CAN-SPAM Act of 2003

I.         INTRODUCTION


The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“the CAN-SPAM Act”) generally requires senders of commercial e-mail messages to provide recipients with an opportunity to opt-out from receiving additional e-mails from the sender. The law also prohibits a number of fraudulent practices that should not concern legitimate businesses (e.g., financial institutions) and imposes civil penalties on persons who violate its provisions. The Act became effective on January 1, 2004, and preempted state laws that regulate the use of e-mail to send commercial messages.


The CAN-SPAM Act is intended primarily for persons who:


  1. send commercial e-mail messages containing materially false header information (the source, destination and routing information, including the originating domain name and e-mail address);

  2. send commercial e-mails with the intent to mislead or deceive recipients as to their origin; or

  3. access computers without authorization with the intent to send multiple commercial e-mails through the computer. The Act also imposes certain obligations on legitimate users of commercial e-mail, which are described in more detail below.

II.        REQUIREMENTS FOR SENDERS OF COMMERCIAL E-MAIL


A “commercial electronic mail message” is defined as an electronic mail message, the primary purpose of which is the commercial advertisement or promotion of a commercial product or service. The term also includes content on an Internet Web site operated for a commercial purpose.


The CAN-SPAM Act prohibits a person from sending:


  1. a commercial e-mail message, or a transactional or relationship message that contains header information (the source, destination and routing information, including the originating domain, name and e-mail address) that is materially false or misleading; and

  2. a commercial e-mail, if the person knows that the subject heading of the message would be likely to mislead a recipient about the contents or subject matter of the message.

For purposes of the CAN-SPAM Act, a “transactional or relationship message” is expressly excluded from the definition of a commercial electronic mail message and is defined as an electronic mail message the primary purpose of which is:


        A.  to facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender;
 

        B.  to provide safety or security informaiton with respect to a commercial product or service used or purchased by the recipient;
 

        C.  to provide:


  1. notification concerning a change in the terms or features of;

  2. notification of a change in the recipients standing or status with respect to; or

3. account balance information or other type of account statement with respect to, an account, loan or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products and services offered by the sender; or


        D.  to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender).


The Act further prohibits sending commercial e-mail to anyone who has opted-out from receiving such messages, unless the recipient consents to receive such messages subsequent to the opt-out request and prohibits a sender from transferring the e-mail address of a person who has opted-out from receiving commercial e-mails from the sender.


A person sending a commercial e-mail message must include a functioning return e-mail address or other Internet-based mechanism that the recipient can use to reply or opt-out from future commercial e-mail messages from the sender. A sender will not violate this requirement if its opt-out mechanism is unexpectedly and temporarily unable to receive messages or process requests due to a technical problem beyond the sender’s control, provided the problem is corrected within a reasonable period of time. The sender has 10 days to process a recipient’s request to opt-out from receiving future commercial e-mail from the sender.


In addition, a commercial e-mail must:


  1. clearly and conspicuously indicate that the message is an advertisement or solicitation, unless the recipient has given prior affirmative consent to receipt of the message;
  2. provide clear and conspicuous notice of the opportunity for the recipient to opt-out from receiving further commercial e-mail from sender; and
  3. provide the physical postal address of the sender.

Finally, no person may promote, or allow the promotion of, its business or its goods or services in a commercial e-mail that contains false or misleading header information if the person:


  1. knows or should have known that the goods or services were being promoted in the message;
  2. received or expected to receive economic benefit from such promotion; and
  3. took no reasonable action to prevent the transmission, or detect the transmission and report it to the Federal Trade Commission (“FTC”).

III.      CRIMINAL PROHIBITIONS REGARDING COMMERCIAL E-MAILS

The Act makes it a criminal offense to:

  1. access a computer without authorization and intentionally initiate multiple (more than 100 e-mails sent during a 24-hour period, more than 1,000 e-mails sent during a 30-day period, or more than 10,000 e-mails sent during a one-year period) commercial e-mails through that computer;

  2. relay multiple commercial e-mails with the intent to deceive or mislead recipients or any Internet service provider as to the origin of the e-mails;

  3. materially falsify header information in multiple commercial e-mails;

  4. register for e-mail or online user accounts or domain names using information that materially falsifies the registrant’s identity; or

  5. falsely represent oneself as the registrant of Internet protocol addresses and intentionally send multiple commercial e-mail from such addresses.

IV.      REGULATIONS AND ENFORCEMENT


The FTC is authorized to issue regulations for implementations of the Act and to enforce the civil provisions of the Act. Violations involving depository institutions will be enforced by the federal banking agencies. The Act also authorizes a state agency or attorney general to bring civil action against a violator of the Act in federal court on behalf of its residents. Among the remedies under the Act for violations are injunctive relief, costs and attorney fees, and monetary damages. Civil actions may also be brought in federal court by an Internet service provider that is damaged as a result of a violation of the Act. The Act provides no private right of action for consumers.

V.      FEDERAL PREEMPTION

The Act supersedes any state or local law or regulation that expressly regulates the sending of commercial e-mail, except those state laws that prohibit false or deceptive commercial e-mail, or laws that are not specific to e-mail including trespass, contract or tort law, and other state laws to the extent that such laws relate to acts of fraud or computer crime.

VI.     “DO-NOT-E-MAIL” REGISTRY

The FTC is authorized to establish and implement a nationwide “Do-Not-E-Mail” registry no earlier than nine months after enactment of the Act.

VII.     CONCLUSION

Banks should review their practices to ensure any commercial e-mails they send comply with the CAN-SPAM Act requirements. In this regard, it should be noted that there is no general exception for “existing business relationships,” so e-mails sent by a bank to its existing customers that market the bank’s products and services would appear to be subject to the provisions of the Act.

 

Compliance Handbook Search

STAY CONNECTED

Nebraska Bankers Association

233 South 13th Street, Suite 700
Lincoln, NE 68508
402-474-1555
​Digital Millennium Copyright Act Policy