Rich's WebWorld (blog)
RSS Feed

The hope of these lawsuits was to send a strong message to spammers that there would be serious financial consequences if they did not follow the law. Congress had hoped that when the Can-Spam Act took effect January 2004, the level of spam would decrease. Reports were the amount of spam actually increased.

In March, a California ISP filed the first lawsuit under the new Can-Spam Act against BobVilla.com. Within a week, that lawsuit was followed by ISP giants America Online, EarthLink, Microsoft, and Yahoo!. They combined their financial assets in a coordinated filing of the first major industry lawsuits. These four ISPs are members of an anti-spam industry alliance formed in April 2003. They filed six lawsuits against the country's most notorious spammers.

While many look at these lawsuits with glee, the full impact of the Can-Spam Act has not yet been realized. The law covers nearly every aspect of commercial email including those businesses who would never dream of "spamming." In a Jupiter Research survey, it was found that more than a third of email marketers still do not meet the requirements of the Can-Spam Act. These are the "big" boys who should know better. The number of small businesses not conforming to the law must be much higher.

To Whom Does the Can-Spam Act Apply?

The Can-Spam Act applies to virtually all U.S. businesses that use e-mail. Regulated by this law is any "commercial electronic mail message" which is defined as any e-mail message "the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)". This covers nearly any business e-mail including newsletters as well as promotional emails.

The law doesn't mean all your emails are spam but it does mean the Act governs them. Personal e-mails (and maybe non-profit organizations) don't seem to be covered.

The Act explicitly excludes "a transactional or relationship message". This would include emails contacting customers about their accounts, product upgrades, ongoing services, etc. It also includes emails intended to negotiate and complete financial transactions.

Transactional or relationship emails may contain some content promoting some product or service not related to the previous transaction. However, that content cannot be the primary purpose of the email.

Affirmative Consent

The recipient must give permission before emails are sent to them. This must be by some active choice and not by default such as with a pre-checked box on a web form. Previous contact or business dealings with someone does not give you consent to send them commercial email.

If you do not have permission to send emails to a recipient, you can still send them emails. But the requirements become much more strict. You must, for instance, give notice that your email is an advertisement or solicitation.

Key Requirements

• You cannot use a misleading subject line. The content of the email must be clearly indicated by the subject line.
• The from line must identify who you are. Both the from address and the reply-to address must be valid. If the email bounces, it must be able to come back to you. If someone replies to the email, it must go to you and not bounce. This can be a particular problem for those using email accounts such as Hotmail where the inbox may become full or the traffic allotment has been exceeded.
• The body of the message must contain a postal address.
• There must be a conspicuous notice identifying each message as an advertisement or solicitation when affirmative consent has not been received. Some states require "ADV" in the subject line.
• The body of the message must contain instructions for being removed from the email list. This may include using the sender’s return email address or a link leading to a web page process. The return address and web-based functions must work for at least 30 days following the transmission of the message.
• Opt-out requests must be honored within 10 business days.
• You cannot extract email addresses from other web pages to be used for sending email even if the above requirements are met.

Criminal Penalties

There are criminal penalties specified for breaking the Can-Spam Act.

• You can get a year in jail for sending commercial email in which the header information is misleading or inaccurate. It is common for spammers to forge these headers to hide who they are and where the email is coming from.
• You can get up to five years in jail for any of these common spamming practices:
  • Hacking into another computer to send spam
  • Using open relays to send intentionally deceptive spam
  • Using false information to register five or more email accounts that you subsequently use to send bulk spam
• There’s a potential $250 fine for every individual email you make a mistake on.
• The Can-Spam Act suggest offering a bounty of at least 20% of collected fines to those who report offenders.

Suggestions on Protecting Yourself

Use double opt-in. Because anyone can sign up another person for email, send the recipient an email confirming they have signed up. Unless they reply to that email (double opt-in), they are not included in the email list.

If you don’t know where an email address came from, don’t use it.

Make sure your subject lines are accurate and reflect the content of the message.

Check all your links including your unsubscribe feature, your return address, and your reply-to address. They must all be working.

If you are manually handling opt-out requests, make sure you can comply with the requests within 10 days. Being on vacation does not give you an excuse.

If you want to know more about the Can-Spam Act of 2003 (derived from the initials of Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, you can find all the details here: spamlaws.com.