CAN-SPAM Act

Here is a synopsis of what the laws are in the United States of America regarding commercial emails. To read the law in it’s entirety, click on the following link:

Summary of the CAN-SPAM Act of 2003

The acronym CAN-SPAM derives from the bill’s full name: Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003. This is also a play on the usual term for unsolicited email of this type, spam.

CAN-SPAM defines a “commercial electronic mail message” as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” It exempts “transactional or relationship messages.” The FTC issued final rules[6] (16 C.F.R. 316) clarifying the phrase “primary purpose” on December 16, 2004. Previous state laws had used bulk (a number threshold), content (commercial), or unsolicited to define spam.

The bill permits e-mail marketers to send unsolicited commercial e-mail as long as it adheres to 3 basic types of compliance defined in the CAN-SPAM Act: unsubscribe, content and sending behavior compliance:

Unsubscribe compliance

  • A visible and operable unsubscribe mechanism is present in all emails.
  • Consumer opt-out requests are honored within 10 business days.
  • Opt-out lists also known as Suppression lists are only used for compliance purposes.

Content compliance

  • Accurate from lines (including “friendly froms”)
  • Relevant subject lines (relative to offer in body content and not deceptive)
  • A legitimate physical address of the publisher and/or advertiser is present. PO Box addresses are acceptable in compliance with 16 C.F.R. § 316.2(p) and if the email is sent by a third party, the legitimate physical address of the entity, whose products or services are promoted through the email should be visible.
  • A label is present if the content is adult.

Sending behavior compliance

  • A message cannot be sent through an open relay
  • A message cannot be sent without an unsubscribe option.
  • A message cannot be sent to a harvested email address
  • A message cannot contain a false header
  • A message should contain at least one sentence.
  • A message cannot be null.

There are no restrictions against a company emailing its existing customers or anyone who has inquired about its products or services, even if these individuals have not given permission, as these messages are classified as “relationship” messages under CAN-SPAM. But when sending unsolicited commercial emails, it must be stated that the email is an advertisement or a marketing solicitation. Note that recipients who have signed up to receive commercial messages from you are exempt from this rule.

If a user opts out, a sender has ten days to cease sending and can only use that email address for compliance purposes. The legislation also prohibits the sale or other transfer of an e-mail address after an opt-out request. The law also requires that the unsubscribe mechanism must be able to process opt-out requests for at least 30 days after the transmission of the original message.

Use of automated means to register for multiple e-mail accounts from which to send spam compound other violations. It prohibits sending sexually-oriented spam without the label later determined by the FTC of “SEXUALLY EXPLICIT.” This label replaced the similar state labeling requirements of “ADV:ADLT” or “ADLT.”

CAN-SPAM makes it a misdemeanor to send spam with falsified header information. A host of other common spamming practices can make a CAN-SPAM violation an “aggravated offense,” including harvesting, dictionary attacks, IP address spoofing, hijacking computers through Trojan horses or worms, or using open mail relays for the purpose of sending spam.

CAN-SPAM Act of 2003: Core Requirements

can-spam_act_Core Requirements

Section 5(a) of the CAN-SPAM Act of 2003 sets forth the basic legal principles that differentiate legal and illegal commercial email. See 15 U.S.C. § 7704(a). According to these principles, the senders of commercial email will be engaging in legal activity, so long as:

1) The header of the commercial email (indicating the sending source, destination and routing information) doesn’t contain materially false or materially misleading information;

2) The subject line doesn’t contain deceptive information;

3) The email provides “clear and conspicuous” identification that it is an advertisement or solicitation;

4) The email includes some type of return email address, which can be used to indicate that the recipient no longer wishes to receive spam email from the sender (i.e. to “opt-out”);

5) The email contains “clear and conspicuous” notice of the opportunity to opt-out of receiving future emails from the sender;

6) The email has not been sent after the sender received notice that the recipient no longer wishes to receive email from the sender (i.e. has “opted-out”); and

7) The email contains a valid, physical postal address for the sender.