Title
by
Editor
 

Controlling the Assault of Non-Solicited Pornography and Marketing ("CAN-SPAM") Act of 2003

Pub. Law 1089-187, codified at 15 U.S.C. § 7701 et seq. (2005)

   
  Up Chapter 04 Title Page Title Page Email Listserve Email Listserve
     
 

[NOTE: This statute has been edited for classroom use by the omission of text. See this alternate source for the full statute.]


SECTION 1. SHORT TITLE.

This Act may be cited as the 'Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003', or the 'CAN-SPAM Act of 2003'.


SEC. 2. CONGRESSIONAL FINDINGS AND POLICY.

    (a) FINDINGS- The Congress finds the following:

      (1) Electronic mail has become an extremely important and popular means of communication, relied on by millions of Americans on a daily basis for personal and commercial purposes. Its low cost and global reach make it extremely convenient and efficient, and offer unique opportunities for the development and growth of frictionless commerce.

      (2) The convenience and efficiency of electronic mail are threatened by the extremely rapid growth in the volume of unsolicited commercial electronic mail. Unsolicited commercial electronic mail is currently estimated to account for over half of all electronic mail traffic, up from an estimated 7 percent in 2001, and the volume continues to rise. Most of these messages are fraudulent or deceptive in one or more respects.

      (3) The receipt of unsolicited commercial electronic mail may result in costs to recipients who cannot refuse to accept such mail and who incur costs for the storage of such mail, or for the time spent accessing, reviewing, and discarding such mail, or for both.

      (4) The receipt of a large number of unwanted messages also decreases the convenience of electronic mail and creates a risk that wanted electronic mail messages, both commercial and noncommercial, will be lost, overlooked, or discarded amidst the larger volume of unwanted messages, thus reducing the reliability and usefulness of electronic mail to the recipient.

      (5) Some commercial electronic mail contains material that many recipients may consider vulgar or pornographic in nature.

      (6) The growth in unsolicited commercial electronic mail imposes significant monetary costs on providers of Internet access services, businesses, and educational and nonprofit institutions that carry and receive such mail, as there is a finite volume of mail that such providers, businesses, and institutions can handle without further investment in infrastructure.

      (7) Many senders of unsolicited commercial electronic mail purposefully disguise the source of such mail.

      (8) Many senders of unsolicited commercial electronic mail purposefully include misleading information in the messages' subject lines in order to induce the recipients to view the messages.

      (9) While some senders of commercial electronic mail messages provide simple and reliable ways for recipients to reject (or 'opt-out' of) receipt of commercial electronic mail from such senders in the future, other senders provide no such 'opt-out' mechanism, or refuse to honor the requests of recipients not to receive electronic mail from such senders in the future, or both.

      (10) Many senders of bulk unsolicited commercial electronic mail use computer programs to gather large numbers of electronic mail addresses on an automated basis from Internet websites or online services where users must post their addresses in order to make full use of the website or service.

      (11) Many States have enacted legislation intended to regulate or reduce unsolicited commercial electronic mail, but these statutes impose different standards and requirements. As a result, they do not appear to have been successful in addressing the problems associated with unsolicited commercial electronic mail, in part because, since an electronic mail address does not specify a geographic location, it can be extremely difficult for law-abiding businesses to know with which of these disparate statutes they are required to comply.

      (12) The problems associated with the rapid growth and abuse of unsolicited commercial electronic mail cannot be solved by Federal legislation alone. The development and adoption of technological approaches and the pursuit of cooperative efforts with other countries will be necessary as well.

    (b) CONGRESSIONAL DETERMINATION OF PUBLIC POLICY- On the basis of the findings in subsection (a), the Congress determines that--

      (1) there is a substantial government interest in regulation of commercial electronic mail on a nationwide basis;

      (2) senders of commercial electronic mail should not mislead recipients as to the source or content of such mail; and

      (3) recipients of commercial electronic mail have a right to decline to receive additional commercial electronic mail from the same source.

SEC. 3. DEFINITIONS.

    In this Act:

. . .

      (2) Commercial electronic mail message-

        (A) IN GENERAL- The term 'commercial electronic mail message' means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).

        (B) TRANSACTIONAL OR RELATIONSHIP MESSAGES- The term 'commercial electronic mail message' does not include a transactional or relationship message.

        (C) REGULATIONS REGARDING PRIMARY PURPOSE- Not later than 12 months after the date of the enactment of this Act, the Commission shall issue regulations pursuant to section 13 defining the relevant criteria to facilitate the determination of the primary purpose of an electronic mail message.

        (D) REFERENCE TO COMPANY OR WEBSITE- The inclusion of a reference to a commercial entity or a link to the website of a commercial entity in an electronic mail message does not, by itself, cause such message to be treated as a commercial electronic mail message for purposes of this Act if the contents or circumstances of the message indicate a primary purpose other than commercial advertisement or promotion of a commercial product or service.

. . .

      (13) PROTECTED COMPUTER- The term 'protected computer' has the meaning given that term in section 1030(e)(2)(B) of title 18, United States Code.

. . .

      (17) Transactional or relationship message-

        (A) IN GENERAL- The term 'transactional or relationship message' means an electronic mail message the primary purpose of which is--

          (i) to facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender;

          (ii) to provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient;

          (iii) to provide--

            (I) notification concerning a change in the terms or features of;

            (II) notification of a change in the recipient's standing or status with respect to; or

            (III) at regular periodic intervals, account balance information or other type of account statement with respect to,

          a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender;

          (iv) to provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or

          (v) to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.

. . .


SEC. 4. PROHIBITION AGAINST PREDATORY AND ABUSIVE COMMERCIAL E-MAIL.

    (a) OFFENSE-

      (1) IN GENERAL- Chapter 47 of title 18, United States Code, is amended by adding at the end the following new section:

'Sec. 1037. Fraud and related activity in connection with electronic mail

    '(a) IN GENERAL- Whoever, in or affecting interstate or foreign commerce, knowingly--

      '(1) accesses a protected computer without authorization, and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer,

      '(2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,

      '(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,

      '(4) registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, or

      '(5) falsely represents oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses, and intentionally initiates the transmission of multiple commercial electronic mail messages from such addresses,

    or conspires to do so, shall be punished as provided in subsection (b).

    '(b) PENALTIES- The punishment for an offense under subsection (a) is--

      '(1) a fine under this title, imprisonment for not more than 5 years, or both, if--

        '(A) the offense is committed in furtherance of any felony under the laws of the United States or of any State; or

        '(B) the defendant has previously been convicted under this section or section 1030, or under the law of any State for conduct involving the transmission of multiple commercial electronic mail messages or unauthorized access to a computer system;

      '(2) a fine under this title, imprisonment for not more than 3 years, or both, if--

        '(A) the offense is an offense under subsection (a)(1);

        '(B) the offense is an offense under subsection (a)(4) and involved 20 or more falsified electronic mail or online user account registrations, or 10 or more falsified domain name registrations;

        '(C) the volume of electronic mail messages transmitted in furtherance of the offense exceeded 2,500 during any 24-hour period, 25,000 during any 30-day period, or 250,000 during any 1-year period;

        '(D) the offense caused loss to one or more persons aggregating $5,000 or more in value during any 1-year period;

        '(E) as a result of the offense any individual committing the offense obtained anything of value aggregating $5,000 or more during any 1-year period; or

        '(F) the offense was undertaken by the defendant in concert with three or more other persons with respect to whom the defendant occupied a position of organizer or leader; and

      '(3) a fine under this title or imprisonment for not more than 1 year, or both, in any other case.

    '(c) FORFEITURE-

      '(1) IN GENERAL- The court, in imposing sentence on a person who is convicted of an offense under this section, shall order that the defendant forfeit to the United States--

        '(A) any property, real or personal, constituting or traceable to gross proceeds obtained from such offense; and

        '(B) any equipment, software, or other technology used or intended to be used to commit or to facilitate the commission of such offense.

      '(2) PROCEDURES- The procedures set forth in section 413 of the Controlled Substances Act (21 U.S.C. 853), other than subsection (d) of that section, and in Rule 32.2 of the Federal Rules of Criminal Procedure, shall apply to all stages of a criminal forfeiture proceeding under this section.

    '(d) DEFINITIONS- In this section:

      '(1) LOSS- The term 'loss' has the meaning given that term in section 1030(e) of this title.

      '(2) MATERIALLY- For purposes of paragraphs (3) and (4) of subsection (a), header information or registration information is materially falsified if it is altered or concealed in a manner that would impair the ability of a recipient of the message, an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation.

      '(3) MULTIPLE- The term 'multiple' means more than 100 electronic mail messages during a 24-hour period, more than 1,000 electronic mail messages during a 30-day period, or more than 10,000 electronic mail messages during a 1-year period.

. . .


SEC. 5. OTHER PROTECTIONS FOR USERS OF COMMERCIAL ELECTRONIC MAIL.

    (a) REQUIREMENTS FOR TRANSMISSION OF MESSAGES-

      (1) PROHIBITION OF FALSE OR MISLEADING TRANSMISSION INFORMATION- It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message, or a transactional or relationship message, that contains, or is accompanied by, header information that is materially false or materially misleading. . . .

. . .

      (2) PROHIBITION OF DECEPTIVE SUBJECT HEADINGS- It is unlawful for any person to initiate the transmission to a protected computer of a commercial electronic mail message if such person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that a subject heading of the message would be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message (consistent with the criteria used in enforcement of section 5 of the Federal Trade Commission Act (15 U.S.C. 45)).

      (3) Inclusion of return address or comparable mechanism in commercial electronic mail-

        (A) IN GENERAL- It is unlawful for any person to initiate the transmission to a protected computer of a commercial electronic mail message that does not contain a functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed . . . .

. . .

      (4) PROHIBITION OF TRANSMISSION OF COMMERCIAL ELECTRONIC MAIL AFTER OBJECTION-

        (A) IN GENERAL- If a recipient makes a request using a mechanism provided pursuant to paragraph (3) not to receive some or any commercial electronic mail messages from such sender, then it is unlawful--

          (i) for the sender to initiate the transmission to the recipient, more than 10 business days after the receipt of such request, of a commercial electronic mail message that falls within the scope of the request;

          (ii) for any person acting on behalf of the sender to initiate the transmission to the recipient, more than 10 business days after the receipt of such request, of a commercial electronic mail message with actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that such message falls within the scope of the request;

          (iii) for any person acting on behalf of the sender to assist in initiating the transmission to the recipient, through the provision or selection of addresses to which the message will be sent, of a commercial electronic mail message with actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that such message would violate clause (i) or (ii); or

          (iv) for the sender, or any other person who knows that the recipient has made such a request, to sell, lease, exchange, or otherwise transfer or release the electronic mail address of the recipient (including through any transaction or other transfer involving mailing lists bearing the electronic mail address of the recipient) for any purpose other than compliance with this Act or other provision of law.

. . .

      (5) INCLUSION OF IDENTIFIER, OPT-OUT, AND PHYSICAL ADDRESS IN COMMERCIAL ELECTRONIC MAIL- (A) It is unlawful for any person to initiate the transmission of any commercial electronic mail message to a protected computer unless the message provides--

        (i) clear and conspicuous identification that the message is an advertisement or solicitation;

        (ii) clear and conspicuous notice of the opportunity under paragraph (3) to decline to receive further commercial electronic mail messages from the sender; and

        (iii) a valid physical postal address of the sender.

. . .

    (b) Aggravated Violations Relating to Commercial Electronic Mail-

      (1) Address harvesting and dictionary attacks-

        (A) IN GENERAL- It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message that is unlawful under subsection (a), or to assist in the origination of such message through the provision or selection of addresses to which the message will be transmitted, if such person had actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that--

          (i) the electronic mail address of the recipient was obtained using an automated means from an Internet website or proprietary online service operated by another person, and such website or online service included, at the time the address was obtained, a notice stating that the operator of such website or online service will not give, sell, or otherwise transfer addresses maintained by such website or online service to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages; or

          (ii) the electronic mail address of the recipient was obtained using an automated means that generates possible electronic mail addresses by combining names, letters, or numbers into numerous permutations.

. . .

      (2) AUTOMATED CREATION OF MULTIPLE ELECTRONIC MAIL ACCOUNTS- It is unlawful for any person to use scripts or other automated means to register for multiple electronic mail accounts or online user accounts from which to transmit to a protected computer, or enable another person to transmit to a protected computer, a commercial electronic mail message that is unlawful under subsection (a).

      (3) RELAY OR RETRANSMISSION THROUGH UNAUTHORIZED ACCESS- It is unlawful for any person knowingly to relay or retransmit a commercial electronic mail message that is unlawful under subsection (a) from a protected computer or computer network that such person has accessed without authorization.

. . .

    (d) REQUIREMENT TO PLACE WARNING LABELS ON COMMERCIAL ELECTRONIC MAIL CONTAINING SEXUALLY ORIENTED MATERIAL-

      (1) IN GENERAL- No person may initiate in or affecting interstate commerce the transmission, to a protected computer, of any commercial electronic mail message that includes sexually oriented material and--

        (A) fail to include in subject heading for the electronic mail message the marks or notices prescribed by the Commission under this subsection . . . .

. . .

      (4) DEFINITION- In this subsection, the term 'sexually oriented material' means any material that depicts sexually explicit conduct (as that term is defined in section 2256 of title 18, United States Code), unless the depiction constitutes a small and insignificant part of the whole, the remainder of which is not primarily devoted to sexual matters.

      (5) PENALTY- Whoever knowingly violates paragraph (1) shall be fined under title 18, United States Code, or imprisoned not more than 5 years, or both.

. . .


SEC. 7. ENFORCEMENT GENERALLY.

    (a) VIOLATION IS UNFAIR OR DECEPTIVE ACT OR PRACTICE- Except as provided in subsection (b), this Act shall be enforced by the Commission as if the violation of this Act were an unfair or deceptive act or practice proscribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).

. . .

    (f) Enforcement by States-

      (1) CIVIL ACTION- In any case in which the attorney general of a State, or an official or agency of a State, has reason to believe that an interest of the residents of that State has been or is threatened or adversely affected by any person who violates paragraph (1) or (2) of section 5(a), who violates section 5(d), or who engages in a pattern or practice that violates paragraph (3), (4), or (5) of section 5(a), of this Act, the attorney general, official, or agency of the State, as parens patriae, may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction--

        (A) to enjoin further violation of section 5 of this Act by the defendant; or

        (B) to obtain damages on behalf of residents of the State, in an amount equal to the greater of--

          (i) the actual monetary loss suffered by such residents; or

          (ii) the amount determined under paragraph (3).

. . .

      (3) Statutory damages-

        (A) IN GENERAL- For purposes of paragraph (1)(B)(ii), the amount determined under this paragraph is the amount calculated by multiplying the number of violations (with each separately addressed unlawful message received by or addressed to such residents treated as a separate violation) by up to $250.

        (B) LIMITATION- For any violation of section 5 (other than section 5(a)(1)), the amount determined under subparagraph (A) may not exceed $2,000,000.

        (C) AGGRAVATED DAMAGES- The court may increase a damage award to an amount equal to not more than three times the amount otherwise available under this paragraph if--

          (i) the court determines that the defendant committed the violation willfully and knowingly; or

          (ii) the defendant's unlawful activity included one or more of the aggravating violations set forth in section 5(b).

        (D) REDUCTION OF DAMAGES- In assessing damages under subparagraph (A), the court may consider whether--

          (i) the defendant has established and implemented, with due care, commercially reasonable practices and procedures designed to effectively prevent such violations; or

          (ii) the violation occurred despite commercially reasonable efforts to maintain compliance the practices and procedures to which reference is made in clause (i).

      (4) ATTORNEY FEES- In the case of any successful action under paragraph (1), the court, in its discretion, may award the costs of the action and reasonable attorney fees to the State.

. . .

    (g) Action by Provider of Internet Access Service-

      (1) ACTION AUTHORIZED- A provider of Internet access service adversely affected by a violation of section 5(a)(1), 5(b), or 5(d), or a pattern or practice that violates paragraph (2), (3), (4), or (5) of section 5(a), may bring a civil action in any district court of the United States with jurisdiction over the defendant--

        (A) to enjoin further violation by the defendant; or

        (B) to recover damages in an amount equal to the greater of--

          (i) actual monetary loss incurred by the provider of Internet access service as a result of such violation; or

          (ii) the amount determined under paragraph (3).

      (2) SPECIAL DEFINITION OF 'PROCURE'- In any action brought under paragraph (1), this Act shall be applied as if the definition of the term 'procure' in section 3(12) contained, after 'behalf' the words 'with actual knowledge, or by consciously avoiding knowing, whether such person is engaging, or will engage, in a pattern or practice that violates this Act'.

      (3) STATUTORY DAMAGES-

        (A) IN GENERAL- For purposes of paragraph (1)(B)(ii), the amount determined under this paragraph is the amount calculated by multiplying the number of violations (with each separately addressed unlawful message that is transmitted or attempted to be transmitted over the facilities of the provider of Internet access service, or that is transmitted or attempted to be transmitted to an electronic mail address obtained from the provider of Internet access service in violation of section 5(b)(1)(A)(i), treated as a separate violation) by--

          (i) up to $100, in the case of a violation of section 5(a)(1); or

          (ii) up to $25, in the case of any other violation of section 5.

        (B) LIMITATION- For any violation of section 5 (other than section 5(a)(1)), the amount determined under subparagraph (A) may not exceed $1,000,000.

        (C) AGGRAVATED DAMAGES- The court may increase a damage award to an amount equal to not more than three times the amount otherwise available under this paragraph if--

          (i) the court determines that the defendant committed the violation willfully and knowingly; or

          (ii) the defendant's unlawful activity included one or more of the aggravated violations set forth in section 5(b).

        (D) REDUCTION OF DAMAGES- In assessing damages under subparagraph (A), the court may consider whether--

          (i) the defendant has established and implemented, with due care, commercially reasonable practices and procedures designed to effectively prevent such violations; or

          (ii) the violation occurred despite commercially reasonable efforts to maintain compliance with the practices and procedures to which reference is made in clause (i).

      (4) ATTORNEY FEES- In any action brought pursuant to paragraph (1), the court may, in its discretion, require an undertaking for the payment of the costs of such action, and assess reasonable costs, including reasonable attorneys' fees, against any party.


SEC. 8. EFFECT ON OTHER LAWS.

. . .

    (b) STATE LAW-

      (1) IN GENERAL- This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.

      (2) STATE LAW NOT SPECIFIC TO ELECTRONIC MAIL- This Act shall not be construed to preempt the applicability of--

        (A) State laws that are not specific to electronic mail, including State trespass, contract, or tort law; or

        (B) other State laws to the extent that those laws relate to acts of fraud or computer crime.

. . .


SEC. 9. DO-NOT-E-MAIL REGISTRY.

    (a) IN GENERAL- Not later than 6 months after the date of enactment of this Act, the Commission shall transmit to the Senate Committee on Commerce, Science, and Transportation and the House of Representatives Committee on Energy and Commerce a report that--

      (1) sets forth a plan and timetable for establishing a nationwide marketing Do-Not-E-Mail registry;

      (2) includes an explanation of any practical, technical, security, privacy, enforceability, or other concerns that the Commission has regarding such a registry; and

      (3) includes an explanation of how the registry would be applied with respect to children with e-mail accounts.

. . .


SEC. 12. RESTRICTIONS ON OTHER TRANSMISSIONS.

    Section 227(b)(1) of the Communications Act of 1934 (47 U.S.C. 227(b)(1)) is amended, in the matter preceding subparagraph (A), by inserting ', or any person outside the United States if the recipient is within the United States' after 'United States'.

...


   

 

     
Top Top of Page Up Chapter 04 Title Page Title Page
  Email Listserve Email Listserve
     
(C) 2003 Tom W. Bell. All rights reserved. Fully attributed noncommercial use of this document permitted if accompanied by this paragraph.
www.tomwbell.com/NetLaw/Ch04/CAN-SPAM.html - v.2005.09.15