The black hole of death: beware, it could engulf you.We all hate spam. The dozens, if not hundreds, of emails you receive promising new investment opportunities in Nigeria, refinancing your house or attracting men or women. They are more than annoying--they cost time, resources and in cases when you are accessing email through wireless or other "pay per Kb" services, money. In many cases they violate state laws, such as the Washington state "do not spam" law. To combat this problem, many companies have turned to entities that compile so-called "black hole 1. black hole - An expression which depends on its own value or a technique to detect such expressions. In graph reduction, when the reduction of an expression is begun, the root of the expression can be overwritten with a black hole. If the expression depends on its own value, e.g. x = x + 1 then it will try to evaluate the black hole which will usually print an error message and abort the program." lists--lists of IP addresses of "known spammers." The companies then use these lists to block email to and from this range of IP addresses in the hope of temporarily blocking the mountains of spam their employees may receive. The "do not spam" list compilers also provide lists of domains--rather than simply IP addresses--from which the spam purports to have originated. These domains in turn are blocked from sending and receiving email to the enterprise that subscribes to the list. All well and good. But what if they have the wrong address? Increasingly, spammers are infiltrating computer networks and bouncing email through unsuspecting corporate mail servers. They do this either to avoid being put on black hole lists See spam filter and Blacklist of Internet Advertisers. themselves, to obtain a "friendly" email address, or to fool recipients about the source of the email. Thus, AOL/Time-Warner's Money magazine domain money.com is a fruitful email suffix for spam related to financial transactions, and Playboy Enterprise's play-boy.com is an enticing domain for sexually related email. Also, under the theory that you are more likely to open email that appears to originate from someone you know, spammers and worm writers alike are sending messages that appear to originate from inside your own company, with headers such as "important message from HR" or "About Your Job." The spammers need not actually penetrate the corporate email system to generate these false headers. if the corporate email server is penetrated, the IP address information will falsely show that the email originated from inside the company. If the email system is not penetrated, the IP information will show the actual source (well, at least the last place the email was bounced through), but the header will falsely show that the email came from inside a particular company. Many states have passed various types of anti-spam laws. Many of these statutes fine spammers who send email to persons who are not existing clients--usually on an "opt out" basis. Some states also have laws that prohibit false, fraudulent or misleading email messages-- messages that falsely indicate their actual source or subject. FTC and various consumer protection statutes prohibit false and deceptive trade practices, and likely could be used to cover most kinds of spam solicitations. Companies have mainly focused on the problem of preventing inbound spam. But increasingly the problem for companies has been that of outbound spam. When spam appears to originate from an unsuspecting site, the company suffers injury to reputation and good will. Moreover, they run the risk of being placed on one of these "black hole" lists. The black hole lists are managed by a loose confederation of anti-spam zealots, dedicated "public servants" and marketers attempting to sell a service. They are wholly unregulated, and make their own rules about who to list and de-list from their service. Essentially, their decision whether to "black hole" your company may be dictated based on whether or not you accede to their demands, and whether or not they like you or your product or service. If you appear to be "arrogant" or "uncooperative'' to them (and by them, it could simply be one person running such a list), you can be prevented from sending email to your clients or customers. The problem can be even worse if the black hole list operator perceives that you are somehow truly at fault for the spam--either because he or she feels you did not take enough steps to prevent the misuse of your email system, or because you were, in fact, the source of the spam. Who appointed these guardians of the electronic superhighway? Who set the rules under which they may decide to tell companies to block or unblock your email? The answer is, of course, only the marketplace. Companies that buy these lists must look carefully at the standards employed by the list compilers to make sure they are not blocking legitimate email, and therefore preventing legitimate business. But what recourse do the companies have when they find themselves in the black hole of death? They can try to placate or appease the list maker with a series of "mea culpas" and hope that the list maker removes them out of the kindness of his or her heart. Or, of course, they can sue. The law recognizes a civil action for "tortuous tor·tu·ous (tôr  ch - s)adj. interference with a business relationship." In essence, this is a lawsuit saying that the list maker is wrongfully interfering with the company's relationship with its clients and customers by preventing the company from communicating with these clients. Having many turns; winding or twisting. The key issue here is the tortuous or wrongful nature of the interference. The list maker would argue that, by purchasing and employing the list, the company that is blocking the email has stated its intention not to have contact with the alleged spammer, and therefore the interference is not "tortuous." Ultimately, it will come down to 1) the nature of the representations the list maker makes to its clients (what it says it will block and why), and 2) the reasonableness of its actions. The best way to avoid being put on a black hole list is to be vigilant about any abuse or misuse of your internal email system(s), to monitor any messages (including messages on the various anti-spam message boards) that may mention your company or its trademarks, and by establishing and maintaining an incident response capability (which includes, of course, advice from legal counsel) to help respond both to fictitious spam and to potential black holes. www.solutionary.com Mark Rasch, Esq., is executive vice president and chief security counsel for Solutionary, Inc. (Omaha, Neb.) |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion