Al Iverson’s Spam Resource: January 2007

Senders: How to avoid false positives

As I often say, listen to as many sources of information as possible, and learn as much as you can from all of them. Don't be afraid to search for a second or third opinion on how to handle a deliverability problem or list management issue.

To that end, it's worth checking out this page. This information from the makers of the popular SpamAssassin spam filter offers valuable insight into how their system works. If you’re a mail sender, it’ll help guide you on how to finesse your legitimate mail, to reduce the likelihood that it'll be incorrectly classified as spam.

I don't agree with every suggestion it makes (many non-spammy senders use open detection that sets off their "web bug" detector, for example), but overall, there's some good info here. Read it, learn from it, and see what easy steps you can take to comply with these guidelines.

About the author, Al Iverson

Helping people deal with spam, list management, and deliverability issues is what I've been doing, first as a hobby, and now as my career, for the past ten years.

Since August, 2006, I've been the spam policy enforcement and deliverability guy for an email service provider located in the midwest. Prior to that, I spent just under six years working for a very large e-commerce service provider as the point person for spam and list management issues across the company's thousands of clients and dozen plus divisions and subsidiaries.

Before that, I worked for the Mail Abuse Prevention System (MAPS), one of the first anti-spam blacklist groups. There I created the MAPS RSS (Relay Spam Stopper) blacklist, to help address the scourge of spam being vectored through open-relaying mail servers. I also handled investigation and listing issues as a member of the RBL (Realtime Blackhole List) team.

Stopping spam is important to me. I do my part by guiding senders on how to send mail without sending spam, and guiding end recipients and system administrators on how to most effectively reduce the amount of spam they have to deal with.

I've been called the "baron of blacklists" for "waxing lyrically" on the topic of blacklists here and over on my other site, DNSBL Resource. There I publish news, information, commentary and reviews on the subject.

Contact me here.

SPEWS Current Status

The SPEWS blacklist seems to have gone AWOL. A lot of people haven't realized this, and still believe they're being impacted by way of being listed on SPEWS. Over on my other site at dnsbl.com, I've posted two new articles that aim to help people dealing with this situation:

How to deliver mail to AOL

Are you having problems delivering mail to AOL? Does it sound to you like AOL's engaged in extortion and racketeering? If so, it's time to do a bit of learning and a bit of listening. Like it or not, I suspect that you probably don't know a ton about how the email infrastructure of the Internet actually works, and you're quite possibly listening to the opinions of other folks who are similarly inexperienced in this realm. Instead of debating myths and questionable opinions on how AOL is party to some secret conspiracy to make you pay to deliver your mail, lets talk facts about what causes AOL delivery problems and how to fix them. I know what I'm talking about. I actively deal with this kind of stuff every day. Read on and I’ll set the record straight.

There are three primary things that cause delivery issues when sending mail to AOL:

You're not whitelisted,
Your bounce handling is broken, or you're not looking at bounces; or
You're generating too many complaints or too many bounces.

Allow me to break them down below. This is a bit quick and high level, but hey, that's the kind of advice you're going to get for free from some random guy on some random website.

You're not whitelisted. Fix that! Go here. Read it. Agree to the terms. Fill out the form. Work through this simple process and AOL will respond with a yay or nay. If yay, you're on track to be exempted from some of their basic spam filtering. This will resolve some of your issues, potential or actual. If nay, see steps two and three below, as they're probably preventing you from getting whitelisted.

To get whitelisted, you need to make sure you're mailing from an IP address that is being used just for your mail. If you're small enough to share a sending IP address with other people sending mail, you’re not really a sender. You’re a customer of a sender. Whoever owns, maintains, or supports that IP address should be filling out the whitelist form on your behalf.

Look at it this way. If you’re Bob at AOL and you can't mail Tom at Yahoo, then Yahoo and AOL are the folks who have to work it out…not you. It's the same kind of deal if you're sending to a tiny list off of a shared resource. You should nudge your service provider to address the issue, but if you don’t have your own IP and domain, and you don't have your own mail server, then you’re Bob the customer, not Bob the sender. The people griping don’t get that, or don’t agree with it, but that is ultimately the way the world works. It's not new, and it's not AOL-specific, and it didn't just appear as part of AOL's rollout of the Goodmail program. Simply put, it's been that way for the entire time I've been active in the email realm, over ten years.

Your bounce handling is broken, or you’re not looking at bounces. I say this because every email AOL bounces back to you (over this type of an issue) contains a URL linking you to more information. AOL always includes this. So if you don't know what's going on with your AOL delivery, you probably don't have access to this data, or aren't looking at it. Make it a priority to change that!

Here's an example of an informational URL contained in an AOL bounce message: http://postmaster.aol.com/errors/554rlyb2.html

These URLs lead to pages that give you clear information about what’s going on. If your message is incorrectly formatted, they tell you. If you have a weird URL specified in a way that only spammers use, they tell you. If you’re generating too many spam complaints, they tell you. It’s that simple. AOL's the good guy here; they give you a lot more information than most receiving sites do. AOL puts a lot of effort into this process; they try hard to correctly report back to you about why they're blocking your mail, and there are many ISPs who are far worse at it. AOL's actually one of the good guys here.

You’re generating too many complaints or too many bounces. If you get whitelisted, and are reading bounces correctly, and are still having blocking issues, then the information provided in bounces probably indicates that your mail is causing too many bounces or too many spam complaints. AOL (and many other ISPs) can tell how much of your attempted mail is undeliverable, and how many of your recipients report it as spam. These are important measures used by AOL (and others) to decide which mail gets through, and which mail gets bounced.

How to reduce your bounce rate: Don't attempt to remail bounced names. They’re not going to magically go through next time, and your failed attempts will actively damage your email reputation. If you don’t filter out bounces, your bounce rate will grow with each mailing, and you will quickly exceed AOL's spam-measuring bounce threshold. (Spam mail bounces at a high rate; spammers generally have very poor bounce handling. ISPs consider it a valid measure.) If you're doing this and still having this problem, then your signup/opt-in practices are broken, and they are resulting in too many invalid addresses being added to your list. It's making you look like a spammer.

How to reduce your spam complaint rate: Don't send mail to people who don't want it. Don't obtain lists from third parties. The people on those lists didn't opt-in to mail from you, and don't know who you are. Many of them will report your mail as spam. It doesn't matter if it's legal; it's just as legal for AOL to notice the high number of complaints and choose to block your mail. The most useful thing you can do is fix this. The most useless thing you can do is complain about it to the world at large. Don't tell the world you're not spamming and everybody's out to get you. As far as the recipients and receiving ISPs are concerned, you are sending spam.

Also, it's very important that you sign up for a feedback loop from AOL. This will provide you with copies of spam complaints brought against you by AOL users. You can (and should) ensure that these people are unsubscribed from your list. If you don't, you're not going to reduce spam complaints. This isn't a secret trick that makes it okay to suddenly buy lists or do other bad things--if you buy lists or harvest addresses, no amount of opting-out is going to save you--but handling feedback loops properly is a necessary part of managing your mailing list.

In closing, I would ask that you don’t be fooled by the fear, uncertainty and doubt (FUD) being spread by sites like DearAOL.com. In particular, that site appears to be supported by the Electronic Frontier Foundation (EFF), whose out-of-touch spam policy is guided by folks like John Gilmore, whom I've talked about here previously. A quick review of some of the supporting groups reveals at least one where I know that they utilize email practices that inherently cause deliverability issues. Wipe away the supposed "email tax," and many of these groups are still going to have trouble sending email, because their practices run them afoul of spam filters. (Don't just take my word on the questionable facts put forth by the anti-email tax crusaders-- Snopes has a very level-headed overview as well.)

In the interest of full disclosure, keep in mind that I currently work for an ESP (email service provider). Dealing with email delivery issues is what I do all day, every day. One of the reasons people outsource their mail to ESPs is to get expert assistance with these kind of issues. Though, I'm not trying to sell you anything. ESPs can certainly help if you’re having problems, and some problems are more complex than what I've touched on here. But, AOL's one of the easiest ISPs to deal with. My experience in this industry, and with AOL in particular, clearly tells me that it's not anywhere near as bad as some folks would lead you to believe.

The Story of "Nadine"

(Note: David Hutchens contacted me today, looking for access to the Story of "Nadine" website. I sent him an email reply, which bounced. Gotta love those aggressive spam filters. I don't know any other way to contact him, so I figured I'd post about it here.)

For those of you looking for the Story of "Nadine" website (which used to be hosted on SpamResource.com): My apologies. My hosting situation changed a number of months ago. This site is now hosted on Blogger, and I don't quite know how to get the files hosted in the same location again.

In the mean time, I'd like to direct you to the master site for the Story of "Nadine":

http://www.honet.com/Nadine/

If you're not familiar with the site, it provides some interesting data about what can happen with somebody's personal information. A woman gave her email address to some entity, with a couple of problems inherent. One, the entity did not confirm the validity of the address, so they didn't catch that she typo'd the address when entering it. Her personally identifiable information is therefore now regularly leaked to the site that owns the typo'd address, and two, the entity seems to have distributed that information far and wide. The net result is that a non-existent email address is now seemingly attributed to somebody whom it shouldn't be, and senders both great and small continue to hit the address regularly, intending to mail "Nadine."

Quick Update: Scott Richter Makes the News

This isn’t the first time he’s run into legal issues over advertising. As I mentioned before, he’s had to settle with both Microsoft and the State of New York regarding allegations relating to spam.

This time around, Richter, CEO of MediaBreakaway, (previously known as OptinRealBig), is being accused by MySpace of having "arranged for millions of spam 'bulletins"' to be sent from MySpace users' accounts without their knowledge by gaining access to them illegally, according to the lawsuit.

I Still Get More Spam Than You

I have thirty-five domains registered with various administrative/technical contact addresses. I also have a bunch of other email addresses that I used to use for posting to discussion groups, old addresses that used to be on business cards and websites, etc.

I even have some addresses receiving spam because they were harvested off of websites. Sometimes I can tell who did it. For example, somebody from the IP address 216.185.57.146 harvested an email address from website of mine a long time ago, and most recently has been sending spams with subject lines like, "You have got new mail from Snezhana, 25 years old, Rusia, matchmaking."

This entire big ball of crap routes into a Gmail account I have set up especially to handle my spam. That Gmail account's spam folder has over 175,000 messages in it, dating back to September 5, 2006. The inbox has over 28,000 messages for that same time frame. This indicates that perhaps Google's got a ways to go with their spam filtering, but I digress.

Occasionally in this big blob of junk, there will be something that I actually want, or something that is only debatably spam. Separating the wheat from the chaff has been really tough. I tried searching for my last name, but what that finds includes a bunch of co-registration spam to a company that captured a malformed first name for me, but a good last name, street address, and email address. I think it was some sweepstakes signup a long time ago. It might be legal for these companies to send me random garbage years later as a result, but it's horribly unwise. It's so easy to track how far this data spreads, that anybody could easily make a bad co-registration blacklist to help others block this kind of mail (at least as, or more legal as sending this stuff to begin with, in my estimation).

There's a whole lot of stupid in this corpus as well. Dear ERP Evaluation Centers, I don't run an Enterprise, and could care less about Enterprise Resource Planning software. (I'd actually never heard of ERP software before today.) Nice of you to try to be legitimate by including my real name in the unwanted solicitation, but you lose about a hundred points by sending it to a domain registration address that is *clearly* A. a domain registration address and B. owned by a spam-sensitive recipient. (The address they sent to, amusingly enough, is domreg-antispam@.) ERP Evaluation Centers Inc is apparently located at 740 St. Maurice, 4th Floor, Montreal, Canada, H3C 1LC, in case you're wondering. They sent the spam I'm looking at back on December 10th, 2006, and it's quite clearly spam. You might want to block erpevaluation.com before they spam you next.

This has been an interesting exercise. I've been able to set up a few filter rules in Gmail to forward on some of the messages I care about. Messages from my registrar, for example. If it's from them, it is forwarded through to my "real" Gmail account, and deleted out of the spam account.

I've still got a lot of data to dig through. As I figure this out, and filter out my personally-identifiable information, I'm going to start checking the more obvious of this incoming spam against the various anti-spam blacklists and reporting on it via a website or two. Stay tuned.

Whatever happened to VRFY?

SMTP used to have a command called VRFY which allowed you to verify whether or not an address was valid.

RFC 2505 talks about how spammer abuse makes both VRFY and the EXPN command pretty much worthless nowadays:

2.11. SMTP VRFY and EXPN

Both SMTP VRFY and EXPN provide means for a potential spammer to test whether the addresses on his list are valid (VRFY) and even get more addresses (EXPN). Therefore, the MTA SHOULD control who is is allowed to issue these commands. This may be "on/off" or it may use access lists similar to those mentioned previously.

Note that the "VRFY" command is required according to RFC821, [1]. The response can, though, be "252 Argument not checked" to represent "off" or blocked via an access list. This should be the default.

Default for the "EXPN" command should be "off".

If you're going to do email address validation, consider that VRFY and EXPN are blocked by most ISPs nowadays. Also, simulating VRFY by stacking RCPT TO: commands is something that spammers do. ISPs know this, and the smarter ones track how often you do this. You'll get blocked after some number of attempts. I wouldn't go looking for a lot of sympathy from ISPs when trying to get unblocked afterwards, as the ISPs consider this a very bad practice that good guys don't engage in.

Ask Al: Help, you're blocking my mail!

JC Writes: "I just discovered that SBC/AT&T is refusing mail going from me.

Most kindly, I submit to you sir, that I have never, ever spammed, and my domain name, is older than when you started your good vigilance. I am though at your mercy. I am a poor computer consultant trying to make a living. I think the reason for your wrath is because I use a dynamic IP address given me by my ISP. This is what poor, though well trained people can do. It conserves IP addresses and (worse?) cheaper. I do not say that you are under pay by ISPs, but it could look as such because a non-spammer like me is victimized because I am using a dynamic IP address which does not please an ISP (your friend?)

If you have any evidence that I have spammed, please show me. In the meanwhile, please, I beg you, leave me alone."

JC, I'm sorry to have to tell you this, but this is what I can do for you: nothing. I don't run a blacklist. I haven't given instructions, suggestions, or hints to AT&T, SBC, or anybody else that they should block your mail, or anybody else's mail. I don't run a blacklist. I haven't created any sort of spam filter that could be impacting your mail.

Sorry. I don't exactly know what the issue is here, but whatever it is, it needs to be fixed by your ISP and AT&T/SBC. Not by me.

I would encourage you to contact your ISP for assistance. Alternately, try contacting AT&T/SBC -- the error message you're receiving likely has a contact address in it.

I'm not sure what's leading you to think I'm involved. I would guess that it's because I own the website DNSBL.com. "DNSBL" is a generic term referring to spam blocking lists. If you are being blocked by a DNSBL, that does not mean you're being blocked by DNSBL.com or by me.

If anyone out there is having spam or blocking issues that they can't figure out, I still encourage you to contact me. But consider this fair warning -- anybody who sends me an email talking about how I'm blocking their mail is going to simply be directed back to this page, 'cause I'm not blocking you, and I'm too busy to have that conversation yet again.

Full Text of CAN-SPAM

Below find the full text of the US “CAN-SPAM” Federal Anti-Spam law, courtesy of Al Iverson's spamresource.com. For a PDF copy, click here. To read my 2004 overview of the law, click here.

S.877

CAN-SPAM Act of 2003

SECTION 1. SHORT TITLE.

This Act may be cited as the `Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003', or the `CAN-SPAM Act of 2003'.

SEC. 2. CONGRESSIONAL FINDINGS AND POLICY.

(a) FINDINGS- The Congress finds the following:

(1) Electronic mail has become an extremely important and popular means of communication, relied on by millions of Americans on a daily basis for personal and commercial purposes. Its low cost and global reach make it extremely convenient and efficient, and offer unique opportunities for the development and growth of frictionless commerce.

(2) The convenience and efficiency of electronic mail are threatened by the extremely rapid growth in the volume of unsolicited commercial electronic mail. Unsolicited commercial electronic mail is currently estimated to account for over half of all electronic mail traffic, up from an estimated 7 percent in 2001, and the volume continues to rise. Most of these messages are fraudulent or deceptive in one or more respects.

(3) The receipt of unsolicited commercial electronic mail may result in costs to recipients who cannot refuse to accept such mail and who incur costs for the storage of such mail, or for the time spent accessing, reviewing, and discarding such mail, or for both.

(4) The receipt of a large number of unwanted messages also decreases the convenience of electronic mail and creates a risk that wanted electronic mail messages, both commercial and noncommercial, will be lost, overlooked, or discarded amidst the larger volume of unwanted messages, thus reducing the reliability and usefulness of electronic mail to the recipient.

(5) Some commercial electronic mail contains material that many recipients may consider vulgar or pornographic in nature.

(6) The growth in unsolicited commercial electronic mail imposes significant monetary costs on providers of Internet access services, businesses, and educational and nonprofit institutions that carry and receive such mail, as there is a finite volume of mail that such providers, businesses, and institutions can handle without further investment in infrastructure.

(7) Many senders of unsolicited commercial electronic mail purposefully disguise the source of such mail.

(8) Many senders of unsolicited commercial electronic mail purposefully include misleading information in the messages' subject lines in order to induce the recipients to view the messages.

(9) While some senders of commercial electronic mail messages provide simple and reliable ways for recipients to reject (or `opt-out' of) receipt of commercial electronic mail from such senders in the future, other senders provide no such `opt-out' mechanism, or refuse to honor the requests of recipients not to receive electronic mail from such senders in the future, or both.

(10) Many senders of bulk unsolicited commercial electronic mail use computer programs to gather large numbers of electronic mail addresses on an automated basis from Internet websites or online services where users must post their addresses in order to make full use of the website or service.

(11) Many States have enacted legislation intended to regulate or reduce unsolicited commercial electronic mail, but these statutes impose different standards and requirements. As a result, they do not appear to have been successful in addressing the problems associated with unsolicited commercial electronic mail, in part because, since an electronic mail address does not specify a geographic location, it can be extremely difficult for law-abiding businesses to know with which of these disparate statutes they are required to comply.

(12) The problems associated with the rapid growth and abuse of unsolicited commercial electronic mail cannot be solved by Federal legislation alone. The development and adoption of technological approaches and the pursuit of cooperative efforts with other countries will be necessary as well.

(b) CONGRESSIONAL DETERMINATION OF PUBLIC POLICY- On the basis of the findings in subsection (a), the Congress determines that--

(1) there is a substantial government interest in regulation of commercial electronic mail on a nationwide basis;

(2) senders of commercial electronic mail should not mislead recipients as to the source or content of such mail; and

(3) recipients of commercial electronic mail have a right to decline to receive additional commercial electronic mail from the same source.

SEC. 3. DEFINITIONS.

In this Act:

(1) AFFIRMATIVE CONSENT- The term `affirmative consent', when used with respect to a commercial electronic mail message, means that--

(A) the recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the recipient's own initiative; and

(B) if the message is from a party other than the party to which the recipient communicated such consent, the recipient was given clear and conspicuous notice at the time the consent was communicated that the recipient's electronic mail address could be transferred to such other party for the purpose of initiating commercial electronic mail messages.

(2) Commercial electronic mail message-

(A) IN GENERAL- The term `commercial electronic mail message' means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).

(B) TRANSACTIONAL OR RELATIONSHIP MESSAGES- The term `commercial electronic mail message' does not include a transactional or relationship message.

(C) REGULATIONS REGARDING PRIMARY PURPOSE- Not later than 12 months after the date of the enactment of this Act, the Commission shall issue regulations pursuant to section 13 defining the relevant criteria to facilitate the determination of the primary purpose of an electronic mail message.

(D) REFERENCE TO COMPANY OR WEBSITE- The inclusion of a reference to a commercial entity or a link to the website of a commercial entity in an electronic mail message does not, by itself, cause such message to be treated as a commercial electronic mail message for purposes of this Act if the contents or circumstances of the message indicate a primary purpose other than commercial advertisement or promotion of a commercial product or service.

(3) COMMISSION- The term `Commission' means the Federal Trade Commission.

(4) DOMAIN NAME- The term `domain name' means any alphanumeric designation which is registered with or assigned by any domain name registrar, domain name registry, or other domain name registration authority as part of an electronic address on the Internet.

(5) ELECTRONIC MAIL ADDRESS- The term `electronic mail address' means a destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox (commonly referred to as the `local part') and a reference to an Internet domain (commonly referred to as the `domain part'), whether or not displayed, to which an electronic mail message can be sent or delivered.

(6) ELECTRONIC MAIL MESSAGE- The term `electronic mail message' means a message sent to a unique electronic mail address.

(7) FTC ACT- The term `FTC Act' means the Federal Trade Commission Act (15 U.S.C. 41 et seq.).

(8) HEADER INFORMATION- The term `header information' means the source, destination, and routing information attached to an electronic mail message, including the originating domain name and originating electronic mail address, and any other information that appears in the line identifying, or purporting to identify, a person initiating the message.

(9) INITIATE- The term `initiate', when used with respect to a commercial electronic mail message, means to originate or transmit such message or to procure the origination or transmission of such message, but shall not include actions that constitute routine conveyance of such message. For purposes of this paragraph, more than one person may be considered to have initiated a message.

(10) INTERNET- The term `Internet' has the meaning given that term in the Internet Tax Freedom Act (47 U.S.C. 151 nt).

(11) INTERNET ACCESS SERVICE- The term `Internet access service' has the meaning given that term in section 231(e)(4) of the Communications Act of 1934 (47 U.S.C. 231(e)(4)).

(12) PROCURE- The term `procure', when used with respect to the initiation of a commercial electronic mail message, means intentionally to pay or provide other consideration to, or induce, another person to initiate such a message on one's behalf.

(13) PROTECTED COMPUTER- The term `protected computer' has the meaning given that term in section 1030(e)(2)(B) of title 18, United States Code.

(14) RECIPIENT- The term `recipient', when used with respect to a commercial electronic mail message, means an authorized user of the electronic mail address to which the message was sent or delivered. If a recipient of a commercial electronic mail message has one or more electronic mail addresses in addition to the address to which the message was sent or delivered, the recipient shall be treated as a separate recipient with respect to each such address. If an electronic mail address is reassigned to a new user, the new user shall not be treated as a recipient of any commercial electronic mail message sent or delivered to that address before it was reassigned.

(15) ROUTINE CONVEYANCE- The term `routine conveyance' means the transmission, routing, relaying, handling, or storing, through an automatic technical process, of an electronic mail message for which another person has identified the recipients or provided the recipient addresses.

(16) SENDER-

(A) IN GENERAL- Except as provided in subparagraph (B), the term `sender', when used with respect to a commercial electronic mail message, means a person who initiates such a message and whose product, service, or Internet web site is advertised or promoted by the message.

(B) SEPARATE LINES OF BUSINESS OR DIVISIONS- If an entity operates through separate lines of business or divisions and holds itself out to the recipient throughout the message as that particular line of business or division rather than as the entity of which such line of business or division is a part, then the line of business or the division shall be treated as the sender of such message for purposes of this Act.

(17) Transactional or relationship message-

(A) IN GENERAL- The term `transactional or relationship message' means an electronic mail message the primary purpose of which is--

(i) to facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender;

(ii) to provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient;

(iii) to provide--

(I) notification concerning a change in the terms or features of;

(II) notification of a change in the recipient's standing or status with respect to; or

(III) at regular periodic intervals, account balance information or other type of account statement with respect to,

a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender;

(iv) to provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or

(v) to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.

(B) MODIFICATION OF DEFINITION- The Commission by regulation pursuant to section 13 may modify the definition in subparagraph (A) to expand or contract the categories of messages that are treated as transactional or relationship messages for purposes of this Act to the extent that such modification is necessary to accommodate changes in electronic mail technology or practices and accomplish the purposes of this Act.

SEC. 4. PROHIBITION AGAINST PREDATORY AND ABUSIVE COMMERCIAL E-MAIL.

(a) OFFENSE-

(1) IN GENERAL- Chapter 47 of title 18, United States Code, is amended by adding at the end the following new section:

`Sec. 1037. Fraud and related activity in connection with electronic mail

`(a) IN GENERAL- Whoever, in or affecting interstate or foreign commerce, knowingly--

`(1) accesses a protected computer without authorization, and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer,

`(2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,

`(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,

`(4) registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, or

`(5) falsely represents oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses, and intentionally initiates the transmission of multiple commercial electronic mail messages from such addresses,

or conspires to do so, shall be punished as provided in subsection (b).

`(b) PENALTIES- The punishment for an offense under subsection (a) is--

`(1) a fine under this title, imprisonment for not more than 5 years, or both, if--

`(A) the offense is committed in furtherance of any felony under the laws of the United States or of any State; or

`(B) the defendant has previously been convicted under this section or section 1030, or under the law of any State for conduct involving the transmission of multiple commercial electronic mail messages or unauthorized access to a computer system;

`(2) a fine under this title, imprisonment for not more than 3 years, or both, if--

`(A) the offense is an offense under subsection (a)(1);

`(B) the offense is an offense under subsection (a)(4) and involved 20 or more falsified electronic mail or online user account registrations, or 10 or more falsified domain name registrations;

`(C) the volume of electronic mail messages transmitted in furtherance of the offense exceeded 2,500 during any 24-hour period, 25,000 during any 30-day period, or 250,000 during any 1-year period;

`(D) the offense caused loss to one or more persons aggregating $5,000 or more in value during any 1-year period;

`(E) as a result of the offense any individual committing the offense obtained anything of value aggregating $5,000 or more during any 1-year period; or

`(F) the offense was undertaken by the defendant in concert with three or more other persons with respect to whom the defendant occupied a position of organizer or leader; and

`(3) a fine under this title or imprisonment for not more than 1 year, or both, in any other case.

`(c) FORFEITURE-

`(1) IN GENERAL- The court, in imposing sentence on a person who is convicted of an offense under this section, shall order that the defendant forfeit to the United States--

`(A) any property, real or personal, constituting or traceable to gross proceeds obtained from such offense; and

`(B) any equipment, software, or other technology used or intended to be used to commit or to facilitate the commission of such offense.

`(2) PROCEDURES- The procedures set forth in section 413 of the Controlled Substances Act (21 U.S.C. 853), other than subsection (d) of that section, and in Rule 32.2 of the Federal Rules of Criminal Procedure, shall apply to all stages of a criminal forfeiture proceeding under this section.

`(d) DEFINITIONS- In this section:

`(1) LOSS- The term `loss' has the meaning given that term in section 1030(e) of this title.

`(2) MATERIALLY- For purposes of paragraphs (3) and (4) of subsection (a), header information or registration information is materially falsified if it is altered or concealed in a manner that would impair the ability of a recipient of the message, an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation.

`(3) MULTIPLE- The term `multiple' means more than 100 electronic mail messages during a 24-hour period, more than 1,000 electronic mail messages during a 30-day period, or more than 10,000 electronic mail messages during a 1-year period.

`(4) OTHER TERMS- Any other term has the meaning given that term by section 3 of the CAN-SPAM Act of 2003.'.

(2) CONFORMING AMENDMENT- The chapter analysis for chapter 47 of title 18, United States Code, is amended by adding at the end the following:

`Sec.

`1037. Fraud and related activity in connection with electronic mail.'.

(b) UNITED STATES SENTENCING COMMISSION-

(1) DIRECTIVE- Pursuant to its authority under section 994(p) of title 28, United States Code, and in accordance with this section, the United States Sentencing Commission shall review and, as appropriate, amend the sentencing guidelines and policy statements to provide appropriate penalties for violations of section 1037 of title 18, United States Code, as added by this section, and other offenses that may be facilitated by the sending of large quantities of unsolicited electronic mail.

(2) REQUIREMENTS- In carrying out this subsection, the Sentencing Commission shall consider providing sentencing enhancements for--

(A) those convicted under section 1037 of title 18, United States Code, who--

(i) obtained electronic mail addresses through improper means, including--

(I) harvesting electronic mail addresses of the users of a website, proprietary service, or other online public forum operated by another person, without the authorization of such person; and

(II) randomly generating electronic mail addresses by computer; or

(ii) knew that the commercial electronic mail messages involved in the offense contained or advertised an Internet domain for which the registrant of the domain had provided false registration information; and

(B) those convicted of other offenses, including offenses involving fraud, identity theft, obscenity, child pornography, and the sexual exploitation of children, if such offenses involved the sending of large quantities of electronic mail.

(1) Spam has become the method of choice for those who distribute pornography, perpetrate fraudulent schemes, and introduce viruses, worms, and Trojan horses into personal and business computer systems; and

(2) the Department of Justice should use all existing law enforcement tools to investigate and prosecute those who send bulk commercial e-mail to facilitate the commission of Federal crimes, including the tools contained in chapters 47 and 63 of title 18, United States Code (relating to fraud and false statements); chapter 71 of title 18, United States Code (relating to obscenity); chapter 110 of title 18, United States Code (relating to the sexual exploitation of children); and chapter 95 of title 18, United States Code (relating to racketeering), as appropriate.

SEC. 5. OTHER PROTECTIONS FOR USERS OF COMMERCIAL ELECTRONIC MAIL.

(a) REQUIREMENTS FOR TRANSMISSION OF MESSAGES-

(1) PROHIBITION OF FALSE OR MISLEADING TRANSMISSION INFORMATION- It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message, or a transactional or relationship message, that contains, or is accompanied by, header information that is materially false or materially misleading. For purposes of this paragraph--

(A) header information that is technically accurate but includes an originating electronic mail address, domain name, or Internet Protocol address the access to which for purposes of initiating the message was obtained by means of false or fraudulent pretenses or representations shall be considered materially misleading;

(B) a `from' line (the line identifying or purporting to identify a person initiating the message) that accurately identifies any person who initiated the message shall not be considered materially false or materially misleading; and

(C) header information shall be considered materially misleading if it fails to identify accurately a protected computer used to initiate the message because the person initiating the message knowingly uses another protected computer to relay or retransmit the message for purposes of disguising its origin.

(2) PROHIBITION OF DECEPTIVE SUBJECT HEADINGS- It is unlawful for any person to initiate the transmission to a protected computer of a commercial electronic mail message if such person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that a subject heading of the message would be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message (consistent with the criteria used in enforcement of section 5 of the Federal Trade Commission Act (15 U.S.C. 45)).

(3) Inclusion of return address or comparable mechanism in commercial electronic mail-

(A) IN GENERAL- It is unlawful for any person to initiate the transmission to a protected computer of a commercial electronic mail message that does not contain a functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed, that--

(i) a recipient may use to submit, in a manner specified in the message, a reply electronic mail message or other form of Internet-based communication requesting not to receive future commercial electronic mail messages from that sender at the electronic mail address where the message was received; and

(ii) remains capable of receiving such messages or communications for no less than 30 days after the transmission of the original message.

(B) MORE DETAILED OPTIONS POSSIBLE- The person initiating a commercial electronic mail message may comply with subparagraph (A)(i) by providing the recipient a list or menu from which the recipient may choose the specific types of commercial electronic mail messages the recipient wants to receive or does not want to receive from the sender, if the list or menu includes an option under which the recipient may choose not to receive any commercial electronic mail messages from the sender.

(C) TEMPORARY INABILITY TO RECEIVE MESSAGES OR PROCESS REQUESTS- A return electronic mail address or other mechanism does not fail to satisfy the requirements of subparagraph (A) if it is unexpectedly and temporarily unable to receive messages or process requests due to a technical problem beyond the control of the sender if the problem is corrected within a reasonable time period.

(4) PROHIBITION OF TRANSMISSION OF COMMERCIAL ELECTRONIC MAIL AFTER OBJECTION-

(A) IN GENERAL- If a recipient makes a request using a mechanism provided pursuant to paragraph (3) not to receive some or any commercial electronic mail messages from such sender, then it is unlawful--

(i) for the sender to initiate the transmission to the recipient, more than 10 business days after the receipt of such request, of a commercial electronic mail message that falls within the scope of the request;

(ii) for any person acting on behalf of the sender to initiate the transmission to the recipient, more than 10 business days after the receipt of such request, of a commercial electronic mail message with actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that such message falls within the scope of the request;

(iii) for any person acting on behalf of the sender to assist in initiating the transmission to the recipient, through the provision or selection of addresses to which the message will be sent, of a commercial electronic mail message with actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that such message would violate clause (i) or (ii); or

(iv) for the sender, or any other person who knows that the recipient has made such a request, to sell, lease, exchange, or otherwise transfer or release the electronic mail address of the recipient (including through any transaction or other transfer involving mailing lists bearing the electronic mail address of the recipient) for any purpose other than compliance with this Act or other provision of law.

(B) SUBSEQUENT AFFIRMATIVE CONSENT- A prohibition in subparagraph (A) does not apply if there is affirmative consent by the recipient subsequent to the request under subparagraph (A).

(5) INCLUSION OF IDENTIFIER, OPT-OUT, AND PHYSICAL ADDRESS IN COMMERCIAL ELECTRONIC MAIL- (A) It is unlawful for any person to initiate the transmission of any commercial electronic mail message to a protected computer unless the message provides--

(i) clear and conspicuous identification that the message is an advertisement or solicitation;

(ii) clear and conspicuous notice of the opportunity under paragraph (3) to decline to receive further commercial electronic mail messages from the sender; and

(iii) a valid physical postal address of the sender.

(B) Subparagraph (A)(i) does not apply to the transmission of a commercial electronic mail message if the recipient has given prior affirmative consent to receipt of the message.

(6) MATERIALLY- For purposes of paragraph (1), the term `materially', when used with respect to false or misleading header information, includes the alteration or concealment of header information in a manner that would impair the ability of an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation, or the ability of a recipient of the message to respond to a person who initiated the electronic message.

(b) Aggravated Violations Relating to Commercial Electronic Mail-

(1) Address harvesting and dictionary attacks-

(A) IN GENERAL- It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message that is unlawful under subsection (a), or to assist in the origination of such message through the provision or selection of addresses to which the message will be transmitted, if such person had actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that--

(i) the electronic mail address of the recipient was obtained using an automated means from an Internet website or proprietary online service operated by another person, and such website or online service included, at the time the address was obtained, a notice stating that the operator of such website or online service will not give, sell, or otherwise transfer addresses maintained by such website or online service to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages; or

(ii) the electronic mail address of the recipient was obtained using an automated means that generates possible electronic mail addresses by combining names, letters, or numbers into numerous permutations.

(B) DISCLAIMER- Nothing in this paragraph creates an ownership or proprietary interest in such electronic mail addresses.

(2) AUTOMATED CREATION OF MULTIPLE ELECTRONIC MAIL ACCOUNTS- It is unlawful for any person to use scripts or other automated means to register for multiple electronic mail accounts or online user accounts from which to transmit to a protected computer, or enable another person to transmit to a protected computer, a commercial electronic mail message that is unlawful under subsection (a).

(3) RELAY OR RETRANSMISSION THROUGH UNAUTHORIZED ACCESS- It is unlawful for any person knowingly to relay or retransmit a commercial electronic mail message that is unlawful under subsection (a) from a protected computer or computer network that such person has accessed without authorization.

(1) modify the 10-business-day period under subsection (a)(4)(A) or subsection (a)(4)(B), or both, if the Commission determines that a different period would be more reasonable after taking into account--

(A) the purposes of subsection (a);

(B) the interests of recipients of commercial electronic mail; and

(2) specify additional activities or practices to which subsection (b) applies if the Commission determines that those activities or practices are contributing substantially to the proliferation of commercial electronic mail messages that are unlawful under subsection (a).

(d) REQUIREMENT TO PLACE WARNING LABELS ON COMMERCIAL ELECTRONIC MAIL CONTAINING SEXUALLY ORIENTED MATERIAL-

(1) IN GENERAL- No person may initiate in or affecting interstate commerce the transmission, to a protected computer, of any commercial electronic mail message that includes sexually oriented material and--

(A) fail to include in subject heading for the electronic mail message the marks or notices prescribed by the Commission under this subsection; or

(B) fail to provide that the matter in the message that is initially viewable to the recipient, when the message is opened by any recipient and absent any further actions by the recipient, includes only--

(i) to the extent required or authorized pursuant to paragraph (2), any such marks or notices;

(ii) the information required to be included in the message pursuant to subsection (a)(5); and

(iii) instructions on how to access, or a mechanism to access, the sexually oriented material.

(2) PRIOR AFFIRMATIVE CONSENT- Paragraph (1) does not apply to the transmission of an electronic mail message if the recipient has given prior affirmative consent to receipt of the message.

(3) PRESCRIPTION OF MARKS AND NOTICES- Not later than 120 days after the date of the enactment of this Act, the Commission in consultation with the Attorney General shall prescribe clearly identifiable marks or notices to be included in or associated with commercial electronic mail that contains sexually oriented material, in order to inform the recipient of that fact and to facilitate filtering of such electronic mail. The Commission shall publish in the Federal Register and provide notice to the public of the marks or notices prescribed under this paragraph.

(4) DEFINITION- In this subsection, the term `sexually oriented material' means any material that depicts sexually explicit conduct (as that term is defined in section 2256 of title 18, United States Code), unless the depiction constitutes a small and insignificant part of the whole, the remainder of which is not primarily devoted to sexual matters.

(5) PENALTY- Whoever knowingly violates paragraph (1) shall be fined under title 18, United States Code, or imprisoned not more than 5 years, or both.

SEC. 6. BUSINESSES KNOWINGLY PROMOTED BY ELECTRONIC MAIL WITH FALSE OR MISLEADING TRANSMISSION INFORMATION.

(a) IN GENERAL- It is unlawful for a person to promote, or allow the promotion of, that person's trade or business, or goods, products, property, or services sold, offered for sale, leased or offered for lease, or otherwise made available through that trade or business, in a commercial electronic mail message the transmission of which is in violation of section 5(a)(1) if that person--

(1) knows, or should have known in the ordinary course of that person's trade or business, that the goods, products, property, or services sold, offered for sale, leased or offered for lease, or otherwise made available through that trade or business were being promoted in such a message;

(2) received or expected to receive an economic benefit from such promotion; and

(3) took no reasonable action--

(A) to prevent the transmission; or

(B) to detect the transmission and report it to the Commission.

(b) Limited Enforcement Against Third Parties-

(1) IN GENERAL- Except as provided in paragraph (2), a person (hereinafter referred to as the `third party') that provides goods, products, property, or services to another person that violates subsection (a) shall not be held liable for such violation.

(2) EXCEPTION- Liability for a violation of subsection (a) shall be imputed to a third party that provides goods, products, property, or services to another person that violates subsection (a) if that third party--

(A) owns, or has a greater than 50 percent ownership or economic interest in, the trade or business of the person that violated subsection (a); or

(B)(i) has actual knowledge that goods, products, property, or services are promoted in a commercial electronic mail message the transmission of which is in violation of section 5(a)(1); and

(ii) receives, or expects to receive, an economic benefit from such promotion.

(d) SAVINGS PROVISION- Except as provided in section 7(f)(8), nothing in this section may be construed to limit or prevent any action that may be taken under this Act with respect to any violation of any other section of this Act.

SEC. 7. ENFORCEMENT GENERALLY.

(a) VIOLATION IS UNFAIR OR DECEPTIVE ACT OR PRACTICE- Except as provided in subsection (b), this Act shall be enforced by the Commission as if the violation of this Act were an unfair or deceptive act or practice proscribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).

(b) ENFORCEMENT BY CERTAIN OTHER AGENCIES- Compliance with this Act shall be enforced--

(1) under section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), in the case of--

(A) national banks, and Federal branches and Federal agencies of foreign banks, by the Office of the Comptroller of the Currency;

(B) member banks of the Federal Reserve System (other than national banks), branches and agencies of foreign banks (other than Federal branches, Federal agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, organizations operating under section 25 or 25A of the Federal Reserve Act (12 U.S.C. 601 and 611), and bank holding companies, by the Board;

(C) banks insured by the Federal Deposit Insurance Corporation (other than members of the Federal Reserve System) and insured State branches of foreign banks, by the Board of Directors of the Federal Deposit Insurance Corporation; and

(D) savings associations the deposits of which are insured by the Federal Deposit Insurance Corporation, by the Director of the Office of Thrift Supervision;

(2) under the Federal Credit Union Act (12 U.S.C. 1751 et seq.) by the Board of the National Credit Union Administration with respect to any Federally insured credit union;

(3) under the Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.) by the Securities and Exchange Commission with respect to any broker or dealer;

(4) under the Investment Company Act of 1940 (15 U.S.C. 80a-1 et seq.) by the Securities and Exchange Commission with respect to investment companies;

(5) under the Investment Advisers Act of 1940 (15 U.S.C. 80b-1 et seq.) by the Securities and Exchange Commission with respect to investment advisers registered under that Act;

(6) under State insurance law in the case of any person engaged in providing insurance, by the applicable State insurance authority of the State in which the person is domiciled, subject to section 104 of the Gramm-Bliley-Leach Act (15 U.S.C. 6701), except that in any State in which the State insurance authority elects not to exercise this power, the enforcement authority pursuant to this Act shall be exercised by the Commission in accordance with subsection (a);

(7) under part A of subtitle VII of title 49, United States Code, by the Secretary of Transportation with respect to any air carrier or foreign air carrier subject to that part;

(8) under the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et seq.) (except as provided in section 406 of that Act (7 U.S.C. 226, 227)), by the Secretary of Agriculture with respect to any activities subject to that Act;

(9) under the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by the Farm Credit Administration with respect to any Federal land bank, Federal land bank association, Federal intermediate credit bank, or production credit association; and

(10) under the Communications Act of 1934 (47 U.S.C. 151 et seq.) by the Federal Communications Commission with respect to any person subject to the provisions of that Act.

(c) EXERCISE OF CERTAIN POWERS- For the purpose of the exercise by any agency referred to in subsection (b) of its powers under any Act referred to in that subsection, a violation of this Act is deemed to be a violation of a Federal Trade Commission trade regulation rule. In addition to its powers under any provision of law specifically referred to in subsection (b), each of the agencies referred to in that subsection may exercise, for the purpose of enforcing compliance with any requirement imposed under this Act, any other authority conferred on it by law.

(d) ACTIONS BY THE COMMISSION- The Commission shall prevent any person from violating this Act in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act. Any entity that violates any provision of that subtitle is subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act in the same manner, by the same means, and with the same jurisdiction, power, and duties as though all applicable terms and provisions of the Federal Trade Commission Act were incorporated into and made a part of that subtitle.

(e) AVAILABILITY OF CEASE-AND-DESIST ORDERS AND INJUNCTIVE RELIEF WITHOUT SHOWING OF KNOWLEDGE- Notwithstanding any other provision of this Act, in any proceeding or action pursuant to subsection (a), (b), (c), or (d) of this section to enforce compliance, through an order to cease and desist or an injunction, with section 5(a)(1)(C), section 5(a)(2), clause (ii), (iii), or (iv) of section 5(a)(4)(A), section 5(b)(1)(A), or section 5(b)(3), neither the Commission nor the Federal Communications Commission shall be required to allege or prove the state of mind required by such section or subparagraph.

(f) Enforcement by States-

(1) CIVIL ACTION- In any case in which the attorney general of a State, or an official or agency of a State, has reason to believe that an interest of the residents of that State has been or is threatened or adversely affected by any person who violates paragraph (1) or (2) of section 5(a), who violates section 5(d), or who engages in a pattern or practice that violates paragraph (3), (4), or (5) of section 5(a), of this Act, the attorney general, official, or agency of the State, as parens patriae, may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction--

(A) to enjoin further violation of section 5 of this Act by the defendant; or

(B) to obtain damages on behalf of residents of the State, in an amount equal to the greater of--

(i) the actual monetary loss suffered by such residents; or

(ii) the amount determined under paragraph (3).

(2) AVAILABILITY OF INJUNCTIVE RELIEF WITHOUT SHOWING OF KNOWLEDGE- Notwithstanding any other provision of this Act, in a civil action under paragraph (1)(A) of this subsection, the attorney general, official, or agency of the State shall not be required to allege or prove the state of mind required by section 5(a)(1)(C), section 5(a)(2), clause (ii), (iii), or (iv) of section 5(a)(4)(A), section 5(b)(1)(A), or section 5(b)(3).

(3) Statutory damages-

(B) LIMITATION- For any violation of section 5 (other than section 5(a)(1)), the amount determined under subparagraph (A) may not exceed $2,000,000.

(C) AGGRAVATED DAMAGES- The court may increase a damage award to an amount equal to not more than three times the amount otherwise available under this paragraph if--

(i) the court determines that the defendant committed the violation willfully and knowingly; or

(ii) the defendant's unlawful activity included one or more of the aggravating violations set forth in section 5(b).

(D) REDUCTION OF DAMAGES- In assessing damages under subparagraph (A), the court may consider whether--

(i) the defendant has established and implemented, with due care, commercially reasonable practices and procedures designed to effectively prevent such violations; or

(ii) the violation occurred despite commercially reasonable efforts to maintain compliance the practices and procedures to which reference is made in clause (i).

(4) ATTORNEY FEES- In the case of any successful action under paragraph (1), the court, in its discretion, may award the costs of the action and reasonable attorney fees to the State.

(5) RIGHTS OF FEDERAL REGULATORS- The State shall serve prior written notice of any action under paragraph (1) upon the Federal Trade Commission or the appropriate Federal regulator determined under subsection (b) and provide the Commission or appropriate Federal regulator with a copy of its complaint, except in any case in which such prior notice is not feasible, in which case the State shall serve such notice immediately upon instituting such action. The Federal Trade Commission or appropriate Federal regulator shall have the right--

(A) to intervene in the action;

(B) upon so intervening, to be heard on all matters arising therein;

(D) to file petitions for appeal.

(6) CONSTRUCTION- For purposes of bringing any civil action under paragraph (1), nothing in this Act shall be construed to prevent an attorney general of a State from exercising the powers conferred on the attorney general by the laws of that State to--

(A) conduct investigations;

(B) administer oaths or affirmations; or

(7) VENUE; SERVICE OF PROCESS-

(A) VENUE- Any action brought under paragraph (1) may be brought in the district court of the United States that meets applicable requirements relating to venue under section 1391 of title 28, United States Code.

(B) SERVICE OF PROCESS- In an action brought under paragraph (1), process may be served in any district in which the defendant--

(i) is an inhabitant; or

(ii) maintains a physical place of business.

(8) LIMITATION ON STATE ACTION WHILE FEDERAL ACTION IS PENDING- If the Commission, or other appropriate Federal agency under subsection (b), has instituted a civil action or an administrative action for violation of this Act, no State attorney general, or official or agency of a State, may bring an action under this subsection during the pendency of that action against any defendant named in the complaint of the Commission or the other agency for any violation of this Act alleged in the complaint.

(9) REQUISITE SCIENTER FOR CERTAIN CIVIL ACTIONS- Except as provided in section 5(a)(1)(C), section 5(a)(2), clause (ii), (iii), or (iv) of section 5(a)(4)(A), section 5(b)(1)(A), or section 5(b)(3), in a civil action brought by a State attorney general, or an official or agency of a State, to recover monetary damages for a violation of this Act, the court shall not grant the relief sought unless the attorney general, official, or agency establishes that the defendant acted with actual knowledge, or knowledge fairly implied on the basis of objective circumstances, of the act or omission that constitutes the violation.

(g) Action by Provider of Internet Access Service-

(1) ACTION AUTHORIZED- A provider of Internet access service adversely affected by a violation of section 5(a)(1), 5(b), or 5(d), or a pattern or practice that violates paragraph (2), (3), (4), or (5) of section 5(a), may bring a civil action in any district court of the United States with jurisdiction over the defendant--

(A) to enjoin further violation by the defendant; or

(B) to recover damages in an amount equal to the greater of--

(i) actual monetary loss incurred by the provider of Internet access service as a result of such violation; or

(ii) the amount determined under paragraph (3).

(2) SPECIAL DEFINITION OF `PROCURE'- In any action brought under paragraph (1), this Act shall be applied as if the definition of the term `procure' in section 3(12) contained, after `behalf' the words `with actual knowledge, or by consciously avoiding knowing, whether such person is engaging, or will engage, in a pattern or practice that violates this Act'.

(3) STATUTORY DAMAGES-

(A) IN GENERAL- For purposes of paragraph (1)(B)(ii), the amount determined under this paragraph is the amount calculated by multiplying the number of violations (with each separately addressed unlawful message that is transmitted or attempted to be transmitted over the facilities of the provider of Internet access service, or that is transmitted or attempted to be transmitted to an electronic mail address obtained from the provider of Internet access service in violation of section 5(b)(1)(A)(i), treated as a separate violation) by--

(i) up to $100, in the case of a violation of section 5(a)(1); or

(ii) up to $25, in the case of any other violation of section 5.

(B) LIMITATION- For any violation of section 5 (other than section 5(a)(1)), the amount determined under subparagraph (A) may not exceed $1,000,000.

(C) AGGRAVATED DAMAGES- The court may increase a damage award to an amount equal to not more than three times the amount otherwise available under this paragraph if--

(i) the court determines that the defendant committed the violation willfully and knowingly; or

(ii) the defendant's unlawful activity included one or more of the aggravated violations set forth in section 5(b).

(D) REDUCTION OF DAMAGES- In assessing damages under subparagraph (A), the court may consider whether--

(i) the defendant has established and implemented, with due care, commercially reasonable practices and procedures designed to effectively prevent such violations; or

(ii) the violation occurred despite commercially reasonable efforts to maintain compliance with the practices and procedures to which reference is made in clause (i).

(4) ATTORNEY FEES- In any action brought pursuant to paragraph (1), the court may, in its discretion, require an undertaking for the payment of the costs of such action, and assess reasonable costs, including reasonable attorneys' fees, against any party.

SEC. 8. EFFECT ON OTHER LAWS.

(a) FEDERAL LAW- (1) Nothing in this Act shall be construed to impair the enforcement of section 223 or 231 of the Communications Act of 1934 (47 U.S.C. 223 or 231, respectively), chapter 71 (relating to obscenity) or 110 (relating to sexual exploitation of children) of title 18, United States Code, or any other Federal criminal statute.

(2) Nothing in this Act shall be construed to affect in any way the Commission's authority to bring enforcement actions under FTC Act for materially false or deceptive representations or unfair practices in commercial electronic mail messages.

(b) STATE LAW-

(1) IN GENERAL- This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.

(2) STATE LAW NOT SPECIFIC TO ELECTRONIC MAIL- This Act shall not be construed to preempt the applicability of--

(A) State laws that are not specific to electronic mail, including State trespass, contract, or tort law; or

(B) other State laws to the extent that those laws relate to acts of fraud or computer crime.

(c) NO EFFECT ON POLICIES OF PROVIDERS OF INTERNET ACCESS SERVICE- Nothing in this Act shall be construed to have any effect on the lawfulness or unlawfulness, under any other provision of law, of the adoption, implementation, or enforcement by a provider of Internet access service of a policy of declining to transmit, route, relay, handle, or store certain types of electronic mail messages.

SEC. 9. DO-NOT-E-MAIL REGISTRY.

(a) IN GENERAL- Not later than 6 months after the date of enactment of this Act, the Commission shall transmit to the Senate Committee on Commerce, Science, and Transportation and the House of Representatives Committee on Energy and Commerce a report that--

(1) sets forth a plan and timetable for establishing a nationwide marketing Do-Not-E-Mail registry;

(2) includes an explanation of any practical, technical, security, privacy, enforceability, or other concerns that the Commission has regarding such a registry; and

(3) includes an explanation of how the registry would be applied with respect to children with e-mail accounts.

(b) AUTHORIZATION TO IMPLEMENT- The Commission may establish and implement the plan, but not earlier than 9 months after the date of enactment of this Act.

SEC. 10. STUDY OF EFFECTS OF COMMERCIAL ELECTRONIC MAIL.

(a) IN GENERAL- Not later than 24 months after the date of the enactment of this Act, the Commission, in consultation with the Department of Justice and other appropriate agencies, shall submit a report to the Congress that provides a detailed analysis of the effectiveness and enforcement of the provisions of this Act and the need (if any) for the Congress to modify such provisions.

(b) REQUIRED ANALYSIS- The Commission shall include in the report required by subsection (a)--

(1) an analysis of the extent to which technological and marketplace developments, including changes in the nature of the devices through which consumers access their electronic mail messages, may affect the practicality and effectiveness of the provisions of this Act;

(2) analysis and recommendations concerning how to address commercial electronic mail that originates in or is transmitted through or to facilities or computers in other nations, including initiatives or policy positions that the Federal Government could pursue through international negotiations, fora, organizations, or institutions; and

(3) analysis and recommendations concerning options for protecting consumers, including children, from the receipt and viewing of commercial electronic mail that is obscene or pornographic.

SEC. 11. IMPROVING ENFORCEMENT BY PROVIDING REWARDS FOR INFORMATION ABOUT VIOLATIONS; LABELING.

The Commission shall transmit to the Senate Committee on Commerce, Science, and Transportation and the House of Representatives Committee on Energy and Commerce--

(1) a report, within 9 months after the date of enactment of this Act, that sets forth a system for rewarding those who supply information about violations of this Act, including--

(A) procedures for the Commission to grant a reward of not less than 20 percent of the total civil penalty collected for a violation of this Act to the first person that--

(i) identifies the person in violation of this Act; and

(ii) supplies information that leads to the successful collection of a civil penalty by the Commission; and

(B) procedures to minimize the burden of submitting a complaint to the Commission concerning violations of this Act, including procedures to allow the electronic submission of complaints to the Commission; and

(2) a report, within 18 months after the date of enactment of this Act, that sets forth a plan for requiring commercial electronic mail to be identifiable from its subject line, by means of compliance with Internet Engineering Task Force Standards, the use of the characters `ADV' in the subject line, or other comparable identifier, or an explanation of any concerns the Commission has that cause the Commission to recommend against the plan.

SEC. 12. RESTRICTIONS ON OTHER TRANSMISSIONS.

Section 227(b)(1) of the Communications Act of 1934 (47 U.S.C. 227(b)(1)) is amended, in the matter preceding subparagraph (A), by inserting `, or any person outside the United States if the recipient is within the United States' after `United States'.

SEC. 13. REGULATIONS.

(a) IN GENERAL- The Commission may issue regulations to implement the provisions of this Act (not including the amendments made by sections 4 and 12). Any such regulations shall be issued in accordance with section 553 of title 5, United States Code.

(b) LIMITATION- Subsection (a) may not be construed to authorize the Commission to establish a requirement pursuant to section 5(a)(5)(A) to include any specific words, characters, marks, or labels in a commercial electronic mail message, or to include the identification required by section 5(a)(5)(A) in any particular part of such a mail message (such as the subject line or body).

SEC. 14. APPLICATION TO WIRELESS.

(a) EFFECT ON OTHER LAW- Nothing in this Act shall be interpreted to preclude or override the applicability of section 227 of the Communications Act of 1934 (47 U.S.C. 227) or the rules prescribed under section 3 of the Telemarketing and Consumer Fraud and Abuse Prevention Act (15 U.S.C. 6102).

(b) FCC RULEMAKING- The Federal Communications Commission, in consultation with the Federal Trade Commission, shall promulgate rules within 270 days to protect consumers from unwanted mobile service commercial messages. The Federal Communications Commission, in promulgating the rules, shall, to the extent consistent with subsection (c)--

(1) provide subscribers to commercial mobile services the ability to avoid receiving mobile service commercial messages unless the subscriber has provided express prior authorization to the sender, except as provided in paragraph (3);

(2) allow recipients of mobile service commercial messages to indicate electronically a desire not to receive future mobile service commercial messages from the sender;

(3) take into consideration, in determining whether to subject providers of commercial mobile services to paragraph (1), the relationship that exists between providers of such services and their subscribers, but if the Commission determines that such providers should not be subject to paragraph (1), the rules shall require such providers, in addition to complying with the other provisions of this Act, to allow subscribers to indicate a desire not to receive future mobile service commercial messages from the provider--

(A) at the time of subscribing to such service; and

(B) in any billing mechanism; and

(4) determine how a sender of mobile service commercial messages may comply with the provisions of this Act, considering the unique technical aspects, including the functional and character limitations, of devices that receive such messages.

(c) OTHER FACTORS CONSIDERED- The Federal Communications Commission shall consider the ability of a sender of a commercial electronic mail message to reasonably determine that the message is a mobile service commercial message.

(d) MOBILE SERVICE COMMERCIAL MESSAGE DEFINED- In this section, the term `mobile service commercial message' means a commercial electronic mail message that is transmitted directly to a wireless device that is utilized by a subscriber of commercial mobile service (as such term is defined in section 332(d) of the Communications Act of 1934 (47 U.S.C. 332(d))) in connection with such service.

SEC. 15. SEPARABILITY.

If any provision of this Act or the application thereof to any person or circumstance is held invalid, the remainder of this Act and the application of such provision to other persons or circumstances shall not be affected.

SEC. 16. EFFECTIVE DATE.

The provisions of this Act, other than section 9, shall take effect on January 1, 2004.

Speaker of the House of Representatives.
Vice President of the United States and
President of the Senate.

China's Anti-Spam Law

It dawns on me that there isn't an English copy of China's anti-spam law available anywhere online. Through the magic of machine translation, below you'll find a very rough English translation of China's current anti-spam law. Visit this page on China's Ministry of Information Industry website for the original version of the law, in Chinese.

People's Republic of China information industries department command

38th

"Internet Email Service Policing method" already on November 7, 2005 the People's Republic of China information industries department 15th service conference considered passes, presently gives the announcement, got up from March 30, 2006 executes.
Minister: Wang Xudong
Two OO six years on February 20
Internet email service policing method

First article for the standard Internet email service, safeguards the Internet email service user's lawful right, according to "People's Republic of China Telecommunication Rule" and "Internet Information service Policing method" and so on legal, the administrative rules and regulations stipulation, formulates this means.

Second article provides the Internet email service as well as within the boundaries of the People's Republic of China serves for the Internet email provides turns on the service and the transmission Internet email, is suitable this means.
This means called the Internet email service, refers to the establishment Internet email server, for the Internet user transmission, the receive Internet email provides the condition the behavior.

The third article citizen uses the correspondence secret which the Internet email serves the legal protection. Except that because the national security or traces the criminal offense the need, carries on outside the inspection by the public security organ or the procuratorial agency according to the legal rule procedure to the correspondence content, any organization or individual does not have to encroach upon citizen's correspondence secret by any reason.

Fourth article provides the Internet email service, must beforehand obtain the increment telecommunication service management permission or legally fulfill the non- management Internet information service to set up a file the procedure.
Has not obtained the increment telecommunication service management permission or has not fulfilled the non- management Internet information service to set up a file the procedure, any organization or individual does not have to carry out the Internet email service within the boundaries of the People's Republic of China.

The fifth article Internet turns on telecommunication service tenderer and so on service provider, must not for not obtain the increment telecommunication service management permission or not fulfill the non- management Internet information service to set up a file the procedural organization or individual development Internet email service provides turns on the service.

Sixth article country to Internet email service provider email server IP address implementation registration management. The Internet email service provider must clear first on 20th in the email server the IP address which uses the Internet email server (to hereafter refer to as to the People's Republic of China information industries department "information industries department") or the province, the autonomous region, the municipality correspondence administrative bureau (hereafter refers to as "correspondence administrative bureau") to register.
The Internet email service provider plans to change the email server IP address, must on 30th go through the change formalities ahead of time.

The seventh article Internet email service provider must defer to the information industries department formulation anonymous the technical standard construction Internet email service system, the closure email server retransmits the function, and strengthens the email service system the safety control, after discovered the network security loophole must promptly take the safe guard measure.

The eighth article Internet email service provider provides the service to the user, must explicitly inform the user service content and the use rule.

The ninth article Internet email service provider to user's individual registration information and the Internet electronic mail address, has the security the duty.
The Internet email service provider and its the staff do not have the illegal use user personally to register the information paper and the Internet electronic mail address; Without the user agreement, does not have to reveal the user individual registration information and the Internet electronic mail address, but the law, the administrative rules and regulations have the stipulation in addition being an exception.

The tenth article Internet email service provider must record after its email server transmission or the receive Internet email transmission or the receive time, the transmission and the receive Internet electronic mail address and the IP address. The above record must preserve on 60th, and legally inquires in the national related institution time gives to provide.

11th article any organization or individual does not have to manufacture, the duplication, the issue, the dissemination contains "People's Republic of China Telecommunication Rule" the 57th stipulation content Internet email.
Any organization or individual does not have to be engaged in "People's Republic of China Telecommunication Rule" using the Internet email the 58th prohibition harm network security and the information security activity.

12th article any organization or individual must not have the following behavior:
(1) without authorization uses other people's computer system transmission Internet email;
(2) will use the on-line automatic collection, the letter or the numeral wilfully combines other people's Internet electronic mail address which and so on the method will obtain to use in to sell, sharing, the exchange or to the electronic mail address transmission Internet email which will obtain through the above way.

13th article any organization or individual must not have the following transmission or the request transmission Internet email behavior:
(1) intentionally goes into hiding or the forge Internet email envelope information;
(2) is clear about the agreement without the Internet email receive, contains the commercial advertizing content to its transmission the Internet email;
When (3) transmission contains the commercial advertizing content the Internet email, has not indicated "the advertisement" in the Internet email title information front part or "AD" the inscription.

The 14th after article Internet email receive is clear about the agreement receive to contain the commercial advertizing content the Internet email, refuses to continue to receive, the Internet email transmission must stop transmitting. Both sides have the agreement in addition being an exception.
The Internet email service transmission transmission contains the commercial advertizing content the Internet email, must provide the contact method to the receive which refuses to continue to receive, including the transmission electronic mail address, the contact method which and the guarantee provides is effective in 30th.

The 15th article Internet email service provider, serves for the Internet email provides turns on the service the telecommunication service tenderer to have to accept the user to Internet email reporting to the authorities, and provides conveniently for the user reports to the authorities the way.

The 16th article Internet email service provider, serves for the Internet email provides turns on the service the telecommunication service tenderer to have to defer to the following request processing user to report to the authorities:
(1) discovery the Internet email which reports to the authorities is obviously included this means 11th first section stipulation the prohibition content, must promptly report to the national related institution;
Beside (2) this strip (1)th stipulation other the Internet email which reports to the authorities, must entrust the Internet email to the information industries department which the Chinese Internet association sets up to report to the authorities accepts the center (to hereafter refer to as "Internet email to report to the authorities accepts center") to report;
(3) the Internet email which reports to the authorities is involved this unit, must carry out the investigation immediately, adopts the reasonable effective guard or the processing measure, and will concern the situation and the investigation result promptly reports to the authorities to the national related institution or the Internet email accepts the central report.

The 17th below article Internet email reports to the authorities accepts the center develops according to the information industries department formulation work routine and the flow works:
(1) accepts the related Internet email reporting to the authorities;
(2) assistance information industries department or the correspondence administrative bureau recognized Internet email which reports to the authorities whether does violate this means related provision the stipulation, and the assistance traces the related responsibility person;
(3) assistance country related institution traces the related responsibility person which violates this means 11th stipulation.

The 18th article Internet email service provider, serves for the Internet email provides turns on the service the telecommunication service tenderer, must positively coordinate the national related institution and the Internet email reports to the authorities accepts the central development investigation work.

19th article violates this means fourth stipulation, has not obtained the increment telecommunication service management permission or has not fulfilled the non- management Internet information service to set up a file the procedural development Internet email service, rests on "Internet Information service Policing method" the 19th stipulation punishment.

20th article violates this means fifth stipulation, or the correspondence administrative bureau orders the correction by the information industries department based on the authority, punishes at the same time 10,000 Yuan below the fine.

21st article has not fulfilled this means sixth, seventh, eighth, tenth 鏉¤ decides the duty, or the correspondence administrative bureau orders the correction by the information industries department based on the authority, punishes at the same time 5,000 Yuan above 10,000 Yuan below the fine.

22nd article violates this means ninth stipulation, or the correspondence administrative bureau orders the correction by the information industries department based on the authority, punishes at the same time 10,000 Yuan below the fine; Has illegally obtained, punishes at the same time 30,000 Yuan below the fine.

23rd article violates this means 11th stipulation, rests on "People's Republic of China Telecommunication Rule" 67th stipulation processing.
Telecommunication service tenderer and so on Internet email service provider has the means 11th stipulation the prohibition behavior, the information industries department or the correspondence administrative bureau rest on "People's Republic of China Telecommunication Rule" 78th, "Internet Information service Policing method" the 20th stipulation punishment.

24th article violates this means 12th, 13th, the 14th stipulation, or the correspondence administrative bureau orders the correction by the information industries department based on the authority, punishes at the same time 10,000 Yuan below the fine; Has illegally obtained, punishes at the same time 30,000 Yuan below the fine.

25th article violates this means 15th, 16th and the 18th stipulation, or the correspondence administrative bureau warned by the information industries department based on the authority, punishes at the same time 5,000 Yuan above 10,000 Yuan below the fine.

26th article this means called the Internet electronic mail address is refers by user constitutes together with a Internet domain name, may according to the above to Internet email user transmission email global unique end point marking.
This means called the Internet email envelope information is refers to the attachment on the Internet email, uses in to mark, the receive and transmission route reflection Internet email and so on the Internet email transmission originates, the end point and the transmission process information.
This means called the Internet email title information is refers to the attachment on the Internet email, uses in to mark the Internet email content subject the information.

27th article this means get up from March 30, 2006 execute.