CAN-SPAM Act

From DNSSeal Wiki
Jump to: navigation, search
U.S. Legislation
Support.png
Enacted: 2003, updated in 2008
Summary: used to differentiate legal from illegal forms of commercial email
Addresses: spam, commercial emails with explicit content
Also addressed by ICANN Policy: N
Related to: Spam, FTC, Malware, Phishing

Originally enacted by the U.S. government in 2003 and updated in 2008,[1] the Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM Act) defines the boundaries of what constitutes legal versus illegal spam. Legal commercial emails will fit the specifications outlined in the CAN-SPAM Act. This act is one of the statutes enforced and investigated by the FTC.[2]

Provisions

In order for a message to be considered illegal spam under the Can-SPAM Act, it must fit certain criteria.

Legal vs. Illegal Spam

  • In order to identify illegal spamming practices, the CAN-SPAM act outlines the difference between legal commercial emails or offers and spam emails. Legal commercial emails will fit the following requirements[3]:
  1. "The header of the commercial email (indicating the sending source, destination and routing information) doesn't contain materially false or materially misleading information;
  2. The subject line doesn't contain deceptive information;
  3. The email provides "clear and conspicuous" identification that it is an advertisement or solicitation;
  4. The email includes some type of return email address, which can be used to indicate that the recipient no longer wishes to receive spam email from the sender (i.e. to "opt-out");
  5. The email contains "clear and conspicuous" notice of the opportunity to opt-out of receiving future emails from the sender;
  6. The email has not been sent after the sender received notice that the recipient no longer wishes to receive email from the sender (i.e. has "opted-out"); and
  7. The email contains a valid, physical postal address for the sender."[3]
  • If an email violates any of these requirements, it can be considered spam by U.S. courts.

Aggravated Violations

  • This section of the CAN-SPAM act outlines offenses that will be treated as "aggravated violations" of the act.[4] Behaviors listed in this section include email address harvesting, dictionary attacks, creating email addresses through automated means, and sending spam from another person's computer without consent.[4]

Warning Labels Requirement

  • The CAN-SPAM Act also includes a provision on "sexually oriented materials" or pornographic content in the context of spam emails.[4] Commercial emails that contain sexual material need to clearly inform the recipient of its content in the subject line.[4]
  • Failure to do so may result in up to 5 years in prison and fines.[4]

New Provisions

In 2008, the CAN-SPAM Act was revised to include new 4 provisions.[1]

  1. The first provision clarifies that making recipients of spam pay a fee or give the spammer personal information to stop is not an acceptable opt-out procedure under the act.
  2. The second changed the definition of "sender" in order to better define who is responsible under the CAN-SPAM Act for providing opt-out options.
  3. The third makes it clear that a PO box as well as a valid U.S. postal address meets the standard set in the act for providing a valid postal address.
  4. The fourth provision added the definition of a person to "clarify that CAN-SPAM’s obligations are not limited to natural persons."[1]

Points to Consider

  • It is important to note that this act only addresses commercial emails[3] and does not address emails deemed transactional/relational or non-commercial. [5]
  • Additionally, fines up to $16,000 per spam email may be charged and guilty parties may even be subject to imprisonment if:
    • the spammer uses another person's computer or email to send spam without his/her consent or
    • if the spammer uses false information or domain names.[5]
  • If multiple companies are advertised in a commercial email, all may be liable under the CAN-SPAM Act even if they are not considered the primary sender.[5]
  • Some violations of the CAN-SPAM Act can result in up to $2,000,000 in damages; aggravated violations may result in 3 times the usual monetary damages.[6]

Additional Resources

Related Articles

References

  1. 1.0 1.1 1.2 http://www.ftc.gov/news-events/press-releases/2008/05/ftc-approves-new-rule-provision-under-can-spam-act (March 12, 2008), Federal Trade Comission (FTC)
  2. http://www.ftc.gov/enforcement/statutes?title=& Federal Trade Commission (FTC)
  3. 3.0 3.1 3.2 http://www.law.cornell.edu/wex/inbox/can-spam_act_core_requirements Legal Information Institute--Cornell University Law School
  4. 4.0 4.1 4.2 4.3 4.4 http://www.law.cornell.edu/uscode/text/15/7704 US Code Title 15, Legal Information Institute--Cornell University Law School
  5. 5.0 5.1 5.2 http://www.business.ftc.gov/documents/bus61-can-spam-act-compliance-guide-business Bureau of Consumer Protection (September 2009), Federal Trade Commission (FTC)
  6. http://www.gpo.gov/fdsys/pkg/PLAW-108publ187/pdf/PLAW-108publ187.pdf (PDF) CAN-SPAM ACT