RealTime IT News

Microsoft: CSI for the FTC

The U.S. Federal Trade Commission (FTC) brought charges against seven companies whose affiliates broke federal anti-spam laws, with help from Microsoft investigators.

The charges, brought under provisions of CAN-SPAM, held the companies responsible for actions of affiliate marketers who sent X-rated unsolicited e-mails. Microsoft's Internet Security division aided the investigation, which took more than a year.

The charges were filed under the Adult Labeling Rule provision of CAN-SPAM that requires e-mail containing pornographic material to use the phrase "SEXUALLY EXPLICIT" in the subject line of the message. They also must make sure that when an e-mail is opened, graphic sexual images aren't immediately displayed.

In a statement, Lydia Parnes, director of the Bureau of Consumer Protection, said X-rated e-mails that don't follow these guidelines are "electronic flashing."

In addition to lacking the required subject line, the FTC charged that the e-mails contained neither opt-out mechanisms nor a street address; both are required for all commercial e-mails.

"The adult labeling rule went into effect May 19 2004," said Jon Kraden, an attorney in the FTC's Bureau of Consumer Protection. "Once that rule went into effect, we knew we were going to want to bring enforcement actions under it."

FTC investigators pored through the hundreds of thousands of e-mails submitted by consumers to identify targets, Kraden said. Then, the agency enlisted Microsoft, which did a similar analysis on its own spam archive, gleaned from over 130,000 "trap accounts."

Microsoft has opened more than 130,000 e-mail accounts at MSN Hotmail, according to Aaron Kornblum, a Microsoft Internet Safety Enforcement attorney. The accounts, which don't belong to anyone and are never used in any way, sit outside MSN's filters. Eventually, they begin to receive spam due to dictionary attacks in which spammers send e-mails to randomly generated addresses.

"We looked for illegal spam in our trap accounts that were advertising the Web domains the FTC was looking closely at," Kornblum said. The group's 12-person Internet safety team then tried to identify the senders and the companies on whose behalf the spam was sent. "In the process, we captured a lot of evidence," he said.

The investigators converted much of the spam to PDF files to preserve it, because links in pornographic e-mail typically don't stay active for long, Kornblum said. "Federal prosecutors need to preserve that evidence in a format that would be useful at trial."

The cases announced today by the FTC are all against companies who employed spammers; none of the cases are against individual spammers.

"We felt we could have a bigger impact on the problem by focusing on the adult entertainment companies that were funding a lot of x-rated spam that was sent," the FTC's Kraden said. He added that the FTC has gone after individual spammers in the past, and it will do so again.

Of the seven companies charged on Wednesday, four already have reached settlements with the Commission. BangBros.com will pay $650,000 in civil penalties; MD Media will shell out $238,743; APC Entertainment was dinged with a $220,000 charge; and Pure Marketing Solutions and Internet Matrix Technology will together pay $50,000. The settlements contain record-keeping provisions to allow the FTC to monitor the defendants’ compliance with the orders.

The FTC filed U.S. District Court suits against the other three companies that didn't settle: TJ Web Productions, Cyberheat and Impulse Media. The suits seek civil penalties and a permanent bar on the illegal marketing.