Inside MySpace’s War on Marketing Abuse

MySpace Chief Security Officer Hemanshu Nigam just added a notch to his belt, having won the largest consideration ever handed down in a CAN-SPAM lawsuit. A Los Angeles district court earlier this month filed judgments of $157 million against Sanford (a.k.a. “Spamford”) Wallace and $234 million against Walter Rines, for phishing and spam violations on the News Corp. unit’s messaging system. The two were also slapped with a $1.5 million penalty under California’s anti-phishing law.

Collecting all that money may be impossible, considering the defendants have a history of evading the bulk of fees levied against them in such cases. But no matter. The decision represents an important symbolic victory for MySpace, which has been fighting Wallace and Rines, along with other spammers, for over a year.

That fight means as much to the MySpace’s advertising strategy as it does to its user security and privacy efforts. That was evident in Nigam’s official statement on the Wallace/Rines judgment, in which he dropped this apparent non-sequitor: “User engagement is up 32 percent year over year while spam is significantly decreasing, proving efforts like this are working.”


Hey, wait. What does engagement have to do with security? Isn’t that more of a marketing metric?

Reached by phone earlier this week, Nigam said its security protection efforts extend as much to advertisers as to consumers.

“There are two things that we care about most in our company when it comes to safety and security,” said Nigam. “Number one is that our advertisers’… brand integrity is not affected in any way. Number two, our users demand safety and security when they come to our site. These two things have a twin impact on our business.”

Nigam is clearly determined to show advertisers MySpace means business when it comes to improving engagement and ad performance — and that it can make strides in that direction by cleaning up the twin scourges of spam and phishing.

To that end he noted the company has built up a seasoned legal and enforcement team to fight the spam scourge — including both phishing spam, in which the perpetrator fraudulently obtains a person’s log-in credentials, and unsolicited mail sent from accounts created directly by spammers. That team includes a former FBI investigator and a former federal prosecutor. These are people who, according to Nigam, “know how to prosecute and know how to work with law enforcement where needed to identify and pursue bad actors in this area.”

Nigam himself was previously a federal prosecutor, focused on Internet child exploitation and computer crime for the U.S. Department of Justice. He has also advised the White House on cyber-stalking and participated with a Congressional commission on online child safety. Before his government career he worked for Microsoft as director of consumer security outreach and child safe computing.

“Wallace and Rimes are an example of a civil action we took based on the experience of our team,” he said. But he added the enforcement actions are only one prong of a three-pronged approach that also includes consumer education and technology solutions.

On the education front, MySpace worked with the Federal Trade Commission’s consumer awareness initiative to produce and distribute a humorous video showcasing the problem of phishing. It’s also introducing warning screens indicating a malicious party may be phishing for a profile-owner’s log-in credentials. Below is a partial screen capture showing one of those messages:

myspace exitpage1(2).jpg

On the technology side, MySpace has taken the fight to phishers by working to identify spam and phishing efforts more quickly, and block offending accounts. Partly as a result of those efforts, MySpace says incidents of reported spam on its message system have declined 50 percent in recent months.

Additionally, Nigam’s team has reached out to advertising networks and affiliate marketers that may be harming consumers by supporting unethical marketing tactics, whether wittingly or not.

One interesting aspect of these outreach efforts is that they apply not only to the ads that are being trafficked within the site’s messaging system — the most common type of marketing abuse — but also to its standard ad inventory, where inventory is sometimes sold and then resold in a way that can make policing the legality of individual offers difficult. An example might be a large ad network that sells, or resells, MySpace ad inventory to a fraudulent marketer. The Federal Trade Commission last year said it planned to investigate all parties involved in such activities, including Web sites that carry banner ads for deceptive offers.

“I won’t mention any specific companies, but I can tell you we have reached out to quite a few companies in order to set up requirements or best practices in order to deliver ads onto our sites,” said Nigam.

He added, “Those requirements or best practices are geared toward ensuring they are safe or secure, that they’re partnering with affiliate marketers who are not engaging in illegal activities… If those things don’t occur the ramifications can be severe.” However Nigam did not elaborate on precisely what punishments could be leveled on affiliate marketers or their ad network partners.

A great deal of MySpace’s enforcement activity is geared toward protecting its most valuable asset: it’s users. However, a growing number of CAN-SPAM suits filed by Internet companies appear motivated as much by ad channel conflicts, according to Eric Goldman, an attorney and a professor at Santa Clara University School of Law

“They have to preserve their advertising revenue models so anyone getting the apple for free has to come back and pay for it,” he said. Once MySpace achieves that, it faces the more formidable challenge of convincing media buyers the site is a must-buy.

“Does MySpace deliver good results for non-spammers?” Goldman continued. “Is it a good venue for advertising? That’s something they can’t get the judge to rubber stamp.”

Yet Nigam is clearly determined to show advertisers MySpace means business when it comes to improving engagement and ad performance — and that it can make strides in that direction by cleaning up the twin scourges of spam and phishing.

Nigam doesn’t argue the point. “At the end of the day this is about making sure our advertisers feel confident their brand is not being tarnished on the site,” he said.

Related reading