The CAN-SPAM Act, 2003: Decoding the Technicalities

The CAN-SPAM Act regulates emails sent by businesses to customers or subscribers.

Article by Kshitij Kumar. Check out his LinkedIn to learn more about him.

Editor’s Note:

So your startup is on its way to create the next path breaking innovation. And, you need to tell everyone about it. So, what’s better than buying emails, right!?

I was working with a startup in the US who just had this bright idea! Although saner minds prevailed, that got me the thinking – most marketers may not know of the regulations governing marketing, in the US.

And, that’s nothing to be surprised about. While states are free to enact their own laws, the digital sphere has no boundaries – and that might affect well-meaning marketers from their digital marketing efforts.

And, that’s why – if you need to know the most important piece of legislation governing digital marketing, it is this.

And, in this article, Kshitij will decode all there is to know about the CAN-SPAM Act, 2003.

The Controlling the Assault of Non-Solicited Pornography and Marketing Act, 2003, (CAN-SPAM Act) is a U.S law passed in 2003 that set the country’s first national standards of commercial e-mail communication.

The long title states – An Act to regulate interstate commerce by imposing limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet.

Section 14(b) of the law requires the Federal Trade Commission (FTC) to make and enforce such rules that monitor and protect mobile phone users from unwanted cell phone spam.

Section 7(10) states that violation of the act would be also considered a violation of FTC trade regulation rule.

It has been reiterated that only commercial messages, i.e. electronic messages that have commercial advertisement of promotion of a product or service (including material from a website used for a commercial purpose) are the subject matter of this act.

In the case of Jaynes v. Commonwealth, it was shown that non-commercial messages, such as the messages that are purely political or religious, transactional or relationship messages, etc. have a strong First Amendment protection, and hence, are exempted from this Act.

The CAN-SPAM does not put a ban of commercial messaging – rather, it sets up rules and regulations to be followed when commercial messages are being sent.

The main focus is to put an end to misleading header information, misleading headlines and / or deceptive  marketing methods that mislead the consumers, for which, the act requires details like the return address in the email. It prohibits sending messages to recipients after they have decide to opt out of the same, as provided for in 15 U.S.C. § 7704(a).

It is important to note that the statute, particularly provision 15 U.S.C. § 7707(b)(1) pre-empts state laws regulating the exchanges of commercial email, but the question of exactly which laws and to what extent does this act supersede is to be decided by the courts in their judgements.

Important Parts of the CAN-SPAM Act

#1. Who does the act regulate?

The CAN-SPAM Act regulates the sender of messages and brings into its protection the receiver of the messages.

Sender – As defined in the law, a sender is a person who sends a message or has advertisements about, their products or services on the internet. These can be any individuals or organizations or the Separate Lines of Businesses or Divisions in cases when its an entity operating as a separate line of business or division, as provided in Section 3(16)(b).

The statute also brings into its protection the recipient of the messages.Similarly the law, particularly Section 3(14) defines a recipient to be an authorized user of the email address to which the email is delivered.  In cases where recipient has several email addresses, each address shall be treated as a separate recipient.

When the email address is assigned to a new user, the new user shall not be treated as a recipient to any email sent to the address before it was assigned to them.

Section 3(9) of the Act also defines the term Initiate as to originate or transmit such message or to procure the origination or transmission of such message but shall not include actions that constitute routine conveyance of such messages. Email delivery services are not senders as their actions are the routine conveyance.

#2. What does the act regulate?

It regulates the exchanges of commercial emails and prohibits the use of misleading header information on all messages, both commercial and non-commercial. Section 3(2)(a) of the act defines commercial messages as any email message primarily intended for commercial advertisement or promotion of a product or service including content on an internet website intended for commercial use.

The act regulates commercial messages by businesses in order to curb spam over the internet.

However, Section 3(2)(d) provides that reference to any commercial entity does not make the message in itself a commercial message if the primary purpose of the message is other than commercial advertisement or promotion.

The act also regulates exclusively transactional messages wherein the primary purpose of the message is transactional or relationship and exclusively contains the same content.

Some examples would be:

  • Messages that facilitate, confirm or complete a commercial transaction, agreed by the recipient.
  • Messages that provide warranty information, product recall information or safety/security information, of the product or service already purchased by recipient.
  • Messages dealing with subscription, membership, loan or similar ongoing commercial relationship around the ongoing purchase or use of product/service by the recipient.
  • Messages about delivery of goods, upgrades and updates of the same that recipient is entitled to receive.
  • About information regarding employment or any other benefit plan that the recipient is involved, enrolled or participating in.

There may be commercial as well as transactional messages wherein the message contains both a message about the transactional or relationship content as well as about advertisement of a product or service. In these cases, the primary purpose of the messages is deemed commercial.

There may also be that the message contains both, commercial content as well as content other than relationship / transactional. In such cases, the primary purpose shall be deemed to be commercial if:

  1. The recipient reasonably interprets the subject line of the email as a commercial message
  2. The recipient reasonably interprets the body of the email as commercial message.

Further, the law provides pointers as to how a materially false or misleading header is identified, which is;

  1. The access of original email address/IP address/domain name was fraudulently obtained, irrespective of the fact that information in the message itself may be factually accurate.
  2. If the header information fails to accurately identify a protected computer used to initiate the message as a result of the sender using a separate computer to retransmit the message, that way, disguising the origin.

CAN-SPAM Guidelines for Commercial Messaging

To secure the recipients, the Act has laid down some guidelines which are to be followed by all commercial message senders.

Rules that are set by the CAN SPAM Act on commercial email senders.

Firstly, the act prohibits anyone from intentionally sending commercial messages to any protected computer with misleading subject headings.

Secondly, all commercial messages sent to protected computers shall include a functional return email address or other internet base mechanisms, clearly displayed in the mail itself.

15 U.S.C 7704 (a)(2) and 15 U.S.C 7704 (a)(3)(A) provides that these return addresses should be enabled to receive any message from the recipient, making the sender aware of his intention of opting out of the exchanges, i.e., letting the sender know that the recipient wishes to not receive any further communication from the sender in the future.

The sender can then, if he wishes to, send a list or menu from which the recipient may specifically select and choose the types of commercial messages he may want to receive, however, the recipient is open to not choose anything and completely opt out of the messaging from this particular sender.

15 U.S.C 7704 provides that if the return mechanism is dealing with a technical fault, beyond the control of the sender and such fault is corrected in reasonable time, then the sender is not in violation of the act.

As a result of opting out, the sender is prohibited to send any commercial messages to the recipient more than 10 business days after receiving the opt-out request.

Likewise, any person is prohibited from sending further communication on behalf of the sender granted such person has the knowledge of the opt-out request initiated by the recipient.

Moreover, no person shall assist in sending any commercial messages after the recipient has opted out of messaging and the person has the knowledge of this fact. Consequently, the sender or any person who knows that the recipient has opted out shall not sell, transfer, lease, exchange ,etc. the email address of the recipient, other than in order to comply with the CAN-SPAM act, as is provided under 14 U.S.C (1)(4)(A).

Criminal Penalties under the Act.

The CAN-SPAM act has included some aggravated violations within its framework and provides criminal penalties for these. These penalties even include imprisonment.

The CAN SPAM Act provides for heavy fines over violators and can even send you to prison.

Some of these violations are;

  • Accessing someone’s computer (without their permission) to send spam messages.
  • Misrepresentation in terms of using fake names or false information in order to register for multiple accounts or domain names.
  • Retransmitting multiple spam messages while hiding the origin of the message.
  • Address harvesting and Dictionary attacks;
  • Sending message to a protected computer while having obtained the recipient’s address using an automated means operated from an internet website or proprietary online service owned and operated by another person, or such proprietary service that included a notice upon receiving the address that they would not give, sell or otherwise transfer the recipient’s address to any party for the purpose of initiating or enabling others to initiate email messages; or the address was obtained using an automated method that generates possible email addresses by applying various combinations of names, numbers, letters, characters etc.
  • Using automated means to register multiple accounts to initiate commercial messaging, or any other messages that violate the act, which are then sent to a protected computer.
  • Intentionally relaying or retransmitting on a protected computer, any message that violates the act or violates any requirements of transmission from a protected computer or a computer network that the sender accesses without authorization.

Regulating sexually explicit messages

Sexually oriented material is any material that depicts sexually explicit conduct, unless such depiction is small and insignificant in contrast to the remainder matter, wherein such material is not primarily devoted to sexual matters.

Without a prior affirmative consent, sending commercial messages to a protected computer that contain sexually oriented material without warning labels is illegal.

These warning labels shall be provided in the subject heading of the email. 

When the recipient initially looks at the message when they open it, before taking any further action within the message, the warning labels must be the only thing visible at this point, which are the identifier, opt-out and physical address of the sender, as well as the instructions on how to access the sexually oriented messages, as is provided under 15 U.S.C 7704(d)(1),(2)&(4).

Wrapping it Up

Primarily, the statute is enforced by the FTC. However, State Attorney Generals and other state agencies are open to bring claims under this law.

The value of penalties that the FTC may seek has been capped up to $43,280 for each email that violates the law. 

State agencies may seek relief based upon the monetary or other damages/losses suffered by the residents, or, up to $250 per violation, wherein, in total it shall not be more than $2,000,000 (does not applied to violations based on misleading/inaccurate headers), as well as reasonable attorney fees.

The court may award treble damages in cases of wilful or aggravated violations.

As such all marketers need to be very well versed with the marketing regulations in place in the country as well as the state.

For any queries or help with your startup, feel free to book a free consultation with usYou may also check out our list of services if you need any help with your business efforts.

Related Reads:

author avatar
Adhip Ray
Adhip Ray is the founder of WinSavvy. He has a legal, finance and data analytics background and has provided marketing consultancy to startups for over 5 years. He has been featured at multiple publications in multiple niches including HubSpot, Addicted2Success, Manta, FitSmallBusiness, Databox, IndiaCorpLaw, Bar and Bench and more!

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top