CAN-SPAM Act Regulation Quiz

CAN-SPAM Act Key Definitions and Prohibitions

• Affirmative consent for commercial e-mail messages requires express consent from the recipient and clear notice if the e-mail address is transferred to another party.
• Final rules on determining the primary purpose of an e-mail message and governing labeling of commercial e-mails were published in the Federal Register.
• The definition of a commercial e-mail message includes the primary purpose of advertising or promoting a commercial product or service.
• Dictionary attacks involve obtaining e-mail addresses through automated generation of possible permutations.
• Harvesting refers to obtaining e-mail addresses from an Internet Web site or online service with a notice against transferring electronic addresses.
• Header information includes source, destination, and routing details of an e-mail message.
• Hijacking involves using automated means to register for multiple e-mail or online user accounts to transmit unlawful commercial e-mail messages.
• Initiating a message includes originating, transmitting, or procuring the origination or transmission of the message.
• The primary purpose of an e-mail message is deemed commercial if it contains commercial content or both commercial and transactional/relationship content.
• The CAN-SPAM Act prohibits the use of deceptive subject headings and requires a functioning e-mail return address or Internet-based response mechanism.
• It also requires a clear and conspicuous identification of the message as an advertisement, notice of the opportunity to decline further commercial e-mails, and a valid physical postal address of the sender.
• The Act prohibits address harvesting, dictionary attacks, and hijacking in the transmission of commercial e-mail messages.

Compliance with CAN-SPAM Statute

• CAN-SPAM prohibits the transmission of unlawful commercial email messages and requires warning labels on messages containing sexually oriented material.
• The primary purpose of an email message is deemed transactional or non-commercial if it contains only transactional or relationship content.
• The statute defines a "protected computer" as one exclusively used by a financial institution or the US government or used in interstate or foreign commerce.
• A "recipient" is an authorized user of the email address to which the message was sent or delivered.
• "Transactional or Relationship E-mail Message" is defined as an email facilitating a commercial transaction or providing warranty or subscription information.
• The statute prohibits the use of false or misleading transmission information in commercial email messages.
• Financial institutions are required to have compliance programs for implementing CAN-SPAM.
• Examination objectives include assessing the quality of a financial institution's compliance program and determining reliance on audit or compliance reviews.
• Initiate corrective actions when violations of law are identified, or when policies or internal controls are deficient.
• Initial examination procedures involve assessing the applicability of CAN-SPAM, reviewing internal controls, and revising the scope of examination based on identified risks.
• Verification procedures include obtaining a list of promoted products or services, reviewing email messages for compliance with CAN-SPAM provisions, and assessing organizational responsibilities and compliance planning.
• Commercial email messages must provide a clear and conspicuous identification as an advertisement or solicitation and a valid physical postal address of the sender, unless the recipient has given prior affirmative consent.