A $1 billion lawsuit promises to open up a new front in the battle against spam by targeting email address harvesters for the first time.
The lawsuit, filed in the Virginia, is one of the largest of its kind and is being filed on behalf of Project Honey Pot members in over 100 countries. Project Honey Pot is a service provided by Utah-based anti-spam company Unspam Technologies.
"If you've harvested email addresses or sent spam in the last two years, chances are you're on our radar screen and we're coming after you," a note posted on the Project Honey Pot website reads.
"This lawsuit is unique because we believe it is the first major case in the United States to bring a claim against spammers for harvesting email addresses," the note said. "While this practice has been a penalty enhancement under the CAN SPAM Act since it was passed, in most cases the data was not available in order to prove an address was harvested."
The case is being handled by Jon Praed, a founding partner of the Washington DC-based Internet Law Group, which has represented and won anti-spam lawsuits for clients such as Verizon Online and AOL.
Project Honey Pot bills itself as a system for identifying spammers and the so-called spambots used by email harvesters to scrape addresses from web sites. Web site owners can install honey pot software on their sites that allows them to identify spam, as well as when the email was sent to was harvested by the spammer - and the IP address of the harvester.
The defendants in the case are the "John Does" responsible for email harvesting and spamming, Praed said. "Spammers are very good at hiding themselves. But what they can't hide are the data points that they use [for spamming]. We have got a lot of those data points."
Among the terabytes of data Project Honey Point has collected are more than 6 million spams, 2.5 million IP addresses from which spam was sent and about 15,000 IP addresses belonging to email harvesters.
The plaintiffs will be able to ask the court to subpoena ISPs for the identities of the owners of some of these IP addresses, Praed said. "We are going after the largest targets. The discovery will focus on the big fish. Some of these guys have made a big mistake. They have failed to use anonymity. If you are going to commit an internet crime everything has to be anonymous."
Often in antispam litigation the biggest stumbling block is establishing the identity of the spammer, Praed said. "What they are engaged in is such inappropriate behaviour they usually can't defend themselves to anyone," once they are identified.
Unlike many other anti-spam initiatives, Project Honey Pot does a good job of gathering evidence against email harvesters that will probably stand up in a court of law, said John Levine chairman of the Internet Anti-Spam Research group. "They have an enormous database where they have evidence of those who collected email addresses for spamming. Although spam comes from different places, in reality there are only a few who harvest addresses for spammers."
Going after such harvesters is a good tactic, he said. "The more expensive and risky we can make it for them the less spam" there will be.
The fact that Praed is representing the case is also a good sign, Levine said. "This looks like a good case. He wouldn't take this if he didn't think he could win."
The lawsuit is part of a week-long series of announcements from Project Honey Pot. On Monday, it announced new honey pot software called QuickLinks designed to help bloggers using services such as Typepad and Blogger - as well as anyone owning hosted web sites - to track email harvesters and spambots. On Tuesday, it announced a new service for tracking "comment spammers" who leave comments containing links to web sites on blog postings and wikis.
On Monday, Project Honey Pot announced a new service that will allow those using its service to create black lists to automatically block comment spammers and harvesters from accessing their site.