Spam Laws: Understanding The Can-Spam Act Better

The CAN-SPAM Act, or the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, is a law that establishes the United States' first national standards for the sending of commercial emails. The law requires the Federal Trade Commission (FTC) to enforce its provisions and issue regulations defining the relevant criteria to facilitate the determination of the primary purpose of an electronic mail message. The CAN-SPAM Act applies to all commercial messages, including emails and text messages, and gives recipients the right to opt out of receiving further messages. It also sets out penalties for violations, including fines of up to $53,088 per separate email in violation.

Compliance and penalties

Compliance with the CAN-SPAM Act is relatively straightforward. The law applies to all commercial messages, including emails, regardless of whether they are directed to consumers or businesses. The primary purpose of the message must be the commercial advertisement or promotion of a commercial product or service. If the message relates to a transaction between the sender and the recipient that is in progress or already agreed to, such as a confirmation of a purchase or a tracking update, then it is not subject to the law.

To comply with the CAN-SPAM Act, emails must follow rules regarding subject lines, disclosures, and headers. The 'From', 'To', 'Reply-To', and routing information must be accurate and identify the person or business who initiated the message. The subject line must accurately reflect the content of the message, and the message must be clearly identified as an advertisement. The sender's valid physical postal address must also be included. Additionally, the CAN-SPAM Act requires the Federal Communications Commission to issue rules regarding commercial emails and some text messages sent to wireless devices.

Marketers can designate one of the marketers as the "sender" for CAN-SPAM compliance purposes as long as the designated sender meets the definition of "sender" under the Act, is specifically identified in the "from" line of the message, and complies with the "initiator" provisions of the Act. These provisions include ensuring that the email does not contain deceptive transmission information or a deceptive subject heading, and that it includes a valid postal address, a working opt-out link, and proper identification of the message's commercial nature.

Penalties for non-compliance with the CAN-SPAM Act can be costly. Each separate email in violation of the law is subject to penalties of up to $53,088, and more than one person or entity may be held responsible for violations. For example, both the company whose product is promoted in the message and the company that originated the message may be legally responsible. The law provides for criminal penalties, including imprisonment, for certain aggravated violations such as accessing someone else's computer to send spam without permission, using false information to register for multiple email accounts or domain names, and harvesting email addresses. In addition to civil penalties, violators may be required to pay redress to consumers under Section 19 of the FTC Act.

Commercial messages

The CAN-SPAM Act, passed in 2003, sets the rules for commercial emails and establishes requirements for commercial messages. It defines a "commercial electronic mail message" as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service, including content on a website operated for a commercial purpose". This means that the act covers all commercial messages, including those sent to former customers or business-to-business emails.

The act gives recipients the right to have you stop emailing them and outlines penalties for violations, with each separate email in violation of the act subject to fines of up to $53,088. It is enforced by the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC).

The CAN-SPAM Act requires that commercial messages:

• Do not use false or misleading header information. The "From", "To", "Reply-To", and routing information must be accurate and identify the person or business who initiated the message.
• Do not use deceptive subject lines. The subject line must accurately reflect the content of the message.
• Identify the message as an ad in a way that is "clear and conspicuous". The law does not require specific wording or for the message to be identified as an ad in the subject line, but it must be disclosed clearly.
• Include the sender's valid physical postal address.
• Include a visible and operable unsubscribe mechanism and honour opt-out requests within 10 business days. Opt-out requests must be processed for at least 30 days after the original message was sent, and senders cannot charge a fee or require any personally identifying information beyond an email address to fulfil the request.

The act also prohibits the sale or transfer of an email address after an opt-out request and requires that senders comply with the law even if they hire another company to handle their email marketing.

Opt-out requests

The CAN-SPAM Act gives recipients the right to stop receiving emails from a business or sender. This means that all commercial emails must include an unsubscribe option that makes it simple for recipients to opt out of receiving further messages. Senders must also provide an easy internet-based way for people to communicate their choice to unsubscribe, such as a return email address.

The unsubscribe mechanism must be able to process opt-out requests for at least 30 days after the original message is sent. Senders must also take precautions to prevent spam filters from blocking opt-out requests.

If a sender does not honour a recipient's opt-out request, they could be subject to civil penalties, fines, and possible criminal sanctions.

False and misleading information

The CAN-SPAM Act of 2003 establishes the United States' first national standards for the sending of commercial emails. The legislation prohibits the use of false or misleading information in commercial emails, including in the subject line and header information. It also requires that commercial emails provide a clear and conspicuous identification of being an advertisement or solicitation and a valid means for the recipient to opt out of future messages.

The Act defines commercial emails as "any electronic mail message whose primary purpose is the commercial advertisement or promotion of a commercial product or service". This includes emails that promote content on commercial websites and social media messages. Transactional or relationship emails, on the other hand, are exempt from most provisions of the Act unless they contain false or misleading routing information.

To be CAN-SPAM compliant, commercial emails must meet several requirements. The subject line must accurately represent the contents of the email and must not mislead the recipient. The header information, including the sending source, destination, and routing information, must not be false or misleading. The email must also clearly state that it is an advertisement or solicitation and provide a valid return email address or another internet-based mechanism for the recipient to opt out of future messages.

Violations of the CAN-SPAM Act can result in significant penalties, including fines of up to $51,744 per violation. Aggravated violations, such as harvesting email addresses or sending sexually explicit content without proper labelling, can lead to additional fines and criminal penalties, including imprisonment.

Enforcement

The CAN-SPAM Act is primarily enforced by the Federal Trade Commission (FTC). However, other federal agencies, state attorneys general, and ISPs also help to curtail spam. The CAN-SPAM Act created new criminal penalties to assist the federal government in deterring fraudulent and other offensive forms of spam. These include unmarked sexually explicit emails and electronic messages with deceptive subject lines. The penalties can differ based on the agency enforcing the Act, and fines might increase in cases of aggravated violations. Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $53,088, so non-compliance can be costly.

The CAN-SPAM Act allows the FTC to implement a national do-not-email list, similar to the FTC's National Do Not Call Registry against telemarketing. However, the FTC rejected this proposal, citing the lack of email authentication and potential security concerns. The CAN-SPAM Act also prohibits email recipients from suing spammers or filing class-action lawsuits. However, it allows enforcement by state attorneys general, Internet service providers (ISPs), and other federal agencies for special categories of spammers, such as banks.

The CAN-SPAM Act provides a limited private right of action for Internet Access Services adversely affected by emails that violate the Act. It does not allow natural persons to bring suit. A CAN-SPAM plaintiff must meet a higher standard of proof than government agencies enforcing the Act. They must demonstrate that the defendant sent the email or paid someone else to send it, knowing it would violate the Act. Despite this, private CAN-SPAM lawsuits have occurred, as plaintiffs seek to take advantage of the statutory damages available.

The CAN-SPAM Act also includes requirements for proper labelling of explicit content to protect minors from receiving offensive materials. The FTC has adopted rules to protect consumers and businesses from unwanted electronic messages on wireless devices, including mobile phones. Section 14 of the Act specifically addresses "unwanted mobile service commercial messages."

Frequently asked questions