Huge anti-spam suit targets email harvesters

"It is clear that the key to stopping spam is identifying those responsible for it, and getting that information into the hands of those capable of doing something about it," he said.

The suit is filed on behalf of 20,000 users of the company's anti-spam tool, which takes its name from its methodology. It generates pages that create fake email addresses. When those pages are visited by spammers the IP addreses are recorded. If those emails later turn wind up receiving spam, Upspam has drawn a connection between harvesters and spammers.

"We've found that the Internet addresses of those doing the harvesting is a much smaller universe of those who are actually sending the messages, and locating [the harvesters] may give us good indicators of who out there is at the top of these spam operations," Prince said.

Roughly 175 Project Honey Pot Web sites located in Virginia have distributed approximately 36,000 e-mail addresses to harvesters worldwide. Of those, 111 e-mail harvesters used Internet addresses located in Virginia, and another 21,000 Virginia-based PCs have been identified as direct sources of junk e-mail. On 245 occasions, the John Does named in the suit have relied entirely on Virginia-based Internet addresses to harvest e-mail addresses and to blast out junk e-mail, the complaint alleges.

The case was filed under the Virginia anti-spam statute, as well as a federal 2003 anti-spam law. The statute penalizes fraudulent senders of unsolicited bulk e-mail at $1 per message, or $25,000 per day that any offending message was transmitted. The federal law, known by its acronym "CAN-SPAM," authorizes fines of $100 for every attempted transmission of a spam message containing false or misleading transmission information. Damages increase three-fold if a victim's e-mail address was harvested from a public Web site.