CAN-SPAM Act Clarified

July 9, 2008

The Federal Trade Commission (“FTC”) has issued a Final Rule that adds four new provisions and provides clarification of some of the CAN-SPAM Act’s requirements. This Final Rule, effective July 7, 2008, is the culmination of work that was begun three years ago with a proposed FTC rule, and takes into account comment letters from 150 individuals, businesses, and organizations.

The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003) regulates the sending of unsolicited commercial emails, and became effective January 1, 2004. Although “spam” is generally defined as unsolicited commercial e-mail sent to a large number of addresses, the Act makes no distinction between solicited and unsolicited commercial e-mail. It defines commercial e-mail as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)." Transactional or relationship messages are not subject to or regulated by the Act.

The CAN-SPAM Act outlaws certain commercial acts and practices with respect to commercial email, and imposes requirements on senders of commercial emails:

Four specific practices are cited by the CAN-SPAM Act as “aggravated violations” which, when alleged and proven in combinations with certain other violations of the Act, will increase the statutory damages imposed upon the sender. These practices are: address harvesting; dictionary attacks; automated creation of multiple email accounts; and relaying or retransmitting through unauthorized access to a protected computer or network.

Changes to Definitions

The FTC made some changes several changes to the definitions found in the Act:

This change provides a more flexible approach for email marketers, and is more logical from a consumer perspective since the consumer is likely to focus on the “from” line to identify the sender. It is this sender that must honor “opt out” requests, and is responsible for the email’s compliance with the CAN-SPAM Act requirements. It is important to realize, however, that liability for compliance with the Act does not shift exclusively to the sender, since certain other requirements and prohibitions imposed by the Act upon “initiators” of emails, will continue to apply to all persons identified in the commercial email.

Transactional or Relationship Messages

The FTC considered whether to change the statutory definition of “transactional or relationship messages,” to address various types of messages such as legally mandated notices, debt collection email communications, and employment-related messages. It ultimately declined to make any changes to the statutory definition, since none of the types of messages put forth in the Notice of Proposed Rulemaking met the statutory standard for modifying the definition. Some of the issues raised by the commentators with respect to a particular type of message could be resolved using the “primary purpose test”, as in the case of legally mandated messages, messages concerning copyright infringement or emails messages for the purpose of conducting market research. In the case of others, such as messages from debt collectors, including third party agents, or in the case of most employment-related email messages, the overwhelming majority of such messages will likely fall within the existing definition of “transactional or relationship messages.”

However, the FTC did provide guidance on the interpretation of some particular forms of communication:

Forward-to-a-“Friend” Messages

The FTC was persuaded by the commentators to modify its earlier position on forward-to-a-“friend” messages. This type of message could arise under two different scenarios – where the content of the email message encouraged the recipient to forward the message to others, and where the seller’s web site encouraged visitors to supply others’ email addresses. Rather than attempt to refine the definition based upon the nature and method of forwarding, the FTC established a bright line test that turns on the presence or absence of consideration for the act of forwarding. A seller would not have liability under the Act for the forwarding of these types of email messages so long as the seller did not offer consideration for the forwarding. No matter what the nature (coupons, discounts, rewards) or amount of consideration – even an offer of de minimus consideration – an offer of consideration will be sufficient to cause the seller to be an “initiator” of the forwarded message, and subject the seller to liability under the Act.

No Fee for Opting Out

The FTC adopted a rule prohibiting a sender of commercial emails from imposing a fee upon a recipient for opting out of future unsolicited emails, or from requiring the recipient to provide any information other than a recipient’s email address and opt out preferences.


The CAN-SPAM Act gives the FTC enforcement authority for the Act. In addition, the Act gives the state attorneys general the authority to bring an enforcement action in federal court after giving advance notice to the FTC where possible. Finally, internet service providers may bring a federal court action to enforce certain of the Act’s prohibitions. The enforcement authority given to the FTC is the same as that afforded the FTC under its trade regulation rule authority, meaning that each violation is subject to fines of $11,000 per day, with additional penalties where “aggravated violations” are proven.

Additional Documents: