CAN-SPAM Act of 2003: Problematic Spamming Techniques

can-spam_act_Problematic Spamming Techniques

Section 5(b) of the CAN-SPAM Act of 2003 addresses certain techniques used by spammers that were identified by Congress in 2003 as being particularly problematic, subjecting individuals who use these techniques to enhanced legal penalties.  See 15 U.S.C. § 7704(b).  The problematic techniques prohibited by the Act are:

1) "Address Harvesting";

2) "Dictionary Attacks";

3) Automated creation of multiple email accounts for the purpose of sending spam; and

4) Obtaining unauthorized access to ("hijacking") another computer and using that computer to send spam emails that violate the core requirements of the Act.

The Senate Commerce Committee Report provides further specification of these problematic techniques.  According to the Report:

"Address Harvesting" comprises the activity of obtaining email addresses for the purpose of sending spam by "using an automatic address gathering program or process from a website or proprietary online service that has a policy of not sharing its users' e-mails"; and

"Dictionary Attacks" occur when "a spammer sends messages to a succession of automatically generated e-mail addresses (such as asmith@isp.com, bsmith@isp.com, csmith@isp.com) in the expectation that some of them will turn out to be the addresses of real people".

S. Rep. No. 108-102 (2003), at 18.

Section 5(c)(2) of the CAN-SPAM Act of 2003 gives the Federal Trade Commission ("FTC") authority to specify additional problematic spamming techniques pursuant to its rulemaking powers provided under Section 13 of the Act.  See 15 U.S.C. §§ 7704(c), 7711.