EarthLink sues spam and identity theft rings

EarthLink said it has filed suit against two unsolicited commercial e-mail rings with operations in the US and Canada.

EarthLink has filed suit against two unsolicited commercial e-mail rings with operations in the US and Canada.

The ISP is suing to recover an estimated $5m (£3.2m) in lost employee productivity and internet bandwidth which, it claimed, was spent managing more than 250 million e-mail messages sent from e-mail addresses on its network, according to Pete Wellborn, legal counsel for EarthLink.

The suit targets two separate spam concerns. The first is believed to be behind a variety of spam campaigns including pitches for "herbal Viagra", pornography and online dating services.

The ring used about a dozen phone numbers to connect to more than 100 dial-up EarthLink accounts paid for with fake customer names and addresses. Those accounts were used to send the spam messages.

A second ring in Vancouver used around six different phone numbers to connect to EarthLink accounts as part of a massive "phisher" scheme to trick unsuspecting internet users into passing on sensitive information, such as account passwords and credit card numbers.

Phisher schemes use web pages designed to look like legitimate websites, such as and, in complicated ruses to capture account information from customers of those sites.

Among other things, the Vancouver spammers used stolen EarthLink accounts to send e-mail messages to America Online members posing as the company to obtain account information such as user name, password and credit card information, according to EarthLink spokeswoman Carla Shaw.

The suits are important not just because of the problem of spam, but because both spam rings have links to the larger problem of identity theft.

"These are criminals who have been trying to steal user information,"  Shaw said.

In addition, the Alabama spam ring appeared to use a variety of sophisticated technology to conduct their business, Wellborn said.

The spammers have a software-based automatic login system that immediately attempts to reconnect the spammers to EarthLink's network once an active connection fails.

They are also using dynamically hosted websites that appear on the internet only as long as the spammers are logged in, then disappear once they have logged off, he said.

The transitory nature of the spammers operation is making it especially hard to attach names to EarthLink's case, Wellborn said.

The suit is just the latest in a wave of legal actions brought by prominent ISPs and online suppliers against spammers and unscrupulous online marketers. said that it was filing suit against 11 online marketers, claiming that they misappropriated its name in e-mail solicitations.

In May, EarthLink won a $16m judgment against a New York man who allegedly sent more than 825 million spam messages through the ISP's network.

This latest cases involve technologically sophisticated gangs of spammers, Wellborn said.

By filing suit against the as-yet unnamed spammers, EarthLink hopes to use subpoenas of ISPs, mailbox rental companies and domain registrars to track down the true identity of the spammers.

Paul Roberts writes for IDG News Service


Read more on IT risk management