If you spend any amount of time online, you may receive a lot of spam emails. Americans already send or receive about 126 emails per day, according to a recent Radicati report. Most people don’t like sifting through a never-ending flood of messages, but spam email is more than an annoyance. “Cybercriminals can use spam emails for phishing attacks,” said Attila Tomaschek, a digital privacy expert at ProPrivacy.
While fighting spam email may seem impossible, the U.S. government has taken steps to try and protect consumers. Congress set guidelines for commercial emails with the CAN-SPAM Act of 2003. The law covers consumers' rights—including how to stop spam emails and the steep penalties for violations. These are the key details about the CAN-SPAM Act you should know.
What is the CAN-SPAM Act?
The CAN-SPAM Act is the national standard for all commercial email. The law created a specific set of requirements for businesses that send marketing emails. While the law doesn’t ban spam email outright, Tomaschek said the law makes it easier for consumers to try and avoid it.
The law fights deception by making it simpler for consumers to spot marketing emails. It also makes it quicker for someone to opt out of ongoing email marketing campaigns. The Federal Trade Commission (FTC) is in charge of enforcing these rules and provides resources to educate businesses and the general public.
Why was the CAN-SPAM Act created?
The purpose of the CAN-SPAM Act is to protect consumers from spam emails. Congress members enacted the law in 2003 to address what they believed to be an abuse of commercial electronic communications.
Congress recognized the importance of email, stating that millions of Americans were using it. They also uncovered the growing threat of “unsolicited commercial electronic mail.” They estimated spam was half of all email traffic—which grew from only 7% in 2001. Most of these messages were “fraudulent” or “deceptive,” according to their findings.
There were several reasons why Congress believed spam email was a problem, such as the cost of storing unwanted emails, unsolicited emails of vulgar or pornographic content, and the concern spam may reduce the reliability of email altogether.
Congress believed many businesses were trying to disguise the origin of spam emails, which often had misleading subject lines and were difficult for consumers to opt out. While many states had their own rules for dealing with spam emails, Congress concluded the efforts weren’t enough.
To make matters worse, spam emails may contain links to phishing websites or contain other malware. Tomaschek said usually the goal is to gain access to sensitive data, like online logins, from unsuspecting victims.
What does the CAN-SPAM Act cover?
Whether you’re running a business or trying to protect your family, it’s important to know the law. If a business sends commercial emails, it must follow these requirements per the CAN-SPAM Act.
1. Consumers must know who sent the email. It’s against the law to mislead consumers. They must know which company sent the email. The “to” field, your email address and the originating domain must be clear.
2. Don’t try to trick consumers with the subject line. The subject line must be accurate and reflect the body of the email message.
3. Always disclose advertisements. If the email is a paid advertisement, it must be obvious to the consumer.
4. Companies must share their physical location. All emails must include a valid U.S. address, post office box or private mailbox for commercial mail.
5. Make it clear how consumers can opt out. There must be a clear, easy way for consumers to opt out of future emails.
6. Allow consumers to opt out immediately. If a consumer wants to opt out of future emails, companies must remove them from the list promptly—within 10 days.
7. Monitor third-party companies that handle your email. Companies are responsible for third-party email service providers. Both companies may be liable for future complaints.
Sending a few marketing emails may seem innocent enough, but ignoring the CAN-SPAM Act may be costly. The penalty for companies that break the law may be up to $42,530 per email. “Although the law cannot completely prevent spam emails, it works in ways that can significantly limit spam,” Tomaschek said.
How can I protect myself from spam?
While the CAN-SPAM Act may have added some basic protections, you still need to be proactive when it comes to spam emails. Consider these expert tips for keeping your family safe.
- Never click on links or download attachments from suspicious, unsolicited emails. “Links often lead to phishing websites, and attached files may contain malware,” Tomaschek said.
- Be careful where you share your email address. Try to avoid sharing your email address on social media, public online forums or other websites.
- Don’t reply to spam emails. Tomaschek said responding to spam confirms your email is active and monitored. Replying only increases the likelihood that your email will continue to be a target for scammers.
- Investigate the sender. If you receive an email that looks suspicious, you can potentially learn more about the sender’s identity with our reverse email lookup tool.