What is the CAN-SPAM Act?
In 2003, Congress enacted the Controlling the Assault of Non-Solicited Pornography and Marketing ("CAN-SPAM") Act to set a national standard for the regulation of spam email. See 15 U.S.C. § 7701(a)(11); S. Rep. No. 108-102 (2003), at 21-22. Among other things, the CAN-SPAM Act of 2003 prohibits the inclusion of deceptive or misleading information and subject headings, requires identifying information such as a return address in email messages, and prohibits sending emails to a recipient after an explicit response that the recipient does not want to continue receiving messages (i.e. an "opt-out"). See 15 U.S.C. § 7704(a); CAN-SPAM Act of 2003: Core Requirements.
The Act also "preempts" (supersedes) state laws that regulate the sending of commercial email. See 15 U.S.C. § 7707(b)(1); CAN-SPAM Act of 2003: Preemption. The Act provides, however, that state laws prohibiting fraud or deception in the content of email or email attachments won't be preempted. See 15 U.S.C. § 7707(b)(1). Principles of federalism applied to the interpretation of this section of the Act will also protect some state laws from being preempted. The question as to what specific state laws are preempted, and to what extent they are preempted, is one that will ultimately be worked out in the courts. See, e.g., Gordon v. Virtumundo, 575 F.3d 1040, 1058-64 (9th Cir. 2009); Omega World Travel v. Mummagraphics, 469 F.3d 348, 352-56 (4th Cir. 2006).