|Received:||3/14/2004 8:48:36 PM|
|Organization:||University of Oregon|
|Commenter:||Joe St Sauver|
|Agency:||Federal Trade Commission|
A.3. In determining whether or not the primary purpose of an email message is commercial, I would urge you to consider adopting a "subtractive test:" "Would this mail message still have been sent had the segregable commercial content NOT been present?" Thus, for example, a Hotmail message sent by an end user would still get sent whether or not the Hotmail advertising footer on the bottom of that message was present; that sort of commercial content should be considered incidental. D.1. Additional aggravating factors should include: (a) use of obfuscation, or intentionally misleading message contents, for example: -- attempts to avoid automated message filtering through use of percent-encoded URLs, use of HTML comment interrupted text, use of intentionally mis-spelled content ("p3n1s" instead of "penis") to avoid key word based spam filtering, use of hash busting/anti-baeysian inclusions, etc. -- visible link text (or graphics) which is inconsistent with the underlying associated web page (e.g., a link labeled "Click here to unsubscribe" which actually takes users to a page advertising an Internet gambling site), (b) spamvertising for an illegal product or illegal service, such as pirated software, child pornography, scheduled narcotics or other dangerous drugs, untaxed cigarettes, etc. (c) attempts to compromise a system's security or a user's privacy by directly or indirectly delivering viruses, worms, trojan horse programs, sniffers or keystroke loggers, tracking cookies or web bugs, web page hijackers/redirectors, code to periodically display targeted on-screen or in-browser ads, "dialers" designed to automatically call for-fee 1-900-type services, etc., (d) spamvertised-domain-name-related issues including: -- spamvertising for a domain that has missing, incomplete or inaccurate domain registration data (bad "whois data"), -- extra-territorial domain name registration, or use of a domain name registration proxy service in an effort to hinder identification of the party ultimately responsible for a spamvertised domain, -- registration and use of multiple domain names used in a substantially interchangable fashion in an effort to ecape notice or to "fly under the radar" by "spreading ones spamvertising over multiple domains" -- spamvertising a domain name that points at reverse proxies running on compromised hosts (as enabled by the Migmaf trojan, for example, see: http://www.lurhq.com/migmaf.html ) (e) Retributive behavior by a spammer against a user or user's site, such as conduct of a denial of service attack or orchestration of a so-called "Joe Job," when such retributive behavior is proximately associated with the user or user's site filtering spam, reporting spam, filing suit over spamming or otherwise resisting spam delivery efforts. (f) Hosting of a spamvertised site at an ISP that lacks one or more of the abuse reporting channels defined at/required by RFC 2142. (g) Hosting of a spamvertised site at an ISP that the FTC has determined exhibits a chronic pattern of indifference to spam-related issues, and which has been enumerated on a list of such sites which the FTC shall create and maintain.