Utah firm leads charge to fight spam with suit

This is an archived article that was published on sltrib.com in 2007, and information in the article may be outdated. It is provided only for personal research purposes and may not be reprinted.

WASHINGTON - A Utah-based company has filed a federal lawsuit seeking to identify who is behind millions of e-mail spam messages and to collect damages from those people for clogging up inboxes with fraudulent schemes.

Park City-based Unspam Technologies is suing the anonymous spammers on behalf of a worldwide effort to catch and deter those who harvest e-mail addresses from Web sites and then use them to pitch products or steal identities.

"We recognize this one lawsuit isn't going to solve the entire problem," says Jon Praed, a lawyer with the Internet Law Group and lead attorney on the case. "That would be na ve to think so."

But even putting a dent in the spam is a noble goal, Praed says.

About 80 percent of e-mail messages sent worldwide are considered spam, according to the e-mail security firm Postini, which also says spam activity grew 59 percent between September and October 2006. In a 24-hour period, the company estimates 386 million spam messages were sent.

Matthew Prince, chief executive officer of Unspam Technologies, says this lawsuit is novel because it's the first one to go after the people harvesting e-mail addresses and not just those sending the spam.

"If you can find the people running the spiders [gathering e-mail address] and stopping them, you're cutting off the head of the beast known as spam," Prince says.

The lawsuit was filed Thursday in the Eastern District of Virginia in Alexandria, Va., a court known for its expertise in technology law. The lawsuit was filed under the federal CAN-SPAM law passed by Congress in 2003 and also under the state of Virginia's anti-spam statute. The federal law established the first national standards for commercial e-mail messages and authorized the Federal Trade Commission to enforce the rules.

Unspam Technologies, which sued under the name Project Honey Pot for a coalition of Web users against spam, is seeking relief for some 6 million spam messages the users have received, meaning they could claim up to $600 million in damages. Praed added that because the spam was sent via aggravated circumstances, the plaintiffs could claim damages up to three times that amount.

The companies misleading or deceitful actions to send the spam prompted the aggravated circumstances, Praed said.

"I don't want to be flippant and say we'll take everything we can get, but that's kind of what it is," Praed said.

Project Honey Pot is a worldwide effort to attack spam. Essentially, tens of thousands of Web users in 100 different countries helped track spammers and messages by placing computer code on their Web sites. That code creates a unique and one-time e-mail address when spammers attempt to harvest an address using what are known as spider bots.

When those e-mail addresses receive spam, the cycle is completed and enough data is collected to start tracing the spammer, the lawsuit states.

The lawsuit names only "John Does" as defendants, a legal approach to sue people whose identities have not yet been established. Now that the suit is filed, the attorneys on the case can use court remedies like subpoenas to find the real identities, which are shielded or hidden through technological efforts.

Prince says the effort of the tens of thousands of people helping find the data for the case makes the lawsuit impressive.

"This is literally the Internet suing the spammers," he says.

There have been unending attempts to end or at least cut down on spam, including a debate within the federal government to create a Do Not E-mail list similar to the Do Not Call list. Avi Rubin, a professor of computer science at Johns Hopkins University, was hired by the Federal Trade Commission to study whether such a list would work.

Rubin, who said a Do Not E-mail list was a viable solution, says lawsuits like the one filed Thursday have potential to be a better avenue to getting rid of spam, especially when done in conjunction with technical approaches.

"Legal action might have some effect and if nothing else slow it down," Rubin says.