Legal victory against spammers as MySpace wins record payout of $234 million

May 14, 2008 Sophos Press Release

myspace.com logo
MySpace has won a landmark victory against spammers Sanford Wallace and Walter Rines.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have applauded a legal judgment that has awarded MySpace a record payment of $234 million from spammers who bombarded its users with junk emails.

The payout, the largest ever under the CAN-SPAM Act, means that Sanford "Spamford" Wallace and his business partner Walter Rines are obliged to refund the social networking website for the cost of handling over 700,000 junk messages, and complaints it received from its users.

The duo created MySpace accounts and stole passwords through phishing to comandeer existing ones to send their spam messages. The spammers made money through advertising and selling of goods such as ringtones.

"The judgment against the spammers is astronomical, because under the terms of the CAN-SPAM law each spam message entitles MySpace to $100 in damages. That triples when the spam is sent 'willfully and knowingly'. In the war against spam it is right that large companies suffering should have a heavy stick like this to hit the spammers with," said Graham Cluley, senior technology consultant for Sophos. "What is galling, however, is that these two spammers are just the tip of an iceberg. Even if MySpace were to extricate the fine from these two men - which seems unlikely given their past record - there will be plenty more cybercriminals trying to make money from junk email."

MySpace told the LA District Court judge Audrey B Collins that some of the spam distributed by Wallace and Rines - much of it sent to teenagers - included links to third party websites containing pornographic material.

Judge Collins also issued injunctions against Wallace and Rines barring them from similar activities in the future. Wallace and Rines failed to attend the court hearing.

Sophos notes that this is not the first time that Sanford Wallace has been on the receiving end of legal activity for his cybercriminal activities. In the 1990s, CompuServe and AOL sued Wallace for sending millions of junk emails, and in 2006 he was fined $4 million for installing spyware onto innocent users' computers.

"It would be great to think that this is the last we will see of 'Spamford' Wallace's internet activities, but I don't have much hope that even with this colossal fine he will be able to resist abusing innocent net users again," continued Cluley. "The simple fact is that spam works. Until people pledge not to click on links in unsolicited emails and never to buy goods sold via spam, there will still be lowlives like Wallace and Rines trying to fill our inboxes."

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.