November 15, 2010
Holomaxx Sues Yahoo, Microsoft, and Others for Non-Delivery of Bulk Emails
[Post by Venkat]
Holomaxx Technologies v. Yahoo!, Inc. and IronPort Systems, LLC, Case No. CV10-4926 (N.D. Cal.) [Scribd]
Holomaxx Technologies v. Microsoft Corp. and Return Path, Inc., Case No. CV10-4924 (N.D. Cal.) [Justia Page]
In what may fit under the dictionary definition of chutzpah, Holomaxx, a (CAN-SPAM-compliant) bulk emailer, sued Yahoo, Cisco (IronPort), Microsoft, and Return Path (in two different lawsuits) for failing to deliver emails sent by Holomaxx. Microsoft and Yahoo are sued for refusing to transmit the emails, and IronPort and Return Path are sued for improperly flagging Holomaxx as a spammer. Holomaxx also alleges that the defendants improperly intercepted and disclosed the emails in the course of their filtering activities.
Holomaxx alleges that it has been sending emails (in bulk) for about ten years, and it sends approximately ten million emails a day on behalf of its clients. It "requires that its clients acquire their list subscribers in accordance with the CAN-SPAM Act . . . which provides federal standards for commercial email." The complaints state that the emails sent out by Holomaxx are all compliant with CAN-SPAM and don't have the characteristics of spam: (1) the emails contain accurate transmission and header information, (2) the emails are sent through a relatively small block of IP addresses, (3) the emails contain opt-out links and allow for unsubscribing through one click, and (4) the emails contain accurate subject lines and include the physical postal address for Holomaxx or its clients.
Holomaxx alleges that the ISPs (Yahoo and Microsoft) are interested in "lowering costs at the expense of commercial . . . speech and internet communications." Holomaxx alleges that the ISPs rely on faulty spam filters which flag emails as spam "without reference to whether the email in question actually violates the CAN-SPAM Act." Holomaxx further alleges that Ironport and Return Path improperly intercepted emails transmitted through the ISPs and also improperly assigned Holomaxx low "sender reputation scores" - i.e., labeled Holomaxx as a likely spammer. Finally, the complaint alleges that the ISPs have improperly forwarded emails sent through the ISPs to IronPort and Return Path.
As a result of defendants' conduct, Holomaxx claims that its reputation has suffered, its business relationships have been disrupted, and it has lost revenues. Holomaxx asserts claims under the Wiretap Act, the Stored Communications Act, the Computer Fraud and Abuse Act, the California Wiretapping statute, and California's unfair competition law. It also asserts claims for defamation, and interference with contractual relationships. Holomaxx seeks a broad array of relief against defendants, including injunctive relief, and interestingly, disclosure of "the grounds for blocking Holomaxx's emails."
It's always tough to evaluate claims based on the complaint, but at least a chunk of Holomaxx's claims will likely face an uphill battle.
The Filtering Decision: As some who have been watching this case note, being compliant with CAN-SPAM does not mean that you have some right to force an ISP to transmit your emails. The CAN-SPAM Act states:
Nothing in this chapter shall be construed to have any effect on the lawfulness or unlawfulness, under any other provision of law, of the adoption, implementation, or enforcement by a provider of Internet access service of a policy of declining to transmit, route, relay, handle, or store certain types of electronic mail messages.
Additionally, section Section 230(c)(2) immunizes intermediaries for their good faith decisions to filter unwanted content:
No provider ... of an interactive computer service shall be held liable on account of -- (A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be . . . objectionable, whether or not such material is constitutionally protected . . . [emphasis added]
In e360Insight v. Comcast, where e360 sued Comcast for filtering emails, the court held that section 230(c)(2) insulated Comcast, as long as Comcast's decisions were undertaken in good faith:
a mistaken choice to block, if made in good faith, cannot be the basis for liability under federal or state law. To force a provider like Comcast to litigate the question of whether what it blocked was or was not spam would render § 230(c)(2) nearly meaningless.
The Assignment of Low "Sender Reputation Scores": The claim that the assignment of low "sender reputation" scores to Holomaxx defamed Holomaxx is similarly tough. This activity may also fall under section 230(c)(2), and one case (Pallorium v. Jared) held that publishing a database of IP addresses that others may use for purposes of creating a blocklist falls under Section 230(c)(2). (Here's Professor Goldman's post on Pallorium: "Anti-Spammer Wins 230 Defense--Pallorium v. Jared.") Even in the absence of Section 230, attacking an entity who assigns a "reputation score," could present a First Amendment problem. A suit against lawyer-rating service Avvo was dismissed on the basis that "Avvo's ratings, even if generated through automated algorithms, are opinions, not facts, and thus fully qualify for First Amendment protection." ("Avvo Wins Big in Ratings Lawsuit--Browne v. Avvo.") The sender reputation scores assigned by Return Path and IronPort could very well fall into same category as Avvo's ratings.
Improperly Intercepting, Forwarding, and Disclosing Contents of Emails: The set of claims around alleged forwarding, interception, and disclosure of the emails by the ISPs are somewhat tougher to evaluate. The federal statutes governing the interception and disclosure of emails contain exceptions for these activities when they are "a necessary incident to the rendition of [the ISP's] service or to the protection of the rights or property of the provider of that service" I didn't come across any cases that discuss whether spam-filtering falls under this exception. A policy paper from the Center for Democracy & Technology [pdf] seems to indicate that "the latter prong [referencing the rights or property of the ISP] covers anti-spam and anti-virus monitoring and filtering and various anti-fraud activities . . . " Instinctively, I would think that some basic filtering would not run afoul of these federal statutes. Still, a quick search did not reveal much case law on this point. The Computer Fraud and Abuse Act claims look like losers. Accessing emails sent by Holomaxx does not equate with accessing Holomaxx's "protected computers" (unless I'm missing something).
At any rate, Holomaxx's core claims face an uphill battle. Courts don't like to interfere with filtering decisions, and here Section 230(c)(2) should apply to the basic filtering decisions of the ISPs. As to whether a part of the complaint survives, we'll see.
John Levine: "How Now to Get Your Email Delivered"
The Magill Report: "Email Marketer Sues Microsoft, Yahoo, Return Path, Cisco Ironport"
Al Iverson: "Holomaxx suing Microsoft, others" & "Holomaxx Link Roundup"
TechEye: "Holomaxx sues Microsoft over mass emailing ban"
Topically related posts:
"Internet Access Provider & Blocklist Publishers Denied 230(c)(2) Immunity for Anti-Spam Efforts"
"Anti-Spyware Company Protected by 47 USC 230(c)(2)--Zango v. Kaspersky"
"7Search Sues McAfee For Red Flagging It"
Posted by Venkat at November 15, 2010 09:58 AM | Spam