What is the CAN SPAM Act?
The CAN SPAM act is an acronym for Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 and is a measure to impose penalties and regulate “spam” email messages. This Act defines federal authority over companies that “spam” and prevents states from forming additional laws and private citizens from seeking redress from spammers. The intention of the law is to protect consumers and maintain the efficiency of email as a form of communication.
Why is there federal authority in the CAN-SPAM Act?
The CAN-SPAM Act is designed to help companies that do want to use commercial emailing service comply with only one set of regulations, rather than regulations that vary from state to state. The Federal Trade Commission is required to ensure compliance with this act and report to Congress on its effectiveness while recommending changes. Due to the interstate nature of spam and the occasional difficulty of tracking the locations of senders, enforcement can be difficult. This is why there are added provisions that require commercial emails to provide verified addresses of the establishment sending the email.
What must businesses do to comply with CAN-SPAM?
The Federal Trade Commission offers simple guidelines for compliance for regulation.
1. Accurate header information so as to identify the establishment that sent the message.
2. Non-deceptive and accurate subject lines
3. The email must in one way or another identify itself as an advertisement
4. Include an address, which can be a physical location or a post office box
5. Include opt-out information if consumers decide they no longer want to receive emails
6. Follow proper guidelines for opting out (see below)
7. Ensure that third parties advertising on your behalf comply with regulations as you can be held liable for their actions.
What is affirmative consent?
Affirmative consent, as defined by the law, describes a situation where the recipient has consented to receive the message or agreed with another enterprise to share his or her email address with the other party that has sent the email. One that has an affirmative relationship with the sender but forwards or sends the email to another may be engaging in a violation if the forwarding party is paid or compensated by the original sender.
What are the distinctions made in the CAN-SPAM Act?
This law, when forcing compliance on businesses, defines a “primary purpose” for the email. If the email is commercial in nature, then it must comply with regulations. If the email is transactional or relational in nature, then the business need not comply with set regulations. If the email is mixed purpose, the transaction and relational content must be the focus of the email, otherwise it will be classified as commercial content. Transactional emails include commercial transaction confirmation, warranty information, changes to the commercial relationship (such as membership or subscriptions) and good delivery.
How do consumers opt out of commercial emails?
Businesses that send commercial emails must have a clearly labeled and defined process for letting consumers opt out of future emails. The process to opt out must either be instant or cause the consumer to visit only one webpage. Opt out processes that are more complicated or require the consumer to provide more personal information are expressly forbidden. This request must be honored within 10 days. The consumer’s email address is placed on a “suppression list” which prevents emails from that business from being sent there again in the future, as per provisions of the CAN-SPAM Act. This list may not be distributed or sold to third parties under penalty of law.
What are provisions to the CAN-SPAM Act that are helpful to spammers?
The CAN-SPAM Act does not require the e-mailer to obtain permission before sending commercial email. States cannot set stricter laws on spam email and private citizens are not allowed to bring suit against spammers.
What are the penalties for violating this Act?
In addition to laws government deceptive advertising, there are penalties of up to $16,000 for non-compliance with the provisions of the CAN-SPAM Act. Additionally, there are misdemeanor criminal penalties for using others’ computers to send spam via Trojan viruses and other means, falsifying information to obtain domain name, using open relays to mass email and engaging in dictionary attacks. Dictionary attacks are the random generation of email addresses from random letters and numbers to reach a potentially valid email address. Additionally, consumers can take violators to small claims court and collect $1 minimum for each spam message received.
What are rules governing mobile phone SMS spam?
A company can be in violation of CAM-SPAM if they send commercial text messages to consumers that do not opt into or affirm that they want the messages. SMS spam is rare in the United States due to limitations on the number of messages that can be sent at a time and the fact that consumers are usually charged for receiving messages. Businesses that do violate this rule however, can be subject to class-action litigation, initiated by the government.
What are rules governing explicit content?
For emails that contain sexual content, the nature of the content, with the words “SEXUALLY EXPLICIT” must appear in the subject line. No graphic content must be visual when the email is open, only links to the content or content placed at the bottom of the email, requiring the recipient to scroll down. This rule does not apply if the recipient has an affirmative relationship with the sender agreeing in advance to receive explicit emails from the sender.
Has the CAN-SPAM Act been effective?
This Act, due to a lack of enforcement and compliance is not responsible for the decrease in spam. Rather, improved filtering technology in email clients prevents a significant amount of spam from reach consumer’s email inboxes. Reports in PC World indicated that at most, 1% of spam emails complied with CAN-SPAM. Meanwhile, almost 90% of emails are spam and there is no way to regulate “spam bots” or automatic email senders from outside the United States.
Several companies that do not comply with commercial email regulations have been taken to court, usually successfully and order to forfeit some or all of the earning from their crime in addition to charges of fraud and in some cases, conspiracy and money laundering.
Due to widespread non-compliance, creating a national registry of emails that cannot be spammed is unlikely as the addresses cannot be verified, there are millions of email addresses in the United States and there exists a large risk of leaked information aiding rather than hampering spam senders.
How does this law affect states?
These regulations prevent states from enforcing their own laws on spam to avoid redundancy and frivolous lawsuits.
“This chapter supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.“