The U.S. Congress passed the CAN-SPAM Act of 2003 for implementation on January 1, 2004 to address the issue of unsolicited commercial e-mail (UCE) or spam. Since the act's implementation, organizations have updated their e-mail marketing strategies to comply with the regulations. Consumer concern and attention on the proliferation of spam, despite the government's passage of the CAN-SPAM act, has led to both legitimate and illegitimate complaints lodged against commercial e-marketers.
Organizations using e-mail marketing as a part of their overall communications plan can utilize a variety of tactics to effectively manage and reduce spam complaints.
The purpose of this paper is to:
- Educate organizations and marketers on the basics of the CAN-SPAM act by weeding through the jargon and presenting the basics requirements. Marketers should understand and be qualified to discuss their organization's compliance with service providers and other members of their staff and leadership.
- Define spam complaints and summarize the consequences of receiving them.
- Provide solutions and tips for organizations to reduce spam complaints.
CAN-SPAM ACT 2003
Provisions - Short and Simple
The Federal Trade Commission (FTC) is the government regulatory body responsible for implementing the CAN-SPAM Act and managing complaints lodged against e-marketers. The main provisions of the CAN-SPAM Act, or Controlling the Assault of Non-Solicited Pornography and Marketing Act, are summarized below.
- It bans false or misleading header information. The e-mail's "from," "to" and routing information must be accurate in the header. This includes the originating domain name and e-mail address.
- It prohibits deceptive subject lines. The subject line cannot mislead the recipient about the contents or subject of the message.
- It requires that the e-mail gives recipients an opt-out method that must be available for 30 days after the commercial message is sent. After receiving an opt-out request, the marketer has 10 days to comply.
- It is illegal for the marketer to sell or transfer the e-mail addresses of people who choose not to receive messages, even in the form of a mailing list, unless they transfer the addresses so another entity can comply with the law.
- Commercial e-mail must be identified as an advertisement and include the sender's valid, physical postal address.
Penalties
The FTC assesses fines for each violation of CAN-SPAM of up to $11,000. The Act also stipulates additional fines for commercial e-mailers that:
- Harvest e-mail addresses from Web sites or Web services that have published a notice prohibiting the transfer of e-mail addresses for the purpose of sending email. "Harvesting" is defined as trolling Web sites to gather email addresses without permission.
- Generate e-mail addresses using a "dictionary attack" - combining names, letters, or numbers into multiple permutations.
- Use of scripts or other automated ways to register for multiple e-mail or user accounts to send commercial e-mail.
- Relay of e-mails through a computer or network without permission - for example, by taking advantage of open relays or open proxies without authorization. An open relay is an SMTP email server that allows outsiders to relay email messages that are neither for nor from local users. This method is often exploited by spammers and hackers. An open proxy is an Internet proxy server which is accessible by unauthorized users, specifically those from elsewhere on the internet.
Additionally, the law allows the Department of Justice (DOJ) to seek criminal penalties, including imprisonment, for commercial e-mailers who do, or conspire to:
- Use another computer without authorization and send commercial e-mail from or through it.
- Use a computer to relay or retransmit multiple commercial e-mail messages to deceive or mislead recipients or an Internet access service about the origin of the message.
- Falsify header information in multiple e-mail messages and initiate the transmission of such messages.
- Register for multiple e-mail accounts or domain names using information that falsifies the identity of the actual registrant.
- Falsely represent themselves as owners of multiple Internet Protocol (IP) addresses that are used to send commercial e-mail messages.
*The source for summaries of provisions and penalties from the Federal Trade Commission Web site. To access the full CAN-SPAM Act and updates to it visit http://www.ftc.gov/spam/.
