Order Now International +1 561-912-2555

Partner Program


The CAN-SPAM Act and What You Need to Know

E-mail spam–the bulk transmission of unsolicited e-mail–has become a problem of epidemic proportions. Anyone with an e-mail address has experienced the frustration of receiving hundreds of messages from businesses they have never heard of, advertising products they have no interest in. Even worse for the recipient, some of these e-mails are scams that cost consumers millions of dollars per year. Spam also presents several problems for legitimate businesses: the clutter of unwanted e-mail in a customer’s in-box makes it more difficult for the customer to see your message, spam steals bandwidth from your company’s network, and your employees’ efficiency is reduced when they are forced to sort and delete spam from their own in-boxes.

Spam has become such a problem that the U.S. Congress enacted the CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing Act) Act of 2003 to govern the use of commercial e-mail. All businesses should be aware of the Act and follow its rules to avoid prosecution.

It is important to note that the CAN-SPAM Act only applies to commercial e-mail whose purpose is primarily the advertising or promotion of a commercial product or service. The Act does not restrict “transactional or relationship” e-mail, which is defined as:

  • E-mail that confirms a transaction that the recipient has already agreed to with the sender.
  • Information about the delivery of goods that the recipient has already agreed to with the sender.
  • Warranty information, recalls, and other notifications related to a product that the recipient purchased from the sender.
  • Information about changes to the recipient’s pre-established account or status with the sender.

The CAN-SPAM Act took effect on January 1, 2004. At that time the U.S. Federal Trade Commission (FTC) was authorized to monitor and enforce compliance, and the U.S. Department of Justice was authorized to prosecute cases. The Act has three primary goals:

  • Ensure the “convenience and efficiency” of e-mail as a means of communication by eliminating unsolicited e-mail messages.
  • Reduce the financial burden of “Internet access services, businesses, and educational and nonprofit institutions” who are unwilling transmitters and recipients of unsolicited e-mail.
  • Eliminate the possibility that anyone will receive, against their wishes, e-mail messages that are deceptive, fraudulent, or “vulgar or pornographic in nature.”

To accomplish these goals, the CAN-SPAM Act declares four broad principles:

  • Recipients must give “affirmative consent” before receiving commercial e-mail.
  • Recipients of commercial e-mail have a right to decline, or opt-out, of receiving further commercial e-mail.
  • Senders of commercial e-mail cannot mislead recipients concerning the origin of the e-mail or its content. The commercial nature of the e-mail must also be obvious and clear.
  • Senders must use approved methods to obtain recipients’ e-mail addresses.

Following the CAN-SPAM Act’s Rules

In this section we discuss the Act’s most important rules and how to adhere to them. The complete text of the CAN-SPAM Act can be found at http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=108_cong_public_laws&docid=f:publ187.108.pdf. Since its inception, the Act has been updated several times; you can stay current with these changes by visiting http://www.ftc.gov/bcp/conline/edcams/spam/rules.htm. If you have any questions about implementing the Act, you may want to consult an attorney.

Recipient Must Give Affirmative Consent to Receive E-Mail

A fundamental concept of the CAN-SPAM Act is that the sender may not transmit commercial e-mail to a recipient until that recipient has given affirmative consent that they are willing to receive e-mail from that specific sender. Under the Act, there are three ways that a recipient can indicate affirmative consent:

  • The recipient may, of their own initiative, request commercial e-mail messages from the sender.
  • The recipient may give affirmative consent in response to a clear request from the sender. An example of this might be an option on the sender’s Web site that says “Sign me up to receive e-mail from us about additional products and services.” The Act emphasizes that the sender’s request must be “clear and conspicuous”: in other words, it must be obvious to the recipient that they are requesting to receive commercial e-mail from the sender.
  • The sender may not distribute the recipient’s e-mail address to another party (who would also send commercial e-mail to the recipient) unless the recipient has given affirmative consent to this effect.

Recipient Must Be Able to Decline Further E-Mail

A recipient must be allowed to opt-out of receiving future commercial e-mail from the sender. Further, the sender’s commercial e-mail message must include a clearly marked mechanism that the recipient can use to decline further e-mail. This opt out mechanism must:

  • Be included in the commercial e-mail message.
  • Enable the recipient to opt-out by sending a reply e-mail or using some other Internet-based system (such as going to the sender’s Web site).
  • Be fully functional for 30 days after the commercial e-mail is sent.

The sender must stop transmitting commercial e-mail to the recipient within 10 business days of receiving an opt-out request. Further, it is illegal for the sender to “sell, lease, exchange, or otherwise transfer” to another party the e-mail address of a recipient who has declined to receive further e-mail from the sender.

E-Mail May Not Be Deceptive

An e-mail’s header information must be technically accurate; the e-mail cannot appear to be from a domain name, IP address, or e-mail address that has been fraudulently used or obtained by the sender. Also, the information in the “From” line of the e-mail message must accurately identify the person (or company) who sent the message.

The “Subject” line of the e-mail must accurately describe the content of the message. It is unlawful to use the Subject line to trick the recipient into reading the message.

The sender’s return e-mail address must be included, it must be technically accurate, and it must be a valid, working e-mail address for 30 days after the transmission of the e-mail message. It is unlawful to include a non-functioning return address in an e-mail message.

Further, any e-mail messages containing sexually-oriented content must be clearly marked. One preferred method for warning recipients is to put the words “SEXUALLY-EXPLICIT” in the e-mail’s subject line.

Legally Obtained E-Mail Addresses

Once again, the fundamental principle at work is that recipients must give consent before receiving commercial e-mail. If a recipient’s e-mail address is not obtained legally, then they did not give consent. Following are two illegal methods, described in the Act, for obtaining recipient’s e-mail addresses:

  • E-mail addresses may not be harvested from any source, particularly Internet-related. In other words, it is not permissible to search portions of the Internet (or any proprietary services) for e-mail addresses and then transmit e-mail to those recipients.
  • It is illegal to randomly generate e-mail addresses and then transmit e-mail to them.

Further, it is illegal for the sender to use an automated means of creating e-mail addresses that are used to transmit e-mail to recipients.

CAN-SPAM’s Criminal Penalties

The FTC has trained more than 1,700 law enforcement agents in the U.S. and Canada to enforce the CAN-SPAM Act. The CAN-SPAM Act details severe penalties for anyone convicted of breaking its laws. Depending on the nature of the offense, the number of times it occurred, and the damages done to consumers, the penalties can include:

  • Imprisonment up to 5 years.
  • Fines up to $3 million; fines may be higher if they are tied to actual damages incurred by recipients of fraudulent e-mail.
  • Confiscation and forfeiture of any property (including computer hardware and software) that was used to commit the crime, and any property (including personal property) that can be traced to proceeds from the crime.

International Anti-Spam Laws

If your business has international customers, you need to be aware of the anti-spam laws enacted by other countries. Canada has joined with the United States in pursuing and prosecuting businesses and individuals under the CAN-SPAM Act. In April of 2004, the Australian Communications Authority (ACA) passed the Spam Act 2003, which is similar to CAN-SPAM, except that it more easily allows for individuals who send even a single fraudulent e-mail to be prosecuted and fined up to A$220,000. Australia ‘s Act also levies fines of A$1 million per day for repeat offenders.

The European Union passed its own anti-spam laws. Like the CAN-SPAM Act, the EU’s laws require that recipients opt-in before receiving e-mail messages. The EU law also states that cookies cannot collect data about a Web site visitor unless that visitor first gives permission. Likewise, that visitor’s information cannot be exchanged or sold without prior permission. Punishment for violations varies from country to country, with Germany being especially strict.

Hong Kong is currently in the process of enacting an anti-spam law which will cover not only e-mail, but text messages, faxes and telemarketing. Their law is expected to take effect in 2006.

For more information about anti-spam laws enacted around the world, go to www.spamlaws.com.

About Verio

Verio is a leading global provider of web hosting and cloud services. As a part of NTT, one of the world's largest telecommunications companies, we offer the stability businesses need in a long-term technology partner.

Domain Name Registration Verio offers Domain Name Registration. Every domain purchased through Verio includes a FREE 3-page website. Our Web Hosting Plans include FREE design and marketing tools and a FREE domain name to help you start your business online.

VPS Hosting For businesses looking to control costs, but that require higher security and performance, Verio VPS Hosting is ideal. You can rely on it for your high-traffic ecommerce sites, content management systems like WordPress and Joomla, or multisite hosting.

Dedicated Hosting When uptime is critical, Verio Dedicated Hosting provides you with private managed servers that let you focus on your business, test environment or website, while Verio handles the hardware.

Verio, viaVerio, and Verio's product names and their related logos are trademarks, service marks, and/or registered marks of Verio Inc. in the United States and other countries. All other names are trademarks or registered marks of their respective owners. All rights reserved.