Unsolicited e-mail, commonly known as “spam”, has become not only a nuisance, but also a new corporate unwanted expense. According to one survey, spam costs an average corporation more than $2.5 million annually, and is also requiring companies to divert their resources to attempt to combat spam. Congress has recently reacted by enacting the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM Act”), which went into effect on January 1, 2004.

The CAN-SPAM Act provides criminal penalties and fines for anyone who initiates the transmission of multiple commercial e-mails through a computer and who does not follow the requirements of the CAN-SPAM Act. The Act does not provide a private cause of action and only allows the states and Internet Service Providers (“ISPs”) to bring actions against abusers of the Act. On March 10, 2004, four such ISPs, America Online, Earthlink, Microsoft, and Yahoo!, filed lawsuits against hundreds of defendants under the Can-Spam Act, charging them with inundating their customers with millions of unsolicited e-mails.

The Act criminalizes senders of commercial e-mails who hide the e-mail’s point of origin (e.g., falsifying the header information). The Act also provides for penalties where the spammer improperly “harvests” e-mail addresses (“harvesting” is a term for the various methods spammers utilize to find the e-mail addresses to whom they send spam; for instance, retrieving e-mail addresses from message boards, web sites, registration pages, AOL profiles, or chat rooms, purchasing mailing lists, extracting an e-mail address from a web browser, or using programs that randomly generate e-mail addresses). Moreover, the Act bars a sender from using a misleading or false “re” line that does not correspond with the content of the message, as well as suggesting penalties for those whose e-mail messages contain false or misleading information.

However, the CAN-SPAM Act also imposes requirements on businesses who send out authorized and legitimate e-mails, such as electronic newsletters to their clients or other mass e-mail correspondence related in any way to generating commercial activity, broadly defined by the CAN-SPAM Act as “the preliminary purpose of which is the commercial advertisement or promotion of a commercial product or service.” Specifically, any such correspondence under the Act now requires that the sender display a valid physical postal address in the e-mail message. The e-mail correspondence must also include specific directions in the message that explain how a recipient can opt out of future e-mail correspondence. Once a recipient has opted out, the sender must not send any further e-mails to that recipient 10 days after that recipient has opted out, and cannot sell, transfer, or otherwise release the sender’s e-mail address at any time. In addition, all commercial e-mail under the Act must now contain a conspicuous statement that the e-mail is an advertisement or solicitation. The Act does not provide any specific guidance on where such information should be presented, except that both the identification of the e-mail as an advertisement or solicitation and the opt out provisions should be clear and conspicuous.

Although the CAN-SPAM Act may provide some relief to the internet user by reducing the amount of spam and by providing a realistic mechanism to opt out from future unsolicited e-mails, it has also imposed new requirements and responsibilities on companies. It is prudent, therefore, that any mass electronic communication related to generating commercial activity be reviewed to ensure compliance with the new CAN-SPAM Act of 2003.