PDA

View Full Version : Is Email forgery illegal?


05-20-1999, 08:31 AM
There are places on the internet where anybody can "forge the sender of a message" by sending an email message and typing in someone's else email address as the sender. So, when the recipient gets the email, it appears the message came from someone, but that someone didn't send it, and they have no way of knowing that. Likewise, there are places where you can subscribe to email lists/newsletters by typing in someone's email address, which doesn't have to be your own.

I heard forging someone else's email address like this is illegal. Is it illegal? What are the penalties? How can anyone be caught? I know some of these sites include the IP address of the sender, so that would be one way to identify the forger.

05-20-1999, 09:05 AM
There is no federal law addressing this issue. Georgia, I believe, passed a law making it illegal, but I don't think anyone's been prosecuted.

In many e-mailers, forging an e-mail address is a trivial operation.

How can anyone be caught? I know some of these sites include the IP address of the sender, so that would be one way to identify the forger.

All e-mail has header fields that identify the IP from which it was sent. The ISP can track down the sender using this. It's possible to forge a header, but no so that someone with technical knowledge couldn't track down the source.

------------------
www.sff.net/people/rothman (http://www.sff.net/people/rothman)

05-20-1999, 10:51 AM
Somewhat related. Someone around here sent e-mail from a hotmail account on a computer at the library. the hotmail account used John Doe's name, a name that many people in the department recognized. Therefore, most people initially assumed that John Doe had it in for a certain professor. After being questioned, John Doe was absolved of responsibility for the e-mail. The police were called, though I don't know that they ever figured out who really sent the e-mail. I'm pretty sure that the actual culprit would have been in legal trouble if caught, but more because of the contents of the e-mail, and because of other things that the same person was thought to have done, than because using someone else's name for an e-mail account is illegal.

05-20-1999, 10:59 AM
It depends on the country, what country?
Then if its USA, it depends on the state.
Then it depends on the ISP.

For example, if you write abuse@hotmail.com about it they can take action to take out the acct. For some reason, they request a driver's license as proof of your identity.

It's true that every message has a header, which is several lines that indicate where the message originated originally. Some of it can be faked, but there is always a part that cannot. I see headers of all my email & those of the newsarticles that I read so I know when they are faked.

Here is a part of one:
Path: rQdQ!remarQ73!supernews.com!remarQ.com!
howland.erols.net!nntp.abs.net!newshub2.home
.com!newshub1.home.com!news.home.com!news.
rdc1.bc.wave.ho me.com.POSTED!not-for-mail
From: informant@NOSPAMb.com

In short, it is illegal, it can be traced but no one is going to do anything but ask for the acct to be deleted.


[Note: This message has been edited by TubaDiva]

05-20-1999, 12:24 PM
I have a related question. Most of the spam I receive now has a instructions for being removed from the mailing list. Sometimes the spammer goes so far as to say that the inclusion of the instructions makes the spam legal. The e-mail address provided for cancellation is always bogus though, so what's the point? Who do they think they're fooling?

05-20-1999, 12:47 PM
Forging an e-mail address in and of itself is not illegal. While it is not addressed specifically by law, it would most likely be treated in a similar manner to making a phone call and claiming to be someone else. With this analogy, it could be a contributing part of an illegal activity (such as fraud), but isn't illegal by it's lonesome.

Note that AOL's greatest anti-spamming legal successes have not been on the grounds that addresses were forged. They succeeded because of false inferences that AOL endorsed certain spam, and because certain folks went to efforts to circumvent AOL's blocking mechanisms.

05-20-1999, 12:50 PM
P.S. I would guess that forging a government address, esp something like an FBI address might be illegal in the same way that impersonating a police officer is illegal.

So the point here is-- don't think of it specifically in terms of e-mail. Think about how laws effect impersonation in general.

05-20-1999, 02:40 PM
quote from Greg Charles---
I have a related question. Most of the spam I receive now has a instructions for being removed from the mailing list. Sometimes the spammer goes so far as to say that the inclusion of the instructions makes the spam legal. The e-mail address provided for cancellation is always bogus though, so what's the point? Who do they think they're fooling?
--end quote

You and anyone else foolish enough to respond. Usually that "instructions for removal" address only confirms that the message reached a real address (spammers, like other direct mailers, send lots of stuff that never reaches its destination). Rather than taking you off the list, it makes you more desirable because (a) your e-mail address is valid, and (b) you took the time to read and respond.

05-21-1999, 01:41 AM
Why is this topic- only this topic- 4 inches wider than my screen?

05-21-1999, 01:48 AM
It looks like it came from the very big "word" posted by handy. :)

05-21-1999, 04:06 PM
That's an interesting theory earendel1, but it neglects the fact that the addresses are false, which was my point to start with. Since mail to those addresses bounces back, they are not getting the information that you mention. I suppose it would be possible for them to custom program a mail-server to both reject the mail and inform them that it arrived, but what would be the point of that? Also, if they claimed that they would remove me from their list, but were lying about it, then they would be committing a crime. Why open themselves up to that if the spamming itself is legal? I'm betting that there are some statutes concerning e-mail that the spammers are trying to circumvent. I just wonder how the statutes are worded so that such an obvious trick is effective.

05-22-1999, 01:09 AM
Sure blame me Dude. :-)

Pretending to be someone else with the intention to commit fraud or annoy is illegal in the US.

I read a book ,'Poison Pen Letters' it was a big collection of letters you could write pretending to be someone else. The author talked well of how it was not legal and that you should wear gloves, don't use your own spit on the stamp, etc. A lot of funny that book.

05-23-1999, 10:57 PM
Cheesehead: Likewise, there are places where you can subscribe to email lists/newsletters by typing in someone's email address, which doesn't have to be your own.

-- A lot of mailing lists now require authorization; they send a confirmation message to the subscribed address and require the authorization code to be returned before that address starts getting any messages.

Greg Charles: Most of the spam I receive now has a instructions for being removed from the mailing list. Sometimes the spammer goes so far as to say that the inclusion of the instructions makes the spam legal.

-- The point is, people read the comment about the message being legal and don't bother to report the unsolicited message because they believe it.
Also, if they are referring to Bill s.1618, it's bull. First off, that bill requires the message to include:
(A) The name, physical address, electronic mail address, and telephone number of the person who initiates transmission of the message.
(B) The name, physical address, electronic mail address, and telephone number of the person who created the content of the message, if different from the information under subparagraph (A).
(C) A statement that further transmissions of unsolicited commercial electronic mail to the recipient by the person who initiates transmission of the message may be stopped at no cost to the recipient by sending a reply to the originating electronic mail address with the word `remove' in the subject line.
Second, far as I can tell, the bill hasn't passed the House yet.

For more info, go to http://thomas.loc.gov/cgi-bin/query and search for s. 1618 using search option 2 (Bill Number).

------------------
"We're gonna have lawyers here. It'll be a fun time."
--R.R.S.

05-23-1999, 11:23 PM
A lot of mailing lists now require authorization; they send a confirmation message to the subscribed address and require the authorization code to be returned before that address starts getting any messages. -- Kat
Any decent mailing list program has supported that type of authorization for many, many years. It is a pet peeve of mine that some folks still don't configure their lists like that. Hopefully more of them are starting to realize that subscription without authorization is simply evil.

I remember OpalCat getting in a squabble with someone a few years ago, and shortly thereafter, she got several requests for authorization from some obnoxious sounding lists. Fortunately those lists were configured right!

05-24-1999, 11:13 AM
Let me clarify. It's within the acceptable use policy [AUP] of my ISP to use a fake email address. As long as it's NOT someone else's.

Nothing like looking at the AUP for clarification :-) [my smiles aren't]

05-24-1999, 12:55 PM
That's interesting about bill s. 1618. It seems like that would clear up the problem if it becomes law. I'd tighten up the wording of part C though. It just says the message must contain a statement telling the "victim" that he/she may be removed from the mailing list. It doesn't say that the statement must be accurate. Technically, the spammers who include that message, but then don't remove you, are following the letter, if not the spirit, of the would-be law.

05-24-1999, 04:13 PM
Of course, it might help if I had put in a valid link...
Try http://thomas.loc.gov/home/c105query.html .

Never fear, Greg, that's dealt with in another section:
SEC. 305. RECEIPT OF TRANSMISSIONS BY PRIVATE PERSONS.
(a) TERMINATION OF TRANSMISSIONS- A person who receives from any other person an electronic mail message requesting the termination of further transmission of commercial electronic mail shall cease the initiation of further transmissions of such mail to the person making the request.
(The original quote was from Section 301.)

Personally, I would rather not get any unsolicited email at all. Probably 99% of what I get is either get-rich-quick scams or ads for X-rated websites.

------------------
"We're gonna have lawyers here. It'll be a fun time."
--R.R.S.

05-24-1999, 05:11 PM
If you're one of those people who hates spam worse than anything, here's a nifty trick you can try.

When you get spam directing you to some porn-site or whatever, you can get the URL from the link...then forward the spam to the webmaster of that site.

OF COURSE the admin of the site knows that spam is being sent--but if there are complaints and some sort of documentation, then the admin can legally withold payment from the spammer (as most "freelance advertising agents" have to agree not to send spam.)

This won't help you in any way, and it won't decrease the amount of junk in your box...but at least you get the chance to screw a spammer....

-David

Markxxx
08-30-1999, 04:13 AM
Maybe someone can help me here. It was said that if you respond to the spammer saying take me off your list, it verifies to the spammer the e-mail address is real.

If I send an e-mail to a fake address it bounces back. If it doesn't bounce back that means it's a real address right?

Undead Dude
08-30-1999, 04:40 AM
In short, yes that is true.

In long:
http://www.straightdope.com/ubb/Forum3/HTML/002116.html