{{short description|American law to regulate bulk e-mail}} {{Use American English|date=June 2025}} {{AI-generated|date=January 2026|reason=Content originating in this [[User:Ejl183/sandbox|Nov 2025 sandbox]]; note [[WP:AISIGNS]] in superficial analyses, vocab distribution/co-occurrence, etc. Text appears to have been tweaked manually somewhat.}} {{Infobox U.S. legislation | name = Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 | othershorttitles = CAN-SPAM Act of 2003 | fullname = An Act to regulate interstate commerce by imposing limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet. | acronym = | nickname = | enacted by = 108th | effective date = | public law url = | cite public law = {{USPL|108|187}} | cite statutes at large = {{USStat|117|2699}} | acts amended = | acts repealed = | title amended = [[Title 15 of the United States Code|15 U.S.C.: Commerce and Trade]] | sections created = {{Usc-title-chap|15|103}} | sections amended = | leghisturl = https://www.congress.gov/bill/108th-congress/senate-bill/877 | introducedin = Senate | introducedbill = S.877 | introducedby = [[Conrad Burns]] ([[Republican Party (United States)|R]]–[[Montana|MT]]) | introduceddate = April 10, 2003 | committees = | passedbody1 = Senate | passeddate1 = October 22, 2003 | passedvote1 = 97–0 | passedbody2 = House | passedas2 = <!-- used if the second body changes the name of the legislation --> | passeddate2 = November 22, 2003 | passedvote2 = 392–5 | conferencedate = | passedbody3 = | passeddate3 = | passedvote3 = | agreedbody3 = <!-- used when the other body agrees without going into committee --> | agreeddate3 = <!-- used when the other body agrees without going into committee --> | agreedvote3 = <!-- used when the other body agrees without going into committee --> | agreedbody4 = <!-- used if agreedbody3 further amends legislation --> | agreeddate4 = <!-- used if agreedbody3 further amends legislation --> | agreedvote4 = <!-- used if agreedbody3 further amends legislation --> | passedbody4 = | passeddate4 = | passedvote4 = | signedpresident = [[George W. Bush]] | signeddate = December 16, 2003 | unsignedpresident = <!-- used when passed without presidential signing --> | unsigneddate = <!-- used when passed without presidential signing --> | vetoedpresident = <!-- used when passed by overriding presidential veto --> | vetoeddate = <!-- used when passed by overriding presidential veto --> | overriddenbody1 = <!-- used when passed by overriding presidential veto --> | overriddendate1 = <!-- used when passed by overriding presidential veto --> | overriddenvote1 = <!-- used when passed by overriding presidential veto --> | overriddenbody2 = <!-- used when passed by overriding presidential veto --> | overriddendate2 = <!-- used when passed by overriding presidential veto --> | overriddenvote2 = <!-- used when passed by overriding presidential veto --> | amendments = | SCOTUS cases = }}
The '''Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act of 2003''' is a law passed in 2003 establishing the [[United States]]' first national standards for the sending of commercial [[e-mail]]. The law requires the [[Federal Trade Commission]] (FTC) to enforce its provisions. Introduced by [[Republican Party (United States)|Republican]] [[Conrad Burns]], the act passed both the [[United States House of Representatives|House]] and [[United States Senate|Senate]] during the [[108th United States Congress]] and was signed into law by [[President of the United States|President]] [[George W. Bush]] in December 16, 2003 and was enacted on January 1, 2004.<ref>{{Cite web|last=Burns|first=Conrad R.|date=2003-12-16|title=S.877 - 108th Congress (2003-2004): CAN-SPAM Act of 2003|url=https://www.congress.gov/bill/108th-congress/senate-bill/877|access-date=2021-06-26|website=www.congress.gov}}</ref><ref>{{Cite journal |last=Kigerl |first=Alex C. |date=2018-03-01 |title=Email spam origins: does the CAN SPAM act shift spam beyond United States jurisdiction? |url=https://doi.org/10.1007/s12117-016-9289-9 |journal=Trends in Organized Crime |language=en |volume=21 |issue=1 |pages=62–78 |doi=10.1007/s12117-016-9289-9 |issn=1936-4830|url-access=subscription }}</ref>
== History == The acronym CAN-SPAM derives from the bill's full name. The bill was sponsored in Congress by Senators [[Conrad Burns]] and [[Ron Wyden]].
The CAN-SPAM Act is occasionally referred to by critics as the "You-Can-Spam" Act because the bill fails to prohibit many types of e-mail spam and [[Federal preemption|preempts]] some state laws that would otherwise have provided victims with practical means of redress. In particular, it does not require e-mailers to get permission before they send marketing messages.<ref>{{cite news|url=http://archive.wired.com/techbiz/media/news/2004/01/62020|title=With This Law, You Can Spam|publisher=Wired|access-date=March 21, 2009|date=January 23, 2004}}</ref> It also prevents states from enacting stronger anti-spam protections, and prohibits individuals who receive spam from suing spammers except under laws not specific to e-mail. The Act has been largely unenforced,<ref>{{cite web|url=http://www.mondaq.com/article.asp?article_id=28901|title=United States: A New Weapon in The Fight Against Spam|publisher=mondaq|access-date=March 21, 2009}}</ref> despite a letter to the FTC from Senator Burns, who noted that "Enforcement is key regarding the CAN-SPAM legislation." In 2004, less than 1% of spam complied with the CAN-SPAM Act of 2003.<ref>{{cite web|url=http://www.pcworld.com/article/114287/article.html|title=Is the CAN-SPAM Law Working?|publisher=[[PC World (magazine)|PC World]]|access-date=May 12, 2015|archive-date=May 18, 2015|archive-url=https://web.archive.org/web/20150518003346/http://www.pcworld.com/article/114287/article.html|url-status=dead}}</ref>
The law prescribed the FTC to report back to Congress within 24 months of the effectiveness of the act.<ref>{{cite web|url=http://www.ftc.gov/bcp/conline/edcams/spam/reports.htm|title=SPAM reports page|publisher=FTC|access-date=March 21, 2009|archive-url=https://web.archive.org/web/20081217232005/http://www.ftc.gov/bcp/conline/edcams/spam/reports.htm|archive-date=December 17, 2008|url-status=dead|df=mdy-all}}</ref> Once this took place, no changes were recommended. It also requires the FTC to promulgate rules to shield consumers from unwanted [[mobile phone spam]]. On December 20, 2005 the FTC reported that the volume of spam has begun to level off, and due to enhanced anti-spam technologies, less was reaching consumer inboxes. A significant decrease in sexually explicit e-mail was also reported.<ref>{{cite web|url=http://www.ftc.gov/reports/canspam05/051220canspamrpt.pdf |title=Effectiveness and Enforcement of the CAN-SPAM Act: A Report to Congress |publisher=FTC |access-date=8 October 2015 |url-status=bot: unknown |archive-url=https://web.archive.org/web/20131008071541/http://www.ftc.gov/reports/canspam05/051220canspamrpt.pdf |archive-date=8 October 2013}}</ref>
Later modifications changed the original CAN-SPAM Act of 2003 by (1) Adding a definition of the term "person"; (2) Modifying the term "sender"; (3) Clarifying that a sender may comply with the act by including a [[post box|post office box]] or private mailbox; and (4) Clarifying that to submit a valid opt-out request, a recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any other steps other than sending a reply email message or visiting a single page on an Internet website.
== The mechanics of CAN-SPAM ==
=== Applicability === CAN-SPAM, a direct response of the growing number of complaints over spam e-mails,<ref name="aplegal" /> defines a "commercial electronic mail message" as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)." It exempts "transactional or relationship messages." The FTC issued final rules<ref>{{cite web |url=http://www.ftc.gov/os/2005/01/050112canspamfrn.pdf |title=Definitions and Implementation Under the CAN-SPAM Act|publisher=FTC |access-date=March 21, 2009 |url-status=dead |archive-url=https://web.archive.org/web/20090207040530/http://www.ftc.gov/os/2005/01/050112canspamfrn.pdf|archive-date=February 7, 2009}}</ref> ({{USCFR|16|316}}) clarifying the phrase "primary purpose" on December 16, 2004. Previous state laws had used bulk (a number threshold), content (commercial), or unsolicited to define spam. The explicit restriction of the law to commercial e-mails is widely considered by those in the industry<ref>{{cite web|last1=Roth|first1=Wendy|title=The Letter of the CAN-SPAM Law|url=http://www.imediaconnection.com/content/8272.asp|website=iMedia Connection|access-date=8 October 2015|archive-date=29 July 2015|archive-url=https://web.archive.org/web/20150729215241/http://www.imediaconnection.com/content/8272.asp|url-status=dead}}</ref><ref>{{cite web|last1=Atkins|first1=Laura|title=Political Spam|url=https://wordtothewise.com/2008/05/political-spam/|website=Word to the Wise|date=21 May 2008 |access-date=8 October 2015}}</ref> to essentially exempt purely political and religious e-mail from its specific requirements. Such non-commercial messages also have stronger First Amendment protection, as shown in ''Jaynes v. Commonwealth''.<ref>{{cite web|last1=Helman|first1=Igor|title=SPAM-A-LOT: THE STATES' CRUSADE AGAINST UNSOLICITED E-MAIL IN LIGHT OF THE CAN-SPAM ACT AND THE OVERBREADTH DOCTRINE|url=http://www.bc.edu/content/dam/files/schools/law/bclawreview/pdf/50_5/10_helman.pdf|website=Boston College Law Review|access-date=8 October 2015|archive-date=23 September 2015|archive-url=https://web.archive.org/web/20150923192703/http://www.bc.edu/content/dam/files/schools/law/bclawreview/pdf/50_5/10_helman.pdf|url-status=dead}}</ref>
Congress determined that the US government was showing an increased interest in the regulation of commercial electronic mail nationally, that those who send commercial e-mails should not mislead recipients over the source or content of them, and that all recipients of such emails have a right to decline them.<ref name="aplegal">{{cite web|url=http://aplegal.com/2014/07/21/how-to-do-email-marketing-right/|title=How To Do Email Marketing Right|publisher=Aplegal.com|date=21 July 2014|access-date=15 August 2014}}</ref> However, CAN-SPAM does not ban spam emailing outright, but imposes laws on using deceptive marketing methods through headings that are "materially false or misleading". In addition there are conditions that email marketers must meet in terms of their format, their content, and labeling.<ref name="aplegal" /> The three basic types of compliance defined in the CAN-SPAM Act—unsubscribe, content, and sending behavior — are as follows:
=== Unsubscribe compliance === *A visible and operable unsubscribe mechanism is present in all emails. *Consumer opt-out requests are honored within 10 business days.<ref>{{cite web|url=http://consumer.findlaw.com/online-scams/the-can-spam-act-trying-to-protect-consumers-from-unsolicited.html|title=The CAN-SPAM Act: Trying to Protect Consumers From Unsolicited Commercial E-Mail |publisher=Consumer.findlaw.com|access-date=15 August 2014}}</ref> *Opt-out lists also known as [[suppression list]]s are used only for compliance purposes.
=== Content compliance === * Accurate "From" lines<ref name="ftc.gov">{{Cite web |url=https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business |title=CAN-SPAM Act: A Compliance Guide for Business |date=2 September 2009 |publisher=Federal Trade Commission |access-date=2018-01-12 |archive-date=2018-01-12 |archive-url=https://web.archive.org/web/20180112200616/https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business |url-status=dead }}</ref> * Relevant subject lines (relative to offer in body content and not deceptive)<ref name="ftc.gov"/> * A legitimate physical address of the publisher or advertiser is present. PO Box addresses are acceptable in compliance with {{USCFR|16|316|2|(p)}} and if the email is sent by a third party, the legitimate physical address of the entity, whose products or services are promoted through the email should be visible. * A label is present if the content is adult.
=== Sending behavior compliance === * A message cannot be sent without an unsubscribe option. * A message cannot contain a false header * A message should contain at least one sentence.<ref name="canspam act">{{Cite web|title=canspam act|url=https://www.brickwaymarketing.com/can-spam-act/|access-date=2020-12-13|archive-date=2020-12-04|archive-url=https://web.archive.org/web/20201204173002/https://www.brickwaymarketing.com/can-spam-act/|url-status=dead}}</ref> * A message cannot be null.<ref name="canspam act"/> * Unsubscribe option should be below the message.<ref>{{Cite web |url=https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business |title=CAN-SPAM Act: A Compliance Guide for Business |date=2 September 2009 |publisher=Federal Trade Commission |access-date=2016-09-19 |archive-date=2016-09-18 |archive-url=https://web.archive.org/web/20160918230902/https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business |url-status=dead }}</ref>
There are no restrictions against a company emailing its existing customers or anyone who has inquired about its products or services, even if these individuals have not given permission, as these messages are classified as "relationship" messages under CAN-SPAM.<ref>{{USCSub|15|7702|17}}</ref> But when sending unsolicited commercial emails, it must be stated that the email is an advertisement or a marketing solicitation. Note that senders are exempt from this rule if recipients have signed up to receive commercial messages from the sender.
If a user opts out, a sender has ten days to cease sending and can use that email address only for compliance purposes. The legislation also prohibits the sale or other transfer of an e-mail address after an opt-out request. The law also requires that the unsubscribe mechanism must be able to process opt-out requests for at least 30 days after the transmission of the original message.<ref>{{USCSub|15|7704|a_3}}</ref>
Use of automated means to register for multiple e-mail accounts from which to send spam compound other violations. It prohibits sending [[Internet pornography|sexually oriented spam]] without the label later determined by the FTC of "SEXUALLY EXPLICIT." This label replaced the similar state labeling requirements of "ADV:ADLT" or "ADLT."
CAN-SPAM makes it a [[misdemeanor]] to send spam with falsified header information.<ref>{{USCSub|15|7704|a}}</ref> A host of other common spamming practices can make a CAN-SPAM violation an "aggravated offense," including [[E-mail address harvesting|harvesting]], [[dictionary attack]]s, [[IP address spoofing]], hijacking computers through [[Trojan horse (computing)|Trojan horses]] or [[Computer worm|worms]], or using [[open mail relay]]s for the purpose of sending spam.
==== Criminal offenses ==== Although according to the law, legitimate businesses and marketers should be conscientious regarding the aspects mentioned above, there are misinterpretations and fraudulent practices that are viewed as criminal offenses: * Sending multiple [[Email spam|spam emails]] with the use of a hijacked computer * Sending multiple emails through [[IP address|Internet Protocol addresses]] that the sender represents falsely as being his/her property * Trying to disguise the source of the email and to deceive recipients regarding the origins of the emails, by routing them through other computers * Sending multiple spam emails via multiple mailings with falsified information in the header * Using various email accounts obtained by falsifying account registration information, in order to send multiple spam emails.<ref name="Presti and Naegele Newsletter">{{cite web|url=http://www.prestinaegele.com/technology-what-you-need-to-know-about-complying-with-can-spam-act|title=Technology: What You Need To Know About Complying With CAN-SPAM Act|work=Presti & Naegele|access-date=7 January 2015|archive-date=16 May 2013|archive-url=https://web.archive.org/web/20130516215714/http://www.prestinaegele.com/technology-what-you-need-to-know-about-complying-with-can-spam-act|url-status=dead}}</ref>
== Private right of action == CAN-SPAM provides a limited private right of action to Internet Access Services that have been adversely affected by the receipt of emails that violate the Act;<ref>{{Cite web |title=CAN-SPAM Act of 2003: Private Right of Action for |url=https://www.law.cornell.edu/wex/inbox/can-spam_act_private_right_of_action |access-date=2022-05-07 |website=LII / Legal Information Institute |language=en}}</ref> and does not allow natural persons to bring suit.<ref>{{Cite web |title=Do I have ANY recourse under the CAN-SPAM Act? |url=https://www.law.cornell.edu/wex/inbox/can-spam_and_consumer_recourse |access-date=2022-05-07 |website=LII / Legal Information Institute |language=en}}</ref> A CAN-SPAM plaintiff must satisfy a higher standard of proof as compared with government agencies enforcing the Act; thus, a private plaintiff must demonstrate that the defendant either sent the email at issue or paid another person to send it knowing that the sender would violate the Act. Despite this heightened standard, private CAN-SPAM lawsuits have cropped up around the country, as plaintiffs seek to take advantage of the statutory damages available under the Act.{{Citation needed|date=November 2019}}
== Overriding state anti-spam laws == CAN-SPAM preempts (supersedes) state anti-spam laws that do not deal with false or deceptive activity.<ref>{{Cite book|last1=Swire|first1=Peter|title=U.S. Private-Sector Privacy|last2=Kennedy-Mayo|first2=DeBrae|publisher=IAPP|year=2020|isbn=978-1-948771-37-5|location=United States|pages=293}}</ref> The relevant portion of CAN-SPAM reads:
:This chapter supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.
Though this move was criticized by some anti-spam activists, some legal commentators praised it, citing a heavily punitive California law seen as over broad and a wave of allegedly dubious suits filed in Utah.<ref>{{cite web|url=http://reason.com/archives/2003/12/08/you-may-already-be-a-loser|title=You May Already Be a Loser|work=Reason.com|date=8 December 2003 |access-date=7 January 2015}}</ref>
== CAN-SPAM and the FTC == CAN-SPAM allows the FTC to implement a national do-not-email list similar to the FTC's popular [[United States National Do Not Call Registry|National Do Not Call Registry]] against [[telemarketing]], or to report back to Congress why the creation of such a list is not currently feasible. The FTC soundly rejected this proposal, and such a list will not be implemented. The FTC concluded that the lack of authentication of email would undermine the list, and it could raise security concerns.
The legislation prohibits e-mail recipients from suing spammers or filing class-action lawsuits. It allows enforcement by the FTC, state attorneys general, [[Internet service provider]]s, and other federal agencies for special categories of spammers (such as banks). An individual might be able to sue as an ISP if (s)he ran a mail server, but this would likely be cost-prohibitive and would not necessarily hold up in court. Individuals can also sue using state laws about fraud, such as Virginia's that gives standing based on actual damages, in effect limiting enforcement to ISPs.
The McCain amendment<ref>{{cite web|url=http://blog.spywareguide.com/2006/04/spam-anne-mitchell-clarifies-t.html |title=Spam- Anne Mitchell Clarifies The McCain Amendment |url-status=dead|archive-url=https://web.archive.org/web/20091207031504/http://blog.spywareguide.com/2006/04/spam-anne-mitchell-clarifies-t.html|archive-date=2009-12-07}}</ref> made businesses promoted in spam subject to FTC penalties and enforcement remedies, if they knew or should have known that their business was being promoted by the use of spam. This amendment was designed to close a loophole that allowed those running affiliate programs to allow spammers to abuse their programs, and encouraged such businesses to assist the FTC in identifying such spammers.
Senator [[Jon Corzine]] sponsored an amendment to allow bounties for some informants.<ref name=":0">{{cite web|url=http://thomas.loc.gov/cgi-bin/bdquery/z?d108:SP01896:S.AMDT.1896|title=Bill Summary & Status 108th Congress (2003 - 2004) : S.AMDT.1896|publisher=Thomas.loc.gov|access-date=7 January 2015|archive-url=https://web.archive.org/web/20151018204507/http://thomas.loc.gov/cgi-bin/bdquery/z?d108:SP01896:S.AMDT.1896|archive-date=2015-10-18|url-status=dead}}</ref> The FTC has limited these bounties to individuals with inside information.<ref name=":0" /> The bounties are expected to be over $100,000 but none have been awarded yet.<ref name=":0" />
== Reaction == Those opposing spam greeted the new law with dismay and disappointment, almost immediately dubbing it the "You Can Spam" Act.<ref>{{cite web |url=http://weblog.infoworld.com/gripeline/2003/11/24.html |title=The Gripe Line Weblog by ed Foster |access-date=2007-03-09 |url-status=dead |archive-url=https://web.archive.org/web/20070406195036/http://weblog.infoworld.com/gripeline/2003/11/24.html |archive-date=2007-04-06}}</ref><ref>{{cite web|url=http://www.spamhaus.org/news.lasso?article=150|title=United States set to Legalize Spamming on January 1, 2004|publisher=Spamhaus.org|access-date=7 January 2015}}</ref> Internet activists who work to stop spam stated that the Act would not prevent any spam — in fact, it appeared to give federal approval to the practice, and it was feared that spam would increase as a result of the law. [[CAUCE]] (Coalition Against Unsolicited Commercial Email) stated:
<blockquote>This legislation fails the most fundamental test of any anti-spam law, in that it neglects to actually tell any marketers not to spam. Instead, it gives each marketer in the United States one free shot at each consumer's e-mail inbox, and will force companies to continue to deploy costly and disruptive anti-spam technologies to block advertising messages from reaching their employees on company time and using company resources. It also fails to learn from the experiences of the states and other countries that have tried "opt-out" legal frameworks, where marketers must be asked to stop, to no avail.<ref>{{cite web|url=http://localfamemedia.com/email/cauce-statement-can-spam-act|title=CAUCE Statement on CAN SPAM Act|publisher=localfamemedia.com|access-date=21 January 2015|url-status=dead|archive-url=https://web.archive.org/web/20150122051749/http://localfamemedia.com/email/cauce-statement-can-spam-act/|archive-date=22 January 2015}}</ref></blockquote>
AOL Executive Vice President and General Counsel [[Randall Boe]] stated:
<blockquote>[CAN-SPAM] not only empowered us to help can the spam, but also to can the spammers as well. ... Our actions today clearly demonstrate that CAN-SPAM is alive and kicking — and we're using it to give hardcore, outlaw spammers the boot.</blockquote>
Advertising organizations such as the [[Data & Marketing Association]] (DMA) have sought to weaken implementation of the law in various ways. These include lengthening the time for honoring opt-outs from 10 business days to 31 calendar days, limiting the validity of opt-out requests to no more than two to three years, and eliminating rewards to persons who assist the [[Federal Trade Commission]] in enforcement of the act.<ref>{{cite web|url=http://www.the-dma.org/antispam/AssocLetterCANSPAM.pdf|title=CAN-SPAM Act Rulemaking, Project No. R411008|publisher=The-dma.org|access-date=7 January 2015|url-status=dead|archive-url=https://web.archive.org/web/20130124044609/http://www.the-dma.org/antispam/AssocLetterCANSPAM.pdf|archive-date=24 January 2013}}</ref> The DMA has also opposed provisions requiring the subject line of spam to indicate that the message is an advertisement.<ref>{{cite web |url=http://www.the-dma.org/antispam/DMAcommentsspamrulemakingSept132004.pdf |title=COMMENTS of the DIRECT MARKETING ASSOCIATION, INC. Responding to the Notice of Proposed Rulemaking re: "Primary Purpose" |publisher=The-dma.org |access-date=7 January 2015 |url-status=dead |archive-url=https://web.archive.org/web/20130903024433/http://www.the-dma.org/antispam/DMAcommentsspamrulemakingSept132004.pdf |archive-date=3 September 2013 }}</ref>
== Criminal enforcement == On February 16, 2005, Anthony Greco, 18, of [[Cheektowaga (town), New York|Cheektowaga, New York]], was the first person to be arrested under the CAN-SPAM Act of 2003. After pleading guilty, he was sentenced in a closed session.<ref>{{cite web |url=http://www.infoworld.com/article/05/02/22/HNspamarrest_1.html |title=Arrest, but no relief from IM spam | InfoWorld | News | 2005-02-22 | by Paul Roberts, IDG News Service |access-date=2007-10-06 |url-status=dead |archive-url=https://web.archive.org/web/20071017190547/http://www.infoworld.com/article/05/02/22/HNspamarrest_1.html |archive-date=2007-10-17 }}</ref><ref name="theage.com.au">{{cite web|url=http://www.theage.com.au/news/breaking/ny-spammer-sentenced-in-closed-session/2005/10/18/1129401235945.html|title=NY spammer sentenced in closed session|date=18 October 2005 |publisher=Theage.com.au|access-date=7 January 2015}}</ref>
Within a few months, hundreds of lawsuits had been filed by an alliance of ISPs. Many of these efforts resulted in settlements; most are still pending.{{Update inline|date=April 2021}} Though most defendants were "[[John Doe]]s," many spam operations, such as [[Scott Richter]]'s, were known.
On April 29, 2004, the United States government brought the first criminal and civil charges under the Act. Criminal charges were filed by the [[United States Attorney for the Eastern District of Michigan]], and the FTC filed a civil enforcement action in the [[Northern District of Illinois]]. The defendants were a company, Phoenix Avatar, and four associated individuals: Daniel J. Lin, James J. Lin, Mark M. Sadek, and Christopher Chung of [[West Bloomfield, Michigan]]. Defendants were charged with sending hundreds of thousands of spam emails advertising a "diet patch" and "hormone products." The FTC stated that these products were effectively worthless. Authorities said they face up to five years in prison under the anti-spam law and up to 20 years in prison under U.S. [[mail fraud]] statutes.
On September 27, 2004, Nicholas Tombros pled guilty to charges and became the first spammer to be convicted under the Can-Spam Act of 2003.<ref>{{cite web|title=First "War Spammer" Convicted Under Fed Laws|url=https://archives.fbi.gov/archives/news/stories/2004/november/war_spammer111004|website=FBI|language=en-us}}</ref> He was sentenced in July 2007 to three years probation, six months house arrest, and a fine of $10,000.<ref>{{cite web|url=http://www.informationweek.com/story/showArticle.jhtml?articleID=201202305|title=War-Driving Pornographic Spammer Escapes Jail Time|work=InformationWeek|access-date=7 January 2015}}</ref>
On April 1, 2006, Mounir Balarbi, of [[Tangier]], [[Morocco]], was the first person outside the United States to have an arrest warrant validated under the CAN-SPAM Act of 2003. Mounir's trial was held in absentia, and he was sentenced in a closed session.<ref name="theage.com.au"/><ref>[http://www.infworld.com/article/05/02/22/HNspamarrest_1.html] {{dead link|date=January 2015}}</ref>
On January 16, 2006, Jeffrey Goodin, 45, of [[Azusa, California]], was convicted by a jury in [[United States district court]] in [[Los Angeles]] in ''United States v. Goodin, U.S. District Court, Central District of California, 06-110'', under the CAN-SPAM Act (the first conviction under the Act),<ref>{{cite news|first=Edvard|last=Pettersson|title=California Man Guilty of Defrauding AOL Subscribers, U.S. Says|url=https://www.bloomberg.com/apps/news?pid=newsarchive&sid=a3ukhOXubw3Y|publisher=Bloomberg.com|date= 2006-01-16|access-date=2007-01-22}}</ref> and on June 11, 2007, he was sentenced to 70 months in federal prison. Out of a potential sentence of 101 years, prosecutors asked for a sentence of 94 months. Goodin was already detained in custody, as he had missed a court hearing.<ref>{{cite web|url=http://www.informationweek.com/management/showArticle.jhtml?articleID=199903450&cid=RSSfeed_TechWeb|title=California Man Gets 6-Year Sentence For Phishing|work=InformationWeek|access-date=7 January 2015}}</ref>
As of late 2006, CAN-SPAM has been all but ignored by spammers. A review of spam levels in October 2006 estimated that 75% of all email messages were spam, and the number of spam emails complying with the requirements of the law were estimated to be 0.27% of all spam emails. {{asof|2010}}, about 90% of email was spam.<ref>{{cite web|url=http://www.barracudacentral.org/data/spam|title=BarracudaCentral.org - Technical Insight for Security Pros|publisher=Barracudacentral.org|access-date=7 January 2015}}</ref><ref>{{cite web|url=http://www.spamfighter.com/i_scripts/LastXDaysRatio.aspx|title=Spam Fighter statistics|publisher=Spamfighter.com|access-date=7 January 2015|archive-url=https://web.archive.org/web/20140819090718/http://www.spamfighter.com/i_scripts/LastXDaysRatio.aspx|archive-date=19 August 2014|url-status=dead}}</ref>
On August 25, 2005, three people were indicted on two counts of fraud and one count of criminal conspiracy.<ref>{{cite web|url=http://www.law.com/jsp/ihc/PubArticleIHC.jsp?id=1125047117792|title=Routine Maintenance|publisher=Law.com|access-date=7 January 2015}}</ref> On March 6, 2006 Jennifer R. Clason, 33, of [[Raymond, New Hampshire]], pled guilty and was to be sentenced on June 5, 2006. She faced a maximum sentence of 5 years on each of the three counts and agreed to forfeit money received in the commission of these crimes.<ref name="Usdoj.gov">{{cite web|url=http://www.usdoj.gov/opa/pr/2006/March/06_crm_123.html|title=#06-123: 03-06-06 Third Defendant Pleads Guilty In Prosecution Of Major International Pornographic Spam Operation|publisher=Usdoj.gov|access-date=7 January 2015}}</ref> On June 25, 2007, the remaining two were convicted of spamming out millions of e-mail messages that included hardcore pornographic images. Jeffrey A. Kilbride, 41, of [[Venice, California]], and James R. Schaffer, 41, of [[Paradise Valley, Arizona]], were convicted on eight counts in [[U.S. District Court]] in [[Phoenix, Arizona]]. Both were sentenced to five years in prison, and ordered to forfeit $1,300,000. The charges included [[Conspiracy (crime)|conspiracy]], [[fraud]], [[money laundering]], and transportation of [[pornography|obscene material]]s. The trial, which began on June 5, was the first to include charges under the CAN-SPAM Act of 2003, according to the [[United States Department of Justice|Department of Justice]]. The specific law that prosecutors used under the CAN-Spam Act was designed to crack down on the transmission of pornography in spam.<ref>{{cite web|url=http://www.informationweek.com/news/showArticle.jhtml?articleID=200000756|title=Two Men Convicted Of Spamming Pornography|work=InformationWeek|access-date=7 January 2015}}</ref><ref>{{cite news|author=Tracy McVeigh|title=Porn spammers jailed for five years|publisher=[[Guardian Unlimited]]|url=https://www.theguardian.com/technology/2007/oct/14/internet.crime|date=2007-10-14|access-date=2007-10-14}}</ref> Two other men, Andrew D. Ellifson, 31, of [[Scottsdale, Arizona]], and Kirk F. Rogers, 43, of [[Manhattan Beach, California]], also pled guilty to charges under the CAN-SPAM Act related to this spamming operation. Both were scheduled to be sentenced on June 5, 2006 in Phoenix.<ref name="Usdoj.gov"/> After sentencing, Ellifson received a presidential [[pardon]] by President Obama.<ref>{{cite web|url=https://www.justice.gov/pardon/obama-pardons|title=Pardons Granted by President Barack Obama (2009-2017)|access-date=2019-06-26|archive-date=2019-08-24|archive-url=https://web.archive.org/web/20190824192318/https://www.justice.gov/pardon/obama-pardons|url-status=dead}}</ref>
== Civil enforcement == In July 2005, the Federal Trade Commission lodged civil CAN-SPAM complaints against nine companies alleging that they were responsible for spam emails that had been sent by them or by their affiliates.<ref>{{cite web|url=http://www.ftc.gov/opa/2005/07/alrsweep.shtm|title=FTC Cracks Down on Illegal X-rated Spam|date=20 July 2005 |publisher=Ftc.gov|access-date=7 January 2015}}</ref><ref>{{cite news|author=Federal Trade Commission|title=FTC Cracks down on Illegal "X-rated" Spam|publisher=[[Federal Trade Commission]]|url=http://www.ftc.gov/opa/2005/07/alrsweep.shtm|date=2005-07-20|access-date=2009-02-23}}]</ref> Eight of the nine companies, Cyberheat<ref>{{cite web|url=http://www.ftc.gov/os/caselist/0523042/0523042.shtm|title=Cyberheat, Inc., et al., US vs|date=20 July 2005 |publisher=Ftc.gov|access-date=7 January 2015}}</ref> of [[Tucson, Arizona]], APC Entertainment, Inc.,<ref>{{cite web|url=http://www.ftc.gov/os/caselist/0523043/0523043.shtm|title=APC Entertainment, Inc., et al., US|date=20 July 2005 |publisher=Ftc.gov|access-date=7 January 2015}}</ref> of [[Davie, Florida]], MD Media, Inc.,<ref>{{cite web|url=http://www.ftc.gov/os/caselist/0523044/0523044.shtm|title=MD Media, Inc., et al., US vs|date=20 July 2005 |publisher=Ftc.gov|access-date=7 January 2015}}</ref> of [[Bingham Farms, Michigan]], Pure Marketing Solutions, LLC,<ref>{{cite web|url=http://www.ftc.gov/os/caselist/0523045/0523045.shtm|title=Pure Marketing Solutions, LLC, et al., US vs|date=20 July 2005 |publisher=Ftc.gov|access-date=7 January 2015}}</ref> of [[Tampa, Florida]], TJ Web Productions, LLC,<ref>{{cite web|url=http://www.ftc.gov/os/caselist/0523047/0523047.shtm|title=TJ Web Productions, LLC, et al., US vs|date=20 July 2005 |publisher=Ftc.gov|access-date=7 January 2015}}</ref> of [[Tampa, Florida]], and BangBros.com, Inc., RK Netmedia, Inc., and OX Ideas, Inc., LLC,<ref>{{cite web|url=http://www.ftc.gov/os/caselist/0423180/0423180.shtm|title=BangBros.com, Inc., et al., US vs|publisher=Ftc.gov|access-date=7 January 2015}}</ref> of [[Miami, Florida]] entered into [[consent judgment|stipulated consent decrees]]. Impulse Media Group, Inc.<ref>{{cite web|url=http://www.ftc.gov/os/caselist/0523046/0523046.shtm|title=Impulse Media Group, Inc., et al., US vs|date=20 July 2005 |publisher=Ftc.gov|access-date=7 January 2015}}</ref> of [[Seattle, Washington]], represented by CarpeLaw PLLC, defended the case brought against it.<ref>{{cite web|url=http://docs.justia.com/cases/federal/district-courts/washington/wawdce/2:2005cv01285/129006/3/0.html|title=NOTICE of Appearance by attorney Robert S Apgood on behalf of Defendant Impulse Media Group Inc for United States of America v. Impulse Media Group Inc :: Justia Dockets & Filings|work=Justia Dockets & Filings|access-date=7 January 2015|archive-date=31 March 2008|archive-url=https://web.archive.org/web/20080331002359/http://docs.justia.com/cases/federal/district-courts/washington/wawdce/2:2005cv01285/129006/3/0.html|url-status=dead}}</ref><ref>{{citation|url=http://www.carpelaw.com/can-spam-main.html |work=CarpeLaw PLLC | title = CAN-SPAM Expertise |archive-url=https://web.archive.org/web/20130729121633/http://www.carpelaw.com/can-spam-main.html |archive-date=2013-07-29 }}</ref>
The Department of Justice asserted that the CAN-SPAM statute imposed [[strict liability]] on producers such as Impulse Media for the actions of its non-agent, independent-contractor affiliates. However, the two courts to consider that argument rejected the DOJ's contention.<ref>{{cite web|url=http://docs.justia.com/cases/federal/district-courts/washington/wawdce/2:2005cv01285/129006/38/|title=ORDER DENYING MOTIONS FOR SUMMARY JUDGMENT; denying 17 Motion for Summary Judgment; denying 23 Motion for Summary Judgment by Judge Robert S Lasnik for United States of America v. Impulse Media Group Inc :: Justia Dockets & Filings|work=Justia Dockets & Filings|access-date=7 January 2015|archive-date=16 March 2015|archive-url=https://web.archive.org/web/20150316183628/http://docs.justia.com/cases/federal/district-courts/washington/wawdce/2:2005cv01285/129006/38/|url-status=dead}}</ref><ref>{{cite web|url=http://docs.justia.com/cases/federal/district-courts/washington/wawdce/2:2005cv01285/129006/37/1.html|title=Attachment 1 NOTICE of Filing in a Related Proceeding; filed by Plaintiff United States of America for United States of America v. Impulse Media Group Inc :: Justia Dockets & Filings|work=Justia Dockets & Filings|access-date=7 January 2015}}</ref> In March 2008 the remaining defendant, Impulse Media Group, went to trial. At trial, it was determined that IMG's Affiliate Agreement specifically prohibited spam bulk-email and that if an affiliate violated that agreement, it would be terminated from the program. In fact, several affiliates had been terminated for that very reason. After a 2½ day trial, the jury retired to determine whether Impulse Media should be held liable for the bad acts of its affiliates. Three and one-half hours later, the jury returned with a verdict that IMG was '''not''' liable and that the emails were the fault of the affiliates.<ref>{{cite web|url=http://seattlepi.nwsource.com/business/356247_spam25.html|title=Adult Web business off the hook for spam|work=seattlepi.com|date=25 March 2008 |access-date=7 January 2015}}</ref>
In March 2006, the FTC obtained its largest settlement to date—a $900,000 consent decree against Jumpstart Technologies, LLC for numerous alleged violations of the CAN-SPAM act.<ref>{{cite web|url=http://www.ftc.gov/opa/2006/03/freeflixtix.shtm | date = March 23, 2006 | title=FTC Slams Spammer in Pocketbook | publisher = Federal Trade Commission |archive-url=https://web.archive.org/web/20110412140927/http://www.ftc.gov/opa/2006/03/freeflixtix.shtm |archive-date=2011-04-12}}</ref> However, the FTC has never prevailed at trial with their theory of strict liability.
=== Legislative History === A few anti-spam laws pre-date CAN-SPAM.{{which|date=May 2026}} These different laws imposed different standards. During the 1990s and early 2000s, there was a rapid increase in unsolicited commercial email. This prompted an interest in congress to provide a national solution. Many industry groups, organizations, and government agencies testified before Congress. They testified about the increasing fraud and identity theft due to the rise in commercial emails.
The Act was passed by Congress in 2003 with bipartisan support. The Act was signed into law on December 16, 2003. This bill was described to be the first step toward national standards. However, many advocacy groups argued that the legislation was not strict enough. Specifically, March (2004) writes how it wasn't strict enough due to the permitted unsolicited commercial emails so long as certain requirements were met.<ref>{{Cite journal|title=Protecting the Next Small Thing: Nanotechnology and the Reverse Doctrine of Equivalents|url=https://scholarship.law.duke.edu/dltr/vol3/iss1/7|journal=Duke Law & Technology Review|date=2004-09-15|issn=2328-9600|pages=1–12|volume=3|issue=1|first=Andrew|last=Wasson}}</ref>
=== Key Provisions of the CAN-SPAM Act === There are several core requirements for the CAN-SPAM Act to deem emails as lawful commercial email:
'''Prohibition of deceptive subject lines and headers:''' Commercial emails cannot have misleading transmission information.
'''Identification:''' Emails must be labeled as commercial unless the recipient as opted-in.
'''Valid postal address:''' Senders of emails must provide a legitimate physical postal address.
'''Opt-out mechanism:''' Senders must provide a working unsubscribe method and must honor the opt-out requests of recipients within 10 business days.
'''Prohibition of harvesting:''' The CAN-SPAM Act criminalizes certain automated methods of collecting email addresses.
This law applies to any email message whose purpose is commercial content. Lake (2005) writes how this law is distinguished from many international anti-spam regines.<ref>{{Cite web|title=Harvard Journal of Law & Technology|url=https://jolt.law.harvard.edu/|website=jolt.law.harvard.edu|access-date=2025-11-30}}</ref>
=== U.S. Agencies Enforcement === The CAN-SPAM Act grants authority of enforcement to the Federal Trade Commission (FTC). However, it also grants authority to the Department of Justice, State attorneys general, and the [[Federal Communications Commission]]. The Federal Trade Commission can impose civil penalties for violations against the act. The Department of Justice has authority to pursue criminal charges for aggravated offenses. This can include identity fraud and large-scale spamming operations<ref>{{Cite web|title=Reports|url=https://www.ftc.gov/policy/reports|website=Federal Trade Commission|date=2013-07-26|access-date=2025-11-30|language=en}}</ref>
The Act also grants authority to the Internet Service Providers (ISPs) to file civil suits against violators. David (2011) writes that ordinary consumers however do not have authority to take action. The lack of private right of action under the law is a limitation that has been widely criticised.<ref>{{Cite journal|title=Silence of the Spam: Improving the CAN-SPAM Act by Including an Expanded Private Cause of Action|url=https://scholarship.law.vanderbilt.edu/jetlaw/vol14/iss1/6|journal=Vanderbilt Journal of Entertainment & Technology Law|date=2011-01-01|pages=225|volume=14|issue=1|first=David|last=Rutenberg}}</ref>
=== Effectiveness of the CAN-SPAM Act === Experimentation and evidence have shown various levels of effectiveness from the CAN-SPAM Act. The effectiveness is measured by how well the Act can reduce unsolicited commercial email. Kigerl (2010) has analyzed millions of spam messages and discovered that the overall amount of spam did not significantly decline after the CAN-SPAM Act took place.<ref>{{Cite journal |last=Kigerl|first=Alex|date=2010-01-01|title=An Empirical Assessment of the CAN SPAM Act|url=https://pdxscholar.library.pdx.edu/open_access_etds/704|journal=Dissertations and Theses|doi=10.15760/etd.704}}</ref>
By the same researcher, Kigerl (2015) concluded that enforcement alone had little long-term effects on discouraging spammer behavior.<ref>{{Cite journal |last=Kigerl|first=Alex C.|date=2015-08-01|title=Evaluation of the CAN SPAM Act: Testing Deterrence and Other Influences of E-mail Spammer Legal Compliance Over Time|url=https://doi.org/10.1177/0894439314553913|journal=Social Science Computer Review|language=EN|volume=33|issue=4|pages=440–458|doi=10.1177/0894439314553913|issn=0894-4393|url-access=subscription}}</ref> The threat of taking legal action was unsuccessful in the long run.
Grimes (2007) concluded that corporate compliance was inconsistent.<ref>{{Cite web |date=2007-02-01|title=Compliance with the CAN-SPAM Act of 2003 – Communications of the ACM|url=https://cacm.acm.org/research/compliance-with-the-can-spam-act-of-2003/|access-date=2025-10-26|language=en-US}}</ref> Many companies were not fully following legal rules. Some companies did not require an option to stop receiving or unsubscribe to messages. Other companies did not provide valid postal addresses. Many businesses were not meeting basic legal standards for communication and data compliance.
This research shows that the Act did establish important legal steps to take, the impact on global spam levels were not grand.
Kigerl (2018) later found that spammers were moving their spamming to overseas which limited the power of the U.S.<ref name=":02">{{Cite journal |last=Kigerl|first=Alex C.|date=2018-03-01|title=Email spam origins: does the CAN SPAM act shift spam beyond United States jurisdiction?|url=https://doi.org/10.1007/s12117-016-9289-9|journal=Trends in Organized Crime|language=en|volume=21|issue=1|pages=62–78|doi=10.1007/s12117-016-9289-9|issn=1936-4830|url-access=subscription}}</ref> This is because after the Act was passed, moving spam operations to outside countries meant that the U.S has no legal authority over anything. This made it much more difficult to prosecute offenders when they were international and it kept global spam levels very high. This highlights how national laws have limits to its power when it comes with dealing with operations outside of the country's walls.
After later research, it has been emphasized that measuring the reduction of spam is very challenging due to the global nature of email traffic. Sipior & Ward (2010) highlight that compliance amongst legitimate businesses does not necessarily correlate with reductions in malicious email content and spam. Spam is typically produced by criminal networks and not commercial marketers.<ref>{{Cite journal|title=A Framework for Employee E-mail Privacy Within the United States|url=https://www.tandfonline.com/doi/full/10.1080/15332860903467458|journal=Journal of Internet Commerce|date=2009-12-23|issn=1533-2861|pages=161–179|volume=8|issue=3–4|doi=10.1080/15332860903467458|first1=Janice C.|last1=Sipior|first2=Burke T.|last2=Ward}}</ref>
=== Legal Challenges === The Act has brought up many criticisms when it comes to challenges between the state and federal authority. Ford (2005) showed how the Act overpowered state laws that may have been more useful against spam.<ref>{{Cite journal |last=Ford|first=Roger|date=2005-01-01|title=Preemption of State Spam Laws by the Federal CAN-SPAM Act|url=https://chicagounbound.uchicago.edu/uclrev/vol72/iss1/18|journal=University of Chicago Law Review|volume=72|issue=1|issn=0041-9494}}</ref> This made it harder for states to prosecute and go after spammers. Prince (2003) suggests that states could create their own "child protection registries" that would comply with the federal law.<ref>{{Cite journal |last=Prince|first=Matthew|date=2003-01-01|title=After CAN-SPAM, How States Can Stay Relevant in the Fight Against Unwanted Messages:How a Children's Protection Registry Can be Effective and is Not Preempted, Under the New Federal Anti-Spam Law, 22 J. Marshall J. Computer & Info. L. 29 (2003)|url=https://repository.law.uic.edu/jitpl/vol22/iss1/3|journal=UIC John Marshall Journal of Information Technology & Privacy Law|volume=22|issue=1|issn=1078-4128}}</ref> There have also been other limits on private enforcement. Rutenberg (2011) that on the Internet Service Providers can create lawsuits under the Act which leaves other consumers without resources.<ref name=":1">{{Cite journal |last=Rutenberg|first=David|date=2011-01-01|title=Silence of the Spam: Improving the CAN-SPAM Act by Including an Expanded Private Cause of Action|url=https://scholarship.law.vanderbilt.edu/jetlaw/vol14/iss1/6|journal=Vanderbilt Journal of Entertainment & Technology Law|volume=14|issue=1|pages=225}}</ref> Enforcement has relied mainly from the Federal Trade Commission. Enforcement of the CAN-SPAM Act has been inconsistent among cases. High profile cases would be taken more seriously and given larger fines/jail time to felons while smaller cases would be left unattended. When the Act was enforced, enforcement actions peaked but slowly went down as operations were taken overseas.<ref>{{Cite web |title=|url=https://www.cybercrimejournal.com/pdf/Yu2011ijcc.pdf|archive-url=https://web.archive.org/web/20240725052943/https://www.cybercrimejournal.com/pdf/Yu2011ijcc.pdf|archive-date=2024-07-25|access-date=2025-10-26|website=www.cybercrimejournal.com}}</ref>
This limited enforcement structure has been argued to make the Act less effective because spam recipients have no legal resources. While groups in positions of power, like the ISPs, can take action, individuals cannot. Critics propose to let private enforcement have more power to help spam victims. This would improve accountability and provide stronger incentives to keep corporations compliant.
Another concern that rises is the constitutional challenges. Some commentators have pointed out the potential First Amendment implications. They argue that restrictions on [[commercial speech]] may be too narrow. Igor (2009) writes that commentators note evolving technologies could create new constitutional scrutiny.<ref>{{Cite journal|url=https://lira.bc.edu/work/sc/1f123ec5-76d2-4408-b83f-8edb95f29dc9|title=Spam-A-Lot: The States' Crusade Against Unsolicited Email in Light of the CAN-SPAM Act and the Overbreadth Doctrine|date=2009|last=Igor|first=Helman |journal=Boston College Law Review |volume=50 |issue=5 |page=1525 }}</ref>
=== Corporate Practices === One benefit from the Act is that studies show how corporate compliance has improved. Research by Grimes (2007) shows that as awareness and compliance have increased among businesses, violations against basic provisions lowered. This is because the businesses did not want to get punished by the Federal Trade Commission. Brennan (2016) shows how automation has been implemented.<ref>{{Cite web |title=Complying with the CAN-SPAM Act|url=https://www.lexisnexis.com/community/insights/legal/practical-guidance-journal/b/pa/posts/complying-with-the-can-spam-act|access-date=2025-10-26|website=www.lexisnexis.com|language=en}}</ref> Automated systems that maintain accurate sender identification have been implemented which shows how the Act as influenced many companies to develop good practices.
Kigerl (2016) also found that the Act's passage increased business compliance. Spam rates from companies declined showing how there was an increased awareness in regulatory enforcement and good practices.<ref>{{Cite journal |last=Kigerl|first=Alex C.|date=2016-12-01|title=Deterring Spammers: Impact Assessment of the CAN SPAM Act on Email Spam Rates|url=https://doi.org/10.1177/0887403414562604|journal=Criminal Justice Policy Review|language=EN|volume=27|issue=8|pages=791–811|doi=10.1177/0887403414562604|issn=0887-4034|url-access=subscription}}</ref>
Many major email service providers, like Google and Microsoft, have implemented good practices like automated spam filters. Furthermore, they follow compliance checks that align with the federal law. These tools have increased consumer trust in legitimate marketing emails.
=== Enforcement Cases === There are several major cases that show how the Act has been used in practice. In the United States v. [[Sanford Wallace]] case, the defendant was sentenced to 30 months in prison. The defendant was charged for running large-scale [[phishing]] and spamming operations through social media platforms.<ref>{{Cite web|title=Department of Justice {{!}} Homepage {{!}} United States Department of Justice|url=https://www.justice.gov/|website=www.justice.gov|date=2025-11-24|access-date=2025-11-30|language=en}}</ref>
=== Ongoing Criticism Against the Act === There are still ongoings debates on how to reform the CAN-SPAM Act. Rutenberg (2011) proposes to allow individuals to sue violators directly, giving more power to the private right of action.<ref name=":1" /> Kigerl (2018) suggests that implementing detection technology could be more effective than a federal law preventing spam.<ref name=":02" />
Furthermore, experts propose to update the Act to reflect modern technology so that it is more relevant to corporations. There is a rise in social media and text-message marketing. There are new forms of unsolicited communication that the 2003 law does not cover. Other legal scholars also push for more international cooperation. The use of artificial intelligence could help tracking spammers across the border. These actions could help strengthen the Act while also accommodating to the country's evolving digital environment.
=== Public Awareness and Education === Another impact of the CAN-SPAM Acts has been an increase in public awareness about online violations and user rights. The Federal Trade Commission's educational campaigns and their private organizations have taught users to detect fraudulent emails. While the Act didn't eliminate spam altogether, it helped better practices of online users and consumers and reshaped the public's understanding of personal data protection. This would later influence laws about cyber security and privacy.
Private cybersecurity organizations have developed training materials and awareness programs. These are meaningful benefits from the Act's passage.<ref>{{Citation | url = https://www.oecd.org/content/dam/oecd/en/publications/reports/2006/09/oecd-anti-spam-toolkit-of-recommended-policies-and-measures_g1gh741e/9789264027176-en.pdf | title=OECD Anti-Spam Toolkit of Recommended Policies and Measures|publisher=OECD|date=2006}}</ref>
== See also == * [[Communications Act of 1934]] ({{USPL|73|416}}) * [[Do-Not-Call Implementation Act of 2003]] ({{USPL|108|10}}) * [[Email spam]] * [[General Data Protection Regulation]] * [[Junk Fax Prevention Act of 2005]] ({{USPL|109|21}}) * [[Spam (electronic)|Spamming]] * [[Suppression list]] * [[Email spam legislation by country]]
==References==
===Notes=== * Lee, Younghwa (June 2005). "The CAN-SPAM Act: A Silver Bullet Solution?". ''Communications of the ACM'', p. 131–132.
===Citations=== {{Reflist|colwidth=30em}}<ref>{{Cite journal |last=Ford |first=Roger |date=2005-01-01 |title=Preemption of State Spam Laws by the Federal CAN-SPAM Act |url=https://chicagounbound.uchicago.edu/uclrev/vol72/iss1/18 |journal=University of Chicago Law Review |volume=72 |issue=1 |issn=0041-9494}}</ref><ref>{{Cite journal |last=Kigerl |first=Alex C. |date=2015-08-01 |title=Evaluation of the CAN SPAM Act: Testing Deterrence and Other Influences of E-mail Spammer Legal Compliance Over Time |url=https://doi.org/10.1177/0894439314553913 |journal=Social Science Computer Review |language=EN |volume=33 |issue=4 |pages=440–458 |doi=10.1177/0894439314553913 |issn=0894-4393|url-access=subscription }}</ref> <ref>{{Cite journal |last=Kigerl |first=Alex C. |date=2018-03-01 |title=Email spam origins: does the CAN SPAM act shift spam beyond United States jurisdiction? |url=https://doi.org/10.1007/s12117-016-9289-9 |journal=Trends in Organized Crime |language=en |volume=21 |issue=1 |pages=62–78 |doi=10.1007/s12117-016-9289-9 |issn=1936-4830|url-access=subscription }}</ref> <ref>{{Cite thesis |last=McGrath |first=Daniel |title=Behavioral Code Team |date=2022 |publisher=University of St. Augustine for Health Sciences Library |doi=10.46409/sr.wcwk8267 |url=https://doi.org/10.46409/sr.wcwk8267|doi-access=free }}</ref> <ref>{{Cite journal |last=Rutenberg |first=David |date=2011-01-01 |title=Silence of the Spam: Improving the CAN-SPAM Act by Including an Expanded Private Cause of Action |url=https://scholarship.law.vanderbilt.edu/jetlaw/vol14/iss1/6 |journal=Vanderbilt Journal of Entertainment & Technology Law |volume=14 |issue=1 |pages=225}}</ref> <ref>{{Cite journal |last=Steptoe & Johnson |date=December 16, 200 |title=Effectiveness and enforcement of the CAN-SPAM Act |url=https://www.steptoe.com/a/web/4036/384a.pdf |journal=Federal Trade Commission}}</ref> <ref>{{Cite web |title= |url=https://www.cybercrimejournal.com/pdf/Yu2011ijcc.pdf |archive-url=https://web.archive.org/web/20240725052943/https://www.cybercrimejournal.com/pdf/Yu2011ijcc.pdf |archive-date=2024-07-25 |access-date=2025-10-26 |website=www.cybercrimejournal.com}}</ref> <ref>{{Cite journal |last=Kigerl |first=Alex |date=2010-01-01 |title=An Empirical Assessment of the CAN SPAM Act |url=https://pdxscholar.library.pdx.edu/open_access_etds/704 |journal=Dissertations and Theses |doi=10.15760/etd.704}}</ref> <ref>{{Cite journal |last=Kigerl |first=Alex C. |date=2016-12-01 |title=Deterring Spammers: Impact Assessment of the CAN SPAM Act on Email Spam Rates |url=https://doi.org/10.1177/0887403414562604 |journal=Criminal Justice Policy Review |language=EN |volume=27 |issue=8 |pages=791–811 |doi=10.1177/0887403414562604 |issn=0887-4034|url-access=subscription }}</ref> <ref>{{Cite journal |last=Prince |first=Matthew |date=2003-01-01 |title=After CAN-SPAM, How States Can Stay Relevant in the Fight Against Unwanted Messages:How a Children's Protection Registry Can be Effective and is Not Preempted, Under the New Federal Anti-Spam Law, 22 J. Marshall J. Computer & Info. L. 29 (2003) |url=https://repository.law.uic.edu/jitpl/vol22/iss1/3 |journal=UIC John Marshall Journal of Information Technology & Privacy Law |volume=22 |issue=1 |issn=1078-4128}}</ref> ==External links== * [https://www.govinfo.gov/content/pkg/COMPS-932/uslm/COMPS-932.xml CAN-SPAM Act of 2003] ([https://www.govinfo.gov/content/pkg/COMPS-932/pdf/COMPS-932.pdf PDF]/[https://www.govinfo.gov/app/details/COMPS-932/ details]) as amended in the [[United States Government Publishing Office|GPO]] [https://www.govinfo.gov/help/comps Statute Compilations collection] * [https://www.congress.gov/bill/108th-congress/senate-bill/877/text The full text of the CAN-SPAM Act in HTML Format] * [https://www.fcc.gov/general/can-spam FCC CAN-SPAM Act Policy] * [https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business CAN-SPAM Act: FTC Compliance Guide] {{Webarchive|url=https://web.archive.org/web/20160918230902/https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business |date=2016-09-18 }} * [http://www.cybertelecom.org/spam/canspam.htm Cybertelecom :: Can Spam Act] {{Webarchive|url=https://web.archive.org/web/20230306013143/http://www.cybertelecom.org/spam/canspam.htm |date=2023-03-06 }} * Hearing on SPAM and Its Effects on Small Business (October 30, 2003), House of Representatives, Committee on Small Business, Subcommittee on Regulatory Reform and Oversight
{{DEFAULTSORT:Can-Spam Act Of 2003}} [[Category:Acts of the 108th United States Congress]] [[Category:United States federal computing legislation]] [[Category:Spamming]] [[Category:United States federal commerce legislation]] [[Category:United States federal privacy legislation]] [[Category:Ron Wyden]]