Cloudmark is now part of Proofpoint. Learn More

About Proofpoint

Ten Years of CAN-SPAM

January 1st, 2014 marked the 10th anniversary of the CAN-SPAM Act taking force in the US. This laid down rules for bulk emailing, and provided criminal penalties for breaking them. The act was widely criticized at the time, as it still permitted unsolicited bulk emailing so long as a prior business relationship existed. In fact, some people called it the “You-Can-Spam” Act. However, while far from perfect, it has had a positive effect in reducing US spam.

For the most part, legitimate companies doing email marketing follow the rules of CAN-SPAM. Sadly, there are some who push the limits. There’s one social network that keeps inventing new reasons to email me, no matter how many times I go to their email setting page and uncheck all the boxes. Worse still, only this week I received a promotional email from a travel web site that did not contain an unsubscribe link. Listen [REDACTED], just because I booked a flight through you does not mean you can send me spam and claim it is a transactional email. If you send promotional emails you have to provide an easy way to unsubscribe.

In spite of a few black sheep, the situation in the US is far better than in countries such as Brazil where there is no anti-spam law. There the spammers selling fake Viagra(tm) and phoney diet pills are drowned out by the vast number of emails from supermarkets, big box stores, and other retailers. These are blasted out to random email addresses, with no way for the recipient to unsubscribe. Anti-spam activists in the US used to talk about “mainsleaze spam” to describe this sort of marketing. Nobody seems to use that term any more, as the problem is under control. However, it is by no means solved. More the half the manual spam reports we receive from US users are for mailings that are legal under CAN-SPAM, but which the recipients don’t care to see in their inboxes.

The situation is not so good for the genuinely illegal spam. The main reason you are not seeing as much about Nigerian gold, penis enlargement, and replica Rolex(tm) watches in your inbox is that spam filters have got a lot better since the heyday of spam, which was around the turn of the century. It’s a lot harder to make a living as a spammer if only one or two percent of your messages end up getting delivered, but some still manage, and they are not all beyond the reach of US law. In fact, more than half the spammers listed on Spamhaus.org’s Register Of Know Spam Operations (ROKSO) are based in the US, but CAN-SPAM has not shut them down.

Admittedly, some spammers have served jail time due to CAN-SPAM, and more have been successfully sued for civil damages by companies like AOL and Facebook. However, the CAN-SPAM act only allows law enforcement agencies and internet service providers to sue. There is no private right of action. If I wanted to sue that travel web site that will not let me unsubscribe, the case would be thrown out of court because I do have standing. The problem is that neither law enforcement or the big ISPs have the resources to go after every single spammer. They have tried to make an example of the worst spammers – usually the ones breaking other laws as well – but many of them still operate with no legal sanctions.

Before writing this post, I asked some of my colleagues here at Cloudmark, “If there was one change you could make to CAN-SPAM, what would it be.” The two answers that appeared multiple times were to change from an opt out rule to an opt in rule (that is, commercial email require explicit permission in advance rather than the right to unsubscribe later) and to restore the right for individuals to sue spammers.

The new Canadian anti-spam law, CASL, goes into effect on July 1st. Unlike CAN-SPAM, CASL requires implicit or explicit consent to start sending commercial mail to someone, and the recipient must give explicit consent within two years for the communications to continue. There is also a private right of action against spammers. We’ll be watching with great interest to see how effective this is at reducing spam to our Canadian clients.

Of course, spammers try to hide their identities, but there are some very effective amateur sleuths out there who have tracked many of them down. Imagine if every time a new spam mailing went out, the spammer was bombarded in turn by a barrage of paperwork from small claims court, or a nice juicy class action suit…

Wishing a joyous, prosperous, and spam free New Year to everyone.


Leave a Reply

Your email address will not be published. Required fields are marked

Learn More About Cloudmark
Our Products
News and Events
Site Map  •  Privacy Policy  •  ©2002–2018 Cloudmark, Inc.