Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Consumer Privacy

CAN-SPAM Held to Apply to Social Media Messaging

On March 28, 2011, the U.S. District Court for the Northern District of California held, in Facebook, Inc. v. MAXBOUNTY, Inc., case no. CV-10-4712-JF, that messages sent by Facebook users to their Facebook friends’ walls, news feeds or home pages are “electronic mail messages” under the CAN-SPAM Act. The court, in denying the defendant MAXBOUNTY’s motion to dismiss, rejected that CAN-SPAM applies only to traditional e-mail as it is commonly understood. The ruling is the most expansive judicial interpretation to date of the types of messages falling within the purview of the CAN-SPAM Act. The court did not reach or otherwise address the underlying merits of the CAN-SPAM claims.

In its complaint, Facebook alleged that MAXBOUNTY engaged in a misleading and deceptive advertising scheme affecting Facebook users. Facebook alleged that in furtherance of that scheme, Defendant “procure[d] Facebook users to send, or t[ook] actions that cause commercial electronic messages to be sent, to all the Facebook users’ friends on Facebook.” By procuring the messages, MAXBOUNTY would be an “initiator” under CAN-SPAM and therefore responsible for various CAN-SPAM obligations. 

In focusing on whether the messages at issue are even covered by CAN-SPAM, the court considered CAN-SPAM’s definition of “electronic mail message” which is “a message that is sent to a unique electronic mail address.” CAN-SPAM in turn defines “electronic mail address” as “a destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox (commonly referred to as the ‘local part’) and a reference to an Internet domain (commonly referred to as the ‘domain part’), whether or not displayed, to which an electronic mail message can be sent or delivered.” 15 U.S.C. § 7702(5).


Because the references to the “local part,” the “domain part” and the other items are set off by commas, the court concluded that the only requirement for a message to be considered an “electronic mail message” under CAN-SPAM is a “destination . . . to which an electronic mail message can be sent.” Accordingly, the court found that messages posted to another user’s Facebook wall, news feeds or home pages are covered by the statute. The court also found it significant that the messages at issue involved “routing activity on the part of Facebook” and concluded that its interpretation was consistent with Congressional intent, which was to reduce the burden of misleading communications on the Internet.


In reaching its decision, the court relied on two U.S. District Court cases from the Central District of California involving the social networking site MySpace. Those cases involved entities establishing large numbers of MySpace profiles to send commercial and phishing “e-messages” to other MySpace users wholly within the “walled garden” or domain of the MySpace service. Unlike in MAXBOUNTY though, the messages in those cases were sent to an inbox that resembled traditional email inboxes. 


In both cases, the Central District of California concluded that the e-messages at issue were electronic mail messages under CAN-SPAM. In MySpace Inc. v. The Globe.com, Inc., No. 06-3391 (C.D. Cal. 2007), the court concluded that the definition was met because each user’s mail resided at a unique URL and the Internet destination www.myspace.com.  The court concluded that it was irrelevant that the messages were sent only within the “walled garden” of MySpace. The court in MySpace Inc. v. Wallace, 498 F. Supp. 2d 1293 (C.D. Cal. 2007) adopted the same reasoning, but went further in rejecting the defendant’s arguments that electronic mail messages must include a domain name and an external route for the message to travel. The definitional reasoning set forth in Wallace was subsequently adopted by the court in MAXBOUNTY.       


Facebook brought the suit against MAXBOUNTY in the social networking site’s capacity as a provider of “Internet access service,” the only type of entity afforded a private right of action under the CAN-SPAM Act. Under the court’s decision, even a single message posted by one Facebook user to a friend’s wall that promotes a home business could potentially be construed as an electronic mail message under CAN-SPAM. If so, these individuals would be subject to CAN-SPAM’s various requirements for such messages, including identification of the message as an advertisement or solicitation, the inclusion of a return address or other conspicuously displayed mechanism for opting out of future commercial messages, and listing a physical mailing address. However, the likely of Facebook or other social networking sites suing their users under CAN-SPAM for small numbers of such individual messages seems quite low (although there might other ramifications if the activities violate a service’s terms of use). In the instant case, it appears Facebook was acting to address the broad-based deceptive activities by a third party impacting its users.  It is those entities and high volume spammers on social media sites that are likely most impacted by this decision.