I think that you can comply with the ECPA by simply bouncing back the
email to the sender and only if that is not possible, then drop it in
/dev/null. Since spammers almost always have bogus reply addresses you
shouldn't run into a problem with this even if you are a relay since once
you have failed to bounce back one message, you can then add that source
address to a list that you refuse to accept email from.
If there is a way that spammers can launch a lawsuit against AT&T on the
basis of the ECPA then I am sure they will try so it's best to be
proactive here.
Michael Dillon - Internet & ISP Consulting
Memra Software Inc. - Fax: +1-250-546-3049
http://www.memra.com - E-mail: michael@memra.com