Designer Skin LLC v. S & L Vitamins, Inc., et al.
MySpace Inc. v. Sanford Wallace d/b/a Freevegasclubs.com, Realvegassins.com, and Feebleminded Productions
498 F.Supp.2d 1293, 2:07-cv-01929-ABC-AGR (C.D. Ca., July 2, 2007).
Defendant Enjoined From Sending Spam From Hijacked MySpace User Accounts
Finding plaintiff MySpace likely to prevail on its claims that defendant Sanford Wallace violated the CAN-SPAM Act, 15 U.S.C. Section 7704, as a result of his transmission of unsolicited commercial emails to MySpace users, the Court issued a preliminary injunction, enjoining defendant, inter alia, from further use of MySpace or its internet messaging service, from establishing or maintaining MySpace accounts, or from using MySpace for commercial purposes.
Defendant sent email messages to MySpace users that redirected them to a website containing a MySpace logo at which defendant solicited their user name and passwords. Defendant used this information to hijack and log onto those users’ profiles, from which he then sent messages to the users’ MySpace ‘friends’ inviting them to visit defendant’s websites. These email messages did not comply with CAN-SPAM. Among other things, they did not contain a valid physical address for defendant, did not provide opt out instructions, or provide a valid return email address at which defendant could be contacted to request that no further emails be sent. Moreover, they did not, in their header information, identify defendant as their source. As such, held the Court, plaintiff was likely to establish a number of violations of CAN-SPAM, and was accordingly entitled to injunctive relief.
In reaching this result, the Court found that CAN-SPAM applied to emails sent from one MySpace user to another, over the MySpace network. The Court also noted that CAN-SPAM applied to instant messages.
Wallace Obtains User Names And Passwords Of MySpace Account Holders, And Uses Their Accounts To Send Spam To Other MySpace Members
MySpace is a ‘social networking service’ that allows members to create personal profiles and communicate with other members.
Defendant Sanford Wallace created over 11,000 MySpace accounts. Defendant sent emails to other MySpace users that were designed to redirect users to a website containing a MySpace.com logo at which defendant solicited their user name and passwords. Defendant used this information to hijack and log onto those users’ profiles, from which he then sent messages to the users’ MySpace ‘friends’ inviting them to visit defendant’s websites. Wallace sent approximately 400,000 messages, and posted approximately 890,000 comments from ‘hijacked’ MySpace user accounts. As explained more fully below, defendant’s messages violated CAN-SPAM in numerous respects.
Plaintiff claimed that this activity caused it injury. Among other things, plaintiff was compelled to incur bandwith and delivery related costs in connection with the transmission of defendant’s messages, and to devote time and money to stop his activities. In addition, plaintiff claimed its reputation was injured, as it received over 800 complaints about defendant’s misconduct.
Plaintiff MySpace commenced this suit, charging Wallace, inter alia, with violating CAN-SPAM, and moved for injunctive relief.
Email From One MySpace User To Another Is Subject To CAN-SPAM
The Court held that messages sent over the MySpace system, from one MySpace user to another, had to comply with CAN-SPAM. In reaching this result, the Court gave an expansive reading to CAN-SPAM.
The Act applies to ‘electronic mail messages.’ These, in turn, are defined in Section 7702(6) as ‘a message sent to a unique electronic mail address.’ The term ‘electronic mail address’ is defined in the Act as ‘a destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox (commonly referred to as the ‘local part’) and a reference to an Internet domain (commonly referred to as the ‘domain part’) whether or not displayed, to which an electronic mail message can be sent or delivered.”
The Court held that to qualify as an electronic mail address to which email can be sent within the meaning of CAN-SPAM, “entails nothing more specific than ‘a destination to which an electronic mail message can be sent.’” As interpreted by the Court, the mail need not be sent to an address that has both a local and domain part. Rather, that is simply ‘one possible way’ in which a destination can be expressed.
CAN-SPAM Applies To Instant Messaging
As such, held the Court, messages sent from one MySpace user to another over the MySpace system qualified for the protections of the Act. Indeed, held the Court, so to do ‘instant messages.’ Said the Court:
In any event, held the Court, emails sent to MySpace users over the company’s system were sent to users at distinct url addresses, comprised of both a user and domain name, and thus qualified for the protections of CAN-SPAM.
Wallace’s Emails Violate CAN-SPAM
The Court held that plaintiff was likely to prevail on its claim that defendant’s conduct ran afoul of CAN-SPAM.
Section 7704(a)(1) prohibits the transmission of email that contains false or misleading information, including information that is ‘technically accurate but includes an originating electronic mail address … the access to which for purposes of initiating the message was obtained by means of false or fraudulent pretenses or representations.’ Plaintiff need not establish that defendant had a pattern and practice of violating this section to pursue a claim thereunder. By improperly obtaining MySpace user names and passwords, and using that information to hijack the users’ accounts, and send email messages, the Court held that Wallace had obtained access to an email address via false pretenses, and thus violated CAN-SPAM by including such an address in the headers of the email he transmitted.
Section 7704(a)(3) prohibits sending commercial electronic mail that does not contain a functioning return email address to which a recipient can send a request that no further email messages be sent. The Court held that plaintiff was likely to establish a violation of this section as well, because defendant’s emails only provided the email address of the hijacked MySpace user’s account, and not that of defendant. As such, the email address would not allow a recipient to communicate with defendant to request that its emails cease. The requisite pattern and practice was met because defendant Wallace had sent numerous emails from hijacked accounts on several occasions, none of which contained a valid email address for the defendant.
In reaching this result, the Court rejected defendant’s argument that his emails were not commercial because they did not offer any product for sale. Instead, they only promoted defendant’s websites. Because the messages promote an ‘internet website operated for a commercial purpose,’ held the Court, they qualified as commercial messages within the meaning of CAN-SPAM.
Finally, the Court held plaintiff was likely to prevail on its claim that defendant violated Section 7704(a)(5) of the Act, because the emails he transmitted failed to contain a valid physical postal address for defendant, failed to provide opt out instructions, and failed to identify themselves as advertisements. The requisite pattern was met because all of defendant’s numerous mailings were similarly flawed.
Court Enjoins Wallace From Further Use Of MySpace
As a result, and given the injury plaintiff was sustaining to its reputation, and the costs it was incurring in preventing defendant’s conduct, discussed above, the Court granted plaintiff injunctive relief. The injunction issued by the Court enjoined defendant Wallace, inter alia, from further use of MySpace or its internet messaging service, from establishing or maintaining MySpace accounts, or from using MySpace for commercial purposes.