What cases exist for CAN-SPAM enforcement?

CAN-SPAM enforcement has produced several notable cases demonstrating regulatory reach. The FTC has pursued spammers sending deceptive commercial emails, companies failing to honor unsubscribe requests, senders using false or misleading header information, and businesses making materially false claims in commercial messages. Penalties in major cases have reached millions of dollars, with some individuals facing criminal prosecution for aggravated violations involving fraud.

Key enforcement themes include: deceptive subject lines (misleading recipients about content or sender identity); harvesting and dictionary attacks (automated collection of email addresses from websites or generation of addresses through algorithmic guessing); failure to identify (not clearly disclosing the message is an advertisement); invalid physical address (not including a valid postal address as required); and unsubscribe violations (not processing opt-outs within 10 business days, charging fees for unsubscription, or requiring additional information beyond email address).

The FTC often coordinates with state attorneys general and ISPs for enforcement. Industry cooperation has been crucial-ISPs provide evidence of spam sources, and coordinated action can shut down major spamming operations. Beyond FTC enforcement, private lawsuits are possible under CAN-SPAM, though standing requirements limit who can sue. Many states have additional anti-spam laws with their own enforcement mechanisms. CAN-SPAM enforcement targets the worst actors-massive spam operations, deliberate deception, and flagrant opt-out violations. Compliance isn't just about avoiding fines; it's about not becoming a regulatory target.