Security threats Toolkit

Microsoft bans UK man from selling email lists

Tags:
Spam

Tom Espiner ZDNet.co.uk

Published: 18 Dec 2006 15:52 GMT

Microsoft has stopped a UK man from selling lists of email addresses which were then being used by spammers.

The technology giant took Paul Martin McDonald, who through his company Bizads sold email addresses that were then used as spam lists, to court. Microsoft sought and was granted a summary judgement against McDonald, arguing that his actions had caused Microsoft to suffer loss and damage to the goodwill it enjoyed as owners of the web mail service Hotmail.

Judge Lewison agreed with Microsoft that Bizads had breached the Privacy and Electronic Communications Regulations (PECR), a UK law which includes regulations designed to halt the sending of unsolicited email.

"The evidence plainly established that the business of Bizads was supplying email lists of persons who had not consented to receive direct marketing mail and that it had encouraged purchasers of the lists to send emails to those people," said Judge Lewison. "The lists contravened regulation 22, as they concerned the sending of unsolicited emails and the words of the Bizads website instigated the sending of emails," reported Out-Law.com.

Lewison ruled that Microsoft had suffered a loss as a result of the breach of the PECR, and was entitled to compensation and an injunction restraining McDonald from instigating the transmission of commercial emails to Hotmail accounts.

IT law expert Struan Robertson called the ruling "a good result in the battle against spam". Robertson, who is a senior associate at Pinsent Masons solicitors, said the result is interesting as it is one of the first times the PECR have been used to stop someone selling lists for spam.

According to Robertson, the court rejected a claim that the people on the lists had consented to receiving spam, due to their complaints.

"People making complaints indicates they hadn't consented [to receiving the emails]," said Robertson. The PECR cover unsolicited email.

The public body that enforces the PECR is the Information Commissioner's Office (ICO). Anyone who suffers damage as a result of spam can also take direct action against the spammer. Normally the problem is proving that an individual has suffered damage as a result of receiving a spam email, as individuals suffer through the sheer volume of spam. However, individual spammers cannot be held accountable for the entire spam volume.

"It's interesting that Paul McDonald didn't send the spam himself — he just sold the lists, but the court was able to characterise selling the lists as instigation of spam," said Robertson.