The federal Controlling the Assault of Non-Solicited Pornography and Marketing Act (“CAN-SPAM Act”) that went into effect on January 1, 2004 was intended to combat the onslaught of annoying, unsolicited emails sent by spammers, including sexually explicit email materials. This law is why we have seen legitimate businesses identifying their solicitation emails and providing an unsubscribe or opt-out option. BUT the observable benefits don’t stop here anymore? In a fortunate turn of events, this law is being used to combat those pesky privacy shields that allow spammers to hide behind private registrations.
Let me give a little background on privacy or proxy domain registrations.Domain privacy is a service offered by a number of domain name registrars. A user buys privacy from the company, who in turn replaces the user’s info in the WHOIS with the info of a forwarding service (for email and sometimes postal mail, done by a proxy server) such as “Domains by Proxy, Inc.” or eNom‘s “ID Protect”.
It is often advertised as a means to protect users from spammers but has actually become a tool for spammers because it allows them to act behind of cloak of anonymity. Although, these registrars collect personal information the information is often not helpful. Spammers either provide inaccurate information or these registrars are very protective of the information because of their intended purpose therefore, access to this information is often an insurmountable hurdle.
The Emerging Standard
A recent ruling by the United States District Court for the District of Utah is the second of two decision pointing towards a nationwide shift in the interpretation of the CAN-SPAM Act. The Court ruled that where an unsolicited marketing email message contains a generic proxy registration name (where the registrant’s true identifying information is “cloaked”), such email violates the CAN-SPAM Act and subjects the sender to statutory penalties. In fact, the Court determined that proxy registrations may violate two provisions of the CAN-SPAM Act. The Court relied on a California State court ruling concerning a substantially similar set of facts as persuasive authority in reaching its decision.
Utah based ISP, ZooBuh, got fed up after after receiving nearly 15,000 spam messages from marketing firm Better Broadcasting over an eight month period. Better Broadcasting ignored their complaints, so they filed a CAN-SPAM complaint against them in Zoobuh v. Better Broadcasting et al, and won.
The Court concluded that emails from a privacy-protected domain name such that the recipient cannot identify the sender from the “from” name or publicly available WHOIS information is a violation of 15 U.S.C. § 7704(a)(1)(C). Additionally, this kind of cloak violate Section 7704(a)(1)(A) of the CAN-SPAM Act because “even header information that is technically accurate violates the CAN-SPAM Act when the email ‘includes an originating electronic mail address, domain name, or Internet Protocol address the access to which for purposes of initiating the message was obtained by means of false or fraudulent pretenses or representations.” The Court noted that, when a party registers a domain with an ICANN-compliant registrar, the domain registration agreement itself prohibits the use of the registered domain to send unsolicited commercial email. Therefore, if a marketer intends to use the domain for “prohibited purposes”, the marketer will have obtained the URL under false pretenses and any email that is eventually sent through the use of such URL will be in violation of the CAN-SPAM Act.
Under the CAN-SPAM Act, a successful plaintiff may recover monetary damages equal to the actual losses suffered or statutory damages of $100 per header violation, whichever is greater. In addition, a court may award triple damages where a marketer uses an automated process to create proxy registered email addresses. As far as collecting damages, the best plaintiff for this kind of claim is continually and aggressively being spammed. However, as more of these cases pop up it ill deter this kind of spam assault.
This does raise a privacy concern. Although malicious actors and spammers should not be able to hide behind proxy registrations, we need to be careful not to let a proxy become an indicator of legality. We all have a right to privacy online. Freedom of speech is an important consideration. Should you need to complete identify yourself to express your opinion?
Businesses need to be mindful of CAN-SPAM requirements, because CAN-SPAM also applies to legitimate businesses that communicate or advertise via email. Because CAN-SPAM’s requirements can be easy to overlook in day-to-day activities, businesses should take the time periodically to ensure their compliance with the CAN-SPAM law, especially since violations of the law can result in both civil and criminal sanctions.
Highlights of the National CAN-SPAM Act Standards:
Businesses that send promotional email to existing or potential customers must understand the applicability, requirements, and prohibitions of CAN-SPAM. CAN-SPAM requires all unsolicited commercial email messages to be labeled, to include opt-out instructions and the sender’s postal address, and prohibits the use of deceptive subject lines and false headers. Specifically:
Commercial email must be labeled as such and include opt-out information.
Businesses/Senders are prohibited from continuing to send commercial email to recipients who have asked not to receive it after a 10-day grace period.
False header information and deceptive subject lines are prohibited.
Automated email address harvesting and automated spam attacks are restricted.
Using other people’s computers or email accounts to send commercial email is prohibited.
Enforcement powers to the FTC
So what do you think about this new tool to fight spammers?