Anti-Spoofing Protocol

A spammer makes unauthorized use of a company’s trademarks in an email promoting the purchase of goods/services. This isn’t a phishing email per se; it’s not trying to disgorge personal statistics for identity theft or outright theft (although it may be that the seller never plans to deliver the goods, so it may be theft in that sense). On its face, the email’s goal is to sell products leveraging the brand of a legitimate company. What should the company do? I wrote up this proposed protocol for dealing with these situations. As you can see, I don’t subscribe to the shoot-frist-and-ask-questions-later camp. Please email me with any comments.

Anti-Spoofing Protocol

This document describes a protocol for dealing with an email that spoofs our domain name and uses our trademarks without authorization.

Some general observations:

· Don’t assume anything. It is very possible that the sender has forged or spoofed other contact information as part of the ruse.

· Information is valuable. You can go a long way towards correcting the problem simply by finding out exactly what happened. This requires some restraint—if you falsely accuse the wrong person, they may be less willing to help you find the right person

· Preserve unmodified copies of all evidence in case it’s needed in litigation. Generally, the best approach is to print hard copies and save a copy to your hard drive (note that things saved to your hard drive can change later if they pull information from the Web—so hard copies are critical).

Step 1: Confirm that the email was, in fact, unauthorized

Step 2: Confirm that the email did not originate from our servers

· The sender could be a rogue employee. If so, we may want to disable access ASAP

· There could be an open port. If so, we should close the port ASAP

Step 3: Make a list of possible places to find the sender (look at email headers in addition to email text)

· originating email service provider/Internet access provider

· any email addresses listed in the email

· any URLs promoted in the email

· any payment service provider (PayPal, Western Union)

Step 4: If email has contact information for the sender, contact the sender

Step 5: Approach service providers identified in Step #3 to ask their help. The objective is to cut off the sender’s ability to cause more harm or profit from their actions.

Step 6: If any other trademark owners are referenced in the email, consider involving them to cooperate

Step 7: Consider turning the matter over to authorities

· Postal inspectors

· Federal Trade Commission

· Local police (both in our district and in the sender’s district)

· Federal Bureau of Investigations