Do you have any information to share related to the U.S. CAN-SPAM Act?
Environment:
Email Deliverability (EDG), Outbound Emails
Resolution:
This answer is part of the Email Deliverability Best Practices doc community. Each answer's intention is to contribute to the betterment of the email community. These answers are only related to outbound messages, and do not have any impact to the improvement of inbound deliverability. For more information regarding deliverability's role at RightNow, please review the following answer page: Answer ID 2195: Email Deliverability Group (EDG) and Spam Considerations and Policy.
Furthermore, this is not intended as legal advice and you should consult with your own legal counsel for questions regarding compliance. This answer provides a high level summary but may not reflect the latest requirements. You should always discuss in greater detail with your legal counsel to ensure you are in compliance.
CAN-SPAM Act
- The CAN-SPAM Act is the main US statute governing the sending of commercial email.
- The statute allows the sending of unsolicited commercial email, provided it meets certain standards.
- The statute requires commercial email to include identifying information about the sender and simple method of unsubscribing. The statute does not apply to transactional email, as defined in the statute.
Overview
The U.S. CAN-SPAM Act of 2003 (codified at 15 U.S.C. §§ 7701-7713) dictates what email senders need to do in order to legally send commercial email. It also prohibits certain other practices relating to email, such as harvesting. It preempts state laws that specifically regulate email.
CAN-SPAM only affects some subsets of bulk email, specifically commercial bulk email. Political email and non-profit email is exempt from regulation by CAN-SPAM. That being said, standards dictated by CAN-SPAM are easy to follow so many political and non-profit groups comply with the law. The law also exempts transactional and relationship email messages.
Application
Primarily regulates commercial email
The CAN-SPAM Act primarily restricts commercial email, defined in Section 3 of the Act as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)."
These standards apply to anyone who sends mail directly, hires an email service provider (ESP) to send mail for them or hires affiliates to send mail on their behalf. Any company marketing by email must have knowledge of any email sent on their behalf.
Applies to direct and indirect senders
These standards apply to anyone who sends mail directly, hires an email service provider (ESP) to send mail for them or hires affiliates to send mail on their behalf. Any company marketing by email must have knowledge of any email sent on their behalf.
Transactional and relationship email exempted from some requirements
CAN-SPAM imposes fewer restrictions on emails that are transactional or relationship messages. These are messages that have to do with a past or current commercial transaction, employment or delivery of goods or services that the recipient entered into or agreed to enter into with the sender.
Specifically, the Act defines transactional or relationship message as follows: (A) In general The term "transactional or relationship message" means an electronic mail message the primary purpose of which is-- (i) to facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender; (ii) to provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient; (iii) to provide-- (I) notification concerning a change in the terms or features of; (II) notification of a change in the recipient's standing or status with respect to; or (III) at regular periodic intervals, account balance information or other type of account statement with respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender; (iv) to provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or (v) to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.
Requirements for transmission of email
Section 5(a) of the CAN-SPAM Act sets out the substantive requirements for the transmission of email.
Misleading header information prohibited
Section 5(a)(1) of the Act prohibits transmission of "header information that is materially false or materially misleading."
This is defined in section 5(a)(6) as "alteration or concealment of header information in a manner that would impair the ability of an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation, or the ability of a recipient of the message to respond to a person who initiated the electronic message."
This applies only to commercial email.
Functional reply address required
Section 5(a)(3) of the Act requires that commercial email contain a "clearly and conspicuously displayed" functioning reply address, to which a recipient can send an unsubscribe request.
This applies only to commercial email.
Effective opt-out required
Section 5(a)(4) prohibits a sender from continuing to send commercial email to a recipient once that recipient has opted out. The sender may also not transfer the recipients email address to another sender once the recipient has opted out.
This applies only to commercial email.
Identifier, opt-out and physical address required
Section 5(a)(5) requires that a commercial email clearly identify itself as advertising; clearly state that there is an opt-out procedure; and provide a valid physical address of the sender of the email.
This applies only to commercial email.
Warning required for sexually oriented material
Section 5(d) requires that the subject heading of a commercial email containing sexually oriented material contain a warning determined by the Federal Trade Commission.
The FTC issued a rule in 2004 (http://www.ftc.gov/os/2004/04/040413adultemailfinalrule.pdf) that the warning required is "SEXUALLY-EXPLICIT:".
Criminal Penalties for email fraud
Section 4 of the Act provides for criminal penalties for fraudulent activities involving email, including using email to commit fraud, and accessing a protected computer to send spam.
Aggravated Violations
Harvesting and dictionary attacks
CAN-SPAM prohibits knowing use of emails from harvested lists, or from lists created through dictionary attacks.
Automated creation of multiple email accounts
Relay or Transmission through unauthorized access
Enforcement
Section 7(a) of CAN-SPAM provides for enforcement by the Federal Trade Commission.
Section 7(f) provides for civil actions by the states, including injunctions against violations of the Act.Section 7(g) allows internet service providers to sue for injunctions against violations of the Act as well as actual or statutorily-defined damages.
Note on Pre-emption
Section 8(b)(1) of CAN-SPAM pre-empts any state law specific to email. However, there are some states that have laws that are not pre-empted. Most of the laws unaffected involve misleading or fraudulent advertising.
The exceptions are the registry laws in Michigan and Utah. These laws establish state registries for children's email addresses and make it illegal to send any email that advertises or links to material that is illegal to sell to children. Unlike other laws, these two laws do not just focus on unsolicited email, but cover even solicited email advertising gambling, pornography, alcohol, tobacco or illegal and legal drugs.
External Links
The FTC issued a rule in 2004
FTC Rule on Adult Email Labeling
