undefined | Better HN

0 pointsCPLX7y ago0 comments

That’s highly doubtful.

I think it would maybe be arguable if someone actually hacked the OP’s account and the emails really did come from their outbox, but spoofed email is a different thing entirely.

It seems more equivalent as a legal precedent to someone sending a forged letter from a nonexistent employee on similar looking letterhead. Or maybe someone showing up at the door and collecting payment wearing a stolen or counterfeit uniform.

If you think of it in legal terms, in a lawsuit say, the client would have to acknowledge the existence of a contract and an obligation to pay the supplier, and then somehow make an argument that a spoofed email from a third party that the supplier had no awareness of, that never entered the posession or control of the supplier at all, somehow invalidates that contract, or proves that the client has satisfied their obligation.

That’s quite a stretch.

Arguing negligence on the part of the supplier still wouldn’t do anything to satisfy the payment obligation, at best it would seem to be a counter-claim, saying they they suffered a loss because of the suppliers negligence, but then that’s a separate tort and the burden of proof would be on them.

0 comments

Alex39177y ago

> It seems more equivalent as a legal precedent to someone sending a forged letter from a nonexistent employee on similar looking letterhead.

Well that's the question I guess, if you don't have SPF enabled is it like what you said, or is it more like allowing random people to come into your office at night and send out whatever they want on your actual company letterhead?

I don't know if there is legal precedent there or what a judge would rule, but it doesn't strike me as being completely obvious that this is a simple cut-and-dried case where the client still owes the full amount of the original payment.

CPLXOP7y ago

It’s not like having someone come into your office at night if it’s a spoofed email. It’s just someone figuring out what your letterhead looks like.

Either way though the client owes the original payment. That’s not in dispute. Legal issues don’t work in some holistic “who do you think should have the money” way, there are specific causes of action.

The first thing a court would ask is does the client owe the money, and is the obligation satisfied. The first answer is yes the second one is no, the client never sent the supplier the money. Nobody claims they did. Period.

Then the client would have a cause of action for negligence, due to someone else spoofing their email. Who wins that one? I don’t know but you’d have to look for some precedent and claim that the supplier was actually the proximate cause for some third party defrauding you. Maybe but it’s a pretty tenuous argument and you’d have to demonstrate clear causality.

j / k navigate · click thread line to collapse