Unsolicited email, otherwise known as spam, has been a major problem since the early days of the Internet. It is believed that the very first spam was sent in 1978, to a total of 600 email addresses. In those days, Internet users were generally charged for usage, and email boxes were limited to only a few megabytes of storage space. When the storage limit was reached, the email provider could simply stop delivering messages or, on some providers, charge a fee for every message over the limit. The charges incurred by internet users to receive and maintain email boxes full of spam led to spam’s being compared to postage-due junk mail.
As the internet expanded, so did the level of spam that was generated. By 2003, the total number of spam messages per day was in the billions. Clearly, it was time for legislation. The CAN-SPAM Act was signed into law on December 16, 2003. Although anti-spam activists immediately dubbed the new law the “Yes, You Can Spam” Act, because it did not specifically tell marketers not to send spam, the Act does put several controls on the sending of unsolicited email. Here is a basic guide to the CAN-SPAM Act.
Permitted Commercial Email
Under the CAN-SPAM Act, unsolicited commercial email may be transmitted provided that it meets the following guidelines:
1. Unsubscribe Compliance
The email must provide a clearly visible, usable means of unsubscribing. Opt-out requests must be honored within 10 days of receipt, and opt-out lists can be used only for compliance purposes.
2. Content Compliance
The email address must accurately reveal the sender’s identity. The subject line must be related to the content and not deceptive in any way. The email must contain a legitimate physical address for the publisher or advertiser. Finally, the message must clearly be labeled as Sexually Explicit if it contains adult content.
3. Sending Behavior Compliance
Email addresses may not be harvested from other websites, nor generated by combining letters and numbers in various patterns. Commercial emails may not be sent through open relays, Trojan horses or other means of hijacking another computer for use in emailing.
Religious and political messages and messages regarding national security are exempt from the CAN-SPAM Act.
Penalties for Violation
Sending unsolicited email that bears misleading headers or deceptive subject lines, does not offer a usable opt-out mechanism or does not provide a physical address may carry fines of up to $11,000 per incident. Deceptive email may also violate false advertising laws.
Additional fines may be assessed to those who harvest email addresses, use scripts to generate new email accounts for the purposes of sending out mass emails or relay emails through a computer or network without permission.
Criminal charges may be brought against those who send commercial email from another computer without permission; use a computer to relay multiple messages with an intent to deceive the recipients as to the origin of the messages; falsify header information in multiple transmitted emails; register for multiple domains or email addresses using a false identity; or falsely represent themselves as the owner of multiple IP addresses from which commercial emails are sent.