Social networking site Facebook has been awarded US$711 million in damages from prolific spammer and social network scammer Sanford Wallace for bombarding its users with spam, Facebook attorney Sam O’Rourke reported in a blog post. Judge Jeremy Fogel of the U.S. District Court in Northern California also banned Wallace from accessing Facebook.
Facebook filed a suit in February against Wallace and two Las Vegas-based associates, Adam Arzoomanian and Scott Shaw, accusing them of accessing accounts without users’ permission and sending phony mail and posts to individuals’ public message walls.
In March, a court issued a temporary restraining order against the three on the grounds that they violated the Computer Fraud and Abuse Act, the California Anti-Phishing Act and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM).
This is not Facebook’s first victory against spammers targeting its users. In November 2008, it was awarded an $873 million judgment against Adam Guerbuez and Atlantis Blue Capital for hijacking users’ accounts, which became the largest judgment for an action brought under CAN-SPAM.
Prior to that ruling, Wallace, also a Las Vegas resident, held the dubious distinction of racking up the largest penalty for spamming. A federal court slapped Wallace, aka “the spam king,” and his partner Walter Rines with a fine of nearly $230 million in May 2008, in a case brought by MySpace. That was then the largest award in a spam case since the enactment of the CAN-SPAM Act in 2003.
MySpace sued Wallace and Rines for tricking users into revealing login information, mainly through the use of phishing scams involving third-party sites. With that data in hand, the two targeted the users’ friends on the network, spamming them with links to gambling, porn and ringtone Web sites. Rines and Wallace sent more than 730,000 messages and earned more than half a million dollars through their MySpace activities, according to court documents.
It is doubtful whether MySpace has been able to collect; indeed, Facebook does not appear hopeful it will get the $711 million.
“While we don’t expect to receive the vast majority of the award, we hope that this will act as a continued deterrent,” O’Rourke said in the Facebook blog post.
The award really doesn’t mean much, according to Daniel Mittleman, associate professor at DePaul University’s College of Computing and Digital Media.
Facebook’s “trumpeting is merely a public relations ploy — saber rattling — but the decision is not a deterrent to other pro spammers. Nothing happened here they don’t already anticipate or know,” Mittleman told the E-Commerce Times.
Spammers view these suits as a cost of doing business, he explained. “When they lose, they go underground and re-emerge in a different location as a different corporate entity. They rarely pay off court fines.”
The 95 Percent Problem
For all the government and private sector push-back against spam — and the fraudulent activities that typically accompany it — spam has proven to be remarkably resilient.
The Facebook judgment against Wallace is not going to make a dent in the volume of spam sent, Jamie deGuerre, chief technology officer at Cloudmark, told the E-Commerce Times. The online security industry “is doing a good job of working to control spam but attackers are doing just as good of a job in getting through to end users.”
Ninety-five percent of all email is spam, deGuerre said, based on industry figures and Cloudmark’s own observations as a security provider for many telcos and ISPs. “That is higher than it’s ever been before.”
Some of the blame must be laid at the feet of legitimate organizations — as well as consumers who don’t educate themselves about the Internet’s dangers.
“It’s a problem with the whole ecosystem,” deGuerre said. “If legitimate organizations would be more careful about user education and if they used conservative practices in the way they communicated with customers, the situation might not be as bad.”
Conservative communications, for example, might consist of plain text emails with no embedded ads encouraging customers to click on them for the latest deal or offer. Companies should encourage customers to type URLs into their browser instead of providing links, suggested deGuerre.
Those suggestions fly in the face of accepted marketing practices, of course, and “because of that, consumers have become conditioned to receiving messages that are easily copied by spammers,” deGuerre said.
Bad as it is in the U.S., the spam problem is even worse in some other countries, Tom Kelchner, a researcher at Sunbelt Software, told the E-Commerce Times.
“In Russia, respectable businesses commonly advertise using spam email,” he said. “Short of a very radical change — as in Eugene Kaspersky’s idea for ending the anonymous use of the Internet — or serious government involvement across the globe, it isn’t going to get any better.”