Computer and Internet Law

On July 22, 2008, Robert Soloway was sentenced to 47 months in federal prison for violation of the federal CAN-SPAM Act of 2003. [Article] This sentence follows two civil judgments in 2005 against Mr. Soloway related to the sending of spam mail – one in favor of Microsoft for over $7 million dollars, and a second in favor of an Oklahoma internet service provider for over $10 million. [Article]

Mr. Soloway is not the first person to fall afoul to the CAN-SPAM Act, nor will he be the last. Since the CAN-SPAM Act may serve as a basis for both civil and criminal liability, it is important that all business owners advertising via e-mail, either directly or through an ‘affiliate’ program or third-party advertiser, understand its provisions.

The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003, 15 U.S.C. § 7701 et seq.) restricts, but does not prohibit, the sending of unsolicited commercial electronic mail messages. A commercial electronic mail message is defined as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” (15 U.S.C. § 7702.) Unsolicited commercial electronic mail messages must comply with certain requirements, including, but not limited to: accurate e-mail header information; non-deceptive subject lines; clear and conspicuous identification of the e-mail as an advertisement or solicitation, or as containing adult materials, if appropriate; provision of a valid unsubscribe or opt-out mechanism; and the inclusion of the sender’s postal address. (15 U.S.C. § 7704.) Furthermore, the sender must comply with opt-out requests within a certain short period of time.

It is also important to note that the CAN-SPAM Act does not only apply to the e-mail sender. Instead, a person or business whose products are being promoted by the e-mails may also be liable under the CAN-SPAM Act if the person or business: knew, or should have known, that the products were being promoted in the e-mails; received, or expected to receive, an economic benefit from the promotion; and took no reasonable action to prevent the transmission, or detect the transmission and report it to the FTC. (15 U.S.C. § 7705.)

Finally, while the CAN-SPAM Act expressly supersedes many state laws that regulate commercial e-mail messages (see 15 U.S.C. § 7707), it permits states to maintain laws governing false or deceptive commercial e-mail messages, laws not specific to e-mail, and laws related to fraud and computer crime. Furthermore, other states have enacted statutes to protect the privacy rights of children, Internet users, etc.

[Note: The FTC occasionally updates the CAN-SPAM Act. Its most recent update (16 C.F.R. § 316, effective July 7, 2008) supplements several definitions and clarifies some ambiguities - and perhaps most importantly, bars an e-mail sender from imposing opt-out fees, and limits the number of steps that the recipient must undertake in order to opt out of future e-mails.]