Feeds

Spamhaus victorious after 5-year fight with mass mailer

Long road leads to dead end, in a minefield, up a creek

Internet Security Threat Report 2014

Spamhaus has finally prevailed in a long-running US court action against it by e360 Insight, a firm it blacklisted for spamming.

e360 Insight sued Spamhaus in the US over the blacklisting way back in 2006. Spamhaus, which is based in the UK, argued (on the advice of lawyers) that it was outside the jurisdiction of US courts. Judge Charles Kocoras allowed the case against Spamhaus to proceed despite this and awarded a default judgment in favour of e360 Insight for a whopping $11.7m.

The default judgement was used by e360 Insight in a failed attempt to pressure ICANN into removing Spamhaus' domain records. Judge Kocoras ruled the sanction was too broad and rejected the bid.

The original judgment was appealed and sent back to district court for a second hearing, where much reduced damages of $27,002 were awarded last week, two years after e360 Insight filed for bankruptcy, citing the legal cots of fighting the case as one of the reasons for the failure of the business. The defunct firm was characterised by Spamhaus as a Chicago-based one-man 'bulk email marketing' firm. e360 Insight, which was owned by David Linhardt, allegedly spamvertised bargaindepot.net (prop. David Linhardt) via junk mail messages that violated the US CAN SPAM Act.

Spamhaus' lawyers appealed for a second time to argue that the damages awarded against the anti-spam organisation were still too high. The US Court of Appeals found in favour of Spamhaus on Friday, reducing damages to the token value of $3 and ordering e360 Insight to pay Spamhaus' defence costs. The ruling criticises e360 Insight's conduct throughout the case, particularly criticising it for failing to come up with any evidence for the supposedly astronomical financial losses Spamhaus's actions had caused it to suffer and for repeatedly failing to file legal papers on time (ie, to meet basic discovery obligations).

By failing to comply with its basic discovery obligations, a party can snatch defeat from the jaws of certain victory. After our earlier remand, all e360 needed to do was provide a reasonable estimate of the harm it suffered from Spamhaus's conduct. Rather than do so, however, e360 engaged in a pattern of delay that ultimately cost it the testimony of all but one witness with any personal knowledge of its damages. That lone witness lost all credibility when he painted a wildly unrealistic picture of e360's losses.

Having squandered its opportunity to present its case, e360 must content itself with nominal damages on each of its claims, and nothing more. We VACATE the judgment of the district court and REMAND this matter with instructions to enter judgment for the plaintiffs in the amount of three dollars.

A full history on the case, from Spamhaus's perspective, can be found here. Independent comment can be found on Eric Goldman's technology and marketing law blog here.

Goldman concludes that the Spamhaus case illustrates that courts are ultimately likely to favour filtering services and ISPs rather than bulk-mailing firms in cases involving spam blacklisting.

"Spamhaus ended up traveling the long road and ultimately defeating e360, but it's nice to see it prevail. As the Holomaxx v. Yahoo and Microsoft cases indicate, lawsuits brought by emailers against ISPs or filtering services face a long and uphill road, which should lead to a dead end," he writes. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.