I think you are right that there are necessarily network effects online as well. But who benefits from these network effects to what degree, and how stable any central control over that network can be is very much determined by laws that could be entirely different.
Network effects necessarily exist, but walled gardens don't.
So, yes, value creation and value distribution are two different coins.
Centrality-of-control ... somewhat depends.
Danah Boyd in a Medium piece pointed out that Google's central-point-of-control of Gmail:
"Many who think about technology recognize the battle that emerged between spammers and companies over email, and the various interventions that emerged to try to combat spam. (Disturbingly for most decentralization advocates, centralization of email by Google was probably more effective than almost any other intervention.)"
Though thinking a bit on this gives some indication of how and why, and by extension, what could be done to break this control point:
1. Gmail receives a tremendous amount of mail. It can recognise both repetitive content and patterns of behaviour, particularly by points-of-origin.
2. Gmail can standardise internally on forms of reporting and mitigation against spam. That is, it is its own standards-development organisation. Increasingly, I'm noting that one of the efforts of a would-be monopolist is to attack standards formation. Because standards lower the barriers of entry for other participants.
3. Google specialise in contextual analysis -- the mining of content, particularly (but not just) textual content -- for indicators. The same analysis which makes for improved ads targeting or SERP relevance features heavily in detecting and thwarting spam, phishing, and related antisocial behaviour.
4. Tightly integrated communications. Between formats, pipe-bandwidth (intra- and inter-datacenter), and processing, Gmail can respond rapidly to new threats.
In particular, Gmail has a "report spam" feature (as do many other mail service providers) which allows for rapid detection of what users consider spam. Where you won't find similar features is on any third-party email tools.
Take an extreme case: Yahoo. I've long had problems with spam originating or transiting Yahoo's server space. What I've found is that whist Yahoo have a standardised reporting tool, they have not provided any support, nor are there any third-party tools of which I am aware for reporting spam in that format to Yahoo.
Running mutt, it would be trivial for me to pipe any given email, headers and all, into a report-generating application. Hell, I could dump spam to a dedicated mailbox, and run shell tools on that to handle 100s to millions of messages. I've built and used tools to do just that, back in the day.
But ... Yahoo never did this. Nor have any of the other major email service providers.
(I was approached at a spam conference by several people at email service providers who'd told me they'd written programs to read and parse the mail my programs were generating, which was ... amusing and heartening.)
There are dynamics which tend toward and reinforce walled gardens. Busting those is ... hard.
Network effects necessarily exist, but walled gardens don't.