Legal Definitions - CAN-SPAM Act of 2003: Businesses Promoted by Spammers

The CAN-SPAM Act of 2003, which stands for Controlling the Assault of Non-Solicited Pornography And Marketing Act, is a federal law that sets rules for commercial email and gives recipients the right to have businesses stop emailing them. It also outlines penalties for violations.

Specifically, regarding businesses promoted by spammers, the CAN-SPAM Act holds companies accountable in two primary ways, even if they aren't the ones directly sending the spam emails:

• Knowingly Benefiting from Deceptive Spam: A business can face legal action from the Federal Trade Commission (FTC) if it knowingly benefits from emails sent by others that contain false or misleading information in their headers (like the "From," "To," or routing information). This means if a company is aware that deceptive spam is promoting its products or services and allows it to continue, it can be held responsible.

• Hiring or Arranging for Spam Transmission: The Act also applies to businesses that hire or arrange for others to send commercial emails on their behalf, and those emails turn out to be spam. If a company "procures the origination or transmission" of a spam message, it is considered responsible, just as if it had sent the email itself.

In essence, the law ensures that businesses cannot escape liability by outsourcing their email marketing to third parties who engage in spamming, nor can they turn a blind eye to unsolicited, deceptive emails that drive traffic or sales to their operations.

Here are some examples illustrating how businesses can be held liable under these provisions:

• Example 1: Unsolicited Promotion of a New App

  A startup launches a new mobile application. Shortly after, the app's download numbers skyrocket, and the company's customer service team starts receiving inquiries referencing unusual, aggressive email promotions. The company investigates and discovers a large-scale spam campaign promoting their app using fake sender addresses and misleading claims about exclusive features. Even though the startup didn't initiate these emails, if its executives become aware of the deceptive campaign and choose to do nothing, continuing to profit from the increased downloads, they could be found liable for knowingly benefiting from spam.

  Explanation: This example illustrates the "knowingly benefiting" aspect. The startup did not send the spam, but by being aware of the deceptive emails and allowing the benefits (increased downloads) to continue without intervention, they could be held accountable.

• Example 2: Outsourced Lead Generation for Financial Services

  A financial advisory firm hires a third-party lead generation company to find new clients. The lead generation company sends out millions of emails promoting the advisory firm's services. These emails use deceptive subject lines like "Urgent: Your Account Needs Attention" and contain pre-checked boxes implying the recipient has opted in, even if they haven't. The financial advisory firm, by contracting and paying for these services, "procured the origination or transmission" of these spam messages, making them liable under the CAN-SPAM Act, even if they claim ignorance of the lead generation company's specific tactics.

  Explanation: This scenario demonstrates liability for "hiring or arranging for spam transmission." The financial advisory firm is responsible because they engaged a third party to send emails on their behalf, and those emails violated the Act.

• Example 3: Affiliate Marketing with Deceptive Practices

  An online retailer runs an affiliate marketing program where various individuals and small businesses earn commissions for promoting the retailer's products. One affiliate begins sending out mass emails with highly exaggerated product claims and "from" addresses that impersonate well-known consumer advocacy groups. The retailer's internal monitoring system flags a sudden surge in traffic from this affiliate, along with a rise in customer complaints about deceptive emails. If the retailer fails to take action against the affiliate, such as terminating their contract or reporting the activity, they could be seen as knowingly benefiting from the deceptive spam and face penalties.

  Explanation: This example combines both aspects. The retailer "procured" the affiliate's marketing efforts, and by becoming aware of the deceptive practices and not acting, they are also "knowingly benefiting" from the spam.