CAN-SPAM Act: Non-compliance is a crime… and overzealous ISPs may refuse to deliver legally compliant email messages
On May 31, 2007, the BBC reported “U.S. Arrests Internet spam king” Robert Soloway. (A copy of the Article can be found at: http://news.bbc.co.uk/2/hi/technology/6707333.stm).
Mr. Soloway is accused of being “responsible for tens of millions of unsolicited e-mails promoting his own company between November 2003 and May 2007” in violation of the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003.
The CAN-SPAM Act is codified under 15 U.S.C. § 7701-7713. Contrary to the belief of many, the CAN-SPAM Act does not prohibit sending spam emails. Instead, it imposes certain requirements. These mandatory requirements include, inter alia, the use of accurate email subject lines and transmission information, opt-out procedures where recipients can elect not to receive additional emails fom the sender, mandatory timeframes for the removal of users who elect to opt-out, and a prohibition of improper email harvesting.
But, what happens when a sender complies with all the requirements of CAN-SPAM? Can an ISP still refuse to deliver compliant email messages to the intended recipients?
In White Buffalo Ventures, LLC v. University of Texas, 420 F.3d 366 (5th Cir. 2005), the Plaintiff, White Buffalo, was an online dating service operating several online dating websites, including one that targeted students of the University of Texas (UT). White Buffalo obtained the "non-confidential, non-exempt email addresses" held by UT through a Public Information Act request.
White Buffalo used these email addresses to send CAN-SPAN compliant commercial emails to members of the UT community. UT issued a cease and desist letter but White Buffalo refused to comply. As a result, UT blocked all emails originating from White Buffalo’s IP address.
White Buffalo sued UT, arguing that the First Amendment and the CAN-SPAM Act precluded UT’s actions. The Court disagreed and held that the CAN-SPAM Act does not prevent Internet Service Providers (ISPs), in this case UT, from filtering CAN-SPAM compliant commercial emails.
The lesson to senders of commercial email: Non-compliance with CAN-SPAM will probably result in criminal prosecution, but compliance does not guarantee that an overzealous ISP will deliver the legally compliant emails to its intended recipients.