CAN-SPAM defines a "commercial electronic mail message" as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)."

 

The FTC issued final rules (16 C.F.R. 316) clarifying the phrase "primary purpose" on December 16, 2004. Previous state laws had used bulk (a number threshold), content (commercial), or unsolicited to define spam.

"Commercial", by many industry standards, is defined by a combination of the content in the subject line and "above the fold content" in the body of the message. If this content contains a solicitation and it can be determined that the majority of the content is selling something- it is a commercial offer.

If the subject line and body content are majority invoicing information, a sales receipt, account information, etc. the offer is considered transactional. Note that an offer or advertisement can be placed in a transactional message so long as it is placed in a non-prominent position. Many in the email marketing industry utilize the 80/20 rule to define commercial vs. transactional email in order to be clearly in either category.


The bill permits e-mail marketers to send unsolicited commercial e-mail as long as it adheres to 3 basic types of compliance defined in the CAN-SPAM Act: unsubscribe, content and sending behavior compliance:

 

Unsubscribe compliance

  • A visible and operable unsubscribe mechanism is present in all emails.

  • Consumer opt-out requests are honored within 10 days.

  • Opt-out lists also known as suppression lists are only used for compliance purposes.

Content compliance

  • Accurate from lines (including "friendly froms")

  • Relevant subject lines (relative to offer in body content and not deceptive)

  • A legitimate physical address of the publisher and/or advertiser is present.

  • A label is present if the content is adult.

Sending behavior compliance

  • A message cannot be sent through an open relay

  • A message cannot be sent to a harvested email address

  • A message cannot contain a false header

Note that falsifying header information is a serious violation of the CAN-SPAM Act and generally is an indicator of criminal or malicious intent which can bring the attention of other law enforcement agencies besides the FTC, including but not limited to the FBI, DOJ and US Postal Inspectors.

The content is exempt if it consists of

  • religious messages;

  • political messages;

  • content that broadly complies with the marketing mechanisms specified in the law; or

  • national security messages.


There are no restrictions against a company emailing its existing customers or anyone who has inquired about its products or services, regardless of whether or not these individuals have given permission, as these messages are classified as "relationship" messages under CAN-SPAM.

 

If a user opts out, a sender has ten days to cease sending and can only use that email address for compliance purposes. The legislation also prohibits the sale or other transfer of an e-mail address after an opt-out request. The law also requires that the unsubscribe mechanism must be able to process opt-out requests for at least 30 days.

Use of automated means to register for multiple e-mail accounts from which to send spam compound other violations. It prohibits sending sexually-oriented spam without the label later determined by the FTC of "SEXUALLY EXPLICIT." This label replaced the similar state labeling requirements of "ADV:ADLT" or "ADLT."

CAN-SPAM in makes it a misdemeanor to send spam with falsified header information. A host of other common spamming practices can make a CAN-SPAM violation an "aggravated offense," including harvestingdictionary attacksIP address spoofing, hijacking computers through Trojan horses or worms, or using open mail relays for the purpose of sending spam.