Taking Action: Microsoft Brings Lawsuits Against Spammers

REDMOND, Wash., June 17, 2003 — Last month, Microsoft announced its anti-spam initiative, designed to help combat the proliferation of spam, the unwanted, often deceptive commercial e-mail sent to consumers. One of the key pillars of this initiative was kicked off today as Microsoft announced it has filed 13 civil suits in the U.S. for sending unwanted, deceptive commercial e-mail to Microsoft customers and two suits in the U.K. for illegal “harvesting” of customer e-mail addresses and other illegal spamming practices.

The U.S. suits are filed against alleged spammers that try to fool customers by providing false information in the “from” line of the e-mail or using deceptive subject lines, such as “Your Visa bill” or “Credit Card Refund” to trick them into opening the message. Microsoft has also amended two complaints previously filed in California against “John Doe” defendants accused of “harvesting” e-mails of Microsoft customers to name the specific individuals that it believes are responsible in those cases.

To find out more about why Microsoft has brought these suits and how these enforcement activities fit into the larger puzzle of eradicating spam, PressPass spoke to Tim Cranton , a senior attorney at Microsoft in charge of defining legal strategies in the spam lawsuits, and Stirling McBride , a senior investigator at Microsoft in charge of identifying and tracking down alleged spammers discovered by Microsoft technical teams.

PressPass: Spam has been a known problem for the past few years. Why has Microsoft decided to bring these civil suits against alleged spammers now?

Cranton: Our customers have told us they’re fed up with spam. This is a huge issue for our customers, especially when it comes to spam that is deceptive or exposes children to inappropriate content. We’re concerned about unwanted e-mail reaching our customers, and want to do everything we can to help ensure our customers have control over what comes into their inboxes.

Over the past year, the volume of spam has escalated to critical levels, and has reached the point where it’s threatening the viability of email. Today, an estimated 40 percent of all Internet e-mail is spam, and that number is expected to reach 50 percent by the end of the year. Microsoft and other ISPs (Internet Service Providers) have recognized that this is an industry-wide issue that needs to be addressed, and have committed substantial resources to the problem. Enforcement is one of those critical pieces, along with developing new filtering technologies, implementing strong legislation across jurisdictions, and creating industry best practices for sending legitimate commercial e-mail.

PressPass: There are many different kinds of e-mail that different people label as spam. What kind of spam activities is Microsoft taking civil action against?

Cranton: We’re focusing our efforts on the type of spam that troubles our customers the most: consumer deception and unsolicited pornography. Deceptive spam includes e-mail that uses misleading information — either about who sent the e-mail or what the e-mail is regarding — to trick the recipient into opening the mail because they think it’s something that it isn’t. These often come in the form of get-rich-quick schemes, adult services or purported health offerings. An FTC study found that an estimated 66 percent of spam has some type of false information, so this is a huge problem that must be addressed.

Another significant customer concern is unwanted, sexually explicit material that may reach children or that is otherwise offensive to recipients who did not request to receive such material.

PressPass: Because we’re dealing with the Internet, jurisdiction in bringing charges like this seems tricky. Under what statute is Microsoft bringing these civil suits?

Cranton: Thirteen of these suits are filed under the Washington State anti-spam statute, and the other two are being filed under the U.K. Misuse of Computers Act. We’re fortunate here in Redmond, because Washington State passed one of the first anti-spam statutes in 1998 that includes very strong consumer protection and enforcement mechanisms for ISPs. Christine Gregoire, Washington’s State’s attorney general, has been a staunch advocate of strong anti-spam laws to protect to consumers and brought the first ever state action against a spammer. We’re happy to be working with her on this.

But the spam problem does raise many complex issues around jurisdiction. To be effective in anti-spam enforcement efforts, Microsoft believes it’s important to have a strong national legislation against spam — in the U.S. and in countries worldwide — to make enforcement efforts effective.

PressPass: With two of the suits filed outside the U.S., it seems that Microsoft is taking a global approach to dealing with this problem.

Cranton: Definitely. Spam takes advantage of the pervasiveness of the Internet and the ease by which you can communicate with anyone around the world. To be effective, it’s critical we work not only with state and federal government agencies in the U.S., but also partner with government agencies and industry worldwide.

PressPass: Does Microsoft work with government agencies to bring criminal prosecutions against alleged spammers when appropriate?

Cranton: Yes we do, and we’re developing a strategy to refer more cases to law enforcement. When we encounter spam activity around serious criminal issues, such as child pornography consumer fraud, identity theft, and other priority enforcement concerns, we immediately notify the appropriate government agencies and do what we can to provide them with information they need to pursue criminal prosecutions.

PressPass: One reason spammers are so successful is they’re easily able to mask their identity when sending spam. It must be challenging to track spammers down.

McBride: It certainly can be. Today, it’s very easy for a spammer to falsify information in an e-mail about who sent the e-mail or where it came from. We try to determine from the e-mail itself where it came from, but spammers use a variety of ways to hide their identity.

We’ve set up a process to collect spam and analyze it, trying to identify the largest and most serious violators. We’ve set up thousands of e-mail “drop boxes” to identify spam. These are accounts that aren’t used to send or receive e-mail, so we know any e-mail received in the account was not solicited.

Our investigation team works closely with the technical teams at Hotmail and MSN to identify the biggest spammers, based on both customer feedback and these drop boxes. But the technical teams can only tell me so much about an alleged spammer. That’s where my work really begins, in the off-line investigation. My background is in law enforcement. I spent six years as a U.S. Marshall and four years with the U.S. Border Patrol. More recently, I’ve worked at Microsoft investigating issues around software piracy.

While a spam e-mail doesn’t offer many clues to go on, there is often at least one true thing in the e-mail, maybe a name or a phone number. Once we find some kind of lead, it’s a matter of following the money and wading through the company names and DBAs to identify who is actually sending the spam so we can file a claim.

PressPass: Spam is such a ubiquitous problem, you obviously can’t sue every spammer. Do you feel these lawsuits will be a deterrent to spammers?

Cranton: The long term solution to eradicating spam involves more then just enforcement, but enforcement is a critical piece of the solution. These cases represent an attempt to strike out against specific, deceptive practices of spammers and send a message to deter spammers from engaging in deceptive practices. The first step is to engage in discovery to determine the scope of the problem. The ultimate goal is obviously to stop these spammers from sending unwanted e-mail, so we will pursue compensation that we believe will effectively deter their behavior in the future.

If we can deter deceptive practices, that allows ISPs and consumers to more effectively create and set filters, giving them better control their e-mail systems and inboxes. Microsoft and the industry are developing new technologies that will make filters more effective, but they’ll only work if the information in the e-mail is accurate, and not deceptive. Strong enforcement against deceptive spam will also make it easier for legitimate, responsible commercial e-mailers to effectively communicate with customers, while still giving the customer the choice of what e-mail they see and what they don’t.

But again, long term, Microsoft feels very strongly that the spam problem requires a multi-pronged strategy that involves not just enforcement, but new technology, strong anti-spam legislation, and the development of industry best practices for legitimate commercial e-mailers. Each of these pillars depends on the other three to be effective.

PressPass: Recently, Microsoft and other industry leaders such as AOL and Yahoo have announced plans to collaborate on eradicating spam. Does this partnership extend to these enforcement efforts?

Cranton: The only way that we’re going to gain ground against spam is in collaboration with other companies in the industry and with government, and we look forward to sharing information on alleged spammers with others in the industry as well as the FTC and other government agencies to make sure that we’re using our resources most effectively.

PressPass: What are the longer term strategies for enforcement?

Cranton: We will vigorously pursue resolution of these cases to stop these defendants from sending spam. Longer term, we’re going to continue to devote substantial resources to support robust civil and criminal enforcement. Microsoft will also continue to invest in the other pillars of the anti-spam initiative: developing technology solutions, advocating strong legislation at the federal level and worldwide, and supporting the development of industry best practices for commercial e-mail. We also plan to significantly ramp up our global enforcement efforts. This announcement only marks the beginning of that effort.