Internet spam is no longer a joke to angry businesses. They increasingly are fighting back with civil and criminal lawsuits and offering rewards for information leading to arrests. In some cases, users are even trying chargeback tactics.
Driving the get-tough attitude is mounting frustration over crippled and lost business because of overloaded electronic-mail servers, trademark infringement and the nefarious combination of return address impersonation known as spoofing and blasts of spamming email advertisements. Faced in some instances with death threats, exasperated and angry World Wide Web site administrators are trying anything and everything including offering bounties for the names of spammers and risking online vendettas in the process.
Particularly vulnerable to spamming which some observers call "Internet terrorism" is a company's image, which businesses spend untold dollars building, maintaining and protecting.
One high-profile example is Samsung America's nightmare, which began July 19 when a fake advertisement blasted across the Internet to millions of electronic mailboxes. The angry replies caught Samsung by surprise. It hadn't sent out the advertisement.
Other messages bearing Samsung's return address have swamped unsuspecting mailboxes since then, including a missive purportedly from a Samsung attorney claiming "fraudulent and actionable transgressions" on the recipient's part. Two of Samsung's Web-hosted clients La Costa Resorts and Big Dog Sportswear also had suggestive and misleading advertising messages sent out with their names attached. They, in turn, have been inundated with complaints.
Samsung has been so hard hit - getting 6,000 to 10,000 email messages per day and hundreds of telephone calls worldwide - that the FBI is looking into the matter. Samsung has spent millions of dollars on its brand image and desperately wants the spamming to stop.
"We assume whoever is doing this buys lists of email addresses from someone," says Sang Cho, Samsung's in-house counsel, in an interview with Computerworld. But the company doesn't know why or who holds the grudge. It intends to file civil and criminal charges when the perpetrator is unmasked.
In another case of fake ads, Strong Capital Management, a financial services company in, Wisconsin, is suing a spammer for allegedly stealing its address, thinking that recipients would be more likely to open mail from a prestigious firm than an ordinary Internet marketer. Such mail is hated by recipients and is a bane of Internet service providers.
But now the impersonated legions are beginning to fight back. Although there are no results in any of these cases yet, here is a sampling of businesses going on the offensive with their beefs:
-- Two operators at SFF Net, a commercial online service used by science fiction and fantasy writers, have filed suit in Kings County, New York, against Carlos Lattin for sending out spamming emails with their forged return addresses. Their lawsuit claims trademark infringement, unfair competition, defamation and false designation of origin. The plaintiffs used New York laws to make the alleged impersonator's Internet service provider divulge Lattins name.
-- A novice junk mailer was sued in May by an online floral information service run by Tracy LaQuey Parker, an Internet author and education market development manager at Cisco Systems Inc. Parker opened the site's electronic mailbox one morning in March and saw what Samsung, La Costa and SFF Net have experienced: an avalanche of returned email and angry letters. "I was shocked by the onslaught," Parker said.
-- Jon Tara, operator of San Diego's Live.Net site, has experienced the same problem, but he hasn't been able to track down the spoofing impersonator. He is offering a US$100 reward for positive personal identification of the spoofer. A message on the site from Tara to the spamming perpetrator says, "I am going to hound you to the ends of the earth once I find out who you are. You will regret having used a Live.Net return address. If you are lucky, I will never find out who you are. If you are unlucky, I will. It will be the worst luck that you've ever had." Tara has fought with a service provider who has stopped shutting down spammers and won't provide Tara with identity information, claiming privacy requirements. The provider has called Tara's bounty offer vigilantism.
In February, Matthew Seidl, a Colorado University computer science student, filed a lawsuit against Greentree Mortgage and an unnamed bulk emailer for allegedly sending out a batch of spam with Seidl's "firstname.lastname@example.org" address in the From and Return-Path headers.
Seidl said in an Internet posting that he decided to take "whatever legal actions we have to take to restore our good name and recover the damages we suffered. We are doing our part to put an end to this type of net abuse."
Such attacks are difficult to deal with, says Nina Burns, an analyst at Creative Networks in Palo Alto, California. "Wackos have so much access to information that it becomes scary for an individual," she said. "But until authentication and digital signature technology become more widespread, I'm not sure what the answer is."
"We need some sort of digital Caller ID," says Jonathan Wheat, an analyst at the National Computer Security Association in Carlisle, Pennsylvania. Until then, Wheat said, this may be the price we pay for ever-increasing Internet connectivity.