An unpublished opinion in a recent case involving the popular MySpace social networking website raises interesting questions about the availability of private lawsuits under the federal CAN-SPAM Act to website operators. MySpace, Inc. v. The, Inc. (CV 06-3391-RGK (C.D. Cal. Feb. 27, 2007)). However, the litigation has now settled, so the district court decision will not receive appellate review, and its unpublished status may reduce its precedential value. Therefore, a final adjudication on these issues must await another case.

Case Background

The facts of the case were straightforward. The popular MySpace social networking site allows "members" to create personal profiles and exchange messages with others. MySpace sued for opening some 95 MySpace accounts fraudulently and using those accounts to send nearly 400,000 unsolicited marketing emails to other MySpace "members."

MySpace asserted violations of numerous provisions of the CAN-SPAM Act and California law, and sought liquidated damages based on the MySpace terms of service. In an unpublished opinion on cross motions for summary judgment, the District Court ruled in favor of MySpace on most issues, leaving one issue for trial. The parties recently settled on undisclosed terms.

Internet Access Service

In the CAN-SPAM Act, Congress provided for private civil enforcement actions by a "provider of Internet access service" adversely affected by violations of the law. What is most interesting about the MySpace case is its holding that a community website has standing under this provision. The issue was squarely posed by the defendant's contention that websites such as MySpace have no standing to bring such private actions under the CAN-SPAM Act, and that such actions are available only to email services providers (presumably such as America Online, which has filed a number of actions against spammers).

The CAN-SPAM Act defines "Internet access service" as a "service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers." 15 U.S.C. §7702(11), referencing 47 U.S.C. §231(e)(4). argued that MySpace is not an "Internet access provider" but simply an Internet website "accessed" via other services. The District Court disagreed, concluding that the plain language of the Act "includes traditional Internet Service Providers (ISPs), any email provider, and even most website owners," citing White Buffalo Ventures, LLC v. University of Texas, 420 F.3d 366, 373 (5th Cir. 2005) and Hypertouch v. Kennedy Western, 2006 WL 648688 at *3 (N.D. Cal. Mar. 8, 2006).

Not all courts have agreed. In a more recent decision, in Gordon v. Virtumundo Inc., No. 06-204 (W.D. Wash. May 15, 2007), a different District Court held that a small email account provider whose operations were actually performed by a commercial web-hosting provider was not an "Internet access provider" for the purpose of having standing to bring a private action under CAN-SPAM. Perhaps standing may depend on factors such as ownership of the servers and other infrastructure used to provide the service, and what other communications capabilities are made available via the site. Whether the MySpace court is correct in construing "Internet access provider" to include website owners, "traditional" ISPs and, in effect, anyone that operates an email system, must await further litigation.

Electronic Mail Messages

Of course, the decision in this particular case may have been made easier by the fact that MySpace is not a simple passive website, but makes available a broad range of capabilities to its members. At issue in this case was the e-messaging capability among members of the MySpace community. The defendant argued that e-messages within MySpace are not "electronic mail messages" and thus unprotected by the CAN-SPAM Act.

The Act defines "electronic mail messages" as messages sent to "a unique electronic mail address." 15 U.S.C. §7702(6). An "electronic mail address," in turn, is defined as "a destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox (commonly referred to as the 'local part') and a reference to an Internet domain (commonly referred to as the 'domain part'), whether or not displayed, to which an electronic mail message can be sent or delivered." 15 U.S.C. §7702(5).

The Court addressed three contentions: (1) that MySpace e-messages are not really "routed" because they remain with the MySpace "walled garden"; (2) that the MySpace e-messages are not "electronic mail messages" because they do not use the simple mail transfer protocol (SMTP); and (3) that MySpace addresses have no Internet domain reference. The Court rejected each contention, finding that the Act does not require any of those factors to be met and that the Act's protections are not limited to "traditional" emails.

First, the Court cited evidence from MySpace that its e-message system uses both a routing message and a domain part and that some MySpace e-messages are transmitted using SMTP. The Court found that every MySpace e-message necessarily contains routing information so that it may be delivered, and that the routing of such messages affects the capacity of the messaging system. The Court also found that every MySpace mailbox implicitly contains a domain part, even if not visible to the ordinary user. Finally, while not addressing whether email must use SMTP to have CAN-SPAM protection, the Court found that MySpace sends notification messages to members' alternative email addresses using SMTP and that some outbound messages also use SMTP. Lacking contrary evidence, the Court ruled in favor of MySpace, finding that it had standing to sue under the CAN-SPAM Act.

The expansive construction of the term "Internet access provider" in the MySpace decision could significantly expand the universe of potential plaintiffs in private CAN-SPAM Act litigation. Community websites desirous of maintaining an attractive experience for their members may want to consider adding private litigation to their arsenal of defenses against spammers within their sites.