Can Spam Act

The Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act of 2003 is a law passed in 2003 establishing the United States' first national standards for the sending of commercial e-mail. The law requires the Federal Trade Commission (FTC) to enforce its provisions. Introduced by Republican Conrad Burns, the act passed both the House and Senate during the 108th United States Congress and was signed into law by President George W. Bush in December of 2003.

History

The backronym CAN-SPAM derives from the bill's full name: ''C''ontrolling the ''A''ssault of ''N''on-''S''olicited ''P''ornography ''A''nd ''M''arketing Act of 2003. It plays on the word "canning" (putting an end to) spam, as in the usual term for unsolicited email of this type. The bill was sponsored in Congress by Senators Conrad Burns and Ron Wyden.

The CAN-SPAM Act is occasionally referred to by critics as the "You-Can-Spam" Act because the bill fails to prohibit many types of e-mail spam and preempts some state laws that would otherwise have provided victims with practical means of redress. In particular, it does not require e-mailers to get permission before they send marketing messages. It also prevents states from enacting stronger anti-spam protections, and prohibits individuals who receive spam from suing spammers except under laws not specific to e-mail. The Act has been largely unenforced, despite a letter to the FTC from Senator Burns, who noted that "Enforcement is key regarding the CAN-SPAM legislation." In 2004, less than 1% of spam complied with the CAN-SPAM Act of 2003.

The law required the FTC to report back to Congress within 24 months of the effectiveness of the act. No changes were recommended. It also requires the FTC to promulgate rules to shield consumers from unwanted mobile phone spam. On December 20, 2005 the FTC reported that the volume of spam has begun to level off, and due to enhanced anti-spam technologies, less was reaching consumer inboxes. A significant decrease in sexually explicit e-mail was also reported.

Later modifications changed the original CAN-SPAM Act of 2003 by (1) Adding a definition of the term "person"; (2) Modifying the term "sender"; (3) Clarifying that a sender may comply with the act by including a post office box or private mailbox; and (4) Clarifying that to submit a valid opt-out request, a recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any other steps other than sending a reply email message or visiting a single page on an Internet website.

The mechanics of CAN-SPAM

Applicability

CAN-SPAM, a direct response of the growing number of complaints over spam e-mails, defines a "commercial electronic mail message" as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)." It exempts "transactional or relationship messages." The FTC issued final rules () clarifying the phrase "primary purpose" on December 16, 2004. Previous state laws had used bulk (a number threshold), content (commercial), or unsolicited to define spam. The explicit restriction of the law to commercial e-mails is widely considered by those in the industry to essentially exempt purely political and religious e-mail from its specific requirements. Such non-commercial messages also have stronger First Amendment protection, as shown in ''Jaynes v. Commonwealth''.

Congress determined that the US government was showing an increased interest in the regulation of commercial electronic mail nationally, that those who send commercial e-mails should not mislead recipients over the source or content of them, and that all recipients of such emails have a right to decline them. However, CAN-SPAM does not ban spam emailing outright, but imposes laws on using deceptive marketing methods through headings that are "materially false or misleading". In addition there are conditions that email marketers must meet in terms of their format, their content, and labeling. The three basic types of compliance defined in the CAN-SPAM Act—unsubscribe, content, and sending behavior — are as follows:

Unsubscribe compliance

*A visible and operable unsubscribe mechanism is present in all emails.
*Consumer opt-out requests are honored within 10 business days.
*Opt-out lists also known as suppression lists are used only for compliance purposes.

Content compliance

* Accurate "From" lines
* Relevant subject lines (relative to offer in body content and not deceptive)
* A legitimate physical address of the publisher or advertiser is present. PO Box addresses are acceptable in compliance with and if the email is sent by a third party, the legitimate physical address of the entity, whose products or services are promoted through the email should be visible.
* A label is present if the content is adult.

Sending behavior compliance

* A message cannot be sent without an unsubscribe option.
* A message cannot contain a false header
* A message should contain at least one sentence.
* A message cannot be null.
* Unsubscribe option should be below the message.

There are no restrictions against a company emailing its existing customers or anyone who has inquired about its products or services, even if these individuals have not given permission, as these messages are classified as "relationship" messages under CAN-SPAM. But when sending unsolicited commercial emails, it must be stated that the email is an advertisement or a marketing solicitation. Note that recipients who have signed up to receive commercial messages from you are exempt from this rule.

If a user opts out, a sender has ten days to cease sending and can use that email address only for compliance purposes. The legislation also prohibits the sale or other transfer of an e-mail address after an opt-out request. The law also requires that the unsubscribe mechanism must be able to process opt-out requests for at least 30 days after the transmission of the original message.

Use of automated means to register for multiple e-mail accounts from which to send spam compound other violations. It prohibits sending sexually oriented spam without the label later determined by the FTC of "SEXUALLY EXPLICIT." This label replaced the similar state labeling requirements of "ADV:ADLT" or "ADLT."

CAN-SPAM makes it a misdemeanor to send spam with falsified header information. A host of other common spamming practices can make a CAN-SPAM violation an "aggravated offense," including harvesting, dictionary attacks, IP address spoofing, hijacking computers through Trojan horses or worms, or using open mail relays for the purpose of sending spam.

Criminal offenses

Although according to the law, legitimate businesses and marketers should be conscientious regarding the aspects mentioned above, there are misinterpretations and fraudulent practices that are viewed as criminal offenses:
* Sending multiple spam emails with the use of a hijacked computer
* Sending multiple emails through Internet Protocol addresses that the sender represents falsely as being his/her property
* Trying to disguise the source of the email and to deceive recipients regarding the origins of the emails, by routing them through other computers
* Sending multiple spam emails via multiple mailings with falsified information in the header
* Using various email accounts obtained by falsifying account registration information, in order to send multiple spam emails.

Private right of action

CAN-SPAM provides a limited private right of action to Internet Access Services that have been adversely affected by the receipt of emails that violate the Act; and does not allow natural persons to bring suit. A CAN-SPAM plaintiff must satisfy a higher standard of proof as compared with government agencies enforcing the Act; thus, a private plaintiff must demonstrate that the defendant either sent the email at issue or paid another person to send it knowing that the sender would violate the Act. Despite this heightened standard, private CAN-SPAM lawsuits have cropped up around the country, as plaintiffs seek to take advantage of the statutory damages available under the Act.

Overriding state anti-spam laws

CAN-SPAM preempts (supersedes) state anti-spam laws that do not deal with false or deceptive activity. The relevant portion of CAN-SPAM reads:

:This chapter supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.

Though this move was criticized by some anti-spam activists, some legal commentators praised it, citing a heavily punitive California law seen as over broad and a wave of allegedly dubious suits filed in Utah.

CAN-SPAM and the FTC

CAN-SPAM allows the FTC to implement a national do-not-email list similar to the FTC's popular National Do Not Call Registry against telemarketing, or to report back to Congress why the creation of such a list is not currently feasible. The FTC soundly rejected this proposal, and such a list will not be implemented. The FTC concluded that the lack of authentication of email would undermine the list, and it could raise security concerns.

The legislation prohibits e-mail recipients from suing spammers or filing class-action lawsuits. It allows enforcement by the FTC, State Attorneys General, Internet service providers, and other federal agencies for special categories of spammers (such as banks). An individual might be able to sue as an ISP if (s)he ran a mail server, but this would likely be cost-prohibitive and would not necessarily hold up in court. Individuals can also sue using state laws about fraud, such as Virginia's that gives standing based on actual damages, in effect limiting enforcement to ISPs.

The McCain amendment made businesses promoted in spam subject to FTC penalties and enforcement remedies, if they knew or should have known that their business was being promoted by the use of spam. This amendment was designed to close a loophole that allowed those running affiliate programs to allow spammers to abuse their programs, and encouraged such businesses to assist the FTC in identifying such spammers.

Senator Corzine sponsored an amendment to allow bounties for some informants. The FTC has limited these bounties to individuals with inside information. The bounties are expected to be over $100,000 but none have been awarded yet.

Reaction

Those opposing spam greeted the new law with dismay and disappointment, almost immediately dubbing it the "You Can Spam" Act. Internet activists who work to stop spam stated that the Act would not prevent any spam — in fact, it appeared to give federal approval to the practice, and it was feared that spam would increase as a result of the law. CAUCE