We all know SPAM as the canned processed meat our moms keep in the pantry. But in today’s tech-driven world, “spam” has taken on a new identity.
In the 1970s, a British sketch comedy group named Monty Python performed a series of skits that gave the word new meaning. In these skits, the word “spam” was chanted so many times that it quickly became associated with messages that were annoying and repetitive.
Spam has become such a global dilemma that many countries have implemented legislation to combat it. One of these legislations is the CAN-SPAM Act, which is a United States federal law that protects recipients from unwanted messages and potential cyberattacks.
In this article, we explain what the CAN-SPAM Act consists of, what the main requirements are, the penalties for violation, and how users can report an incident. But first, let’s identify the different types of spam so you can be informed and protected.
Pro Tip: The best way to stay protected against something is by understanding it fully. Check out our What Is Spam guide to stay 10 steps ahead.
What Is the CAN-SPAM Act?
CAN-SPAM stands for “Controlling the Assault of Non-Solicited Pornography And Marketing.” This law was passed in the United States in 2003, and it oversees the requirements for commercial communications that are sent via email.
The CAN-SPAM Act is enforced by the Federal Trade Commission (FTC). Whether it’s business-to-consumer or business-to-business, the law applies to electronic messages used for commercial intent.
Main Requirements of the CAN-SPAM Act
The cost of violation is incredibly high for business entities who do not comply with the law’s requirements. Businesses need direct communication with their customer database in order to operate and grow in today’s market. This usually comes in the form of text messages, phone calls, emails, and social media messages. To avoid penalties, commercial entities must follow these best practices:
Write Clear Subject Lines
Subject lines should clearly relate to the main content.
Include a Valid Address
A legitimate address must be included somewhere in the message. They are usually placed at the bottom of the email next to the unsubscribe link.
Clearly Identify Messages as Advertisement
If your email contains an advertisement or any kind of promotional material, be transparent and let the recipient know.
Allow Recipients to Unsubscribe
Every message must include a way to opt out of receiving future communication.
Honor Opt-Out Requests
Merchants must honor all opt-out requests promptly. When a recipient states they no longer want to receive communications, the sender can no longer deliver messages, sell their information, or transfer their email addresses.
Use a Valid Domain
Ensure the accuracy of the information you provide. Use a valid domain name, email address, and heading.
FYI: Unfortunately, spam doesn’t just stop at your inbox. Spam texts are also a real thing. Check out our guide on smishing to learn more about phishing text messages.
Penalties for Violating the CAN-SPAM Act
Penalties can be enforced in a number of ways. The FTC can impose civil penalties of up to $16,000 for each separate email that violates the CAN-SPAM Act. Some states have an additional penalty for loss and statutory damages from $250 per violation up to $2,000,000. Internet Service Providers (ISPs) can also impose separate fees for malpractice.
Noncompliance can be costly, but the rules are simple. If businesses comply with the requirements stated in the CAN-SPAM Act, they can avoid thousands and sometimes millions of dollars in fines.
How to Report a CAN-SPAM Act Violation
Recipients can report spammers directly on the FTC’s website. The FTC is the organization that enforces regulations that prevent unfair practices and fraudulent activity. Scams can be reported at ReportFraud.ftc.gov. The webpage also provides guides for merchants and business owners that help them understand the law and comply with it.
In addition to informing the FTC, they recommend that users forward any fraudulent messages to their designated email provider, whether that’s Gmail, Microsoft Outlook, Yahoo, or any other. Every email platform has a filtering system that creates a protective barrier between users and spammers.
CAN-SPAM Act vs. European Union’s ePrivacy Directive
The European Union uses the ePrivacy Directive to regulate the usage of cookies, data privacy, and unsolicited communication. This applies to email marketing, text messages, phone calls, and any other form of electronic communication.
The main difference between the United States’ CAN-SPAM Act and the European Union’s ePrivacy Directive is the opt-in. In the United States, business entities are allowed to send email messages without prior permission. Their main focus is to protect recipients once they unsubscribe and make sure the sender immediately honors every opt-out.
In a similar fashion to the CAN-SPAM Act, the ePrivacy Directive also protects users when they choose to void all communication with any given sender. However, in the European Union, people can only receive messages if they have previously opted in. Whether it’s business-to-consumer or business-to-business, consent must be given, and the recipient must be informed on how their data will be used.
Recap: What Is the CAN-SPAM Act?
In the ’90s, when the use of email became popularized and required for our daily lives, spam found one of its main outlets. Since then, it’s become such a global issue that many countries have implemented legislation to combat it. The CAN-SPAM Act is a law established in the U.S. that oversees the ethical use of commercial emails.
Business entities are required to include a valid address in every message, allow recipients to unsubscribe at any moment, and state when a message contains promotional material. CAN-SPAM stands for “Controlling the Assault of Non-Solicited Pornography and Marketing.” This law is enforced by the FTC, which can impose civil penalties of up to $16,000 for each separate email that violates the act.
Although the stakes are high, spamming remains a significant issue in today’s society. The best way to combat it is by being informed about the rules and regulations, learning how to identify spam when you see it, and immediately reporting it to the FTC.
Frequently Asked Questions About the CAN-SPAM Act
-
Does the CAN-SPAM Act cover emails?
Yes. The CAN-SPAM Act is a law that protects recipients from receiving unwanted commercial communications in the form of emails. Under this law, business entities cannot use misleading subject lines, must include a valid address, and must allow recipients to opt out of receiving future communications.
-
Will I still receive emails if I opt out?
Under the CAN-SPAM Act, once a recipient opts out, the merchant must cease all future communications. If they continue sending messages, they can be reported and blocked directly on any email platform or using third-party apps.
-
What is the FTC?
The FTC is the Federal Trade Commission. It is a United States federal agency that protects the public from deceptive or unfair business practices. The FTC enforces the CAN-SPAM Act, which is a law that sets the rules for commercial messaging, grants recipients the right to opt out of unwanted communications, and implements penalties for violations.
-
Is the CAN-SPAM Act the same as the ePrivacy Directive?
The CAN-SPAM is a federal law in the United States that is enforced by the Federal Trade Commission. ePrivacy Directive is a similar law that was passed by the European Union. Both of them protect recipients from receiving unwanted commercial messages, whether through email, text, or any other form of electronic communication. However, there is one key difference that sets them apart.
Under the European Union’s ePrivacy Directive, people can only receive messages if they have previously opted in. Consent must be granted, the recipient must be informed how their data will be used, and they must be offered a way to unsubscribe at any moment.
In the United States, the CAN-SPAM Act requires business entities to offer recipients a way to opt out and must promptly honor their request to do so. However, unlike the ePrivacy Directive, they are allowed to send email messages without prior permission.
-
How can businesses avoid penalties for violations?
Do not use false or misleading information. Always include your address, clearly disclose when an email contains an advertisement, avoid deceptive subject lines, provide an easy way for recipients to opt out, and honor all opt-out requests immediately.