"Automatic complaints are sent when a filter whose action is
set to Kill after complaining is triggered. For each filter, you
can configure who the complaint should be sent to. ... The
message body is also scanned for e-mail and website
addresses. If any addresses are found, they're added to the
lists mentioned above."
Source: http://www.spamkiller.com/Features.html

SpamKiller is spam filtering software. Its purpose is to scan
incoming email for spam and take appropriate action in
response to those messages that are identified as spam,
such as automatic deletion. Another handy function is that
the software allows the user to generate automatic and
manual complaint emails which the user then sends to the
webmaster of the offending domain as well as any number of
other recipients such as spam-reporting "authorities" and
the webhost and/or ISP of the person sending the offending
mail.

Good idea, you say? Fair enough, you say? Well ... maybe.
Note the quote above: "... The message body is also scanned
for e-mail and website addresses ... [and] added to the lists
mentioned above", i.e. the list of recipients of the complaint.

Now, imagine this. Let's say you're a paying advertiser in my
ezine. Your ad contains your URL and email address. I spam
mail my ezine or send it to someone who forgets they subscribed
and they think it's spam.

Imagine further that the recipient of my so-called spam uses
SpamKiller software (or some similar program). The software
scans the message header and extracts the relevant
information about the person who sent the email (me). Fair
enough. Assuming that it IS spam, of course.

But the capability of the software doesn't stop there. As
mentioned in the above quote, it also scans the message
BODY, which contains your ad, and adds your URL and
email address to the list of recipients of the complaint. The
ever-diligent big-spam-hunter also makes sure that one or
more spam-reporting "authorities" is copied on the complaint.

Spamcop.net, diligent, professional organization that it is,
immediately and automatically forwards the complaint to
abuse@yourdomain.com and your webhost, an equally
diligent, professional organization shuts your site down for
three days for spamming.

You, of course, learn about all of this AFTER the event.
Think it can't happen to you? Think again. It happened to
me. This week. Except I wasn't a paying advertiser in the
offending ezine. The publisher of the ezine reprinted one
of my articles. The article contained my resource box.

The resource box contained my website URL. SpamKiller
added my URL to the list of recipients of the email
complaining of the "spam", copied Spamcop.net and
Spamcop.net forwarded the email to abuse@ahbbo.com
with the result that my webhost, CI Host, shut down my
site for what was to be three days.

The actual downtime was two hours. By that time I had
threatened to sue and they finally got around to actually
READING the offending email and realizing that I, in fact,
was just an innocent bystander.

There is so much that is wrong in this whole scenario that
it's hard to know where to begin.

THE PERSON WHO GENERATED THE COMPLAINT

Let's start with the individual who generated the complaint
in the first place. This is the person using the SpamKiller
software. His email to me (which was auto-generated by
SpamKiller) contained the following subject line:

"UCE Complaint (So-and-So Newsletter*)"

The body started out:

"I have received the attached unsolicited e-mail from
someone at your domain. [He had not.]

"I do not wish to receive such messages in the future, so
please take the appropriate measures to ensure that this
unsolicited e-mail is not repeated.

"--- This message was intercepted by SpamKiller
(www.spamkiller.com) ---"

The full text of the intercepted message followed. The
header of the offending email clearly showed that the
sender of the email was someone from so-and-so.com*.

Unfortunately, the newsletter concerned contained virtually
nothing but my article interrupted by what I assume were
paid ads.

I'm sure that the paid advertisers in this particular ezine
also received a complaint and that Spamcop.net received
a copy and automatically forwarded it to the advertiser's
ISP and/or webhost who may or may not have shut them
down, at least temporarily. (Hopefully not all webhosts are
of the calibre of CI Host when it comes to this sort of thing.)

So, this individual, in his zealousness to rid the Internet of
spam, blithely dragged the names and reputations of at
least half a dozen perfectly innocent bystanders through the
mud.

The moral of the story? If you use spam-filtering software
and the complaint-generating function that comes with it,
have the common decency and responsibility to stop and
think about who you're adding to your hitlist. If you don't,
and you get it wrong, don't be surprised to find a process-
server on your doorstep.

SPAM FILTERING SOFTWARE

To give SpamKiller its due, it appears to be an excellent
product. There's a free 30 day download available at
http://www.spamkiller.com . I downloaded it myself to see
what, if any, cautions are given to users about the need to
make sure that the recipient of the complaint is, in fact,
responsible for the email concerned.

Well, there is such a caution but it took me a good 45
minutes to find it. The software comes with an excellent,
comprehensive built-in help facility. Tucked away at the
end of the page on "Sending manual complaints" is the
caution:

"Note: SpamKiller does not check that the loaded
addresses are appropriate for the selected message. Don't
use a ... complaint unless you are certain that its recipients
are responsible for the spam that you are complaining
about."

I would respectfully suggest that this warning be displayed
in a more prominent position, coupled with warnings about
what can happen to those who use the software in an
irresponsible manner so as to ensnare innocent parties.

SPAMCOP.NET

Now, let's take a look at Spamcop.net's role in all of this.
In my case, "all" they did was forward a complaint they had
received from our friend in the previous section to my
webhost. Here's what they sent:

"From: 17846286@reports.spamcop.net
To: abuse@cihost.com
X-Loop: one
Subject: [Spamcop (http://www.ahbbo.com) id:17846286]
So-and-So Newsletter*
Date: Sun, 25 Feb 2001 23:14:50 -0700 (MST)
X-Mailer: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
via http://spamcop.net/ v1.3.1
- Spamcop V1.3.1 -
This message is brief for your comfort. ...
Spamvertised website: http://www.ahbbo.com
> http://www.ahbbo.com is 63.249.189.106; Tue, 27 Feb 2001
02:56:58 GMT
Offending message: ..."

So, my website was reported for spamming because it was
"spamvertised" - lovely butchering of the English language, I
must say. This appears to be a coined term for a website that
is advertised by means of spam. This means that any paying
advertiser in the ezine itself is treated as a spammer, merely
because spam was used to send the ezine.

I checked out the website of the ezine concerned. It proclaimed
that its 85,000 subscribers were all "opt-in" i.e. that the
subscribers each took some positive step to have their email
address added to the ezine's mailing list.

Any reputable advertiser is going to be concerned that the
recipients of the ezine are opt-in, so this would have been of
comfort to the advertisers concerned in this instance.

Mind you, when I sent an email to the address displayed at
the publisher's site, it bounced. Maybe this person IS a
spammer. I don't know. And that's the point. How are you
supposed to know that if you're just the advertiser or article
author?

But, as far as Spamcop.net is concerned, that doesn't
matter. The mere fact that the advertiser's opportunity was
advertised in the allegedly spam email is sufficient to make
the advertiser a legitimate target. In my case, I didn't even
advertise! The publisher of the ezine ran my article. How
many of you out there make your articles freely available for
reprint?

Spamcop.net would presumably have you restrict the
reprint rights to your articles to only those publishers who you
know for a FACT are sending to a 100% guaranteed opt-in list.
How do you do that? Quite simply, you can't. To expect any
such thing is just unreal and smacks of an appalling lack of
understanding about how the online world works.

A reasonable compromise would be if reprint rights were
granted to publishers who send their ezine to an opt-in list. I
would have no objection to that. Of course, that wouldn't help
you with Spamcop.net because their policy is to shoot
first and ask questions later ... but wait, on second thought,
they don't even ask questions later. They just shoot.

You don't get a "please explain" or anything else. You're
convicted first and then it's up to you to prove that you're
innocent. Of course, by then, the damage is done. But
Spamcop.net doesn't care. I'm sure they see it as just a
casualty of war.

CI HOST

OK, now let's turn to the real bad guy in all of this. The webhost
who shuts down a website on the grounds of nothing more than
the say-so of an unverified spam complaint. In my case, it's
CI Host but I know there are many other webhosts and ISPs
out there who are just as irresponsible.

Here's the email I received from CI Host informing me my site
had been shut down:

"To whom it may concern,

"We recieved [sic] the following spam complaint regarding
ahbbo.com. Your domain will be temporarily disabled for 3 days.
You can have your domain re-enabled at the end of this 3 day
period by requesting so at enable@supportteam.net. If we
continue to recieve [sic] complaints, action may be taken to
disable your domain.

"Regards,
Abuse Response Team"

Regards!

The email that followed was the one from Spamcop.net.
Note that my site was shut down because "[w]e recieved [sic]
the following spam complaint regarding ahbbo.com". Not
because I had SPAMMED, mind you, but because CI Host
had received a spam COMPLAINT. The notification that my
site had been disabled was the FIRST communication from
CI Host on the matter.

An appropriate response would have been: "We've received a
complaint of spamming against you. We take all complaints
of spamming very seriously. Please let us have your response
to this complaint so we may take appropriate action". But I
guess that would have been too much like due process for
CI Host to want to bother with.

Here's what followed:

>From me to CI Host:

"If you even bothered to read the "offending email" you will
see that it came from so-and-so.com*, NOT ahbbo.com.
The publisher of the email in question reprinted one of my articles
in his newsletter. That article contained a resource box which
contained a link to my domain.

"If my site is shut down for ANY length of time as a result of this
complaint, expect a lawsuit without further notice."

Their reply (from "Level II Customer Care Representative" -
ha!):

"Was this bulk mail authorized by you? This is considered an
offense of our terms of service no matter where it originates as
long as the email is sent or authorized by you. The email
advertises your website, that is why your domain has been
disabled for 3 days.

Regards,
Abuse Response Team"

Me again:

"No! I've never heard of these people before. It is common
practice for newsletter publishers to publish articles written by
other people. The author's resource box is always included
at the end of the article. If this person's newsletter went to
someone who wasn't subscribed, then it's the newsletter
publisher who should be reported for spamming, not the
innocent author who is unfortunate enough to have their work
reprinted.

"Did anyone even read the email concerned before shutting
my site down? It's obvious what happened. If my site is not
reinstated today, I will be issuing legal proceedings tomorrow.

"By the way, don't you think your question should have been
asked BEFORE shutting me down, not after?"

Them again:

"Okay, I was asked to take a look at your account, I will forward
this information to abuse and they should get back to you
shortly...

"Best regards,
Jordan M.
Level II Customer Care"

(They apparently don't use full names at Level II Customer
Care. Can't imagine why.)

Finally, this one from the "Abuse Response Team" at CI Host:

"In light of this new information, I have gone ahead and re-enabled
your domain. Be advised that any mass emails such as this will
be considered a violation of our terms of service. You may want to
take steps to ensure that services such as this are not sending
out this kind of advertisement for your site.

Regards,
Abuse Response Team"

Me:

"They did not send an advertisement for my site. My articles
are publicly available for reprint, as are thousands of other
authors'. It is usual practice for authors to give permission
for reprinting provided the newsletter publisher publishes the
author's resource box at the end of the article. It's a way of
generating traffic to the author's website.

"The author has no control over who uses the article in this
way. Is a paying advertiser in an ezine shut down if the
publisher of the ezine sends a spam email (assuming that
it was spam in the first place)? ... That policy makes no
sense whatsoever."

Them:

Nothing. Zip. Nada. No apology, no nothing.

Nice going CI Host. You must be proud.

PLAN OF ACTION

My experience was pretty trivial in the scheme of things. I
was able to get my site restored in just a couple of hours.
Consider the damage that could be done to your business if
that didn't happen though. What would be the impact on
YOUR bottom line if your site was shut down for 3 days?
Or a week? Or for good?

So, what's the innocent party to do in a situation like this?
Here's one plan of action:

1. SUE irresponsible complainer for defamation.
2. SUE irresponsible spam police for defamation.
3. FIRE webhost.
4. SUE fired webhost for lost profits.

THE SOLUTION

I for one am not generally in favor of government regulation
when it comes to the Internet. This is one area, however,
in which I must say some form of governmental control should
be taken. Where else but online can you have a situation
where it's commonplace for someone to take punitive action
against an innocent bystander BEFORE giving them a fair
hearing? Where else but online can ignorant and/or malicious
individuals be allowed to cause such injury to someone else's
livelihood without being called to account? Try that in the
real world and you'll be answering a charge of vandalism,
defamation and trespass to goods just to start.

It's high time someone took a balanced approach to the
issue of spam and recognized that, although spam is an
undeniable problem, so too are anti-spam zealots and plain
malicious types who think it's sport to trash some innocent
person's business and reputation. They should be held to
account for the damage they cause.

In addition, in recognition of this unfortunate fact of online
life, a fact, I might add, of which webhosts are only too well
aware, webhosts should also be held accountable for shutting
down livelihoods based only on the prosecution's case in chief.

The defense is entitled to be heard and any conviction that
results from a one-sided hearing is nothing short of an abject
denial of due process. The legal profession can't get away
with that. Why the hell should webhosts?

------
* Fictionalized names.
------
Elena Fawkner is editor of A Home-Based Business Online ....
practical home business ideas, resources and strategies
for the work-from-home entrepreneur. http://www.ahbbo.com