Hi,

I've been contacted by a spam reporter on a spam/scam violation from
an account on one of my domains and I don't want to be horrased by
people claiming that I can be charged for not dealing with the issue
to their liking and threatening to report me and my domain where I do
not feel I have committed a crime.

What I understand and practice is that I trace a complaint to verify
the user is mine, I then delete the account or change its password if
I felt the contents need to remain for reference issues.

Am I doing what is required or falling short of it?

What are the requirements, nothing fancy or long please. :-)

/Lizardnation

Liz!

Hi!  It's nice to see you back in this end of the 'net!

So...spammers.  Hate 'em.  Annoying little nusiances who,
unfortunately, aren't doing anything illegal as long as they comply
with the spam laws of the state to which they're sending the spam.

Most states with spam laws require that a spammer:

-- not forge routing information (headers)
-- provide an "opt out" or unsusbscribe method, including a valid
reply address
-- not transmit his messages via a third party's server without
permission
-- depending on the state, include the tag (ADV:) or (ADV: ADULT)

States with anti-spam laws enacted also make it illegal to "assist
with transmission" of unsolicited commercial e-mail.  "Assisting"
appears to include:

-- operating an open relay (meaning anyone can use your mail server,
without authentication)
-- allowing a spammer to continue transmission through your network,
either by not disabling his account or not closing an open relay.

Although most statutes provide for the ability of spam receipients to
sue the spammer (or an unscrupulous provider who refuses to take
action against one of his users), the receipient must prove damages to
prevail, rendering such anti-spam legislation essentially toothless.

You can have a look at spam laws by state here:

Spam Laws - Summary
http://www.spamlaws.com/state/summary.html

Spam Laws - by state
http://www.spamlaws.com/state/

If you receive notice that one of your users is spamming, how you
should proceed depends on your Terms of Service (aka Acceptable Use
Policy).  If your TOS states that you will disable accounts first,
pending investigation, then do so.  If you don't have a "no spam"
clause, you'll want to update your TOS to include one.  Many providers
use this method, because people *do* occasionally end up falsely
accused of spamming.  Notify your user that you've received a spam
complaint and will be disabling his account until you've investigated,
and that the account will be deleted if he a) doesn't respond
satisfactorily or b) is found to be spamming.

As it happens, I was recently accused of spamming after someone
decided to include multiple links from a consumer awareness site I
maintain, and spam the daylights out of every address he could find. 
My provider's policy is such that even if a link to your site is
included in a piece of spam, your account will be disabled until you
can prove to their satisfaction that you had nothing to do with it.

You might want to pattern your own notification after it:

From: "Hummingbird Hosting" <support@hummingbirdhosting.com> 
To: "Maggie" <elided> 
Subject: feature-price.info 
Date: Fri, 16 May 2003 12:38:11 +1000 


Hi,
 
We have received reports from our upstream network regarding links to
your site contained in spam email.    We have viewed the reported spam
email and it does appear to have links going to your site.
 
Could you please let me know about your knowledge of the source of the
spam.  At this point we have suspended the site.  We must do this when
we receive an abuse report or our upstream network connection can be
cut to the entire server.
 
This is the complaint received,
 
> We have received numerous complaints about the below listed spam
> advertised site. The IP addresses listed either hold content or are
> referenced in unsolicited emails. See attached complaint below. This
abuse
> violates Rackshack Communications Acceptable Use Policy. Please take
> prompt and appropriate disciplinary action against your customer.
Your
> cooperation with this matter would be greatly appreciated.
> 
> Regards,
> Jerry
> Abuse Team
> abuse@rackshack.net
> 
> Spamvertised website:

[ elided for space - message included copy of the spam ]

I wasn't the spammer, and was able to prove it with my logs and a copy
of the complaint sent to the person who sent the e-mail demanding that
he remove all references to the site, as well as a complaint to his
provider.

If your user doesn't respond or if you find upon review that he has
been spamming, you need only delete his account, in accordance with
your TOS.

You are not, according to any spam law listed above, legally obligated
to do more than that.  If someone wants the spammer to be sued, it's
his responsibility to sue the guy, not yours.

To make sure you're extra secure, do ensure that you're not running
any open relays, and consider tightening up your TOS (if you haven't
already).  Make certain all of your users receive a copy of it when
they sign up, and keep it posted on your website as well.

I hope this sets your mind at ease!  Please do ask for clarification
if you need further assistance.  I'll be happy to help!

--Missy

Search terms [ "anti spam" legislation ], [ "anti spam" laws by state
]