No, it is easy. As Chris Neill of Verio abuse found out, after he was
fired for doing this. (He posted his story to spam-l, blaming me for
getting him fired).
It is pretty much just like Peter described. The hard part is finding a
real person to prosecute. Usually, Type 1 spammers don't abuse open
relays.
AOL has prosecuted spammers for sending _them_ mail, under the CFAA, after
the company was notified not to send them mail. (I'll try to dig up the
cite. You can find it pretty easily on lexis by searching for cases on 18
USC 1030) Searching for cases involving AOL seems to be a good way to
stay current on computer law. ;-)
--Dean
On Mon, 26 May 2003 Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
On Mon, 26 May 2003 18:53:12 PDT, Peter Deutsch said:
The case we prosecuted turned out to be a small group of kids breaking
into compute hosts, but from what I was told I would think you should be
able to use the same provision against spam relayers, since the key
element was the unauthorized use of compute cycles, not what they did
with the cycles.
IANAL by any means, but I suspect that the owner of an open relay would have
a hard time demonstrating unauthorized use of cycles to relay mail *through
an open relay*. Now if the spammer actively *bypassed* a security feature
in order to relay the mail, that would be different, as it would indicate
that they knew it was unauthorized...