MEMORANDUM DECISION AND ORDER GRANTING MOTION FOR DEFAULT JUDGMENT

JILL N. PARRISH, District Judge.

This matter is before the court on the Motion for Default Judgment (ECF No. 76) against defendant DG International Limited, LLC ("DGI LLC") filed by Plaintiff ZooBuh, Inc. ("ZooBuh") pursuant to Fed. R. Civ. P. 55(b)(2). ZooBuh seeks statutory damages and treble damages against DGI LLC for its alleged violations of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act), 15 U.S.C. § 7701 et seq, in the amount of $3,003,600.00. The court grants ZooBuh's motion.

BACKGROUND

ZooBuh is a Utah corporation with its principal place of business in Utah County, Utah. ZooBuh provides email services to its customers, and it owns all of the servers, routers, and switches on its network. Every ZooBuh email account is registered, hosted, and serviced through ZooBuh's hardware.

DGI LLC is a Delaware limited liability company with its principal place of business in New Castle, Delaware. DGI LLC is an email marketing company. It entered into a contract with Defendant DG International Limited ("DGI Limited"), a foreign entity, to send emails to persons on DG International's customer lists. The customer list at issue in this case contained email addresses for persons who had supposedly registered for the dating website xdating.com. DGI LLC used the platform of Savicom, Inc., dba Mindshare Design ("Mindshare")1 to send email advertisements to the email addresses associated with the xdating.com customer list.2

Zoobuh alleges that it and its customers have received thousands of email advertisements for xdating.com. All of these emails arrived on Zoobuh's email servers, which are located in Utah. The emails contain links to a registration page for xdating.com. Many of the emails contain misleading information: they purport to identify people registered on xdating.com, but in reality the people identified in the emails do not exist and are not users of xdating.com. Rather, the emails are sent from "virtual cupids": fake users created by DGI LLC and/or DG International who communicate with users in the same way actual users would. As xdating.com's terms and conditions explain:

Many of the emails at issue are tailored to the recipient's location, in this case, Utah. Some of the emails state, "Hey there [username], these are few [sic] members we've selected for you near Salt Lake City." The emails identify supposed members of xdating.com living in Salt Lake City, Ogden, Sandy, West Jordan, Cedar Valley, West Valley City, Provo, Midvale, Spanish Form, Orem, and Murray—all cities in Utah. But the members identified whose usernames range from "bigbootylicious" to "sassyhottie37," appear to be virtual cupids only. Many images are reused with different usernames and ages.

According to ZooBuh, neither it nor its customers elected to receive email advertisements for xdating.com. Rather, ZooBuh believes that its customers are being opted-in to receive emails from xdating.com when, in actuality, the customers are attempting to unsubscribe from xdating.com's email list. Specifically, ZooBuh has an auto-unsubscribe feature that does not distinguish between unsubscribe links and marketing links. As such, the auto-unsubscribe "follows all links." This, according to ZooBuh, has inadvertently resulted in ZooBuh customers being added to the xdating.com customer list.

ZooBuh alleges that all of the emails at issue violate at least one or more provisions of CAN-SPAM. ZooBuh alleges that it has suffered harms to its business, including financial harm, lost time, and server crashes. ZooBuh regularly receives customer complaints concerning spam email, and some customers have stopped using ZooBuh because of the spam emails.

DGI LLC was served on November 1, 2017. See ECF No. 11. Although DGI LLC initially appeared in this case, when its motion to dismiss was denied, its attorneys withdrew from the case. The court gave DGI LLC until July 23, 2018 to appear and file its answer. DGI LLC failed to file an Answer and the time to respond expired. On August 15, 2018, the clerk of court entered a default certificate as to DGI LLC.

ZooBuh now seeks the entry of default judgment against DGI LLC for 24,024 violations of 15 U.S.C. § 7704(a)(1).

ANALYSIS

ZooBuh moves the court pursuant to Fed. R. Civ. P. 55(b)(2) to enter a default judgment against DGI LLC for its violations 15 U.S.C. § 7704(a)(1). ZooBuh has obtained a default certificate as required by DUCivR 55-1(a). The court has subject matter jurisdiction over the case under 15 U.S.C. § 1331 (federal question doctrine) and 15 U.S.C. § 7706(g)(1) (authorizing original jurisdiction), and personal jurisdiction over DGI LLC.3 The court now addresses whether ZooBuh has standing to bring a claim for relief under 15 U.S.C. § 7704(a)(1) and then addresses whether ZooBuh has successfully established that it is entitled to the relief it seeks against DGI LLC.4

A. CLAIM FOR RELIEF UNDER 15 U.S.C. § 7704(a)(1)

1. Standing

To bring private action to enforce the CAN-SPAM Act, ZooBuh must have statutory standing. See Gordon v. Virtumundo, Inc., 575 F.3d 1040, 1049 (9th Cir. 2009).5 Under 15 U.S.C. § 7706(g)(1), "[a] provider of Internet access service adversely affected by a violation of section 7704(a)(1). . . of this title, may bring a civil action in any district court of the United States with jurisdiction over the defendant." The question of standing involves two questions: "(1) whether the plaintiff is an `Internet access service' provider . . . and (2) whether the plaintiff was `adversely affected by' statutory violations." Gordon, 575 F.3d at 1049; see also XMission, L.C. v. Trimble, No. 2:17-CV-00013, 2018 WL 5045236, at *2 (D. Utah Aug. 24, 2018), report and recommendation adopted, No. 2:17-CV-13, 2018 WL 5044237 (D. Utah Oct. 17, 2018).

The CAN-SPAM Act defines "Internet access service" as "a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services." See 15 U.S.C. § 7702(11) (cross-referencing 47 U.S.C. § 231(e)(4)). ZooBuh alleges that it is a "service provider of email, blog, and chat services." ZooBuh also "owns all the servers, routers, and switches on its network through which it hosts and provides its Internet access services." Am. Compl. ¶ 13. The court finds that ZooBuh is an Internet access service provider within the meaning of 15 U.S.C. § 7706(g)(1).

Although "[t]he CAN-SPAM Act itself does not delineate the types of harm suggested by the `adversely affected by' language," other courts have "concluded that the harm `must be both real and of the type uniquely experienced by [internet access service providers] for standing to exist." Gordon, 575 F.3d at 1053 (emphasis in the original) (quoting Gordon v. Virtumundo, Inc., No. 06-0204-JCC, 2007 WL 1459395, at *7 (W.D. Wash. May 15, 2007), aff'd, 575 F.3d 1040). In Gordon, the Ninth Circuit held that being "forced to wade through thousands of e-mails" that "clogged" the plaintiff's servers did not constitute actual adverse effects without evidence that there were costs associated with the annoyance. Gordon, 575 F.3d at 1055. In its complaint, ZooBuh alleges that the harm caused by the emails has "manifested in financial expense and burden significant to an [Internet service provider]" including "lost employee time; lost profitability; the necessity to purchase and dedicate equipment specifically to process spam . . .; harm to reputation; and customer and email recipient complaints." Amend. Compl. ¶ 60. As ZooBuh has successfully pled that it was harmed by DGI LLC's behavior in a way that is unique to Internet service providers, the court finds that ZooBuh has standing to bring a claim under the CAN-SPAM Act.

2. DGI LLC Violated 15 U.S.C. § 7704(a)(1)

Under 15 U.S.C. §7704(a)(1):

First the court must address whether DGI LLC "initiat[ed] the transmission, to a protected computer, of a commercial electronic mail message." Id. Then the court must determine whether those emails messages "contain[], or [are] accompanied by, header information that is materially false or materially misleading." Id. The final issue is damages.

a. DGI LLC Initiated Emails

The CAN-SPAM Act states that "the term `initiate,' when used with respect to a commercial electronic mail message, means to originate or transmit such message or to procure the origination or transmission of such message, but shall not include actions that constitute routine conveyance of such message." 15 U.S.C. §7702(9). Additionally, "more than one person may be considered to have initiated a message." Id. In this case, DGI LLC has admitted to sending emails on DG International's behalf. Thus, DGI LLC has "initiated" emails within the definition of the statute.

b. Materially False Header Information

"The CAN-SPAM Act `does not ban spam outright, but rather provides a code of conduct to regulate commercial e-mail messaging practices.'" Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058, 1064 (9th Cir. 2016) (quoting Gordon, 575 F.3d at 1047-48). To violate 15 U.S.C. § 7704(a)(1) the emails must contain header information that is "materially false" or "materially misleading." 15 U.S.C. § 7704(a)(1).

i. Header Information

To constitute a violation of 15 U.S.C. §7704(a)(1), the false information must be contained in the header information. "Header information" includes "the source, destination, and routing information attached to an electronic mail message [("email")], including the originating domain name and originating electronic mail address, and any other information that appears in the line identifying, or purporting to identify, a person initiating the message."15 U.S.C. § 7702(8). The "line identifying a person initiating the message" is the "From" line on an email. It can contain both the email address and other names that may identify the sender. The "electronic email address" itself is split into two parts: the username or mailbox (the "local part") and the originating "domain name." 15 U.S.C. § 7702(4)-(5). For example, in the email "John_Smith@notarealemail.com," the local part is "John_Smith" and the originating domain name is "notarealemail.com."

ii. Materially False or Misleading

In defining materially false or misleading, 15 U.S.C. § 7704(a)(1) provides in relevant part6 that:

And 15 U.S.C. § 7704(a)(6) provides that:

3. ZooBuh's Claim for Relief

ZooBuh alleges that DGI LLC initiated at least 24,024 emails promoting DGI LLC and/or DG International all of which contained false sender names purporting to be actual women. For example, Zoobuh provides an email that in the sender line contains the name "Cassidy Fox," and the email address "XDmembers@reply.m100.net." ECF No. 33-1 at 94. But Cassidy Fox is not a real person. Because the email identifies a false sender, the header information is materially false or misleading in accordance with 15 U.S.C. § 7704(a)(1)(B).7 ZooBuh is entitled to judgment on the 24,024 emails identifying a false sender.

4. Damages

Zoobuh claims statutory damages8 of $50 for each of the 24,024 alleged violations of 15 U.S.C. § 7704(a)(1) as well as treble damages under 15 U.S.C. § 7706(g)(3)(C) for a total sum of $3,003,600.00. But, the court must exercise its discretion in deciding the base amount per violation and whether to award treble damages.

a. Statutory Damages

Under the CAN-SPAM Act, Statutory Damages are calculated by "multiplying the number of violations (with each separately addressed unlawful message . . . treated as a separate violation) by up to $100, in the case of a violation of [15 U.S.C.] section 7704(a)(1)." 15 U.S.C. § 7706(g)(3)(A). Although the statute establishes that there is no limitation on the amount of damages that may be awarded for violations of 15 U.S.C. § 7704(a)(1) (see id. at (g)(3)(B)), the statute offers no guidance on what amount, from $.01 to $100, the court should award per violation.

Because the statute rests discretion in the court, "[t]he court has wide discretion in determining the amount of statutory damages to be awarded, constrained only by the specified maxima and minima." Facebook, Inc. v. Wallace, No. C 09-798 JF (RS), 2009 WL 3617789, at *2 (N.D. Cal. Oct. 29, 2009) (alteration in original) (quoting Columbia Pictures Television, Inc. v. Krypton Broad. of Birmingham, Inc., 259 F.3d 1186, 1194 (9th Cir. 2001)). But "a statutory damages award may violate the due process rights of a defendant `where the penalty prescribed is so severe and oppressive as to be wholly disproportioned to the offense and obviously unreasonable.'" Id. (quoting United States v. Citrin, 972 F.2d 1044, 1051 (9th Cir.1992)).

While the court certainly can award the full $100 per violation, many courts have chosen to award only $50 per violation, finding that amount sufficient and not excessive to "address the deterrent and punitive purposes of a statutory damages award." Yahoo! Inc. v. XYZ Companies, 872 F.Supp.2d 300, 308-09 (S.D.N.Y. 2011) (citing Facebook, Inc. v. Fisher et al., No. C 09-05842 JF (PSG), 2011 WL 250395 (N.D. Cal. Jan. 26, 2011) (awarding $50 per violation) and Facebook v. Wallace, 2009 WL 3617789 (same)). The court in Yahoo! chose to limit the damages to $50 per violation to limit the size of the award. In Facebook v. Fisher, 2011 WL 250395, at *2, the court considered the defendants' culpability and their willful and knowing violations of the statute and then limited the damages to $50 per violation because of the resulting size of the award.

Some courts however have chosen to award even less, especially when defendants sent a lesser quantity of emails. For example, in Tagged, Inc. v. Does 1 Through 10, No. C 09-01713 WHA, 2010 WL 370331, at *11-12 (N.D. Cal. Jan. 25, 2010), the court awarded only $25 per violation of CAN-SPAM because the defendants had only sent 6,079 emails and the plaintiff had given "no estimates of actual damages." Meanwhile in Asis Internet Servs. v. Rausch, No. 08-03186 EDL, 2010 WL 1838752, at *7 (N.D. Cal. May 3, 2010) the court awarded only $25 per violation of 15 U.S.C. § 7704(a)(1) and $10 per violation of 15 U.S.C. § 7704(a)(2), finding the case analogous to Tagged.

Here, the court must balance the nature of the harmful behaviors with the size of the award. DGI LLC willfully engaged in a scheme to send fraudulent emails to Utah citizens, causing harm to ZooBuh and ZooBuh's customers. DGI LLC is alleged to have sent tens of thousands of emails, and although only 20,024 are at issue here, that number is certainly more significant than the 6,079 sent in Tagged, Inc, and is only a limited sample of the total emails sent. The court therefore finds that an award of $50 per violation is appropriate and sets the base award amount at $1,001,200.00.

b. Aggravated Damages

Under 15 U.S.C. § 7706(g)(3)(C):

Aggravated violations include: "(1) address harvesting and dictionary attacks"; "(2) automated creation of multiple electronic email accounts"; and "(3) relay or retransmission through unauthorized access." 15 U.S.C. § 7704(b)(1)-(3). ZooBuh alleges that DGI LLC acted willfully and intentionally in concert with DG International. As part of the scheme, DG International and/or DGI LLC used "automated programs or scripts" in drafting the emails and used address harvesting techniques to unwillingly subscribe ZooBuh customers to the list. The court finds that aggravated damages should be awarded in light of evidence of automated process and willfulness. See XMission, L.C. v. Trimble, 2018 WL 5045236, at *8. Thus ZooBuh is entitled to a statutory award of $3,003,600.00.

ORDER

The court hereby GRANTS ZooBuh's motion for default judgment against Defendant DGI LLC. Default Judgment shall be entered in favor of ZooBuh and against DGI LLC in the amount of $3,003,600.00 on ZooBuh's claim under 15 U.S.C. § 7704(a)(1).