Microsoft may have a bad reputation in some circles, but theyre George Washington compared with the average mass-spammer. So filing suit in the United States and United Kingdom against 15 major spammers solves two problems. Its hard not to feel good about this action, although Im sure some will find ways to construct criticism of Microsoft out of it. Vigorously pursuing cases like this would be just about the best PR move the company could make.
For years legislators sucking up to the direct-marketing business blocked any meaningful anti-spam legislation, and there still is no real federal law on the subject. Its stupid in the extreme that all the law these days is at the state level, since even a U.S. law is arguably too local to handle the Internet. But with 40 percent to 50 percent of all e-mail comprising spam (according to Microsoft), the popular appeal of anti-spam legislation will soon be too hard to resist. The next trick we can expect is legislation that purports to fight spam but that is actually toothless. As long as bad federal laws dont pre-empt state laws, at least there will be an option.
If it were possible to cut severely the amount of misrepresentation in spam, then conventional filtering tools, even just blacklists, would be more effective. And remember, spam is so ubiquitous because the costs are so low. If litigation were to become one of the costs, or at least a potential cost, it would have a salutary effect.
Obviously, laws alone cant solve this problem, but they should do a lot more. The content of the spam over which Microsoft is suing is offensive, but what Microsoft rightly emphasizes is the fraudulent nature of the activity. At a bare minimum defendants spoofed from: addresses on their messages, they used deceptive subject lines and many used fraudulent headers in a further attempt to conceal the origins of the message. This is fraud, and its not unusual or unreasonable to expect the legal system—perhaps even criminal law—to help with the situation.
The 1998 Washington state law used in most of the cases focuses on such deceptive practices. It has been upheld by the Washington Supreme Court, although I dont see that it has been challenged yet in federal court. The UK Computer Misuse Act of 1990, used in two other cases, seems to emphasize organizations setting up Acceptable Use Policies—rules that spammers would presumably violate.
If Microsoft were to succeed, one can imagine many implications: Spammers may move in even greater numbers to countries where such legal recourse is not easily available. This is a serious concern even if, as Microsoft says, other countries are moving to pass laws to ban fraudulent practices. Eventually we may reach the point where users can just block all mail from countries without effective protections.
This ones a long shot, and it would be too ironic for words, but maybe spammers would start to avoid Hotmail and other Microsoft services, and perhaps this, too, is in the back of some minds in Redmond. I have my own Hotmail account. Send me some mail; it will be a relief from the dozens of obscene and illegal solicitations I get every day, and I have the Bulk Mail blocking turned on. (Last time I tested MSN8, it was better, but still nothing Id let kids see.)
So lets assume Microsoft wins some cases and collects damages; what should it do with the money? Its not like it needs the cash, although it would be fair for the company to cover its legal fees with it. But personally, I think that Microsoft should do something anti-spam with most of the money. Please send me suggestions, and Ill pass the good ones on the Microsoft.
In the end, though, I wouldnt worry too much about Microsoft actually winning cases and collecting damages. A perusal of Microsofts summary of the cases shows that many of the defendants are the same guy: "John Doe."
Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.