On Nov 1, 2003 I received two spams from SAY Security LLC (here and here) which each came with a 1.6 megabyte PDF attachment (I'd never heard of SAY Security before that or done business with them). After I filed a small claims action against them for violating Washington State's anti-spam law and had papers served on them, I got an e-mail from their CEO, Jason Szuch, claiming,
This email was sent out to people who have reviewed our equipment at a trade show. I do show that bhas@speakeasy.net requested information from us at the trade show in question.I asked him where he got the address, and he replied, saying it was handwritten on a business card:
The written email appears to be bhas@speakeasy.net or bnas@speakeasy.net. To difficult to read, the guy had really bad hand writing.
However, if you look at the headers of the spam I received, they show that the e-mail was actually sent to my bennett(a)peacefire.org address, which then automatically forwards to bhas(a)speakeasy.net. (The headers show the message was received by ss3.media3.net; that's the server that peacefire.org was hosted on at the time.) So the story about the message being sent accidentally to bhas(a)speakeasy.net was completely made up.
Morever, when I was vising my mother in Arizona, I also called the phone number given in the spam and pretended that I was an interested customer. I spoke to Lari Piscitelli, the "Manufacturer Representative" who sent the mails. I also tape-recorded the call, which is why I made the call from Arizona -- since you can't tape a call in Washington without the consent of all parties, but in Arizona, you can. The transcript of the relevant portion of the call is here, where the most important section is:
Me:How did you get the addresses?
Lari: A program called Basic Express Email Extractor.
Me:Email Extractor? What does that do, does that like go to web pages and...
Lari:It'll go to a web page... there’s two of them. There's an email extractor and like an email downloader. Two different things. One go to web sites and sucks all the emails off of them, and the other one you type in like HotMail.com and it'll give you all the HotMail ones.
Me: Oh OK.
Lari: So Email Extractor, and one for web sites.
Me: So you say you’re probably not doing it again, at least yourselves?
Lari: Well, not really. I got some responses from them but I get a lot of people who were upset, of course I sent out a pretty big sized file. But it pissed off a lot of 56K people
(I have the audio, but it's a very large file; email me if you want it.)
The court hearing was on March 15, 2004, before Judge Peter Nault. Jason Szuch sent a letter to the judge making the same claim that he made in his e-mails, that the address had been handwritten on a business card and they must have mis-read it.
On the day of trial, SAY Security didn't show up, so I just showed the judge the proof that the address had not been sent to bhas(a)speakeasy.net, the transcript of the recorded phone call in which Lari Piscatelli talked about using a program to scrape e-mail addresses, etc.
I got a default judgment since the defendant wasn't present, but I thought Judge Nault was awfully nonchalant about the fact that SAY Security had so brazenly made up a story about the e-mail address handwritten on a business card. If I were a judge I would at least write a letter to someone who tried to get away with something like that, pointing out that lying to the court can be treated as a felony, with punishments possibly including jail time. Otherwise, if someone knows they're going to lose a lawsuit if they tell the truth, they know that they might as well lie and try to get away with it.