Legal Definitions - CAN-SPAM Act of 2003: Preemption

The CAN-SPAM Act of 2003, which stands for the Controlling the Assault of Non-Solicited Pornography And Marketing Act, is a federal law that sets rules for commercial email. When we discuss CAN-SPAM Act Preemption, we are referring to how this federal law interacts with and sometimes overrides similar laws passed by individual states.

In the United States, both federal and state governments can pass laws. However, when a federal law addresses a specific area, it can sometimes "preempt" or take precedence over state laws that cover the same ground. This is based on the Supremacy Clause of the U.S. Constitution, which establishes federal laws as supreme when there is a conflict.

The CAN-SPAM Act specifically outlines which types of state laws it preempts and which it does not:

• What is generally preempted: The Act typically overrides any state law that *specifically regulates the sending of commercial email*. If a state attempts to create its own unique rules for how commercial emails must be sent, those state rules are likely to be superseded by the federal CAN-SPAM Act.
• What is NOT preempted: There are important exceptions where state laws can still apply:
  • Fraud and Deception: State laws that prohibit *fraudulent or deceptive practices* within commercial email messages or their attachments are *not* preempted. States can still enforce laws against scams or misleading information in emails.
  • General State Laws: State laws that are not specifically about commercial email, but apply more broadly (e.g., general consumer protection laws, computer crime laws), are *not* preempted. These laws can still apply to commercial email activities alongside other types of communication.
  • Internet Service Provider (ISP) Actions: Policies and procedures used by internet access service providers (like your internet company) to block unwanted spam are *protected* from preemption. This means ISPs can continue to implement their own measures to filter spam without being challenged under the CAN-SPAM Act.

Examples of CAN-SPAM Act Preemption:

• Example 1: State Law Overridden by CAN-SPAM

  Imagine a scenario where State A passes a law requiring all commercial emails sent to its residents to include a specific, unique 10-digit registration code in the subject line, in addition to the "ADV" tag or other disclosures already required by the federal CAN-SPAM Act. A company sending commercial emails to State A residents might argue that this state requirement is too burdensome and conflicts with the federal law.

  How it illustrates preemption: This state law would likely be preempted. The CAN-SPAM Act already sets federal standards for commercial email content and identification. State A's requirement for an additional, specific code directly regulates commercial email in a way that goes beyond the federal standard. In such a conflict, the federal law would take precedence, rendering the state's additional requirement unenforceable.

• Example 2: State Law Against Deception is NOT Overridden

  Consider State B, which has a long-standing consumer protection law making it illegal to use a misleading subject line in *any* advertisement, including emails, if that subject line falsely promises a prize or a significant discount to trick recipients into opening the message. A company sends an email with the subject line "You've Won $1,000,000!" when no such prize exists, and State B attempts to prosecute under its consumer protection law.

  How it illustrates preemption: This state law would *not* be preempted. While it applies to commercial email, its core purpose is to prevent fraud and deception (falsely promising a prize or discount). The CAN-SPAM Act specifically allows state laws targeting fraud or deception in commercial emails to remain in effect. Therefore, State B can enforce its law against the deceptive subject line, even though CAN-SPAM also addresses misleading headers.

• Example 3: ISP Spam-Blocking Policy is NOT Overridden

  A major internet service provider (ISP) implements a new, sophisticated spam filter that automatically blocks emails from senders who have a history of sending unsolicited commercial messages that violate the ISP's terms of service, even if those messages technically comply with some aspects of CAN-SPAM. A marketing company whose emails are blocked attempts to sue the ISP, claiming the blocking policy is preempted by the CAN-SPAM Act and unfairly restricts their ability to send commercial emails.

  How it illustrates preemption: The ISP's policy would *not* be preempted. The CAN-SPAM Act explicitly protects the ability of internet access service providers to implement their own policies and procedures to block spam. This exception allows ISPs to manage their networks and protect their users from unwanted emails, even if their blocking criteria are stricter than the federal law's minimum requirements.