The CAN-SPAM Act, otherwise known as the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (the “Act”), became effective January 1, 2004 in response to the growing number of unsolicited commercial e-mails advertising or promoting a certain product or service, commonly referred to as “spam.”  Spam is estimated to constitute approximately 50-60% of all e-mail traffic in 2004, costs businesses billions of dollars to store or filter, and clogs the inboxes of practically everyone who uses e-mail to communicate.

Contrary to the public’s desire to rid their inboxes of unwanted spam, the Act does not make spam illegal, but instead sets forth certain prohibitions and requirements that apply when sending unsolicited commercial e-mails.  These include: (1) a ban on false or misleading header information, including the originating domain name and e-mail address; (2) a prohibition against deceptive or misleading subject lines; (3) a requirement that the recipient have an ability to “opt-out” of further messages from the sender by either replying to the sent e-mail or providing a link to an “unsubscribe” page; and (4) a mandate that all advertisements and solicitations be clearly labeled as such and that the sender include its valid physical postal address in its message. 

The Act applies to all businesses in the United States that use e-mail to advertise or promote their products or services or communicate with existing customers, and covers both the senders of spam and any companies that procure the services of third parties to send spam.  Accordingly, a company cannot avoid the law’s reach by hiring an outside marketing service to send promotional e-mails on its behalf.  E-mails that facilitate an agreed-upon transaction or update a customer in an existing business relationship – referred to as transactional or relationship messages – are exempt from most provisions of the Act provided they do not contain false or misleading routing information.

The Federal Trade Commission (“FTC”), the United States Department of Justice, and all state attorneys general are authorized to enforce the Act, as are Internet Service Providers.  Violators of the Act can be subject to actual damages, statutory damages or fines of as much as $250 per violation or $2 million in the aggregate, and the possibility of up to five years imprisonment exists for certain fraudulent activities and repeat offenses.

Supporters of the Act believe it will help clear the nation’s inboxes of unwanted spam, but many critics are upset that the Act supersedes some stricter state laws.  These critics contend that the Act actually legitimizes spam so long as it complies with certain basic requirements and, therefore, the volume of spam will not significantly decrease.  The Act has also been criticized because it does not create a private right of action for citizens to sue violators of the Act, and many question the government’s ability and willingness to identify and pursue violators.

Many experts believe that a meaningful reduction in spam will not occur until the government creates a national “Do Not E-Mail Registry” similar to the recently formed and extremely popular “Do Not Call Registry”.  Such a registry would almost certainly decrease spam levels and is an idea the Act itself instructs the FTC to study and report to Congress during the summer of 2004.  However, it seems clear that the intent of Congress in passing the Act was not necessarily to immediately decrease spam levels but to insure that spam is not fraudulent and that individuals have a mechanism to avoid spam if they choose.

It appears the Act can be effective in deterring fraudulent commercial e-mail.  However, if the public expects the Act to eliminate all unwanted spam, it probably falls short of expectations because of its failure to authorize a private right of enforcement and because it creates an affirmative obligation for recipients of spam to “opt-out” instead of creating an “opt-in” list for those who desire to receive spam.