S.877 CAN-SPAM Act of 2003 (Enrolled as Agreed to or Passed by Both House and Senate) This Act may be cited as the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 ", or the CAN -SPAM Act of 2003 .
The Federal Law, which went into effect on January 1, 2004, creating a single national standard to regulate commercial e-mail, will preempt all existing state statutes on the regulation of spam, and will authorize the Federal Trade Commission (FTC) and the states' attorneys general to enforce its provisions. The Act will not ban spam outright, but rather will create a set of standards that must be followed.

Below you will find suggested guidelines to help you comply with the CANSPAM Act:

Required:

• The inclusion of a legitimate return e-mail and physical postal address for the sender.
• The inclusion of a functioning opt-out mechanism, which must remain active for a minimum of 30 days after sending the emails, with clear and conspicuous notice of the opportunity to opt-out.
• Senders must to honor any such opt-out request within 10 days of the request.
• Clear and conspicuous notice that the message is an advertisement or solicitation in the subject line or content of the email.
• Messages with sexually oriented material to be so clearly identified, and at least "one click away" from the main email.

Prohibited:

• Senders are prohibited from falsifying or disguising their true identity, such as using a misleading "from" address.
• The use of misleading subject lines which masks the true purpose of the email.
• The harvesting of e-mail addresses by either (1) automatic means from an Internet Web site or proprietary online service maintained by a third party that bans this practice; or (2) an automated system that generates possible electronic addresses by combining names, letters and numbers in numerous permutations.
• Knowingly sending false or misleading information.
• The use of "open relays" to send email.

Potential liability:

Potential liability under the Act is quite broad, as the Act implicates not only the individuals actually distributing the spam e-mails, but also extends to companies who procure their services. For instance, if using a "rental list", you will need to be sure it comes from a highly reputable organization. If a company knowingly permits a third-party spammer to act on its behalf, it is subject to prosecution under the Act. Thus, companies or individuals enlisting the services of e-mail distributors had better take care to ensure that e-mails being sent on their behalf by distributors are in compliance with the law.
Critics point out that some spammers live abroad and hence are outside U.S. jurisdiction. But the fact is that many big-time spammers do reside in the United States. Moreover, the bill cannot be evaded by hiring an offshore spammer. A person in the U.S. who hires an offshore spammer to send unlawful e-mails would be fully liable under the bill. Many legitimate businesses currently use opt-out mechanisms that work the vast majority of the time. If a mechanism repeatedly fails to work, it would clearly be thought that a spammer is violating the law.

Violators of the Act can be subject to stiff criminal penalties, which include fines and up to five years in prison. Civil damages can amount to as much as $250 per spam e-mail. Aggravated violations can cause civil damages to be tripled. The Act empowers federal and statute authorities, as well as Internet access providers, to institute civil actions against offenders. The bill applies both to spammers and to those who hire spammers. One of those parties, if not both, is likely to have some real resources.
It is true that state attorneys general are uncomfortable with federal legislation that preempts state laws. But other parties charged with enforcing the bill have been far more positive. In particular, ISPs--whose networks are burdened by spam and who have been on the front lines in the spam battles to date--have expressed strong support for the bill. The FTC has also said the bill should be helpful in its enforcement activities.

The legislation takes an opt-out approach as opposed to an opt-in approach, though this will most likely become a thing of the past with implementation of the "Do-Not-Spam" Registry. The Act calls upon the FTC to develop a national "do not spam" registry comparable to the FTC's well-known "do not call" registry for telemarketers. The FTC has been given six months to submit a comprehensive plan to Congress for implementing the do not spam list. The FTC is to implement the plan three months after review by several congressional delegates.

"Contrary to the opinions of some who think that this law will end legitimate commercial email marketing, the CAN-SPAM Act will help responsible email marketers by making fraudulent and deceptive email practices punishable by fines and jail time," - Matt Blumberg, CEO of Return Path, an email performance management company.

"Under the Can-Spam bill, … spammers--who currently perceive little risk--will suddenly be risking criminal prosecution, Federal Trade Commission enforcement and million-dollar lawsuits by state attorneys general and Internet service providers (ISPs)." - U.S. Senators Ron Wyden (D-Ore.) and Conrad Burns (R-Mont.) co-authored the Can-Spam Act of 2003.

For more specific info on compliance and more, see the spam.org paper on Mailing Lists: Accepted "Good Practices"