SUPREME COURT OF THE STATE OF NEW YORK COUNTY OF KINGS
RICHARD C. LITMAN,
Plaintiff,
– against –
JOSHUA B. GOLDBERG; NATH, GOLDBERG & MEYER; and JOHN/JANE DOES 1–10,
Defendants.
Index No. 524343/2025 Hon. Brian L. Gotlieb, J.S.C.
TO: Aaron Gould, Esq. CONNELL FOLEY LLP Attorneys for Defendants Joshua B. Goldberg and Nath, Goldberg & Meyer
FROM: Counsel for Plaintiff Richard C. Litman
DATE: April 6, 2026
RE: Plaintiff's Supplemental Document Demand and Interrogatories — Microsoft 365 Tenant Administrative Records for the 4patent.com Accepted Domain
PLEASE TAKE NOTICE that, pursuant to CPLR §§ 3120 and 3130 et seq., Plaintiff Richard C. Litman demands that Defendants Joshua B. Goldberg and Nath, Goldberg & Meyer ("NGM") produce the documents and respond to the interrogatories set forth below within thirty (30) days of service hereof. The materials sought are within Defendants' exclusive possession, custody, or control by virtue of their administration of the Microsoft 365 tenant nathlaw.onmicrosoft.com, which — as established by independent DNS forensic analysis — operates the email infrastructure for the 4patent.com accepted domain.
For purposes of this demand, the following terms shall have the meanings set forth below:
"M365 Tenant" means the Microsoft 365 / Microsoft Entra ID tenant identified as nathlaw.onmicrosoft.com, including any associated Exchange Online organization, Microsoft Purview compliance center, Microsoft Entra admin center, and Microsoft 365 admin center, together with all subscribed services, licenses, and administrative consoles linked to that tenant identifier.
"Domain" means the DNS domain 4patent.com, including any subdomains, and refers to that domain in its capacity as an "accepted domain" or "verified domain" within the M365 Tenant.
"Alias" means any email address routed through the M365 Tenant on the Domain, whether implemented as (a) a primary SMTP address of a user mailbox; (b) a secondary proxyAddresses value (alias) on a user mailbox; (c) a shared mailbox; (d) a mail-enabled distribution group; (e) a mail-enabled security group; (f) a Microsoft 365 group; (g) a dynamic distribution group; or (h) a mail contact. The term includes, without limitation, litman@4patent.com, rlitman@4patent.com, kfu@4patent.com, ksu@4patent.com, ku@4patent.com, kisr@4patent.com, sacgc@4patent.com, sabah@4patent.com, uaeu@4patent.com, squ@4patent.com, agu@4patent.com, qu@4patent.com, qf@4patent.com, ddi@4patent.com, kau@4patent.com, kfupm@4patent.com, uqu@4patent.com, uos@4patent.com, kfsphrc@4patent.com, trc@4patent.com, clientservice@4patent.com, dmarc@4patent.com, and any other address ever provisioned on the Domain.
"Distribution Group" means any mail-enabled distribution group, Microsoft 365 group, mail-enabled security group, dynamic distribution group, or shared mailbox provisioned within the M365 Tenant on or for the Domain, together with its membership history.
"Mailbox" means any user mailbox, shared mailbox, room mailbox, equipment mailbox, or recoverable-items store hosted by Exchange Online within the M365 Tenant.
"Audit Log" means any record produced by Microsoft Purview / Microsoft 365 Compliance audit logging, the Unified Audit Log, the Exchange Online mailbox audit log, the admin audit log, or any equivalent successor logging facility, including all records exportable through Search-UnifiedAuditLog, Search-AdminAuditLog, Search-MailboxAuditLog, the Microsoft Purview portal, or the Microsoft Graph audit-log endpoints.
"Provisioning Log" means any record reflecting administrative actions taken within the M365 Tenant — including, without limitation, mailbox creation, mailbox deletion, alias addition, alias removal, group creation, membership change, license assignment, mail-flow-rule creation, transport-rule modification, accepted-domain configuration, DKIM key rotation, eDiscovery hold placement or release, role assignment, conditional access policy change, and any action performed via the Microsoft 365 admin center, Exchange admin center, Microsoft Entra admin center, Microsoft Purview portal, or Microsoft Graph API.
"Document" has the broadest meaning permitted by CPLR § 3120 and includes electronically stored information in native format with all metadata intact.
"Communication" means any transmission of information, in any form.
"You," "Your," "Defendants," or "NGM" means Joshua B. Goldberg, Nath, Goldberg & Meyer, and any officer, employee, agent, attorney, contractor, or representative thereof.
"Relevant Period" means June 15, 2020 through the date of production, except as otherwise specified.
A. Documents shall be produced in native electronic format with all metadata intact, in load-file form acceptable in Relativity, and accompanied by a vendor-neutral CSV index identifying each item by Bates number, native filename, custodian, source system, and date of generation.
B. Audit and provisioning logs shall be exported in their native CSV or JSON form as produced by Microsoft Purview, Microsoft Entra, or Microsoft Graph, without truncation, filtering, or de-duplication, and shall include the full record schema (all columns/fields) as exported.
C. If You contend that any portion of the requested material has been deleted, purged, or is no longer retained, You shall identify (i) the date of deletion or purge, (ii) the administrator account that executed the action, (iii) the retention policy in effect at the time, and (iv) any backup or archive from which the material may be recovered.
D. You are reminded that Microsoft 365 retains Unified Audit Log records based on the licenses assigned to the tenant. With Microsoft 365 / Office 365 E3 licensing, the default retention is 180 days; with E5 or the Microsoft 365 E5 Compliance add-on, it is one year by default and configurable to ten years. The data sought herein is available in the M365 Tenant if proper licensing has been maintained, and the failure to maintain that licensing — or to preserve exports — after Plaintiff's June 26, 2025 litigation threat is itself sanctionable under the doctrines set forth in Part VI below.
This supplemental demand is directed to a discrete and self-contained body of evidence: the administrative records held within Defendants' Microsoft 365 tenant for the 4patent.com domain. Three predicate facts make these records dispositive of issues central to Plaintiff's Civil Rights Law § 51 claim:
1. Defendants control the Domain's email infrastructure. The DKIM CNAME records published in the public DNS for 4patent.com resolve to selector1-4patent-com._domainkey.nathlaw.onmicrosoft.com and selector2-4patent-com._domainkey.nathlaw.onmicrosoft.com. Domain verification within a Microsoft 365 tenant requires administrative access to DNS, and DKIM CNAMEs of this form are only created when a domain has been added as a verified accepted domain in that tenant. The MX record for the Domain (4patent-com.mail.protection.outlook.com) confirms mail flow into the same Exchange Online organization. Defendants therefore exercise complete administrative authority — create, read, send-as, delete — over every Mailbox and Alias on the Domain.
2. The Domain hosts a systematic client-services alias infrastructure. Plaintiff has identified at least fifty (50) unique Aliases on the Domain through analysis of email metadata in the ND0001 and ND0002 archives. These include client-coded Aliases (kfu@, ksu@, ku@, kisr@, sacgc@, sabah@, uaeu@, squ@, agu@, qu@, qf@, ddi@, kau@, kfupm@, uqu@, uos@, kfsphrc@, trc@), function-coded Aliases (clientservice@, dmarc@), and personal mailboxes (litman@, rlitman@). The kfu@4patent.com Alias alone accounts for 19,701 records across the two archives.
3. The alias system is coextensive with a contemporaneous client-renumbering scheme inside Defendants' Soluno billing system. Of twenty (20) Litman-originated clients independently identified as having been reassigned to alternate billing numbers in Soluno so as to bypass Plaintiff's Attorney 418 origination credit, nine (9) of the twelve (12) major institutional clients (75%) also have a dedicated client-coded Alias on the Domain. Those nine Aliases account for 73.1% of all non-personal email traffic observed on the Domain. The pattern is too tight, too client-specific, and too temporally aligned to be coincidence.
The dates on which each Alias was provisioned within the M365 Tenant — and the dates on which membership in each underlying Distribution Group changed — are therefore directly probative of when the parallel renumbering events were planned and executed. If, as Plaintiff anticipates, Alias creation correlates at the client level with the Soluno renumbering dates, the M365 records will document a coordinated, instrumented, and willful diversion scheme on the Defendants' own administrative ledger.
Finally, on July 18, 2025 — one day after Plaintiff transmitted a written litigation threat — the litman@4patent.com and rlitman@nathlaw.com Mailboxes were eliminated. The corresponding administrative actions were necessarily executed within the M365 Tenant by an account holding Exchange administrator privileges, and are necessarily reflected in the Unified Audit Log and the Exchange admin audit log. Those records are independently subject to a litigation hold from and after June 26, 2025.
Demand No. 1 — Complete Alias Inventory.
Produce a complete list of every Alias ever provisioned on the Domain through the M365 Tenant from the date the Domain was first added as an accepted domain in the M365 Tenant through the date of production. For each Alias, the list shall identify: (a) the full SMTP address; (b) the object type (user mailbox primary SMTP, user mailbox proxyAddresses alias, shared mailbox, mail-enabled distribution group, Microsoft 365 group, mail-enabled security group, dynamic distribution group, or mail contact); (c) the underlying object identifier (ObjectId / GUID); (d) the display name; and (e) the current status (active, soft-deleted, hard-deleted).
Demand No. 2 — Creation Date for Each Alias.
Produce, for each Alias identified in response to Demand No. 1, the UTC creation timestamp and the identity of the administrator account that created it. The required source data includes the WhenCreated attribute on each Exchange Online recipient object, the corresponding New-Mailbox, New-DistributionGroup, New-UnifiedGroup, Add-DistributionGroupMember, Set-Mailbox -EmailAddresses, and Add-RecipientPermission cmdlet entries in the admin audit log, and the corresponding records in the Microsoft Entra audit log and the Microsoft Purview Unified Audit Log.
Demand No. 3 — Member Roster History.
Produce, for each Distribution Group, shared Mailbox, and Microsoft 365 group on the Domain, the complete membership history, including every addition and removal of any member, the date and UTC time of the change, the identity of the administrator account that executed the change, and the resulting membership immediately after the change. This shall include Add-DistributionGroupMember, Remove-DistributionGroupMember, Add-UnifiedGroupLinks, Remove-UnifiedGroupLinks, Add-MailboxPermission, Remove-MailboxPermission, Add-RecipientPermission, and Remove-RecipientPermission records.
Demand No. 4 — Mail Flow Rules and Transport Rules.
Produce all mail-flow rules (transport rules) ever configured within the M365 Tenant that reference the Domain, any Alias, or any address ending in @4patent.com. The production shall include the full XML or JSON serialization of each rule, the date created, the date last modified, the administrator account responsible for each version, and the complete history of each rule from creation to current state. Specifically include any rule providing for forwarding, journaling, blind-copying, redirection, header rewriting, or signature insertion involving any @4patent.com address.
Demand No. 5 — Microsoft Purview Unified Audit Logs.
Produce, for the Relevant Period, a complete export of the Unified Audit Log entries from the Microsoft Purview compliance center filtered to actions affecting (a) the Domain, (b) any accepted-domain configuration referencing 4patent.com, (c) any Mailbox or Alias on the Domain, and (d) any Exchange administrator role assignment. The export shall be in the native CSV/JSON form produced by Search-UnifiedAuditLog or the Purview Audit (Premium) export, with all columns intact, including CreationDate, UserIds, Operations, RecordType, AuditData, ClientIP, and UserAgent.
Demand No. 6 — Provisioning Logs / Tenant Administrator Actions.
Produce all Provisioning Log records (as defined in Definition 7) reflecting administrative actions taken within the M365 Tenant that affect the Domain or any Alias for the Relevant Period, including without limitation: mailbox creation and deletion; alias addition and removal; group creation, deletion, and membership changes; mail-flow-rule changes; transport-rule changes; accepted-domain configuration; DKIM key generation, rotation, and CNAME publication; eDiscovery hold placement and release; license assignment; role assignment; conditional access policy changes; and DNS-record verification events. Production shall include both the Exchange admin audit log (Search-AdminAuditLog) and the Microsoft Entra audit log.
Demand No. 7 — License Assignments. Produce a complete history of license assignments within the M365 Tenant for the Relevant Period, including (a) all SKUs subscribed to by the tenant; (b) the count of each license type held over time; (c) the date and administrator responsible for each assignment or removal; and (d) for each Mailbox on the Domain, the licenses assigned to that Mailbox over time. This information bears directly on whether Defendants maintained sufficient licensing (E3 / E5 / Microsoft 365 E5 Compliance) to retain Unified Audit Log data for the periods relevant to this case.
Demand No. 8 — Mailbox Deletion Logs (July 18, 2025).
Produce all Audit Log and Provisioning Log records reflecting (a) the disablement, blocking, license removal, soft-deletion, or hard-deletion of litman@4patent.com and rlitman@nathlaw.com on or about July 18, 2025; (b) any preceding administrative actions taken on those Mailboxes between June 26, 2025 and July 18, 2025; (c) any associated tickets, change requests, or instructions; and (d) any subsequent restoration, recovery, retention-tag, or in-place-hold actions taken on those Mailboxes through the date of production. Include the administrator UPN, ClientIP, and UserAgent fields for each record.
Demand No. 9 — eDiscovery Hold History.
Produce the complete history of all litigation holds, in-place holds, retention policies, retention labels, and eDiscovery cases applied to (a) the M365 Tenant generally, (b) the Domain or any Alias, and (c) the litman@4patent.com and rlitman@nathlaw.com Mailboxes, for the Relevant Period. For each hold or policy, identify the scope, the start date, the end date (if any), and the administrator who created and modified it.
Demand No. 10 — DKIM, DMARC, and SPF Record Changes.
Produce the complete history of all DKIM key generations and rotations within the M365 Tenant for the Domain, including the date of each rotation and the administrator account responsible. Produce all Documents in Defendants' possession reflecting changes to the public DNS records for the Domain, including DKIM CNAMEs, the MX record, the SPF TXT record, the DMARC TXT record, and the Microsoft 365 verification (MS=) TXT record, together with all associated Cloudflare account audit logs.
Demand No. 11 — Authorization Documents. Produce all Documents reflecting the authorization, approval, request, or instruction to create, modify, or delete any Alias on the Domain, including but not limited to internal emails, instant messages, ticket-system entries, change-control records, and written or signed approvals, for each Alias identified in response to Demand No. 1. The required production specifically includes any Documents purporting to reflect Plaintiff's authorization or consent to the creation of any Alias provisioned on or after June 15, 2020.
Demand No. 12 — Communications with Microsoft.
Produce all Communications between any of Defendants, their employees, contractors, or agents on the one hand, and Microsoft Corporation (including Microsoft Support, Microsoft FastTrack, the Microsoft Customer Engineer team, and any Microsoft Premier or Unified Support representative) on the other hand, relating to (a) the Domain; (b) the addition of the Domain as an accepted domain in the M365 Tenant; (c) any Mailbox or Alias on the Domain; (d) the July 18, 2025 elimination of the litman@4patent.com and rlitman@nathlaw.com Mailboxes; (e) audit log retention or export within the M365 Tenant; or (f) any litigation-hold capability of the M365 Tenant.
Pursuant to CPLR § 3130, Defendants shall answer the following interrogatories under oath:
Interrogatory No. 1. Identify, by full name, role, and dates of service, every individual who has held Global Administrator, Exchange Administrator, Compliance Administrator, User Administrator, or any equivalent privileged role in the M365 Tenant from June 15, 2020 through the date of response.
Interrogatory No. 2. Identify the date on which the Domain was first added as an accepted domain to the M365 Tenant, and the administrator account that performed the addition and verification.
Interrogatory No. 3. Identify, for each Alias provisioned on the Domain on or after June 15, 2020, (a) the date of creation, (b) the administrator who created it, (c) the business justification recorded for its creation, and (d) the individual or entity who requested its creation.
Interrogatory No. 4. State whether any policy, written or unwritten, governed the creation of Aliases on the Domain at any time during the Relevant Period; if so, describe the policy and identify the date it was first adopted.
Interrogatory No. 5. Identify the M365 license SKUs assigned to the M365 Tenant during the Relevant Period and state, for each, the corresponding default Unified Audit Log retention period and any non-default retention configurations applied.
Interrogatory No. 6. Identify the administrator account that, on or about July 18, 2025, executed the disablement, deletion, license removal, or any equivalent action on the litman@4patent.com Mailbox and the rlitman@nathlaw.com Mailbox, and state the business justification recorded at the time of the action.
Interrogatory No. 7. State whether, between June 26, 2025 and the present, any litigation hold, in-place hold, retention policy, or eDiscovery preservation measure has been applied to the M365 Tenant, the Domain, or the litman@ and rlitman@ Mailboxes; and if so, identify the date, scope, and administrator responsible.
Interrogatory No. 8. Identify every individual who, at any time during the Relevant Period, was a member of any Distribution Group on the Domain whose name includes a client-identifying token (including but not limited to kfu, ksu, ku, kisr, sacgc, sabah, uaeu, squ, agu, qu, qf, ddi, kau, kfupm, uqu, uos, kfsphrc, trc, and clientservice).
Interrogatory No. 9. State whether Defendants contend that Plaintiff Richard C. Litman authorized, in writing, the creation of any Alias on the Domain on or after June 15, 2020; and if so, identify each such authorization by date, form, and the Documents in which it appears.
Interrogatory No. 10. Identify every Microsoft Support case number, FastTrack engagement, or Unified Support ticket opened by Defendants in connection with the Domain or any Mailbox or Alias thereon during the Relevant Period.
Defendants are hereby formally placed on notice of their obligation to preserve all of the foregoing electronically stored information, together with all backup, archive, and successor data, in its native form and with all metadata intact, pending resolution of this action. The duty to preserve was triggered no later than June 26, 2025, when Plaintiff transmitted a written communication to Defendant Goldberg stating, inter alia, "that is the answer that gets you into litigation," and was reinforced by the formal litigation threat of July 17, 2025 and the commencement of this action.
Defendants are reminded of their obligations under the Court of Appeals' decision in Pegasus Aviation I, Inc. v. Varig Logistica S.A., 26 N.Y.3d 543 (2015), and the Appellate Division authority on spoliation of electronically stored information, including VOOM HD Holdings LLC v. EchoStar Satellite L.L.C., 93 A.D.3d 33 (1st Dep't 2012). Any alteration, deletion, license downgrade, audit-log retention reduction, tenant migration, or failure to export and preserve the records demanded herein — at any time on or after June 26, 2025 — will be the subject of a motion for sanctions, including an adverse-inference instruction and the striking of affirmative defenses.
The preservation obligation specifically includes:
a. The Microsoft Purview Unified Audit Log for the M365 Tenant, irrespective of whether Defendants currently subscribe to a license SKU that retains such records beyond the default 180-day window;
b. The Exchange Online admin audit log and any equivalent successor logging facility;
c. The Microsoft Entra audit logs;
d. The recoverable-items store and soft-deleted-items retention for the litman@4patent.com and rlitman@nathlaw.com Mailboxes;
e. The complete native PST or .ost files, or Exchange Online archive content, for those Mailboxes;
f. The Cloudflare account audit log for the Domain;
g. The eNom registrar account history for the Domain; and
h. Any administrative documentation, ticket, change-control record, or internal communication referencing any of the foregoing.
Defendants are further reminded that the Domain expires on May 27, 2026. Any failure to renew the Domain, transfer the Domain, or otherwise preserve the underlying registrar and DNS records prior to that date will be deemed willful spoliation of relevant evidence.
Defendants shall produce the documents demanded in Part IV, and serve sworn answers to the interrogatories in Part V, within thirty (30) days of service of this demand. If Defendants contend that any demand is objectionable, Defendants shall (a) state the objection with specificity, (b) identify the categories of responsive material withheld, (c) state whether responsive material exists in any form within the M365 Tenant, and (d) confer with Plaintiff's counsel in good faith pursuant to 22 NYCRR § 202.20-f prior to refusing production.
Plaintiff specifically notes that the records sought herein are not the kind of information that requires reconstruction, third-party cooperation, or extraordinary effort. Each item demanded is either (i) directly exportable from the Microsoft 365 admin center, the Exchange admin center, the Microsoft Purview compliance center, or the Microsoft Entra admin center by any account holding the appropriate administrator role, or (ii) directly retrievable through a single PowerShell session against the Exchange Online or Microsoft Graph endpoints. The volume is modest, the format is standardized, and the cost is negligible. Defendants cannot credibly claim ignorance of the existence of these records: they are the inherent administrative ledger of the Microsoft 365 tenant Defendants themselves operate. Either the records exist and must be produced, or they have been destroyed — and if destroyed, that destruction will be the subject of a separate motion.
Dated: April 6, 2026 Brooklyn, New York
Respectfully submitted,
_____ Counsel for Plaintiff Richard C. Litman
TO: Aaron Gould, Esq. CONNELL FOLEY LLP Attorneys for Defendants
This demand is served pursuant to CPLR §§ 3120 and 3130 in the action captioned Litman v. Goldberg, Index No. 524343/2025, pending in the Supreme Court of the State of New York, County of Kings, before the Hon. Brian L. Gotlieb, J.S.C.