November 9, 1999
Hijacking of Errant E-Mails Grows,
Leading to Some Embarrassing Tales
By MICHAEL MOSS
Staff Reporter of THE WALL STREET
On Oct. 15, New York telemarketing consultant Geri Gantman resigned in
protest from her trade association and fired off an angry e-mail that
detailed her gripes.
The message fell into the hands of Russell Smith, a consumer activist
and arch-foe of telemarketers, and Ms. Gantman figured someone leaked
In fact, she sent it to him herself. The group's e-mail address is
ataconnect.org. But she typed ataconnect.com -- which is a spot on the
Internet that belongs to Mr. Smith.
He acquired the look-alike address last winter and set it up to accept
any e-mail that comes in. Since then, he says, he has received a pile of
messages intended for people at the telemarketing association. "Even their
own staff types .com," Mr. Smith crows.
Already, the Internet is awash in Web sites that trick people into
clicking on by using addresses that vary only slightly from the sites being
mimicked: an extra letter here, a dropped hyphen there.
Now, in near secrecy, some of these same look-alike Web sites are
grabbing e-mail as well. A convenience of the Internet makes this easy to
do: Most firms and organizations run their e-mail systems from the same
addresses they use for their Web sites.
E-mail pirates don't even need to know software code. For an extra $3,
the outfits that set up Web sites will throw a few switches so the sites
collect e-mail, too. Then all it takes is a sender who mistakenly types the
look-alike address, and the message gets snagged.
This trickery is so new that it isn't yet clear whether it can be
stopped. Nor is it easy to avoid getting tripped up. Lawyers are e-mailing
memos to the very people they are writing about. Voters are sending offers
of money to their candidate's foe. Companies are losing customers, and
perhaps even more. The technique is so seamless that computer experts
assume that some firms use hijacked e-mail to snoop on competitors.
Not all misdirected e-mail is being pirated. The proliferation of Web
sites has made innocent confusion commonplace. Adams Capital Management
Inc., a venture-capital firm based in Sewickley, Pa., evidently shares a
look-alike address with a mutual fund, whose clients occasionally e-mail
Adams by mistake. "I write back and say you've got us confused," says
office manager Lynn Patterson.
Some people trying to reach the mayor of New York are getting a
different reply. Rudolph Giuliani's senatorial campaign had snapped up a
bunch of Internet names before settling on RudyYes.com for his campaign
site. Then he let his registration on the others expire.
In July, a free-spirited group that lampoons companies and public
officials picked up one address it says the mayor let go: YesRudy.com.
Now, half of the 30 e-mail messages that the group, RtMark, receives
each day at this and another look-alike Giuliani site are intended for the
mayor, says the group's spokesman, Frank Guerrero. "Wanted to send a
contribution," one e-mailer wrote last month.
Mr. Guerrero says he generally fires off a mischievous reply. "It is not
often that one barrels headlong into a difficult race full of unanswered
questions, even less often that one barrels headlong into a difficult race
full of unasked questions. I am doing both," reads one such reply, signed
Bruce Teitelbaum, spokesman for the mayor's political committee, says he
didn't know the YesRudy site garnered e-mail intended for the mayor. "There
is nothing we can do," he says, citing the group's right to free
Is e-mail snagging legal? It's murky. Some pirates liken their act to
picking up the phone when the caller has dialed a wrong number. They also
point fingers at the e-mail sender for not being careful enough.
Those who get snatched say it is more like a toll-free number that has
been created to resemble another, in hopes of siphoning off calls. They
also point out that it is already a crime merely to open regular mail that
is sent to the wrong address and that other criminal statutes might apply
to misdirected e-mail. Some companies have successfully argued that their
Web names are trademarks and that anyone who uses a look-alike address is
creating confusion by being deceptive.
"Regardless of whether it's a violation of electronic espionage law, I
do think you can make a case for trademark violation if you can show that
someone hijacking e-mails is causing real confusion," says David Bernstein,
a Debevoise & Plimpton attorney who chairs the American Bar Association
panel on Internet law.
"One element of damage," Mr. Bernstein adds, "is that the sender never
knows their e-mail is missing."
Neither does the intended receiver. For months, Jews for Jesus had lost
e-mail to a New Jersey man named Steven Brodsky who opposed the San
Francisco religious group. He received the messages through an Internet
name that was identical to the group's Jews-for-Jesus.org -- except his
didn't have any hyphens. "I was blessed when one of your people came to our
church," wrote a Baptist man from Portland, Ore., who left out the
Mr. Brodsky hadn't intended to hijack the group's e-mail, says his
attorney, Ronald Coleman. Rather, in creating his Web site, Mr. Brodsky
purchased software that automatically included the feature of accepting
e-mail, Mr. Coleman says.
The group discovered about a dozen lost messages when it sued Mr.
Brodsky last year for trademark infringement. Then, in battling Mr.
Brodsky, the group's own lawyers failed to use the hyphens on one e-mail
they intended to send to the group.
"In the middle of the litigation I get an interoffice communication from
the San Francisco office of my adversary," says Mr. Coleman. "It was to his
client, but he used the wrong address, and it went to my client."
"That is true," sighs attorney Paul Winick, whose colleague actually
sent the errant e-mail, which Mr. Coleman returned. "It is really a
In court, Mr. Coleman argued that Mr. Brodsky's acerbic site could not
be mistaken for the religious group. But Jews for Jesus prevailed last year
when a federal judge in New Jersey ruled that Mr. Brodsky deceived the
public through trickery.
Still, fending off look-alike Internet names can be so costly no matter
who wins in court that Mr. Coleman advises his corporate clients to buy up
all the names they can. "You have to register 60 paces in every direction,"
he says. "Even the likely typos. With hyphen and without hyphen. It's
E-mail hijacking has added new urgency to the game of stockpiling
Internet names. A southern California firm that sells goods through an
Internet catalog says it is struggling with the owner of a similar name,
who is seeking to sell it for a six-figure sum.
For now, the look-alike name's owner is replying to the firm's customers
who misdirect their e-mail to him -- without disclosing that they have
reached the wrong place, says the catalog firm's attorney, Neil Smith of
San Francisco. "He insults them," says Mr. Smith. "He is driving the
customers away." He declined to name either firm because of possible legal
Russell Smith, the consumer activist based in Alexandria, Va., says he
has registered as many as 600 Internet names, which he swaps or sells or
links to his own Web site that promotes consumerism. Most of his stock is
generic, like Merrychristmas.org, which he hopes will prove valuable
He also has Web names resembling those used by three telemarketing
groups, including American Teleservices Association, of North Hollywood,
from which Ms. Gantman -- a senior partner with the consultant firm Oetting
& Co. of New York -- resigned last month.
"This smacks of Big Brother," says Ms. Gantman, who had not known how
her e-mail strayed to Mr. Smith until she was contacted by this newspaper.
"We're going to be real careful with those dot-orgs from now on."
Donna Bryce, a telemarketer and the association's communications
director, says she also was unaware of Mr. Smith's e-mail system. "It would
concern me when things go astray," she says. But, she adds, "it's a free
country, and he has a right to his Web mail." She declined to discuss Ms.
Mr. Smith says he routinely sets up all his sites to receive e-mail and
did not target the telemarketers. But when their messages began streaming
in, he decided to keep them coming as a weapon in his battle for consumer
rights. "I want the messages," he says. "They sc- me, and I want to sc-
them. It's revenge."
Much of the telemarketers' e-mail, he adds, consists of jokes being
passed around. "It's mostly a waste of time," he says.
One exception arrived in January. It was an e-mail from attorney Roger
Kirkpatrick, a consumer marketing specialist with Time Warner Inc., with
whom Mr. Smith had been fighting.
Mr. Smith had been pressing Time Warner to detail its consumer-privacy
policies, and Mr. Kirkpatrick wrote an e-mail to his legal colleagues and
an official at the Direct Marketing Association, a New York trade group to
which Time Warner belongs.
Mr. Kirkpatrick in the e-mail laid out his strategy to curb Mr. Smith's
inquiries. "This guy is EXTREMELY obnoxious," he wrote. "We ... have
nothing more to say or send to him."
The e-mail went straight to Mr. Smith, when it was mistakenly addressed
to his look-alike Direct Marketing name.
"Clearly the e-mail was not intended to go to him," says Mr.
Kirkpatrick, adding that he had not known how Mr. Smith had obtained his
Mr. Smith, for his part, replied to Mr. Kirkpatrick's misdirected
e-mail, refuting some matters, agreeing with others.
"One final thing," Mr. Smith wrote. "I would like to take this
opportunity to welcome both you and the DMA to the Internet."