As a company whose mission is to help our clients maintain compliance with various laws and regulations (like CAN-SPAM), we always want to provide useful information around guidelines and rules regarding email and SMS marketing. With that in mind, we are kicking off a series of blog posts that take a deeper dive into various aspects of those rules, trying to make them a bit easier to understand. So, we thought we would start the series by looking at various facets of The CAN-SPAM Act of 2003. You can also read our overview of the law to get a broader view of the primary law regulating commercial email in the United States.
For this article, we’re going to focus on one of the key facets of CAN-SPAM, which discusses email header information.
What does The CAN-SPAM Act say?
15 U.S.C. Sec. 7702. Definitions
(8) Header information
The term “header information” means the source, destination, and routing information attached to an electronic mail message, including the originating domain name and originating electronic mail address, and any other information that appears in the line identifying, or purporting to identify, a person initiating the message.
15 U.S.C. Sec. 7704. Other protections for users of commercial electronic mail
(a) Requirements for transmission of messages
(1) Prohibition of false or misleading transmission information
It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message, or a transactional or relationship message, that contains, or is accompanied by, header information that is materially false or materially misleading. For purposes of this paragraph—
(A) header information that is technically accurate but includes an originating electronic mail address, domain name, or Internet Protocol address the access to which for purposes of initiating the message was obtained by means of false or fraudulent pretenses or representations shall be considered materially misleading;
(B) a “from” line (the line identifying or purporting to identify a person initiating the message) that accurately identifies any person who initiated the message shall not be considered materially false or materially misleading; and
(C) header information shall be considered materially misleading if it fails to identify accurately a protected computer used to initiate the message because the person initiating the message knowingly uses another protected computer to relay or retransmit the message for purposes of disguising its origin.
15 U.S.C. Sec. 7704. a 1
“Materially” includes “the alteration or concealment of header information in a manner that would impair the ability of an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation, or the ability of a recipient of the message to respond to a person who initiated the electronic message.”
As with any law, the CAN-SPAM Act is written in legal language, which can be difficult for non-lawyers to decipher. Fortunately the FTC provides a useful guide for businesses to better understand what the law requires, by explaining it in more general terms. The guide provides an overview on CAN-SPAM and then breaks out seven key requirements. The first on the list involves header information.
From the FTC’s CAN-SPAM Act: A Compliance Guide for Business
- Don’t use false or misleading header information. Your “From,” “To,” “Reply-to” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.
What exactly are Email Headers?
Email headers contain tracking information for each individual email, detailing the path the message took as it went through various mail servers on its way to the recipient’s inbox. The header contains timestamps, IP addresses, and sender/recipient information. Basically, an email header provides information on an email’s sender (From:) and the email address it was sent to (To:) and when the email was sent (time and date). The header may also include other information that is added by various email service providers (ESPs) as they process the email (including a Received: tag). This header information is then used by ESPs to determine how to process and deliver (or not deliver) an email to the recipient’s inbox.
This part of CAN-SPAM is focused on ensuring that header information is not altered or used in such a way as to deceive or mislead as to the origin of the email. This helps ensure that ESPs and other technology within the email sending and delivery system can process each email appropriately and that recipients (or other parties) can determine where an email originated (the person or business that sent it).
The Legal Disclaimer
Nothing in this text should be construed as legal advice. We highly recommend that you familiarize yourself with the various information sources regarding CAN-SPAM on the FTC website. Additionally, you may choose to obtain professional legal advice regarding your company’s email compliance efforts, related to CAN-SPAM or other relevant regulations that impact email marketing.