Sending Spam Email Is Illegal in the United States
The fines and penaties under the CAN-SPAM Act of 2003
Most people hate getting spam emails, and the CAN-SPAM Act of 2003 is designed to protect consumers from unwanted emails. Enacted into law in December 2003, CAN-Spam stands for "Controlling the Assault of Non-Solicited Pornography and Marketing." After soliciting public comment on CAN-SPAM starting in 2017, the Federal Trade Commission (FTC) voted unanimously in February 2019 to retain the rules and regulations associated with the law.
Spammers harvest information and use it either for their own marketing campaigns or to sell or trade the data they collect. Many people either ignore spam emails or have them filtered into spam folders where they eventually get deleted. This is easier than reporting the emails, which means many spammers who violate the CAN-SPAM Act do so without penalty. However, when violations are serious enough to generate complaints, spammers can face both criminal and civil penalties.
Fines for Violating Commercial Email Laws
The FTC is in charge of enforcing laws under the CAN-SPAM Act and has the authority to levy fines against business owners. For each and every violation of the act, a business or person engaging in commercial emails can be fined up to $11,000. The FTC specifically states that additional fines may be levied on commercial emailers for violating any of the following illegal acts:
- Harvesting email addresses from websites or web services that have published a notice prohibiting the transfer of email addresses for the purpose of sending email
- Generating email addresses using a "dictionary attack"—combining names, letters, or numbers into multiple permutations
- Using scripts or other automated ways to register for multiple email or user accounts to send commercial email
- Relaying emails through a computer or network without permission—for example, by taking advantage of open relays or open proxies without authorization.
Criminal Penalties for Violating Commercial Email Laws
The Department of Justice (DOJ) has been granted the authority to enforce criminal sanctions against commercial emailers. Criminal penalties include imprisonment of those who violate or conspire to violate, any of the following aspects of the law:
- Using another computer without authorization and sending commercial email from or through it
- Using a computer to relay or retransmit multiple commercial email messages to deceive or mislead recipients or an Internet access service about the origin of the message
- Falsifying header information in multiple email messages and initiating the transmission of such messages
- Registering for multiple email accounts or domain names using information that falsifies the identity of the actual registrant
- Falsely representing themselves as owners of multiple Internet Protocol addresses that are used to send commercial email messages.
There are other punishable regulations for commercial emailers under the CAN-SPAM Act, including:
- Assisting another person or business, or having another person or entity send unsolicited commercial email to any address where the recipient has requested no more contact from you.
- Selling, trading, transferring, or offering for any purpose, email addresses of any recipients who have opted out, or requested that they are removed from your email list.