The Web    Google
Fighting to Keep Smut-Spam in a Brown Wrapper

Fighting to Keep Smut-Spam in a Brown Wrapper
December 2, 2004

Microsoft (Quote, Chart) has fired another salvo in its ongoing spam battle, this time against porn peddlers who don't keep their smut inside the digital equivalent of a "Brown Paper Wrapper."

The software giant said it filed seven lawsuits against alleged violators of the federal CAN-SPAM law that violated various provisions of the act, including the new "brown paper wrapper rule". The rule, which was adopted back in May of this year, stipulates that smut solicitations include a subject line that includes the label "SEXUALLY-EXPLICIT". That same label also must be included in the body of the e-mail itself.

The rule is considered to be the digital equivalent of a "brown paper wrapper," which is a legal requirement for adult materials to covered with a wrapping.

"Sexually explicit materials that are for sale in stores are required by law to be covered from view by a brown paper wrapper. Microsoft believes it's important that we protect people online in the same way," Aaron Kornblum, Internet safey enforcement attorney for Microsoft, told

In addition to CAN-SPAM, the lawsuits also allege violations of Washington's Commercial Electronic Mail Act. According to Microsoft, the alleged violations include "using compromised computers around the world to route spam e-mail messages, using misleading subject lines, and failing to include an unsubscribe option and physical address."

The alleged violators were identified in court documents only by the names under which they do business. The seven names listed by Microsoft are,,,,, and

The actual real names of the defendants were only noted as "John Doe" defendants to the Washington State Superior Court where the lawsuits were filed. In Microsoft's estimation, hundreds of thousands of messages were collectively sent by the unnamed defendants in the filed cases. Microsoft named the defendants as "John Doe" as they currently do not actually know the true identities of the alleged violators.

Micosoft's Kornblum explained that it was typical for Microsoft to start spam litigation in the John Doe manner.

"It's quite necessary to do it this way because we in our investigations reach an electronic dead end. We reach a point where we come to an IP address or e-mail account or some other place that we can't move past without the assistance and power of the courts," Kornblum said.

"By filing an action at the courthouse, it enables Microsoft to gain subpoena power to go to the ISPs and the payment processors and say we'd like to know who's operating this account." Through further investigation, Microsoft is able to learn a great deal more and has been successful in amending complaints to include the real names of the defendants, he added.

In September of this year, Microsoft filed suit against a Web hosting company that claimed to help spammers avoid being shut down. Kornblum noted that the defendant in that case had been served and that the case was ongoing.

  • 9/9: Mydoom-U Worm Packed with UPX
  • 'Land' Bug Back to Bedevil Microsoft Servers
  • Disaster Recovery Vs. Business Continuity
  • Keeping Score of Identity Risks
  • Symantec Offers Enhanced Portal for Enterprises
  • 5/10: Mydoom-BQ a Mass-Mailing Worm
  • RSA's acquisition of Securant gets good reviews
  • Security Experts On Alert for Large-Scale Hacker Assault
  • Hitachi offers up centralized application security platform
  • CERT, ArcSight Partner With 3 Universities On Security Sharing
  • Single Network Identity: Holy Grail or Nightmare?
  • Cheap Security Camera