Hijackers lay traps for errant emails

Look-alike addresses steal email from careless senders

On October 15, New York telemarketing consultant Geri Gantman resigned in protest from her trade association and fired off an angry e-mail that detailed her gripes.

The message fell into the hands of Russell Smith, a consumer activist and arch-foe of telemarketers, and Gantman figured someone leaked it. In fact, she sent it to him herself. The group's e-mail address is ataconnect.org. But she typed ataconnect.com -- which is a spot on the Internet that belongs to Smith.

He acquired the look-alike address last winter and set it up to accept any e-mail that comes in. Since then, he says, he has received a pile of messages intended for people at the telemarketing association. "Even their own staff types .com," Smith crows.

Already, the Internet is awash in Web sites that trick people into clicking on by using addresses that vary only slightly from the sites being mimicked: an extra letter here, a dropped hyphen there.

Now, in near secrecy, some of these same look-alike Web sites are grabbing e-mail as well. A convenience of the Internet makes this easy to do: Most firms and organisations run their email systems from the same addresses they use for their Web sites.

E-mail pirates don't even need to know software code. For an extra $3, the outfits that set up Web sites will throw a few switches so the sites collect email, too. Then all it takes is a sender who mistakenly types the look-alike address, and the message gets snagged.

This trickery is so new that it isn't yet clear whether it can be stopped. Nor is it easy to avoid getting tripped up. Lawyers are emailing memos to the very people they are writing about. Voters are sending offers of money to their candidate's foe. Companies are losing customers, and perhaps even more. The technique is so seamless that computer experts assume that some firms use hijacked email to snoop on competitors.

Not all misdirected email is being pirated. The proliferation of Web sites has made innocent confusion commonplace. Adams Capital Management, a venture-capital firm based in Pennsylvania, evidently shares a look-alike address with a mutual fund, whose clients occasionally email Adams by mistake. "I write back and say you've got us confused," says office manager Lynn Patterson.

Some people trying to reach the mayor of New York are getting a different reply. Rudolph Giuliani's senatorial campaign had snapped up a bunch of Internet names before settling on RudyYes.com for his campaign site. Then he let his registration on the others expire.

In July, a free-spirited group that lampoons companies and public officials picked up one address it says the mayor let go: YesRudy.com.

Now, half of the 30 email messages that the group, RtMark, receives each day at this and another look-alike Giuliani site are intended for the mayor, says the group's spokesman, Frank Guerrero. "Wanted to send a contribution," one emailer wrote last month.

Guerrero says he generally fires off a mischievous reply. "It is not often that one barrels headlong into a difficult race full of unanswered questions, even less often that one barrels headlong into a difficult race full of unasked questions. I am doing both," reads one such reply, signed "Rudy."

Bruce Teitelbaum, spokesman for the mayor's political committee, says he didn't know the YesRudy site garnered email intended for the mayor. "There is nothing we can do," he says, citing the group's right to free speech.

Is email snagging legal? It's murky. Some pirates liken their act to picking up the phone when the caller has dialed a wrong number. They also point fingers at the email sender for not being careful enough.

Those who get snatched say it is more like a toll-free number that has been created to resemble another, in hopes of siphoning off calls. They also point out that it is already a crime merely to open regular mail that is sent to the wrong address and that other criminal statutes might apply to misdirected email. Some companies have successfully argued that their Web names are trademarks and that anyone who uses a look-alike address is creating confusion by being deceptive.

"Regardless of whether it's a violation of electronic espionage law, I do think you can make a case for trademark violation if you can show that someone hijacking emails is causing real confusion," says David Bernstein, a Debevoise & Plimpton attorney who chairs the American Bar Association panel on Internet law.

"One element of damage," Bernstein adds, "is that the sender never knows their email is missing." Neither does the intended receiver. For months, Jews for Jesus had lost email to a New Jersey man named Steven Brodsky who opposed the San Francisco religious group. He received the messages through an Internet name that was identical to the group's Jews-for-Jesus.org -- except his didn't have any hyphens. "I was blessed when one of your people came to our church," wrote a Baptist man from Oregon who left out the hyphens.

Brodsky hadn't intended to hijack the group's email, says his attorney, Ronald Coleman. Rather, in creating his Web site, Brodsky purchased software that automatically included the feature of accepting email, Coleman says.

The group discovered about a dozen lost messages when it sued Brodsky last year for trademark infringement. Then, in battling Brodsky, the group's own lawyers failed to use the hyphens on one email they intended to send to the group.

"In the middle of the litigation I get an interoffice communication from the San Francisco office of my adversary," says Coleman. "It was to his client, but he used the wrong address, and it went to my client."

"That is true," sighs attorney Paul Winick, whose colleague actually sent the errant email, which Coleman returned. "It is really a cautionary tale." In court, Coleman argued that Brodsky's acerbic site could not be mistaken for the religious group. But Jews for Jesus prevailed last year when a federal judge in New Jersey ruled that Brodsky deceived the public through trickery.

Still, fending off look-alike Internet names can be so costly no matter who wins in court that Coleman advises his corporate clients to buy up all the names they can. "You have to register 60 paces in every direction," he says. "Even the likely typos. With hyphen and without hyphen. It's absurd."

Email hijacking has added new urgency to the game of stockpiling Internet names. A southern California firm that sells goods through an Internet catalogue says it is struggling with the owner of a similar name, who is seeking to sell it for a six-figure sum.

For now, the look-alike name's owner is replying to the firm's customers who misdirect their email to him -- without disclosing that they have reached the wrong place, says the catalogue firm's attorney, Neil Smith of San Francisco. "He insults them," says Smith. "He is driving the customers away." He declined to name either firm because of possible legal action.

Russell Smith, the consumer activist based in Virginia says he has registered as many as 600 Internet names, which he swaps or sells or links to his own Web site that promotes consumerism. Most of his stock is generic, like Merrychristmas.org, which he hopes will prove valuable someday.

He also has Web names resembling those used by three telemarketing groups, including American Teleservices Association, of North Hollywood, from which Gantman -- a senior partner with the consultant firm Oetting & Co. of New York -- resigned last month.

"This smacks of Big Brother," says Gantman, who had not known how her email strayed to Smith until she was contacted by this newspaper. "We're going to be real careful with those dot-orgs from now on."

Donna Bryce, a telemarketer and the association's communications director, says she also was unaware of Smith's email system. "It would concern me when things go astray," she says. But, she adds, "it's a free country, and he has a right to his Web mail." She declined to discuss Gantman's letter.

Smith says he routinely sets up all his sites to receive email and did not target the telemarketers. But when their messages began streaming in, he decided to keep them coming as a weapon in his battle for consumer rights. "I want the messages," he says. "They sc*** me, and I want to sc*** them. It's revenge."

Much of the telemarketers' email, he adds, consists of jokes being passed around. "It's mostly a waste of time," he says. One exception arrived in January. It was an email from attorney Roger Kirkpatrick, a consumer marketing specialist with Time Warner with whom Smith had been fighting.

Smith had been pressing Time Warner to detail its consumer-privacy policies, and Kirkpatrick wrote an email to his legal colleagues and an official at the Direct Marketing Association, a New York trade group to which Time Warner belongs.

Kirkpatrick in the email laid out his strategy to curb Smith's inquiries. "This guy is EXTREMELY obnoxious," he wrote. "We ... have nothing more to say or send to him."

The email went straight to Smith, when it was mistakenly addressed to his look-alike Direct Marketing name. "Clearly the email was not intended to go to him," says Kirkpatrick, adding that he had not known how Smith had obtained his email.

Smith, for his part, replied to Kirkpatrick's misdirected e-mail, refuting some matters, agreeing with others. "One final thing," Smith wrote. "I would like to take this opportunity to welcome both you and the DMA to the Internet."

Take me to Hackers