|< Day Day Up >|| |
You have seen what the CAN-SPAM Act entails, how it functions, and what legal repercussions can come from it, but what would constitute a CAN-SPAM-compliant e-mail? What is required to send spam while staying within legal boundaries? Is it even possible?
A recent study by MX Logic Inc. (www.mxlogic.com/news_events/6_09_04.html), a provider of e-mail filtering solutions, found that of all analyzed spam for the month of July 2004, only 0.54 percent was compliant with the CAN-SPAM Act, leaving many companies open to lawsuit or even jail time. Many organizations offer legitimate opt-in lists such as news and update services that subscribers legally choose to accept. Such e-mails, if they failed to meet the requirements of the CAN-SPAM Act, would be considered illegal to send, making the sending company liable for $250 per e-mail it distributes. Becoming CAN-SPAM compliant is not that hard, and if you run a legitimate mailing list or are looking at trying to avoid a legal dispute over spam, it is probably a good idea to try to come up to scratch or at least be aware of what the law requires.
The following are the guidelines of the CAN-SPAM Act, paraphrased in an easy-to-follow format. If you obey all these regulations, your e-mail will break no laws when it enters or departs U.S. soil:
Honest e-mail headers Make sure that every piece of information in the e-mail headers is accurate, factual, and contains no dishonest information. This is a pivotal part of compliance, since failure to comply with this rule will mean the difference between a fine and possible jail time.
Include a working opt-out link Provide a working link for the recipient to voice their desire to no longer be included on your e-mail distribution list, and honor their request to be removed. The opt-out function must be valid and working for 10 days after the e-mail was originally sent. Once an opt-out request as been made, remove the recipient’s e-mail address as promptly as possible. To be legally compliant, you must remove the e-mail address within 10 days of being asked to.
Include a legitimate physical business address As an alternative contact method to e-mail, a legitimate postal address must be supplied in every message sent. This postal address must be checked regularly, and any request for removal must be honored within 10 days of receiving the request.
Clearly indicate that the e-mail is an advertisement Clearly identify that the e-mail is trying to sell a product, either with an obvious picture or text saying what the product is. Be clear and do not try to mislead the reader about the content or nature of the product.
Mark sexually explicit material If the body of your message contains any sexually explicit content, weather pictures or textual content, you must clearly identify it as sexually explicit by prefixing the subject with Sexually Explicit or adding your own equally noticeable subject tag, such as Adult Content.
Do not send mail to harvested e-mail addresses Send mail to only those who have explicitly given you permission for you to send them e-mail, via a previous oral or written agreement. Do not send marketing information to accounts at random. Find a way to make recipients sign up for your newsletter.
Do not use harvesting methods to collect e-mail addresses Do not use any harvesting methods to collect valid e-mail addresses; this includes newsgroups, Web sites, DNS information, IRC, and previously sent e-mails. Using such methods warrants an aggravated breach of law and can incur jail time or highly extensive fines.
Do not send e-mail through any computer that did not give you permission to do so Do not send spam though any open proxy, compromised machine, compromised router, or insecure mail relay. It is tempting to use such methods to send spam, but don’t. This is another factor that will aggravate possible charges. Instead of proxy servers, send mail directly from legitimate hosts, use spam-friendly networks, or buy your own IP space—just don’t use another party’s resources. Complying with this rule could mean the difference between a fine and jail time.
Do not sell or transfer e-mail addresses of recipients to other parties If a recipient gives you direct consent to send them e-mail, that consent is only valid for you or your company; you are prohibited from selling or distributing their contact details to any other party or individual. If another company buys out your company and you need to transfer the mailing list to the new parent company, you need to inform all the recipients on your mailing list that their e-mail address is being transferred to the new company name. At the same time, you need to present recipients with a method of opting out of receiving further communications from the new company.
The trick to CAN-SPAM is to think creatively. Our previous example of the sexually explicit content is a good example. If you think within the boundaries of the act, you can work very efficiently while still remaining fully legal.
I know a few spammers who are fully CAN-SPAM compliant with the spam they send. Mail recipients actively opt in to receive the mailed information; all mail originates from authorized, legitimate, offshore mail servers; and each mail message is very clear in its presentation and contains no misleading or deviant information.
Without a doubt, being legally compliant offers much-reduced financial returns compared with directly breaking the rules outlined in the CAN-SPAM Act. Spam containing filter evasion techniques, sent through rogue proxy servers, will guarantee a better delivery result than spam that is compliant with the act, but financial gain has to be put aside for once. After all, what use is millions of dollars if you’re in jail?
With this in mind, what does a CAN-SPAM-compliant message look like? After much searching, I have managed to find one compliant e-mail in my in-box; it is shown in Figure 10.2.
Figure 10.2: A Fully Compliant Message
Each highlighted section of Figure 10.2 shows elements of the CAN-SPAM Act. This e-mail is legitimate and in no way attempts to mislead or confuse the reader in its body.
To start with, the e-mail clearly states that it originated from crab-cakes.net. Mail headers confirm this and prove that the e-mail originated from a legitimate host, one that is willing to identify itself and be held accountable for the mail it sends. The message subject is truthful; although it does not clearly identify the message as an advertisement, it also does not attempt to hide or obfuscate the message intent. The message body does not contain any illegal, illicit, or offensive content and offers a method for the recipient to unsubscribe if desired. It also does not contain any content that could be used to mislead or evade a spam filter. Additionally, this spam contains a legitimate postal address, allowing anyone to send the spammer postal mail if they want to contact the sender via mail. Although I did not request, accept, or give permission to accept this mailing, the body of the spam is legal, and lawyers would find very little wrong with it. It even sells coffee paraphernalia—a bonus for any spam message.
|< Day Day Up >|| |