This FAQ addresses key questions you may have about Federal
anti-spam legislation - called the CAN-SPAM Act of 2003, which went
into effect on January 1, 2004. The Federal Trade Commission
approved revisions to the CAN-SPAM Act of 2003 in 2008.
Don't "harvest" email addresses from the Internet or generate
them via a "dictionary" process for commercial mailing purposes.
Don't send commercial email via a computer for which you don't
have proper authorization to use.
Don't falsify or obscure the header information in your
commercial email messages - always use a valid From: address and
an accurate, non-misleading Subject: line.
Include a valid postal mailing address and a functioning opt-out
mechanism in every commercial email message you send.
Don't continue to send email to a recipient who has opted-out of
Penn and Associates is not a legal expert, and we offer the information
below with no implied or express warranties; it is for informational
Frequently Asked Questions
To whom does the law apply?
CAN-Spam applies to two primary groups:
Senders - any person or entity using email software or hosting
services to deliver commercial email would be considered a Sender
per the CAN-SPAM Act's terms.
Recipients - members of email lists run by email software or
hosting services are Recipients.
What does the law prohibit and require?
CAN-SPAM prohibits four major activities or actions:
False or misleading transmission information, such as From: or
Reply To: headers that are technically accurate but
misrepresentative of the message's true origins.
Deceptive subject headings that mislead the recipient as to the
true nature of the message's content.
Email transmission after objection; that is, sending a message to
a recipient more than 10 days after the recipient has opted-out of
Address harvesting and dictionary attacks, in which commercial
email is sent to addresses that were collected from the Internet
without permission or that were compiled by automated means.
CAN-SPAM requires two key actions:
Inclusion of an opt-out process. Every commercial email message must
include a valid mechanism for opting-out of future communication from
the sender. The final new rule ensures that senders provide an easy,
straightforward way for recipients to unsubscribe from unwanted email
communications. The new rule states that the opt-out mechanism:
Must be available through a single web page, by replying to the
message, or through an unsubscribe button feature on the email
that allows recipients to unsubscribe through a single click.
Must only require unsubscribers to enter their email address and
associated opt-out preferences - cannot ask unsubscribers to log in
to access their accounts first. Cannot include a fee or persuasive
text on the unsubscribe landing page.
The outgoing emails must include the sender's valid physical postal
mailing address. However, the new rule states that a valid post office
box or a private mailbox may be used, as long as it is registered with
the United States Post Office, or with a commercial mail receiving
agency that follows all USPS regulations. In addition, if a message is
sent without "affirmative consent" (e.g. and opt-in relationship), the
message must identify itself as an advertisement. Warning labels for
adult content, such that recipients who have not provided affirmative
consent are advised in the subject line that the message contains
sexually explicit material.
Who is responsible for enforcing the law?
The Federal Trade Commission (the FTC or "Commission" in
CAN-SPAM's legalese) is ultimately responsible for enforcement of the
CAN-SPAM Act, and may bring suit against those who violate it. In
addition, the Attorneys General of each state have some powers of
enforcement with respect to violations of the law affecting their
respective states. Note that private individuals and Internet Service
Providers (ISPs) are not permitted to file lawsuits directly.
What can happen to a Sender who violates the law's terms?
CAN-SPAM levies financial penalties of $250 per violation, up to a
maximum of $2,000,000 for repeated offenses; this amount can also
be increased to $6,000,000 for repeated, willful violations. Note that
per the law's terms, only the Federal Trade Commission and the State
Attorneys General may bring suit against a person or entity that
allegedly violates the CAN-SPAM Act.