|
BestPrac.Org
Stop Spam : Best Practice in Email
Spam Prevention and Eradication
Anti Spam Laws -
United States Federal Spam Law (US CAN-SPAM Act 2003):
The Can-Spam Law (full official title: "Controlling the Assault of Non-Solicited Pornography and Marketing Act") was passed by Washington in 2003 and became effective as of January 1st, 2004. It was widely criticized for its weaknesses when introduced, though in some corners it was hailed as being a good step in the right direction.
The main criticisms have been:
- It is an "opt-out" law. Commercial and bulk emailers do not need your specific permission before email you. They must, however, honor your requests to be removed from their mailing lists;
- It provides a wide range of exemptions for political, charitable and religious organizations;
- It removes any rights as were granted under various State anti spam laws of private citizens pursuing spammers and recover compensation or damages; &
- It provides for the Federal Trade Commission to launch prosecutions against offenders, and therefore relies on a relatively small unit with limited human and budgetary resources to identify and launch legal actions against spammers.
Summary of the Major Provisions of the US CAN-SPAM Act 2003
(Note: herein, "emails" refers to commercial or bulk emails. It does not refer to private correspondence.)
- False or misleading header information prohibited: An email's "From," "To," and routing information – including the originating domain name and email address – must be accurate and identify the person who initiated the email.
- Deceptive subject lines prohibited: The subject line cannot mislead the recipient about the contents or subject matter of the message.
- Emails must give recipients an opt-out method: Emails must provide a return email address or another Internet-based response mechanism that allows a recipient to ask you not to send future email messages to that email address, and you must honor the requests. You may create a "menu" of choices to allow a recipient to opt out of certain types of messages, but you must include the option to end any commercial messages from the sender. An opt-out request must be honored within 10 business days.
Any opt-out mechanism offered must be able to process opt-out requests for at least 30 days after you send your commercial email. The emailer cannot help another entity send email to that address, or have another entity send email on their behalf to that address. Finally, it's illegal for you to sell or transfer the email addresses of people who choose not to receive your email, even in the form of a mailing list, unless you transfer the addresses so another entity can comply with the law.
- It requires that commercial email be identified as an advertisement: Emails must contain clear and conspicuous notice that the message is an advertisement or solicitation and that the recipient can opt out of receiving more commercial email from you.
- Emails must include the sender's valid physical postal address. Emails must include the sender's valid physical postal address.
Penalties for breaches of the CAN-SPAM Act:
Each violation of the above provisions is subject to fines of up to $11,000. Deceptive commercial email also is subject to laws banning false or misleading advertising.
Additional fines are provided for commercial emailers who not only violate the rules described above, but also:
- "harvest" email addresses from Web sites or Web services that have published a notice prohibiting the transfer of email addresses for the purpose of sending email
- Generate email addresses using a "dictionary attack" – combining names, letters, or numbers into multiple permutations
- Use scripts or other automated ways to register for multiple email or user accounts to send commercial email
- Relay emails through a computer or network without permission – for example, by taking advantage of open relays or open proxies without authorization.
The law allows the DOJ to seek criminal penalties, including imprisonment, for commercial emailers who do – or conspire to:
- Use another computer without authorization and send commercial email from or through it
- Use a computer to relay or retransmit multiple commercial email messages to deceive or mislead recipients or an Internet access service about the origin of the message
- Falsify header information in multiple email messages and initiate the transmission of such messages
- Register for multiple email accounts or domain names using information that falsifies the identity of the actual registrant
- Falsely represent themselves as owners of multiple Internet Protocol addresses that are used to send commercial email messages.
Reporting Violations:
The Federal Trade Commission encourages the public to send copies of all spam that violates the CAN-SPAM Act to them at spam@uce.gov . Be sure to include the complete email along with the full email headers. The FTC will then add these reports to their database in order to identify and trace spammers and pursue legal actions against them.
Further Information:
Disclaimer:
The above is given in summary form only. It is not a comprehensive statement of every aspect of the US CAN-SPAM Law. This page is for informational and educational purposes only and does not constitute legal advise. Please make your own enquiries and seek your own legal advise before relying on any statements made herein.
|