E-mail Harvesters Hit with $US1b Antispam Lawsuit

The defendants in the case are the "John Does" responsible for e-mail harvesting and spamming.

A $US1 billion lawsuit promises to open up a new front in the battle against spam: It targets not just spammers, but - for the first time - also those responsible for harvesting e-mail addresses on behalf of spammers.

The lawsuit, filed in the US District Court in Virginia, is one of the largest of its kind and is being filed on behalf of Project Honey Pot members in over 100 countries. Project Honey Pot is a service provided by Utah-based antispam company Unspam Technologies.

"If you've harvested e-mail addresses or sent spam in the last two years, chances are you're on our radar screen and we're coming after you," a note posted on the Project Honey Pot Web site said Thursday.

"This lawsuit is unique because we believe it is the first major case in the United States to bring a claim against spammers for harvesting e-mail addresses," the note said. "While this practice has been a penalty enhancement under the CAN-SPAM Act since it was passed, in most cases the data was not available in order to prove an address was harvested."

The case is being handled by Jon Praed, a founding partner of the Washington-based Internet Law Group, which has represented and won antispam lawsuits for clients such as Verizon Online and AOL in the past.

Project Honey Pot bills itself as a system for identifying spammers and the so-called spambots used by e-mail harvesters to scrape addresses from Web sites. Web site owners can install honey pot software on their sites that allows them to identify spam, as well as when the e-mail was harvested by the spammer - and the IP address of the harvester.

The defendants in the case are the "John Does" responsible for e-mail harvesting and spamming, Praed said. "Spammers are very good at hiding themselves. But what they can't hide are the data points that they use [for spamming]. We have got a lot of those data points."

Among the terabytes of data Project Honey Pot has collected are more than 6 million spam e-mails, 2.5 million IP addresses from which spam was sent and about 15,000 IP addresses belonging to e-mail harvesters.

The data will allow the plaintiffs to ask the court to subpoena ISPs for the identities of the owners of some of these IP addresses, Praed said. "We are going after the largest targets. The discovery will focus on the big fish. Some of these guys have made a big mistake. They have failed to use anonymity. If you are going to commit an Internet crime everything has to be anonymous."

Often in antispam litigation the biggest stumbling block is establishing the identity of the spammer, Praed said. "What they are engaged in is such inappropriate behaviour they usually can't defend themselves to anyone," once they are identified.

Unlike many other antispam initiatives, Project Honey Pot does a good job of gathering evidence against e-mail harvesters that will probably stand up in a court of law, said John Levine, chairman of the Internet Anti-Spam Research group. "They have an enormous database where they have evidence of those who collected e-mail addresses for spamming. Although spam comes from different places, in reality there are only a few who harvest addresses for spammers."

Going after such harvesters is a good tactic, he said. "The more expensive and risky we can make it for them the less spam" there will be.

The fact that Praed is representing the case is also a good sign, Levine said. "This looks like a good case. He wouldn't take this if he didn't think he could win."