The CAN-SPAM Act: Requirements for Commercial Emailers

The CAN-SPAM Act: Requirements for Commercial Emailers

The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask emailers to stop spamming them.
The law, which became effective January 1, 2004, covers email whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site. A "transactional or relationship message" – email that facilitates an agreed-upon transaction or updates a customer in an existing business relationship – may not contain false or misleading routing information, but otherwise is exempt from most provisions of the CAN-SPAM Act.
The Federal Trade Commission (FTC), the nation's consumer protection agency, is authorized to enforce the CAN-SPAM Act. CAN-SPAM also gives the Department of Justice (DOJ) the authority to enforce its criminal sanctions. Other federal and state agencies can enforce the law against organizations under their jurisdiction, and companies that provide Internet access may sue violators, as well.
What the Law Requires
Here's a rundown of the law's main provisions:
It bans false or misleading header information. Your email's "From," "To," and routing information – including the originating domain name and email address – must be accurate and identify the person who initiated the email.
It prohibits deceptive subject lines. The subject line cannot mislead the recipient about the contents or subject matter of the message.
It requires that your email give recipients an opt-out method. You must provide a return email address or another Internet-based response mechanism that allows a recipient to ask you not to send future email messages to that email address, and you must honor the requests. You may create a "menu" of choices to allow a recipient to opt out of certain types of messages, but you must include the option to end any commercial messages from the sender. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your commercial email. When you receive an opt-out request, the law gives you 10 business days to stop sending email to the requestor's email address. You cannot help another entity send email to that address, or have another entity send email on your behalf to that address. Finally, it's illegal for you to sell or transfer the email addresses of people who choose not to receive your email, even in the form of a mailing list, unless you transfer the addresses so another entity can comply with the law.
It requires that commercial email be identified as an advertisement and include the sender's valid physical postal address. Your message must contain clear and conspicuous notice that the message is an advertisement or solicitation and that the recipient can opt out of receiving more commercial email from you. It also must include your valid physical postal address.
Penalties
Each violation of the above provisions is subject to fines of up to $11,000. Deceptive commercial email also is subject to laws banning false or misleading advertising.
Additional fines are provided for commercial emailers who not only violate the rules described above, but also:
"harvest" email addresses from Web sites or Web services that have published a notice prohibiting the transfer of email addresses for the purpose of sending email
generate email addresses using a "dictionary attack" – combining names, letters, or numbers into multiple permutations
use scripts or other automated ways to register for multiple email or user accounts to send commercial email
relay emails through a computer or network without permission – for example, by taking advantage of open relays or open proxies without authorization.
The law allows the DOJ to seek criminal penalties, including imprisonment, for commercial emailers who do – or conspire to:
use another computer without authorization and send commercial email from or through it
use a computer to relay or retransmit multiple commercial email messages to deceive or mislead recipients or an Internet access service about the origin of the message
falsify header information in multiple email messages and initiate the transmission of such messages
register for multiple email accounts or domain names using information that falsifies the identity of the actual registrant
falsely represent themselves as owners of multiple Internet Protocol addresses that are used to send commercial email messages.
Additional Rules
The FTC will issue additional rules under the CAN-SPAM Act involving the required labeling of sexually explicit commercial email and the criteria for determining "the primary purpose" of a commercial email. Look for the rule covering the labeling of sexually explicit material in April 2004; "the primary purpose" rulemaking will be complete by the end of 2004. The Act also instructs the FTC to report to Congress in summer 2004 on a National Do Not E-Mail Registry, and issue reports in the next two years on the labeling of all commercial email, the creation of a "bounty system" to promote enforcement of the law, and the effectiveness and enforcement of the CAN-SPAM Act.
See the FTC Web site at www.ftc.gov/spam for updates on implementation of the CAN-SPAM Act.
The FTC maintains a consumer complaint database of violations of the laws that the FTC enforces. Consumers can submit complaints online at http://www.ftc.gov/ and forward unwanted commercial email to the FTC at spam@uce.gov.
Your Opportunity to Comment
The National Small Business Ombudsman and 10 Regional Fairness Boards collect comments from small businesses about federal compliance and enforcement activities. Each year, the Ombudsman evaluates the conduct of these activities and rates each agency's responsiveness to small businesses. Small businesses can comment to the Ombudsman without fear of reprisal. To comment, call toll-free 1-888-REG-FAIR (1-888-734-3247) or go to www.sba.gov/ombudsman.
For More Information
The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit http://www.ftc.gov/ or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
April 2004

Tips for Sellers from The Federal Trade Commission

Internet auction sites give buyers a “virtual” flea market with new and used merchandise from around the world; they give sellers a global storefront from which to market their goods. But the online auction business can be risky business. The Federal Trade Commission (FTC) wants to help buyers and sellers stay safe on Internet auction websites. Among the thousands of consumer fraud complaints the FTC receives every year, those dealing with online auction fraud consistently rank near the top of the list. The complaints generally deal with late shipments, no shipments, or shipments of products that aren’t the same quality as advertised; bogus online payment or escrow services; and fraudulent dealers who lure bidders from legitimate auction sites with seemingly better deals. Most complaints involve sellers, but in some cases, the buyers are the subject.Whether you’re a buyer or a seller, understanding how Internet auctions work can help you avoid most problems.

How Internet Auctions Work — Rules of the Marketplace

Role of the Auction Site.
Most Internet auction sites specialize in person-to-person activity where individual sellers or small businesses sell their items directly to consumers. In these auctions, the seller — not the site — has the merchandise, and often, the site will not take responsibility for any problems that may arise between buyers and sellers. Before using an Internet auction site for the first time, buyers and sellers should read the Terms of Use, and review any information the site offers.

Registration. Most Internet auction sites require buyers and sellers to register and obtain a “user account name” (or “screen name”) and password before they can make bids or place items for bid. Keep your password to yourself. If you share it, another person could access your account and buy or sell items without your knowledge. That could damage your online reputation — and eventually, your bank account.Fees. Some sites require sellers to agree to pay a fee every time they conduct an auction, whether the item is sold or not. Other sites charge a fee only when an item is sold.The Auction. Many sellers set a time limit on bidding and, in some cases, a “reserve price” — the lowest price they will accept for an item. When the bidding closes at the scheduled time, the item is sold to the highest bidder. If no one bids at or above the reserve price, the auction closes without the item being sold.
Some auction sites allow sellers to set a price at which a buyer can purchase the item without competing with other bidders. A buyer can choose to purchase the item for the price the seller has set, without bidding.

After the Auction:
Arranging to Pay and Deliver Merchandise. At the end of a successful auction, the buyer and seller communicate — usually by email — to arrange for payment and delivery.
PhishingBe aware of “phishing:” emails sent to you asking for your password or other personal information that look like they’ve been sent by an auction website or payment service. Usually, these emails are fishing for your information and are coming from someone who wants to hack into your account.If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself. In any case, don’t cut and paste the link from the message into your Internet browser; phishers often make links look like they go to one site, but actually send you somewhere else.

Payment Options
Successful bidders can choose among many options to pay for an item they have bought on an Internet auction — credit card, online payment service (which often accepts credit card payments), debit card, personal check, cashier’s check, money order, or escrow service. Sometimes, the seller limits the types of payment accepted and posts that information in the auction listing. Many sellers require receipt of a cashier’s check or money order before they send an item. Higher volume sellers often accept credit cards directly. To protect both buyers and sellers, some auction sites now prohibit the use of wire transfers as a method of payment.

Credit Cards.
Credit cards are a safe option for consumers to use when paying for items bought on an Internet auction: They allow buyers to seek a credit from the credit card issuer (also known as a “charge back”) if the product isn’t delivered or isn’t what they ordered.

Online Payment Services.
Online payment services are popular with both buyers and sellers. They allow buyers to use a credit card or electronic bank transfer to pay sellers. They also may protect buyers from unlawful use of their credit cards or bank accounts because the online payment service holds the account information, not the seller. Many sellers prefer online payment services because the services tend to provide more security than, say, personal checks.To use an online payment service, the buyer and seller generally set up accounts that allow them to make or accept payments. Buyers provide payment information, like bank account or credit card numbers, and sellers give information about where payments should be deposited. In some cases, sellers do not have to create an account with the online payment service to receive funds. To complete a transaction, the buyer tells the online payment service to direct appropriate funds to the seller. The seller then gets immediate access to the funds. Most online payment services charge the seller to receive the funds, but some payment services charge the buyer.Some online payment services offer protections to buyers if the seller fails to ship the goods or ships goods that are not as described in the auction. Buyers should read the terms under which the protections apply. Usually, if a buyer uses a credit card to pay for goods or services through an online payment service, charge back rights are available to the buyer who uses the credit card. However, if the service considers the transfer of funds to be a method of sending cash rather than paying for goods, then charge back rights may not apply. If you cannot find out what will happen if you need a refund, or if you don’t understand how the payment service works from reading the website, find a different service or use another method of payment.Debit Card, Personal Check, Cashier’s Check, or Money Order. Many smaller sellers accept forms of payment that are cash equivalents. These sellers often wait to receive the payment (and may wait for a personal check to clear) before shipping the item. Buyers should use this type of payment only when they trust the seller. At the same time, sellers should ensure that checks and money orders they receive from buyers are legitimate before shipping the goods; they should be suspicious of checks or money orders for amounts that exceed the price of the merchandise. Unlike credit cards or some online payment services, cash equivalents (and wire transfers) cannot be reversed if something goes wrong.Wire Transfers. The FTC recommends that buyers not wire money (via a money transmitter or directly to a seller’s bank account) unless they know the seller personally or can verify the seller’s identity. Buyers should be suspicious of sellers who insist on wire transfers as the only form of payment they will accept. If something goes wrong with the transaction, you most likely will lose your payment and not have any recourse. In fact, to protect both buyers and sellers, some auction sites now prohibit the use of wire transfers as a method of payment.

Online Escrow Services and Bonding Services.
For big-ticket items like computers, cars, or jewelry, buyers should consider using an escrow service or purchasing from a bonded or insured seller to protect their funds. The primary purpose of online escrow services is to protect buyers and sellers from fraud. Escrow services accept and hold payment from a buyer — often a wire transfer, check, money order, or credit card — until he receives and approves the merchandise. Then, the escrow service forwards the payment to the seller. The buyer pays the fee for an online escrow service — generally a percentage of the cost of the item.Before using an escrow service, both the buyer and the seller should verify that it is a legitimate, reputable company.Some sellers may state that they are bonded or otherwise insured against fraud. If a buyer intends to rely on a seller’s bonded status or the seller’s insurance to protect against fraud, he should investigate the legitimacy of the bonding or insurance company and then make sure that the seller really is a member of — or certified by — that company. If a problem arises with a bonded seller, the buyer usually has to engage in a dispute resolution process with the seller before being able to submit a claim to the bonding or insurance company.

Types of Fraud
Most people who complain to the FTC about Internet auction fraud report problems with sellers who:
fail to send the merchandise.
send something of lesser value than advertised.
fail to deliver in a timely manner.
fail to disclose all relevant information about a product or terms of the sale. Some buyers experience other problems, including:
“bid siphoning,” when con artists lure bidders off legitimate auction sites by offering to sell the “same” item at a lower price. They intend to trick consumers into sending money without delivering the item. By going off-site, buyers lose any protections the original site may provide, such as insurance, feedback forms, or guarantees.
“second chance offers,” when con artists offer losing bidders of a closed auction a second chance to purchase the item that they lost in the auction. Second-chance buyers lose any protections the original site may provide once they go off-site.
“shill bidding,” when fraudulent sellers or their partners, known as “shills,” bid on sellers’ items to drive up the price.
“bid shielding,” when fraudulent buyers submit very high bids to discourage other bidders from competing for the same item, then retract their bids so that people they know can get the item at a lower price. Escrow Service Complaints. Another type of fraud occurs when sellers or buyers pose as escrow services to improperly obtain money or goods. The so-called seller puts goods up for sale on an Internet auction and insists that prospective buyers use a particular escrow service. Once buyers provide the escrow service with their payment information, the escrow service doesn’t hold the payment: It is sent directly to the so-called seller. The buyer never receives the promised goods, can’t locate the seller, and, because the escrow service was part of the scheme, can’t get any money back.In some cases, a fraudster poses as a buyer and, after placing the highest bid on an item, insists that the seller use a particular escrow service. The escrow service tricks the seller into sending the merchandise and doesn’t send the payment or return the goods to the seller.

Fake Check Scams Target Sellers
Sellers can be victims of fraud when buyers send fake checks or money orders that are detected by the bank only after the seller has shipped the goods. A buyer might offer to use a cashier’s check, personal check, or corporate check to pay for the item you’re selling. Sometimes, the buyer sends a fake check or money order that exceeds the cost of the item that has been purchased. The so-called buyer (or the buyer’s “agent”) states that he made a mistake, or comes up with another reason for writing the check for more than the purchase price. In either case, the buyer asks you to wire back the difference after you deposit the check. You deposit the check, learn that it has cleared, and wire the funds back to the “buyers.” Later, the bank determines that the check is fraudulent, leaving you liable for the entire amount. The checks were counterfeit, but good enough to fool unsuspecting bank tellers.


For Buyers and Sellers...
Where to Turn for Help
If you have problems during a transaction, try to work them out directly with the seller, buyer, or site operator. If that doesn’t work, file a complaint with:
the attorney general’s office in your state.
your county or state consumer protection agency. Check the blue pages of the phone book under county and state government.
the Better Business Bureau.
the Federal Trade Commission. File a complaint online at ftc.gov.
The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit http://www.ftc.gov/ or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.