Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act

---

The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act covers unsolicited commercial email messages known as spam.

• passed in 2003
• spam is unsolicited electronic junk mail that a user may receive
• has both civil and criminal provisions
• requires commercial email senders to meet certain requirements
  • Commercial messages are messages with content that advertises or promotes a product or service
• forbids sending sexually explicit email unless it has a label or marking that identifies it as explicit

Requirements

• Do not use false or misleading header information
• Do not use deceptive subject lines
• Identify the email message as a commercial advertisement
• Include a valid physical postal address
• Inform message recipients how to opt-out of future email messages
• Promptly process opt-out requests
• Monitor the actions of third parties that advertise on the sender’s behalf

Civil Provisions

• FTC enforces the civil provisions of the CAN-SPAM Act
• Violations of the Act are enforced by the FTC in the same way that it enforces unfair or deceptive trade practices
• FTC also has promulgated rules for businesses to follow

Criminal Provisions

• includes penalties for:
  • Accessing another person’s computer without permission to send spam
  • Using false information to register for multiple email accounts or domain names
  • Relaying or retransmitting spam messages through a computer to mislead others about the origin of the email
  • Harvesting email addresses or generating them through a dictionary attack
  • Taking advantage of open relays or open proxies without permission to send spam
• U.S. Department of Justice enforces the criminal provisions
• Criminal penalties include fines or imprisonment of up to 5 years