CAN-SPAM Act Anti-Spam Legislation

Computer Security, Computing
Page content

What is the CAN-SPAM Act?

The CAN-SPAM Act, which became effective on 1 January 2004 and has been updated in 2008, addresses (unsolicited) commercial (*) emails in the United States, where spamming is legal as long as senders of Spam mails comply with the Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM Act). Despite the fact that the CAN-SPAM Act only has limited requirements related to content, unsubscribing and sending Spam email only a tiny fraction of all Spam email complies with the CAN-SPAM Act. The CAN-SPAM legislation, overruling state anti-spam legislation, is enforced by the US Federal Trade Commission (FTC). Please note that the information in this article can only give a non-exhaustive overview of the CAN-SPAM act and does not replace professional advice.

* The term ‘‘commercial electronic mail message’’ means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose) [1]

Content

The CAN-SPAM Act demands an accurate and relevant subject line of the commercial electronic mail message; in particular sex oriented Spam has to be labeled “SEXUALLY EXPLICIT”. Furthermore, a Spam email must include the advertiser or publisher physical address.

Unsubscribe

The CAN-SPAM Act requires that Spam mails have noticeable and functional unsubscribe mechanism of easy nature. A customer opting out of Spam must be removed from the mailing list within ten days, and his or her email address may not be used for anything else than ensuring the customer no longer receives Spam from a given sender (suppression list).

Sending

CAN-SPAM Act sending requirements forbid the use of harvested email addresses, sending Spam by means of open relays or using false header information for example. Dictionary attack and other sophisticated means of spamming are subject to criminal penalties.

The Bottom Line

Yes, one can Spam in the US provided the CAN-SPAM Act three requirements content, unsubscribe and sending are complied with. A spammer can fire unsolicited mail until the customer opts out! Furthermore, sending Spam to someone with whom the sender has a relationship, such a customer/client, does not fall under the CAN-SPAM Act, and the same is true for transactional electronic mail messages [1]. The referenced article is a pdf of the CAN-SPAM Act of 2003, and here you find the official FTC CAN-SPAM requirements for commercial emailers.

Reference: [1] https://www.spamlaws.com/f/pdf/pl108-187.pdf