Morrison & Foerster : Legal Updates & News : Legal Updates : Congress Passes Anti-Spam Law, Preempts Much State Anti-Spam Legislation

For more information on the CAN-SPAM Act, please contact:

John F. Delaney
Charles H. Kennedy
Miriam H. Wugmeister

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Print page

Email page

			Related Practices: Communications & Media Law Corporate Entertainment Law Financial Services Law International Life Sciences Privacy and Data Security Public Companies & Corporate Governance Real Estate Securities Litigation, Enforcement and White-Collar Defense Technology Transactions

Congress Passes Anti-Spam Law, Preempts Much State Anti-Spam Legislation

December 2003

Both chambers of Congress have passed a long-awaited bill that creates a federal regime for the regulation of spam email. The bill, known as the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003" (or "CAN-SPAM Act"), preempts many provisions of existing state anti-spam laws, including the highly restrictive California law that was set to take effect in January 2004. Because of slight differences in the versions passed by each chamber, the CAN-SPAM Act must go back to the House of Representatives for a final vote. That vote is expected to take place the week of December 8th.

The CAN-SPAM Act will not prohibit the sending of commercial email. It does, however, prohibit certain fraudulent and misleading practices, and requires senders of unsolicited commercial emails to give recipients a means to "opt out" of future mailings from those senders. The Act also authorizes the Federal Trade Commission ("FTC") to bring enforcement proceedings against violators, and permits -- but does not require -- the FTC to establish a national "do not spam" list similar to the do not call registry that now restricts telemarketing calls.

The new Act will have little impact on unethical businesses that already engage in fraud or deception by means of email. Those enterprises will locate their servers offshore or take other measures to avoid prosecution, and simply will continue to operate as usual. The greatest impact will be on legitimate businesses that use email as a marketing, transaction fulfillment or customer service channel. Those businesses will want to study the new law thoroughly and ensure that adequate compliance measures are in place.

The new Act is a complex set of prohibitions and definitions that will leave businesses with a number of unanswered questions. A subsequent MoFo bulletin will cover the provisions of the Act in detail and discuss some of the issues it presents. The following, however, are the highlights of the new Act.

1. The New Act Permits Email Advertising.

Unlike the highly restrictive California statute that was set to take effect in January, 2004, the CAN-SPAM Act allows companies to send email ads to potential customers, even where the recipients have not given prior consent to such mailings and even where the sender does not have a preexisting or current business relationship with the recipient.

2. The Act Prohibits Misleading Headers and Other Practices That Mask the Origin of Email Ads.

The CAN-SPAM Act casts a wide net over any and all attempts to conceal the origins of email ads or the identities of their senders. Specific prohibited practices include falsification of header information, false registrations for email accounts or IP addresses used in connection with email ads, and retransmissions of email ads for the purpose of concealing their origins.

3. Recipients Must Be Allowed to Opt Out of Future Mailings.

As noted earlier, the new Act permits the mailing of email ads to persons who have not agreed to receive them and who have no preexisting or current business relationship with the sender. However, the sender of such emails must give recipients the means of asking not to receive future email ads from that sender. This means that the email must give the recipient the ability to send a reply message or other "Internet based communication" that opts out of future emails from the sender. Also, the recipient's ability to make such an opt out response must be good for at least 30 days after the original message is sent.

4. Email Ads May Not Be Sent to a Recipient That Has Asked Not to Receive Them.

If a recipient of an email ad has exercised his or her right to refuse future mailings, the sender must honor that request. Specifically, the sender must cease transmission of email ads to that recipient after 10 days from the date of receipt of the opt out request. The sender also is generally prohibited from selling or otherwise transferring email addresses of persons who have opted out of future mailings.

5. Email Ads Must Be Identified As Such.

The new Act requires email advertisers to identify their messages as advertisements or solicitations, and to do so by means that are "clear and conspicuous." The specific, required means of identification will be determined by the FTC in the course of its rulemaking proceeding.

6. State Anti-Spam Laws Generally Are Preempted.

Perhaps the most important provision of the new Act is its preemption language. Specifically, the CAN SPAM Act "supersedes any statute, regulation, or rule of a state or political subdivision of a state that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto." By preempting state anti-spam restrictions not directly related to fraud or deception, the new Act protects legitimate businesses against more restrictive state legislation and simplifies the task of compliance with legal requirements.

7. Recipients Do Not Have A Right to Sue Spammers.

Unlike the pending California statute and some other state anti-spam laws, the new Act does not permit recipients of commercial emails to sue the senders for violations of the Act. Enforcement will be only by means of criminal and civil actions brought by the FTC or state law enforcement authorities. Internet service providers, however, do have a right to bring civil lawsuits under the new Act.

8. The FTC Will Enact Rules to Clarify the Act's Requirements.

The Act requires the FTC to enact implementing rules within 12 months of the Act's effective date. Those rules are expected to define key terms of the Act, including the circumstances under which an email's primary purpose will be found to be the promotion or advertisement of a commercial product or service.