Posted on 14 May 2008 by James Blake

Time Warner’s social network, MySpace, has been awarded $234 million in damages against two prolific spammers, Sanford Wallace and Walter Rines.  The judgement was by default because neither Wallace nor Rines attended the hearing in Los Angeles.

In the case, Wallace and Rines created MySpace accounts specifically for spamming purposes or used illicit means to take over existing MySpace accounts with good reputation.  The spammers then used these accounts to send messages to other MySpace members encouraging them to follow links to Website selling a variety of goods.  In total nearly a three-quarters-of-a-million emails were sent.

The judgement represents the largest award levied against spammers to date, but is it a deterrent?

The judgement was made under the 2003 CAN Spam act which allows each violation to levy $100 in damages, tripled to $150 when spam is sent “wilfully and knowingly”.  In addition, MySpace sought an additional $1.5 million in damages under California’s anti-phishing laws and $4.7 million in legal fees.

Wallace first entered the spam arena in the mid-nineties, forming the company CyberPromotions in Philadelphia.    By 1996 Sanford was bragging about sending over 25 million spam emails a day, which by today’s spam levels is minute but in 1996 this was estimated to be up to 80% of all spam at the time.

Prior to moving his talents to email Sanford ran a fax spamming operation.  Wallace was an early pioneer of common spamming techniques such as the use of fake return addresses and utilising SMTP mail servers that had been configured to allow email from any Internet user to be sent through them (Open Relays).

Sanford has already fallen fowl of the courts, being found against in 1998 and forced to pay over $2 million in damages to US ISP Earthlink and earning him the moniker ‘Spamford’. 

After the Earthlink judgement, Sanford announced his retirement from spamming and renamed CyberPromotions Global Technology Marketing with an aim to legitimise spam by moving to an opt-in model, much in the same way direct mail is permitted.  GTM would become, in effect, a spam ISP – albeit an opt-in one.  This venture never really got off the ground with Sanford’s reputation acting as a barrier.  After a spamming incident in 1999 that resulted in Sanford’s Internet connection being revoked all major backbone providers refused to connect Global Technology Marketing to the Internet.

Sanford then founded SmartBot to try his hand at more legitimate email marketing.  The original SmartBot concept was to provide an email auto-responder that generated customised emails to respond to queries from sales prospects.  Old habits die hard for Sanford and within 5 years SmartBot was being investigated by the Federal Trade Commission for distributing spyware.

During this time, Sanford also took over running a bar in New Hampshire called Plum Crazy in 2001 from his co-defendant in the MySpace case, Walter Rines.   This latest conviction would seem to show that there is still an attractive enough bounty to be had from spamming and not enough of a deterrent.

Although a prolific and annoying spammer, Wallace is nowhere near one of the top spammers, nor one of the most technically sophisticated - a new breed has followed in Sanford’s footsteps.

Sanford never paid a penny to Earthlink after the previous ruling against him over a decade ago and many commentators predict it will be no different this time around.  Punitive damages only work as a deterrent if they are enforced and my suspicions is that the ‘King of Spam’ will be back in business before the end of the decade.

Category: Phishing, Spam