If you thought spam was a big problem last year, wait until you see the
spam problems you’ll have now that Congress has passed the CAN-SPAM Act.
That’s partly because the act may allow a lot more spamming. The bill, as
signed into law last month by President Bush, doesn’t actually ban unsolicited
bulk e-mail (UBE), otherwise known as spam. It simply requires that such
e-mails bear a working return address, a physical postal address, and a way for
recipients to request that they receive no more messages from a company.
Those simple guidelines can easily be followed by thousands of marketing
companies who’ve been waiting for Congressional permission to spam. Now they
can send bulk e-mails until they’re requested to stop by each harried
recipient. You notice the bill wasn’t called the CAN’T-SPAM Act.
But even if you don’t start receiving double or triple your usual dose of
spam, every enterprise that sends any e-mails at all will be impacted by the
act. Merely sending out a company newsletter — and restricting it
only to people who’ve specifically requested it — puts you at risk.
That’s because the law sets forth a number of new requirements that even
legitimate, permission-based e-mailers must adhere to.
Laying Down the Law
A brief overview of some of the new conditions for mass e-mail shows why
your company should take this law seriously:
• Postal addresses.
As mentioned above, the act requires each newsletter or bulk e-mail message
to include a “valid physical postal address of the sender.” That’s a
requirement for all commercial messages, not just unsolicited ones.
Interestingly, if spammers start including a postal address in their
missives, it may make it easier for your company’s anti-spam filters to
catch spam by looking for certain patterns, such as specific street names.
• Clean lists.
Besides requiring that you remove from your lists anyone who
“unsubscribes” from your newsletters, the act also prohibits you from sending
solicitations to e-mail addresses that are “harvested” from Web sites.
Beware — if your company rents outside lists of e-mail addresses to send
test mailings to, you might unknowingly wind up using lists that have were
built up in just such ways.
• Closed relays.
The act also prohibits the use of “open relays,” mail servers that pass
along bulk messages for others without limitation. A popular spammer
trick is to subvert computers that aren’t well protected and use their relay
function to send millions of spam messages anonymously. Your company might
not knowingly use such a devious method, but if any of your machines are
vulnerable to such attacks, you might find yourself on lists of “known
spammers” — or defending yourself against lawsuits.
The CAN-SPAM Act has been roundly criticized by those who advocate a pure ban
on spam, modeled on Congress’s previous criminalization of unsolicited
bulk faxes. But despite its flaws, the new law does have a few tough-sounding
Do the Crime and Do the Time
The federal legislation supercedes anti-spam laws that exist in
several U.S. states, many of which were much harsher on UBE.
Thanks to the CAN-SPAM Act, individuals in those states can no longer
sue spammers, but Internet service providers (ISPs)
are specifically authorized to do so, in addition to the Federal Trade
Commission or the attorney general of any state.
The federal penalties for spamming now include fines and three years of
jail time for first offenders, rising to five years for those convicted
a second time (even if the first conviction was a state offense). ISPs can sue
for up to $1 million, while attorneys general can demand $2 million. But these
caps are removed — and spammers can be sued for unlimited amounts
— if the spam messages in the case used falsified header information
to take advantage of open relays, for example.
Most interesting, the FTC is instructed by the act to report to Congress
later this year on a system that would award 20% of any spammers’ fines to the
individuals who first brought to the commission the evidence of
these spammers’ violations of the act.
Where to Turn for Advice
I’ve merely scratched the surface of the 21 pages of fine print that makes up
the CAN-SPAM Act. Considering the potential impact of this law on companies
of all sizes, it’s essential that you educate yourself further.
The best white paper for laypeople that I’ve seen on the subject is an analysis
by Customer Paradigm, a consulting firm in Boulder, Colo. The 27-page PDF
document (which includes the full text of the act) is available free
The firm asks you to provide a working e-mail address, to which a
link is sent that allows you to download the white paper. Customer Paradigm
also uses this address to send you subsequent updates, but says you can
unsubscribe from the notices at any time.
Another in-depth analysis of the law’s impact on legitimate companies is by
Anne Holland, managing editor of Marketing Sherpa, a publisher in Portsmouth, R.I. In an urgent bulletin to her readers, she
warned recently that an unsubscribe request by a recipient of an e-mail
newsletter from one of your company’s divisions may prohibit your
other divisions from mailing to that recipient henceforth.
“I can see major implications for anyone who allows sales reps to
send out offers to their own lists,” Holland says, by way of example. See
her full article on the act here.
You may never have thought of your company as a spammer. But if you send out
any significant quantity of e-mail newsletters or bulk marketing messages, you
and your legal counsel need to sit down soon and discuss what the CAN-SPAM Act
now requires of you.
It’ll be a lot better to find these details out before some ISP
or state agency uses the courts to let you know you’re not following
the letter of the law.