No, it is easy. As Chris Neill of Verio abuse found out, after he was fired for doing this. (He posted his story to spam-l, blaming me for getting him fired). It is pretty much just like Peter described. The hard part is finding a real person to prosecute. Usually, Type 1 spammers don't abuse open relays. AOL has prosecuted spammers for sending _them_ mail, under the CFAA, after the company was notified not to send them mail. (I'll try to dig up the cite. You can find it pretty easily on lexis by searching for cases on 18 USC 1030) Searching for cases involving AOL seems to be a good way to stay current on computer law. ;-) --Dean On Mon, 26 May 2003 Valdis.Kletnieks@vt.edu wrote: > On Mon, 26 May 2003 18:53:12 PDT, Peter Deutsch said: > > > The case we prosecuted turned out to be a small group of kids breaking > > into compute hosts, but from what I was told I would think you should be > > able to use the same provision against spam relayers, since the key > > element was the unauthorized use of compute cycles, not what they did > > with the cycles. > > IANAL by any means, but I suspect that the owner of an open relay would have > a hard time demonstrating unauthorized use of cycles to relay mail *through > an open relay*. Now if the spammer actively *bypassed* a security feature > in order to relay the mail, that would be different, as it would indicate > that they knew it was unauthorized... >