The 'CAN-SPAM Act of 2003' (
15 U.S.C. 7701, et seq., Public Law No. 108-187, was S.877 of the
108th Congress), signed into law by
President Bush on
December 16,
2003, establishes the
United States' first national standards for the sending of commercial
e-mail and requires the
Federal Trade Commission (FTC) to enforce its provisions. The acronym CAN-SPAM derives from the bill's full name: ' ''C''ontrolling the ''A''ssault of ''N''on-''S''olicited ''P''ornography ''A''nd ''M''arketing Act of 2003'. This is also a play on the usual term for unsolicited email of this type,
spam. The bill was sponsored in Congress by Senators
Conrad Burns and
Ron Wyden.
The law required the FTC to report back to congress within 24 months of the
effectiveness of the act. No changes were recommended. It also requires the FTC to promulgate rules to shield consumers from unwanted
mobile service commercial messages. On 20 December 2005 a detailed report to congress on the effectiveness of the act indicated that the volume of spam has begun to level off, and due to enhanced anti-spam technologies, less is reaching consumer inboxes. A significant decrease in sexually explicit e-mail was also reported.
[1]
The CAN-SPAM Act is commonly referred to as the YOU-CAN-SPAM Act because the bill was backed by lobbyists for spammers and preempts stronger state anti-spam measures.
The mechanics of CAN-SPAM
CAN-SPAM defines a "commercial electronic mail message" as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)." It exempts "transactional or relationship messages." The FTC has yet to clarify what "primary purpose" means; it has already delayed rule-making for this terminology. Previous state laws had used bulk (a number threshold), content (commercial), or unsolicited to define spam.
The bill permits e-mail marketers to send unsolicited commercial e-mail as long as it contains all of:
★ an opt-out mechanism;
★ a valid subject line and header (routing) information;
★ the legitimate physical address of the mailer; and
★ a label if the content is adult.
The content is exempt if it consists of:
★ religious messages;
★ content that broadly complies with the marketing mechanisms specified in the law; or
★ national security messages.
If a user opts out, a sender has ten days to cease sending spam but they are not required to remove the address. The legislation also prohibits the sale or other transfer of an e-mail address after an opt-out request. However, the only requirement for this opt-out mechanism is that it "must be able to process opt-out requests for at least 30 days". Some companies have taken this to denigrate opting-out to a 20 day break between spam messages.
Use of automated means to register for multiple e-mail accounts from which to send spam compound other violations. It prohibits sending
sexually oriented spam without the label later determined by the FTC of "SEXUALLY EXPLICIT". This label replaced the similar state labeling requirements of "ADV:ADLT" or "ADLT". Labeling regulations for general spam will be commented on by the FTC this summer.
CAN-SPAM makes it a
misdemeanor to send spam with falsified header information. A host of other common spamming practices can make a CAN-SPAM violation an "aggravated offense," including harvesting,
dictionary attacks,
IP address spoofing, hijacking computers through
Trojan horses or
worms, or using
open mail relays for the purpose of sending spam.
What CAN-SPAM preempts
CAN-SPAM preempts (supersedes) existing state anti-spam laws that do not deal with fraud and was rushed through congress just before a tougher anti-spam law passed in California.
[1] Specifically, 15 USC s 7707(b)(1) reads:
This chapter supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.
CAN-SPAM and the FTC
CAN-SPAM allows the FTC to implement a national ''do-not-email list'' similar to the FTC's popular ''
do-not-call registry'', or to report back to Congress why the creation of such a list is not currently feasible. The FTC soundly rejected this proposal, and such a list will not be implemented. The FTC concluded that the lack of authentication of email would undermine the list, and it could raise security concerns.
The legislation does not allow e-mail recipients to sue spammers or class-action lawsuits, but allows enforcement by the FTC, State Attorneys General,
Internet service providers, and other federal agencies for special categories of spammers (such as banks). An individual might be able to sue as an ISP if (s)he ran a mail server, but this would likely be cost-prohibitive and would not necessarily hold up in court. Individuals can also sue using state laws about fraud, such as Virginia's which gives standing based on actual damages, in effect limiting enforcement to ISPs.
Senator
John McCain is responsible for a last-minute
amendment which makes businesses promoted in spam subject to FTC penalties and enforcement remedies, regardless of whether the FTC is able to identify the specific spammer who initiated the e-mail.
Representative Lofgren introduced an amendment to allow bounties for some informants. The FTC has limited these bounties to individuals with inside information. The bounties are expected to be over $100,000, but none have been awarded yet.
Reaction
Anti-spam activists greeted the new law with dismay and disappointment. It was almost immediately dubbed the "Yes, You Can Spam" Act.
[2][3] Internet activists who work to stop spam stated that the Act would not prevent any spam — in fact, it appeared to give Federal approval to the practice, and it was feared that spam would increase as a result of the law. The
Coalition Against Unsolicited Commercial Email (CAUCE) stated:
:"This legislation fails the most fundamental test of any anti-spam law, in that it neglects to actually tell any marketers not to spam. Instead, it gives each marketer in the United States one free shot at each consumer's e-mail inbox, and will force companies to continue to deploy costly and disruptive anti-spam technologies to block advertising messages from reaching their employees on company time and using company resources. It also fails to learn from the experiences of the states and other countries that have tried "opt-out" legal frameworks, where marketers must be asked to stop, to no avail.
[4]"
AOL Executive Vice President and General Counsel
Randall Boe stated:
:"[CAN-SPAM] not only empowered us to help can the spam, but also to can the spammers as well . . . Our actions today clearly demonstrate that CAN-SPAM is alive and kicking — and we're using it to give hardcore, outlaw spammers the boot.
Enforcement
Within a few months, hundreds of lawsuits had been filed by an alliance of ISPs. Many of these efforts resulted in settlements; most are still pending. Though most defendants were "
John Does," many spam operations, such as
Scott Richter's, were known.
On
April 29,
2004, the United States Government brought the first criminal and civil charges under the CAN-SPAM act. Criminal charges were filed by the United States Attorney for the Eastern District of Michigan, and the FTC filed a civil enforcement action in the Northern District of Illinois. The defendants were a company named "Phoenix Avatar," and four associated individuals: Daniel J. Lin, James J. Lin, Mark M. Sadek and Christopher Chung of
West Bloomfield, Michigan. Defendants were charged with sending hundreds of thousands of spam emails advertising a "diet patch" and "hormone products." The FTC stated that these products were effectively worthless. Authorities said they face up to five years in prison under the anti-spam law and up to 20 years in prison under U.S.
mail fraud statutes.
On
February 1,
2005, a ''
New York Times'' article suggested that the Can Spam Act had resulted in little to no effect on the flow of spam, and the amount of spam saturating the Internet had actually increased since the law went into effect.
On
2006-01-16, an
Azusa, California man was convicted by a jury in
United States District Court in
Los Angeles in ''United States v. Goodin, U.S. District Court, Central District of California, 06-110'', under the CAN-SPAM Act (the first conviction under the Act)
[5], and on June 11, 2007 was sentenced to 70 months in federal prison. Out of a potential sentence of 101 years prosecutors had asked for a sentence of 94 months. Goodin was already detained in custody as he had missed a court hearing.
[6]
As of late 2006, CAN-SPAM has been all but ignored by spammers. A review of spam levels in October of 2006 estimated that 75% of all email messages were spam, and the number of spam emails complying with the requirements of the law were estimated to be 0.27% of all spam emails.
[2]
In
June 2007, Two men were convicted of spamming out millions of e-mail messages that included hardcore pornographic images.
Jeffrey A. Kilbride, 41, of
Venice, California, and
James R. Schaffer, 41, of
Paradise Valley, Arizona, were convicted on eight counts in
U.S. District Court in
Phoenix, Arizona. Both face a maximum of 30 years in prison, along with a fine of up to $500,000. They will be sentenced on
September 24, 2007. The charges included
conspiracy,
fraud,
money laundering, and transportation of
obscene materials. The trial, which began on June 5, was the first to include charges under the
CAN-SPAM Act of 2003, according to a release from the
Department of Justice. The specific law that prosecutors used under the CAN-Spam Act was designed to crack down on the transmission of pornography in spam.
[7]
Problems for Mailers
Cited problems with the act for mailers include that many blacklists, such as spamhaus, will blacklist servers sending CAN-SPAM compliant messages. Also, subject lines including "Sexually-Explicit" have trouble passing through statistical filters maintained by most popular e-mail companies.
See also
General categories
★
E-mail spam
★
Spamming
Related acts
★
Junk Fax Prevention Act of 2005 ()
★
Do-Not-Call Implementation Act of 2003 ()
★
Communications Act of 1934 ()
References
1. http://www.cybertelecom.org/spam/canspam.htm
2. Foster, Ed. "The "Yes, You Can Spam" Act of 2003". InfoWorld. Accessed April 24, 2007.
3. "United States set to Legalize Spamming on January 1, 2004". Spamhaus. Accessed April 24, 2007.
4. Statement on CAN SPAM, accessed August 13 2006
5. California Man Guilty of Defrauding AOL Subscribers, U.S. Says
6. California Man Gets 6-Year Sentence For Phishing
7. [3]
★ Lee, Younghwa (June 2005). "The CAN-SPAM Act: A Silver Bullet Solution?". ''Communications of the ACM'', p. 131–132.
External links
★
The full text of the Can-Spam Act in HTML format
★
FCC Can Spam Act policy
★
Cybertelecom :: Can Spam Act
العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
Español
![Royal treatment at Hotel Fouquet\](images/articles/thumbs/fouquetthumb.jpg "Royal treatment at Hotel Fouquet\")
![Daily flights from NYC to Mont Tremblant\](images/articles/thumbs/nytremblantthumb.jpg "Daily flights from NYC to Mont Tremblant\")
