A legitimate marketing email message must pass the following criteria in the EU under the E-Privacy directive: 1) the advertiser must have obtained information of customer from a previous sale of a product or service, 2) he may only use the information for direct marketing of his own or similar products, 3) customers must not have already opted out, and 4) customers must be given the chance to end further communication.[xxxii] These guidelines that define a business relation just further detail the opt-in system. However, these rules only define an advertiser-to-consumer relationship. It never mentions relationships amongst businessmen. Thus, it could be construed as perfectly fine to send such advertisements to businessmen. This then gets into a lengthy battle over legislation of which laws should protect whom. The German Federal Court finally said that spam is allowed between businessmen "if an actual interest in the advertisement can be assumed because of concrete circumstances"[xxxiii]. Who determines what constitutes concrete circumstances is still hotly debated, with conflicting ideas representing the interests of both marketers and consumers.
Another proposed method is white or black lists. White lists are registers of approved email addresses that can get through to your system. You write the list yourself and thus have ultimate control-only those emails on the list will end up in your inbox. Black lists on the other hand act as a "most wanted" spammer list-any email sent from one of those users will not make it past a spam filter, no matter the content. The problem with white and black lists is administrative. For white lists to be effective, users have to keep up with their list-editing it constantly and making sure to put people on the list right away. What if I get a new email address and want to send emails out to people whose lists I was previously on? I would have to send out emails from my own account informing my friends and acquaintances of the change. This causes some effort on both ends and might get tedious after awhile. The problem with black lists is even greater. Who will come up with such a list? Who is going to pay for it? Spammers' identities are often unknown so blocking individual people is out of the question. Blocking known spammers' emails would work for while until they get a new email. The sheer size of the list would be hard to handle by itself. Who would keep updating this list and how effective would it really be?
Spamhaus, which was formed in July 1996, created the first blacklist. Today, they still have working black lists, including the SBL (Spamhaus Blackhole List) and XBL (Exploits Blackhole List).[xxxiv] The curious thing about Spamhaus and their lists is that they have been accused by spammers of defamation and illegal use of trademarks in order to identify the spammers from the lists. It is an ironic twist when spammers come forward threatening litigation against those who are trying to stop them in the first place.
A Spam Stamp has also been proposed by many different countries and business men, including Bill Gates, as a good approach to curbing the flood of spam. Such a stamp of a minimal amount, which would barely burden ordinary users, would quickly become very expensive for spammers who send millions of emails, making the benefits of a small-cost operation diminish rapidly. The problems with this are: who will collect the money and who will control the prepayment. People also criticize this because they believe the Internet should be free and available to everyone. Thus, installing a user fee would greatly eliminate the attractions of email. Other methods along the line of the Spam Stamp include barring the amount of email addresses one person can send at one time and charging for exceeding a predetermined threshold of send emails. The idea of an "identifying question" to legitimize the sender has also been proposed but this provides problems because "it requires a logical action by a person. In fact, many spam e-mails are sent automatically by the accordant software."[xxxv] Because many spam emails are automatic, there would be a great backup in servers, waiting for questions to be answered.
Finally, how does one stop click-through visits, also known as dreaded pop-ups? Pop-ups are online advertisements that "pop up" in new windows any time you visit certain websites. They slow your computer down and can sometimes carry viruses. About fifty million users use pop-up-blockers often provided by top Internet service providers.[xxxvi] Consumers rank pop-ups as annoying as spam and telemarketing. About 90% of consumers devalue the company advertising with pop-ups[xxxvii], yet billions of pop-ups still show up each month. The Internet Advertising Bureau responded to growing complaints about pop-ups in 2003 by forming a task force to address pop-up reform, but little has been accomplished.
ISPs and other creative marketers have come up with an entirely new industry of spam blocks, economically exploiting the relative failures of other anti-spamming techniques. Spam filters are effective ways to block spam; however, they often discard a few important emails that were accidentally associated as spam. Also, spammers have studied the engineering of different spam blocks and discovered ways to get around them. Spam blocks are nothing more than algorithms that are coded to spot certain key words and phrases within emails that were predetermined as spam-like. If an email racks up enough points, it is discarded as spam. If a spam blocker spots the words "sex", "enlargement", "home loans", et cetera, it recognizes these as key spam words. However, spammers can change words to throw off the blockers, such as "sExx", "En1arg3m3nt", and "H0Me L0an5". Another problem with spam filters is that it is a lucrative industry. If spam were to suddenly disappear, those companies would lose all of their market. Thus, they have a strong incentive and large wallets to make sure spam does not entirely disappear, only that it appears to disappear through the use of their filters.
Other challenges in eradicating spam
A problem with eradicating spam is determining who bears the burden of prosecution? Whose duty is it to hunt down spammers and bring them to justice? Spam is a global problem and everyone is affected. Should the ISPs have to legally pursue spammers, or should individuals, or the government? Which countries are going to pay to hunt down known spammers? Also, there arises the problem of jurisdiction. If a spammer is operating in a country with limited legislation against spam, is he liable? Can other countries legally extradite him for prosecution? These issues surrounding who is in charge of the spam war are challenging. However, many nations have banned together to form allegiances to bring spam down. Not until every country is on board will it be 100% effective though.
Finally, is finding spammers and prosecuting worth the expense? Often spammers do not have enough assets to make their financial punishments worthy of the battle. Prosecutors have to ask themselves if the battle they are fighting is to recompense their economic woes or their moral ones. Are they fighting to fix the economic harms created by spam or to fix the relational and moral harms against society? For financial institutions, such as banks, credit card companies, and online businesses, they are often hit twice by spam fraud and phishing. While financial institutions have an interest in putting an end to fraud, they also "have a vested interest in not slowing the free flow of legitimate money and not spending lot of capital on new systems."[xxxviii] Because "unless fraud losses are proven to be worse than the costs of slowing transactions and paying for new systems, or federal regulations change the cost-benefit equations...financial institutions aren't likely to make the kind of fundamental changes that might stop fraudulent transactions and identity theft".[xxxix] These companies have no interest in losing money simply for their customers' well being. They can spin the numbers around to pretend that fraud losses were only about eighty-five million dollars in 2001, even though analysts have correctly changed the number to 1.07 billion dollars.[xl] Banks and credit card companies can ignore the facts so long as they still have the same amount of business.
Legislation to trash spam
In December 2003, Congress passed the CAN-SPAM Act, which stands for Controlling the Assault of Non-Solicited Pornography and Marketing. Because of consumer demands and ISPs leaning heavily on the government to take action against spam, the act came into existence. As Senator Charles Schumer of New York said at the 2004 Federal Trade Commission Spam Summit: "Spam traffic is growing at a geometric rate, causing the Superhighway to enter a state of virtual gridlock. What was a simple annoyance last year has become a major concern this year and could cripple one of the greatest inventions of the 20th century next year if nothing is done."[xli] The volume of spam, however, has increased since the act and less than 1% of unsolicited commercial e-mail conforms to the act's requirements.[xlii]
The CAN-SPAM Act has several key sections that work together in order to stem spam. The "Non-Solicited" Section bans all marketing, promotional, or sales-related electronic communication, including email, SMS, etc., unless a prior consent by the recipient was given. It also explicitly states that personal information or data can only be sold if "the recipient was given clear and conspicuous notice at the time the consent was communicated that...[the information] could be transferred...for the purpose of initiating commercial electronic mail message."[xliii] This section was intended to "inhibit the rapid and unsolicited trade of e-mail addresses between spammers."[xliv] By making the sale of information which was obtained illegally, illegal, legitimate companies will hesitate to purchase stolen information.
The act also tries to recognize illegal and other illicit ways used to send spam. Spammers, or other legitimate commercial marketers, are personally responsible for all email that they send and cannot hide its true locality. They are required to reveal their identity in all emails. If they try in any way to "hide, obfuscate, or mislead recipients, regarding the origin of [their] e-mail, [they] are breaking the law"[xlv] and can face serious jail time. Other similar sections illegalize the unauthorized access to and use of protected computers to relay spam, especially with the intent to deceive or mislead recipients in any way. The falsification of header information in order to send spam, using false aliases and information as a registrant "for 5 or more electronic mail accounts or online user accounts or 2 or more domain names"[xlvi] to relay spam, and the misrepresentation of oneself to any recipient or ISP represent other measures to make the origin of emails less opaque. They also stand as a way to try to clean up online commerce so as to create trust between vendors and consumers.
CAN-SPAM explicitly defines what makes an email legally compliant. It states that "a valid physical postal address of the sender is required in all sales and marketing emails sent."[xlvii] This is an attempt to make spammers disclose their full contact information and to have responsibility for the messages they. Indirectly, it also creates an easier way to find them if they are guilty of sending spam.
The ability to opt out of email lists is also another important focus of the act. Email senders must quickly remove and stop sending emails to any recipient who requests removal until the recipient gives direct consent to receive further emails. The failure to provide a simple, easy link and/or opt-out address is punishable by law. Furthermore, any attempt to dodge spam filters is illegal, as well as any attempt to mislead or misinform the recipient as to the true nature of the email.
Finally, the CAN-SPAM Act established guidelines for a "Do Not Email" list. It proposed that all spammers would be compelled by law to obey the list. However, the feasibility of such a list is unlikely. In 2004, the FTC "rejected the idea of a do-not-spam registry, calling it unmanageable and a ‘waste of time'. It was clearly identified that the majority of spammers would never honor such a registry."[xlviii] Such steps do show efforts to cut off all avenues for spammers but no feasible medium has been found that incorporates a successful way to stop spammers and one that is also easily implementable.
Punishments vary depending upon the extent of spam sent, the nature and content of the messages, the attempt to mislead, the amount of quantifiable harm, and the amount of benefit spammer gained. Spammers can face "up to a $4 million fine and/or up to five years in jail, depending on the combination of the above criteria. If the spam also broke other sections of the CAN-SPAM Act or the spammer was aware he was breaking the law by sending spam, the fine can triple, up to $6 million."[xlix] These heavy fines are meant to send a message to spammers that the government is serious and the benefit of sending spam is nowhere near the potential costs.
The problem with enforcing the act is that it takes huge amounts of resources and time to find spammers and prosecute them. "Only the FTC, the Federal Communications Commission (FCC), state attorneys general [sic], and Internet service providers may bring actions to enjoin violations or to obtain fines and damages"[l] against spammers . The initial problem with instigating such legislation is the difficulty in finding the defendants! Another problem is cross-border enforcement. If a spammer in Eastern Europe is flooding inboxes in America with phishing scams and is identified, can the U.S. legally extradite him and prosecute him in America? If the country he is in supports America's spam legislation, then yes. However, some of the worst spammers move around from country to country making extradition lengthy and difficult-by the time they have the okay stamp for arrest, the spammer has moved on or is in a country where spam is not illegal.
The major issue with the act is that it threatens serious damages, however, little has been done, and honestly little can be done currently, to enforce those threats. A major benefit of the Internet is the relative and apparent anonymity it allows users along with relative safety. Users think: how can I be harmed in a virtual reality? However, spammers easily use this to their benefit and abuse people's good nature and innocence on the Internet while remaining anonymous to the outside world.
The CAN-SPAM Act needs to be supplemented by other things to be truly effective. An October 2006 analysis estimated that only 0.27% of all unsolicited emails fulfilled the CAN-SPAM provisions.[li] Clearly if spammers have to choose between profit and a legal complaint because they did not properly label their spam which filters would have blocked, they will choose profit. The first initiative needed is a serious education drive on the part of users to protect themselves. Also, state laws are needed to supplement federal laws. Even businesses should take a stand against irresponsible marketing practices, making it a social norm to pay for legitimate advertisements and to not harass potential customers with spam. They must establish that it is immoral to buy customer's information for marketing purposes. Financial institutions must work harder to protect their systems against attacks. Finally, users must stop falling for the phishing and scamming schemes. If all of these efforts combine, spam will no longer be so financially rewarding and the risk will finally outweigh the benefits.
In 2004, a lesser known act, the Label for E-mail Messages Containing Sexually Oriented Material Act, was passed. The Sexually Explicit Act, which is more commonly referred to, was created because "senators were pressured...by parents and child activists, since pornographic e-mails do not usually contain pornographic subject lines or text that can easily identify them and can subsequently deceive the reader as to the e-mail's true nature".[lii] It concentrates on messages with pornographic images and content and endeavors to define what prohibited material is. It works alongside the CAN-SPAM act, carrying the same fine for breaches. The act starts out by defining sexual content in a fairly typical way. It is legal to send such sexually explicit material; however, the subject line of the email is required to say "Sexually Explicit" or "Sexually Explicit Content". However, these rules have not deterred spammers much.
The Undertaking Spam, Spyware, and Fraud Enforcement with Enforcers Beyond Borders Act 2006 (the US Safe Web Act) also represents an important movement, especially for the US DMA (Direct Marketing Association). The Act gives extra authority to the FTC to help protect consumers from spam, spyware and Internet fraud.[liii] The DMA fought for this to increase penalties against Spammers, greater resources and capital for law enforcement and enhanced cross-border relations to better capture spammers and scammers. It also guarantees that legitimate marketers, political campaigns, and non-profits are not hurt by spammers falsely using their identity.
An important thing for legislation to do is to be able to adapt to evolving spamming techniques. It needs to be able to capture true spammers even if the law does not define them as such. In New Zealand, the Unsolicited Electronic Messages Act, which will be explained later, does just that. Even if a message "does not contain marketing material, it may still be caught by the...legislation if it provides a link or directs a recipient to a message that does contain marketing material".[liv] Still, some believe that laws are not enough.
Paul Hoffman, director of the Internet Mail Consortium, comments on the effectiveness of such legislation: "One or two [spammers] are going to go out of business-big deal...We have not seen the amount of spam go down, and we haven't seen any indication that there are fewer people seeing spam. Those are the only two measures I know of that determine whether a law works, fewer victims or fewer perpetrators."[lv] Contrary to Hoffman is Aaron Kornblum, Microsoft's Internet safety and enforcement attorney, and his opinion that "we believe we are turning the corner on spam. We're seeing tremendous reduction in the amount of spam reaching our customers because of filtering."[lvi] The question still being asked then is if legislation is working or not? No tremendous progress has yet been seen.
Other implementation measures include the FTC's request for comments through an Advance Notice Of Proposed Rulemaking, asking for topics on what email's primary purpose is, how users define transactional relationships, how quickly should an opt-out request be honored, and what other activities or practices should be added to the list of aggravated violations.[lvii] The FTC has also considered "rewarding persons who identify a spammer and supply information leading to the collection of a civil penalty... (the "bounty hunter" provision)."[lviii] Also, it has been argued that states must step up and make their presence in the battle against spam shown. By creating supplemental laws, further aiding in the prosecution of spammers and increasing their punishments, the pursuit of spammers would be easier. State laws, in some cases, might be more effective because they can create a more in-depth system of catching spammers. The additional capital invested would also greatly help the cause.
Solutions abroad
Other countries have also taken up the initiative to eliminate spam in similar fashions as the U.S. and with similar success. The United Kingdom, in 2003, passed The Privacy and Electronic Communications (EC Directive) Regulations 2003. Likewise, in 2003, Australia passed the Spam Act 200.[lix] More importantly, the EU passed the E-Privacy Directive in 2002 which some have seen as a success. These acts take a liberal view of what a "message" is, including any text, voice, and sound message. Furthermore, they focus on what a spammer can and cannot do, as opposed to what spam actually is. They also concentrate on consent, opt-out provisions, sender identities, and the legitimacy of the product or service, labeling, relationships, do-not-email registries, prosecution, and jurisdiction.
The efforts by the UK have been stifled. They have been called "one of the worst enforcers of EU anti-spam laws".[lx] Their pathetic enforcement record is due to their weak pursuits and soft penalties. After three years, only one case has been enforced, in 2006, where a law student was paid ₤300 by Media Logistics in an out-of-court settlement.[lxi] In contrast, Austria and Germany have invoked anti-Spam laws five-hundred times. Spain has had fifty cases with a payout of ₤22,000, and in France five cases have resulted in ₤205,000 worth of penalties.[lxii] The EU considers it important to send a clear message to spammers about the consequence of their actions. Also, the Telecom Registry of India imposed strict regulations recently "to stem the number of unsolicited promotional calls being made to India's millions of mobile phone users."[lxiii] With so many countries setting examples, why then does the UK not? The way their EC Directive is set up allows much leeway for spammers to get around their laws.
In New Zealand, Parliament enacted The Unsolicited Electronic Messages Act 2007. The purposes of the Act are similar to other such acts: to prohibit unwanted messages without prior consent, to prohibit electronic messages from being sent to those who have previously withdrawn their consent, to require all emails to include accurate information about the sender and to have a functional unsubscribe link, and to prohibit address-harvesting software and other such illegal trading of personal information.[lxiv] Critics believe that this will likely prove to be "yet another red tape burden imposed on the productive sector of our economy where there was no problem of any significance in the first place."[lxv] Again, New Zealanders believe that the "genuine cost from this legislation [is] a cost of compliance and a cost of list opportunity from restrictions on effective marketing."[lxvi] However, such legislation in New Zealand is seen as irrelevant because most spam originates offshore. This is a typical problem critics have with such legislation-what good does it do if there is still one country for spammers can seek refuge? Generally, America contributes 46% of all spam, South Korea 16% and China 11%, followed with minimal contribution by Brazil, Canada, Japan, and some European countries.[lxvii]
Individual country's initiatives need to be tied together to form a more global effort against the fight of spam. In doing so, it becomes easier to hunt down spammers and prosecute them. If spammer havens no longer exist, spammers will have nowhere to hide. It cannot be said that the world's worst spamming countries are not doing anything to get back. America obviously has the CAN-SPAM Act and China in 2007 introduced a plan to sentence repeated spammers with up to five years in jail and fines of $130,000.[lxviii] However, it is still not enough until spam legislation is no longer seen as a ‘red tape burden', but as actually bringing malicious criminals down while the level of safe and free enterprise rises.
Cases canning spam
Cases in the U.S. have been initiated mainly by private Internet companies which have the capital to pursue lengthy and costly litigation. They often team up with attorney generals in order to provide a much stronger suit of the state and individuals against spammers.
One of the most important cases brought against spam is Microsoft's pursuit against Scott Richter, the self-proclaimed "Spam King"[lxix], which humorously enough is what most major spammers dub themselves. The case was filed under Washington state law in 2003, before CAN-SPAM was enacted, and represents Microsoft's largest settlement, to the tune of $7 million, out of its one-hundred six civil cases against spammers.[lxx] Microsoft's Kornblum says that "this settlement sends a message to spammers and would-be spammer to think twice...There are companies and government agencies actively identifying, pursuing and prosecuting people who send illegal e-mail".[lxxi] The settlement is the second joint lawsuit of Microsoft and New York Attorney General Spitzer filed in 2003 after they "set up ‘spam traps' that caught about eight-thousand messages containing forty-thousand different fraudulent statements."[lxxii] Microsoft intends to use the settlement money to continue its cause against spammers.
In 2005, AOL offered to share with its users the confiscated property of a recently captured spammer. The company gave away $100,000 in cash and gold bars and a fully loaded Hummer which were taken from a New Hampshire spammer who settled with AOL earlier that year. AOL, at the same time, won a $13 million settlement against other spammers from the same gang.[lxxiii] The sweepstakes was a gesture on the part of AOL, thanking its users for reporting spammers and other email abuses.
Other noted cases include the FTC prosecuting four senders of X-rated spam in 2005, winning $1.2 million, a promise to cease and desist on spamming, and to monitor its associates. In June of that same year, the U.S Attorney of the Northern District of Georgia prosecuted against Peter Moshou of "Timeshare Spamme". He was found guilty, marking the occasion as one of the first criminal convictions under CAN-SPAM.[lxxiv] Fortunately, such convictions setup case law to help further convictions in the future.
More cases abroad include The Communications Authority's pursuit Clarity1 Pty Ltd which purportedly sent at least fifty-six million commercial emails a year. Complaints from around the world drove this suit, with help from national legislation. If found guilty of breaching the country's Spam Act 2003, the company will have to pay a "fine of between $220,000 a day and $1.1 million a day."[lxxv]
Recently, Robert Alan Soloway, infamously known as the "Spam King", used "botnets to distribute malware and millions of spam messages per month"[lxxvi].In 2007, he was charged with a 25-count indictment for fraud, identity theft, and money laundering, also stemming from the spam he sent. Legislators are taking this situation of organized information crime seriously because according the Symantec Corp., an Internet and computer security firm, "botnet mafia ‘families' amass bots through weak security systems and rent out 10,000-strong armies at $4 a bot"[lxxvii], making this the newest way for mafia to grow. Two current bills are the Internet Spyware Prevention Act and the Cyber Security Enhancement Act, as of 2007, gave "$30 million to law enforcement [] [to] stiffen penalties, and slap racketeering onto charges against botnet herders."[lxxviii] With steps like these, government security agents are hoping to get ahead of the criminals before they devise another way to get around the system.
Finally in 2006, Jeffrey Brett Goodin became the first person to be convicted for phishing under several parts of the CAN-SPAM Act. He sent out millions of fraudulent emails, using other people's Internet accounts to extract AOL user billing information. The emails directed users to fake AOL pages that Goodin created to mislead AOL users. He could face a maximum penalty of over one-hundred one years in jail for his combined spamming crimes.[lxxix]
As spam cases continue to appear, the most important thing about them is to set a precedent for drawing a hard line between what is right and what is wrong, ensuring that all spammers or would-be spammers know that if they choose to play the spam game that they will eventually pay. Furthermore, while having such a message sent to spammers is important, it is even more crucial to follow up with that threat by hunting down the worst spammers and organized crime syndicates connected with spam.
Conclusion
Spam has had quite a history for its short twenty years. Its present controversies have raised many difficult questions and concerns regarding civil liberties, personal property and safety, the future of the Internet, and the effectiveness of legislation. One thing is certain though: spam still has a long story ahead to play out.
The CAN-SPAM Act and other such legislation was a forward step to eradicating spam, but how far has it taken us and how far will it take us? To improve the effectiveness of legislative results, "perhaps a combination of better technology, particularly at the ISP level, and improved CAN-SPAM Act, an international effort, and user education may help. Spam exists because there is enough of a response to make it worth sending. The only solution may be to increase the risks and costs of sending spam and reduce the market overall."[lxxx]
Many consider success in the battle against spam when anyone can open up his email and have no spam inside his inbox. However, this seems a little unreasonable and too idealistic. Outside of the virtual world of computers, can we consider legislation against murder effective if there are still murders taking place? Absolutely. The key to a successful battle is if the bad guys, here spammers, are stopped before doing extreme amounts of harm while other potential criminals are deterred by previous punishments for such crimes. So no, I do not consider the complete eradication of spam a success-I will, and others like me, always consider emails from colleagues and peers to be spam-like enough to warrant some retribution but that is just silly.
It seems fair that the punishment should fit the crime. Spam punishments should represent all of the economic, moral, and relational harms received but also should include punitive damages. Yes, the actual damages covered will create quite a dent in the finances of the spammer. However, it is prudent to show everyone that all spammers will receive equally harsh punishments that include both financial retribution and prison time. Spammers must see how serious both the government and ISPs are in pursuing them that they will seek legal and less destructive money-making methods.
What you can do to help with this battle is to protect yourself and your computer from identity theft, becoming a zombie/drone, or phishing scams. Be suspicious and vigilant: even the friendliest and most ordinary emails can be falsified to trick you out of your money and others' money. Warn others of such threats! Report spammers to your ISPs so that they can work to get rid of spam for you. Finally, do not be afraid of spammers-by limiting your Internet and email usage, you are letting the spammers defeat you. Fight back smartly and use smartly-the only way spam will stop being profitable is if users like you and me stop giving them our money for free!
[i] Jonathan A. Zdziarksi, Ending Spam: Bayesian Content Filtering AND the Art of Statistical Language Classification, 4 (2005).
[ii] Lodewijk f. Asscher & Sjo Anne Hoogcarspel, Regulating spam: a European perspective after the adoption of the e-privacy directive, 9 (2006).
[iii] See Zdziarksi at 8, note ii supra.
[iv] Id.
[v] Emails posted to Internet groups usually explaining a natural disaster that happened abroad, drawing upon the power of their god to help those victims, and asking the recipients of the letter to pray.
[vi] See Zdziarksi at 16, note ii supra.
[vii] Id. at 17.
[viii] Id. at 20.
[ix] Id. at 22.
[x] Phaedon John Kozyris, Regulating Internet Abuses: Invasion of Privacy, 178 (2007).
[xi] Id. at 179.
[xii] Jeffrey Posluns, Inside the SPAM Cartel: Trade Secrets from the Dark Side, 70 (2004).
[xiii] Id.
[xiv] Id. at 77.
[xv] Rachel Lininger & Russel Dean Vines, Phishing: Cutting the Identity Theft Line, 21 (2005).
[xvi] Id. at 22.
[xvii] Yardena Arar, Is that a Sales Pitch in Your Pocket?, 25 PC World Issue 1, 45 (2007).
[xviii] Id.
[xix] Reid Goldsborough, Don't Let Your PC Turn Into a Zombie, 67 techdirections Issue 4,16 (2007).
[xx] Id.
[xxi] Id. at 17.
[xxii] Nikki Swartz, More Spam Stuffs Inboxes,. 41 The Information Management Journal Issue 2, 16 (2007).
[xxiii] Cathleen Flahardy, Softward Giant Leads the Pack In Spam Eradication, 14 Corporate Legal Times Issue 157, 21 (2004).
[xxiv] Id.
[xxv] See Swartz at 16, note xxiii supra..
[xxvi] See Flahardy at 21, note xxiv supra.
[xxvii] Id.
[xxviii] See Kozyris at 51, note xi Supra.
[xxix] Id.
[xxx] Id. at 52.
[xxxi] Id.
[xxxii] Id. at 67.
[xxxiii] Id. at 69.
[xxxiv] Id. at 17.
[xxxv] Id. at 70.
[xxxvi] Pete Blackshaw, Pull the plug on pop-ups?, 74 Advertising Age Issue 44, 24 (2003).
[xxxvii] Id.
[xxxviii] See Lininger and Vines at 136, note xvi supra.
[xxxix] Id. at 138.
[xl] Id.
[xli] See Posluns at 257, note xiii supra.
[xlii] See Kozyris at 203, note xi supra.
[xliii] See Posluns at 258, note xiii supra.
[xliv] Id.
[xlv]Id. at 259.
[xlvi] Id. at 260.
[xlvii] Id. at 261.
[xlviii] Id. at 270.
[xlix] Id. at 264.
[l] Kritine Becker, Living with Anti-Spam Rules, 39 Bank Marketing 6, 46 (2007).
[li] George Pike, The CAN-SPAM Act: Not Canning Spam, 24 Information Today 3, 16 (2007).
[lii] See Posluns at 268-269, note xiii supra.
[liii] Emily Cubitt, US DMA welcomes anti-spam legislation, 19 Precision Marketing Issue 6, 9 (2007).
[liv] Helen Bowie, The Spam Act: what does it mean?, 21 NZ Business Issue 4, 60 (2007).
[lv] Cara Garretson, Settlements prove that spam laws have teeth, 22 Network World Issue 32, 12 (2005).
[lvi] Id.
[lvii] B.G. Kutais, SPAM and Internet Privacy, 13 (2007).
[lviii] Id.
[lix] See Goodman at 228, note i supra.
[lx] Glen Mutel, UK anti-spam record exposed, 18 Precision Marketing Issue 23, 1 (2006).
[lxi] Id.
[lxii] Id.
[lxiii] Gemma Hummerston, Indian trade group to boost data protection, 19 Precision Marketing Issue 15, 9 (2007).
[lxiv] John Haylock, New anti-spam laws: going a bit too far?, 86 Chartered Accountants Journal Issue 8, 22 (2007).
[lxv] Id. at 23.
[lxvi] Id.
[lxvii] See Posluns at 335, note xiii supra.
[lxviii] Gemma Hummerston, Spammers face five years in Hong Kong jail, 19 Precision Marketing Issue 15, 9 (2007).
[lxix] See Garretson at 12, note lvi supra.
[lxx] Id.
[lxxi] Id.
[lxxii] Deborah Vence, Law, regulation & economy, 39 Marketing News Issue 14, 3 (2005).
[lxxiii] See Garretson at 12, note lvi supra.
[lxxiv] Id.
[lxxv] Spam battle in court, 6 The Adelaide Advertiser 24, 29 (2005).
[lxxvi] Eileen Travers, The Botnet Mafia, 26 PC Magazine Issue 16, 15 (2007).
[lxxvii] Id.
[lxxviii] Id.
[lxxix] Justice Prevails, 12 Maximum PC 4, 12 (2007).
[lxxx] George Pike, The CAN-SPAM Act: Not Canning Spam, 24 Information Today 3, 16 (2007).
|
