This FAQ addresses key questions you may have about Federal
anti-spam legislation - called the CAN-SPAM Act of 2003, which
went into effect on January 1, 2004. The Federal Trade
Commission approved revisions to the CAN-SPAM Act of 2003 in
Don't "harvest" email addresses from the Internet or generate
them via a "dictionary" process for commercial mailing purposes.
Don't send commercial email via a computer for which you don't
have proper authorization to use.
Don't falsify or obscure the header information in your
commercial email messages - always use a valid From: address
and an accurate, non-misleading Subject: line.
Include a valid postal mailing address and a functioning opt-out
mechanism in every commercial email message you send.
Don't continue to send email to a recipient who has opted-out of
Penn and Associates is not a legal expert, and we offer the
information below with no implied or express warranties; it is for
informational purposes only.
Frequently Asked Questions
To whom does the law apply?
CAN-Spam applies to two primary groups:
Senders - any person or entity using email software or
hosting services to deliver commercial email would be
considered a Sender per the CAN-SPAM Act's terms.
Recipients - members of email lists run by email software
or hosting services are Recipients.
What does the law prohibit and require?
CAN-SPAM prohibits four major activities or actions:
False or misleading transmission information, such as
From: or Reply To: headers that are technically accurate
but misrepresentative of the message's true origins.
Deceptive subject headings that mislead the recipient as to
the true nature of the message's content.
Email transmission after objection; that is, sending a
message to a recipient more than 10 days after the
recipient has opted-out of the list.
Address harvesting and dictionary attacks, in which
commercial email is sent to addresses that were collected
from the Internet without permission or that were
compiled by automated means.
CAN-SPAM requires two key actions:
Inclusion of an opt-out process. Every commercial email
message must include a valid mechanism for opting-out of future
communication from the sender. The final new rule ensures that
senders provide an easy, straightforward way for recipients to
unsubscribe from unwanted email communications. The new rule
states that the opt-out mechanism:
Must be available through a single web page, by replying
to the message, or through an unsubscribe button feature
on the email that allows recipients to unsubscribe through
a single click. Must only require unsubscribers to enter
their email address and associated opt-out preferences -
cannot ask unsubscribers to log in to access their accounts
first. Cannot include a fee or persuasive text on the
unsubscribe landing page.
The outgoing emails must include the sender's valid physical
postal mailing address. However, the new rule states that a valid
post office box or a private mailbox may be used, as long as it is
registered with the United States Post Office, or with a
commercial mail receiving agency that follows all USPS
regulations. In addition, if a message is sent without "affirmative
consent" (e.g. and opt-in relationship), the message must
identify itself as an advertisement. Warning labels for adult
content, such that recipients who have not provided affirmative
consent are advised in the subject line that the message contains
sexually explicit material.
Who is responsible for enforcing the law?
The Federal Trade Commission (the FTC or "Commission" in
CAN-SPAM's legalese) is ultimately responsible for enforcement
of the CAN-SPAM Act, and may bring suit against those who
violate it. In addition, the Attorneys General of each state have
some powers of enforcement with respect to violations of the law
affecting their respective states. Note that private individuals and
Internet Service Providers (ISPs) are not permitted to file
What can happen to a Sender who violates the law's terms?
CAN-SPAM levies financial penalties of $250 per violation, up to a
maximum of $2,000,000 for repeated offenses; this amount can
also be increased to $6,000,000 for repeated, willful violations.
Note that per the law's terms, only the Federal Trade
Commission and the State Attorneys General may bring suit
against a person or entity that allegedly violates the CAN-SPAM