Un-Due Process - Part 1

"Automatic complaints are sent when a filter whose action is set to Kill after complaining is triggered. For each filter, you can configure who the complaint should be sent to. ... The message body is also scanned for e-mail and website addresses. If any addresses are found, they're added to the lists mentioned above." Source: http://www.spamkiller.com/Features.html SpamKiller is spam filtering software. Its purpose is to scan incoming email for spam and take appropriate action in response to those messages that are identified as spam, such as automatic deletion. Another handy function is that the software allows the user to generate automatic and manual complaint emails which the user then sends to the webmaster of the offending domain as well as any number of other recipients such as spam-reporting "authorities" and the webhost and/or ISP of the person sending the offending mail. Good idea, you say? Fair enough, you say? Well ... maybe. Note the quote above: "... The message body is also scanned for e-mail and website addresses ... [and] added to the lists mentioned above", i.e. the list of recipients of the complaint. Now, imagine this. Let's say you're a paying advertiser in my ezine. Your ad contains your URL and email address. I spam mail my ezine or send it to someone who forgets they subscribed and they think it's spam. Imagine further that the recipient of my so-called spam uses SpamKiller software (or some similar program). The software scans the message header and extracts the relevant information about the person who sent the email (me). Fair enough. Assuming that it IS spam, of course. But the capability of the software doesn't stop there. As mentioned in the above quote, it also scans the message BODY, which contains your ad, and adds your URL and email address to the list of recipients of the complaint. The ever-diligent big-spam-hunter also makes sure that one or more spam-reporting "authorities" is copied on the complaint. WeStopSpam.net*, diligent, professional organization that it is, immediately and automatically forwards the complaint to abuse@yourdomain.com and your webhost, an equally diligent, professional organization shuts your site down for three days for spamming. You, of course, learn about all of this AFTER the event. Think it can't happen to you? Think again. It happened to me. This week. Except I wasn't a paying advertiser in the offending ezine. The publisher of the ezine reprinted one of my articles. The article contained my resource box. The resource box contained my website URL. SpamKiller added my URL to the list of recipients of the email complaining of the "spam", copied WeStopSpam.net and WeStopSpam.net forwarded the email to abuse@ahbbo.com with the result that my webhost, DumbHost*, shut down my site for what was to be three days. The actual downtime was two hours. By that time I had threatened to sue and they finally got around to actually READING the offending email and realizing that I, in fact, was just an innocent bystander. There is so much that is wrong in this whole scenario that it's hard to know where to begin. THE PERSON WHO GENERATED THE COMPLAINT Let's start with the individual who generated the complaint in the first place. This is the person using the SpamKiller software. His email to me (which was auto-generated by SpamKiller) contained the following subject line: "UCE Complaint (So-and-So Newsletter*)" The body started out: "I have received the attached unsolicited e-mail from someone at your domain. [He had not.] "I do not wish to receive such messages in the future, so please take the appropriate measures to ensure that this unsolicited e-mail is not repeated. "--- This message was intercepted by SpamKiller (www.spamkiller.com) ---" The full text of the intercepted message followed. The header of the offending email clearly showed that the sender of the email was someone from so-and-so.com*. Unfortunately, the newsletter concerned contained virtually nothing but my article interrupted by what I assume were paid ads. I'm sure that the paid advertisers in this particular ezine also received a complaint and that WeStopSpam.net received a copy and automatically forwarded it to the advertiser's ISP and/or webhost who may or may not have shut them down, at least temporarily. (Hopefully not all webhosts are of the calibre of DumbHost when it comes to this sort of thing.) So, this individual, in his zealousness to rid the Internet of spam, blithely dragged the names and reputations of at least half a dozen perfectly innocent bystanders through the mud. The moral of the story? If you use spam-filtering software and the complaint-generating function that comes with it, have the common decency and responsibility to stop and think about who you're adding to your hitlist. If you don't, and you get it wrong, don't be surprised to find a process- server on your doorstep. SPAM FILTERING SOFTWARE To give SpamKiller its due, it appears to be an excellent product. There's a free 30 day download available at http://www.spamkiller.com . I downloaded it myself to see what, if any, cautions are given to users about the need to make sure that the recipient of the complaint is, in fact, responsible for the email concerned. Well, there is such a caution but it took me a good 45 minutes to find it. The software comes with an excellent, comprehensive built-in help facility. Tucked away at the end of the page on "Sending manual complaints" is the caution: "Note: SpamKiller does not check that the loaded addresses are appropriate for the selected message. Don't use a ... complaint unless you are certain that its recipients are responsible for the spam that you are complaining about." I would respectfully suggest that this warning be displayed in a more prominent position, coupled with warnings about what can happen to those who use the software in an irresponsible manner so as to ensnare innocent parties. WESTOPSPAM.NET Now, let's take a look at WeStopSpam.net's role in all of this. In my case, "all" they did was forward a complaint they had received from our friend in the previous section to my webhost. Here's what they sent: "From: 17846286@reports.westopspam.net To: abuse@dumbhost.com X-Loop: one Subject: [WeStopSpam (http://www.ahbbo.com) id:17846286] So-and-So Newsletter Date: Sun, 25 Feb 2001 23:14:50 -0700 (MST) X-Mailer: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) via http://westopspam.net/ v1.3.1 - WeStopSpam V1.3.1 - This message is brief for your comfort. ... Spamvertised website: http://www.ahbbo.com > http://www.ahbbo.com is 63.249.189.106; Tue, 27 Feb 2001 02:56:58 GMT Offending message: ..." So, my website was reported for spamming because it was "spamvertised" - lovely butchering of the English language, I must say. This appears to be a coined term for a website that is advertised by means of spam. This means that any paying advertiser in the ezine itself is treated as a spammer, merely because spam was used to send the ezine. I checked out the website of the ezine concerned. It proclaimed that its 85,000 subscribers were all "opt-in" i.e. that the subscribers each took some positive step to have their email address added to the ezine's mailing list. Any reputable advertiser is going to be concerned that the recipients of the ezine are opt-in, so this would have been of comfort to the advertisers concerned in this instance. Mind you, when I sent an email to the address displayed at the publisher's site, it bounced. Maybe this person IS a spammer. I don't know. And that's the point. How are you supposed to know that if you're just the advertiser or article author? But, as far as WeStopSpam.net is concerned, that doesn't matter. The mere fact that the advertiser's opportunity was advertised in the allegedly spam email is sufficient to make the advertiser a legitimate target. In my case, I didn't even advertise! The publisher of the ezine ran my article. How many of you out there make your articles freely available for reprint? WeStopSpam.net would presumably have you restrict the reprint rights to your articles to only those publishers who you know for a FACT are sending to a 100% guaranteed opt-in list. How do you do that? Quite simply, you can't. To expect any such thing is just unreal and smacks of an appalling lack of understanding about how the online world works. A reasonable compromise would be if reprint rights were granted to publishers who send their ezine to an opt-in list. I would have no objection to that. Of course, that wouldn't help you with WeStopSpam.org because their policy is to shoot first and ask questions later ... but wait, on second thought, they don't even ask questions later. They just shoot. You don't get a "please explain" or anything else. You're convicted first and then it's up to you to prove that you're innocent. Of course, by then, the damage is done. But WeStopSpam.org doesn't care. I'm sure they see it as just a casualty of war.