What Exactly is Spam?

Spam is delivered via several mediums, to include:

• E-mail messages
• Search engines
• Instant messaging
• Web blogs
• Usenet newsgroups
• Text messaging mobile phones
• Internet telephony 

The growth of spam is a result of the cost benefit to initiators, who need only devise and develop distribution lists. The other associated costs of spam, such as bandwidth, message management and loss of productivity, become the responsibility of recipients of the messages, ISPs or other public and private entities. 

In 2003, the US passed the Controlling the Assault of Non-Solicited Pornography and Marketing  (CAN-SPAM) Act of 2003, which establishes standards for sending commercial e-mail. More specifically, the act is intended “to regulate interstate commerce by imposing limitations and penalties on the transmission of unsolicited, commercial electronic mail via the Internet”. The act establishes the Federal Trade Commission (FTC) as the overseer of its provisions. 

The act establishes electronic mail as extremely important in communication since it “provides an opportunity for the development and growth of frictionless commerce”, which is being threatened by unsolicited commercial email. The act establishes the following as criminal behaviors when used in connection with foreign or interstate electronic mail: 

• Knowingly accessing a protected computer without authorization
• Intentionally deceiving or misleading the origin of messages
• Falsifying header information
• Falsifying registration information for 5 or more e-mail accounts or 2 or more domain names
• Falsely representing one’s self as the registrant of 5 or more IP addresses
• Obtaining e-mail addresses through improper means
• Perpetrating fraud, identity theft, child pornography, obscenity and the sexual exploitation of children. 

Criminal penalties include a fine and/or imprisonment for up to 5 years dependent upon:

• The volume of electronic transmissions
• The amount of falsified information
• Losses incurred by others
• Monetary gains from the act
• Whether the act was committed in furtherance of an felony
• Prior offenses. 

Civil penalties are dependent upon the jurisdiction placing the charges and may range from hundreds of dollars to millions of dollars, dependent upon the severity of the crimes and losses involved. Also, property traceable to proceeds from monetary gains and equipment used to commit an offense may be forfeited to the US government. 

As critics of the law argue, the legislation fails to dictate to marketers and advertisers, not to spam. In fact, the act does not make reference to the term, “spam”, except as used in the name, CAN-SPAM. The act makes reference to the phrase, commercial electronic mail message, and defines it to be “any electronic mail message, the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)”. 

Legislation is intended to curb practices inherent in spamming, such as e-mail harvesting, dictionary attacks and using viruses and Trojans to perpetrate messages. The act establishes the following with respect to commercial electronic mail messages: 

• A message must contain a legitimate return address.
• A message must include and specify a method to opt-out of receiving further messages. The ability to opt-out must be available for 30 days.
• The sender may not initiate messages after 10 days of receipt of an opt-out.
• The sender may not sell, lease, exchange or transfer the opt-out e-mail address to an affiliate.
• The sender may offer a menu of options that allow the recipient to either opt-out or opt-in to future messages*. 
• A message must include an identifier that specifies the message as an advertisement or solicitation.
• Messages containing sexually oriented material must contain clearly identifiable markings or notices
• A message must include a valid, physical, postal address by which the sender may be contacted.
• The sender may not send messages to addresses that were knowingly acquired from proprietary websites and ISPs, through automated methods. Particularly, when the site or ISP provides notice of their refusal to give, sell or transfer addresses for the purpose of initiating electronic mail messages.
• The sender may not create automated scripting and other means to gain multiple email addresses for the purpose of transmitting illegal messages.
• The sender may not transmit messages from a computer or email address obtained without authorization.

*Unlike opt-out advertising, which allows the recipients of advertisement to discontinue any unwanted advertisements from the sender, opt-in advertising allows the advertiser to request to have specific advertisement sent. The recipient may allow or deny permission to have further advertisement sent. If allowed, the advertiser immediately includes that e-mail address to its distribution list. Another option is, double opt-in advertising, which is similar to opt-in advertising except that once the recipient grants permission to send advertisements, a confirmation request is sent to the recipient to verify that they did, indeed, allow the permission. The e-mail address is added to the distribution list only after the recipient has positively responded to the confirmation request. 

CAN-SPAM is not intended to provide cause for the general public to sue spammers, individually or in class action suits. It is designed to allow enforcement by the FTC and other federal agencies for the benefit of the general public. Individuals remain privy to the state laws and regulations of their particular jurisdictions.