MySpace's $230M Victory in Spam Case May Be Hollow

A federal court has awarded MySpace nearly US$230 million in its suit against Sanford Wallace and his partner Walter Rines -- aka the "Spam King." The judgment -- especially given the size of the award -- represents a decided victory for e-commerce sites in their costly battle against spam. This is the largest award since the enactment of the CAN-SPAM Act in 2003.

The company received $223,770,500 in damages under CAN-SPAM, $1.5 million in antiphishing damages allowed by California statute and $4.5 million for legal fees, Wendy Mantell, an attorney with Greenberg Traurig, told the E-Commerce Times. Mantell's firm represented MySpace in the lawsuit, which was filed in Los Angeles.

MySpace sued Wallace and Rines for tricking many of the site's users into revealing login information, mainly through the use of phishing scams involving third-party sites. With the purloined data in hand, the two were able to target the users' friends on the MySpace network, spamming them with links to gambling, porn and ringtone Web sites.

Rines and Wallace sent more than 730,000 messages and earned more than half a million dollars through their MySpace activities, according to court documents.

Permanent Debtor

The amount of the award provides a telling look into the costs companies incur when they fight spam -- but it's doubtful MySpace will ever see any of the money.

"I don't think it will ever be collected," MessageLabs Anti-Spam Technologist Matt Sergeant told the E-Commerce Times. "Sanford Wallace has been judged against before, and he has never paid up. I suspect he will become a debtor to MySpace."

That gloomy expectation fuels doubts that the award -- or the law underpinning it -- will serve as any deterrent whatsoever against the volume of spam flowing into in-boxes.

CAN-SPAM "hasn't had much of an effect," Allison Armstrong, director of product management at AdmitOne Security, told the E-Commerce Times.

"When the law first came out, antispammers said it should be called 'U CAN SPAM,'" MessageLabs' Sergeant said. "It is a sloppy law that allows someone to spam until he is asked not to."

It took years before the first prosecution under the law went forward, he pointed out. "All these publicized cases do is illustrate the complexities of the prosecution."

Still, CAN-SPAM and the penalties it establishes are better than nothing. The award will at least send a clear message to fraudsters, AdmitOne's Armstrong said.

The fact that such amounts are potentially recoverable under CAN-SPAM provides additional incentive for firms such as MySpace to prosecute offenders, she added, thus heightening their risk level.

Social Networking Vulnerability

The case also highlights the lax security on social networking sites, Matt Shanahan, senior vice president at AdmitOne Security, told the E-Commerce Times.

"It is very easy to hijack an account," he said, and when that happens -- especially on a massive scale -- the network's brand suffers.

Indeed, MySpace received a lot of negative press in connection with these incidents -- particularly over the delivery of spam containing links to porn Web sites to minors' in-boxes.

Web 2.0 sites like MySpace have to adopt the same mentality that banks and financial institutions did several years ago concerning Internet security, Shanahan continued. "All the banks have worked very hard to become trusted names online, establishing cutting-edge security controls."

At the end of the day, though, users must share some of the responsibility for protecting themselves. "There were huge sums of money involved in this case, which is why it attracted so much attention, Phil Neray, vice president of marketing for Guardium, told the E-Commerce Times.

This is a cautionary tale for Web 2.0 users, he said. "Always be careful of what you click on."