CAN-SPAM Act Regulation Quiz

Questions and Answers

What is the primary purpose of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM or Act)?

• Creating a registry similar to the 'Do Not Call' registry
• Promoting ethical marketing practices in the pornography industry
• Allowing unrestricted sending of commercial e-mails
• Reducing spam and unsolicited pornography by prohibiting senders from disguising the source and content of their messages (correct)

When did the regulations containing criteria pertaining to warning labels on sexually oriented materials become effective?

• June 30, 2006
• April 1, 2003
• May 19, 2004 (correct)
• March 28, 2005

Which organizations were granted compliance authority under the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003?

• Federal Deposit Insurance Corporation and National Credit Union Association
• Office of Thrift Supervision and Office of the Comptroller of the Currency
• Federal Reserve Board and National Credit Union Association
• Federal Trade Commission (FTC) and Federal Deposit Insurance Corporation (correct)

Why did the FTC research determine that a 'Do Not Spam' registry would not be effective at that time?

The majority of spam was coming from international sources (B)

Which of the following is NOT a requirement under CAN-SPAM provisions?

Reflecting address harvesting, hijacking, or dictionary attacks (B)

What is one of the criteria to determine whether audits and reviews performed were reasonable and accurate?

Frequency of the compliance review (A)

What action should be confirmed for customer requests to opt out of receiving additional e-mail messages?

Confirmation of receipt of opt-out notification within 10 days (D)

What should be included in commercial e-mail messages containing sexually oriented material according to CAN-SPAM provisions?

A warning label in the subject and within the message body (D)

What is the definition of a commercial e-mail message according to the CAN-SPAM Act?

A message with the primary purpose of advertising or promoting a commercial product or service (B)

What is affirmative consent for commercial e-mail messages?

Express consent from the recipient and clear notice if the e-mail address is transferred to another party (D)

What does header information in an e-mail message include?

Source, destination, and routing details of the e-mail message (B)

What is harvesting in the context of e-mail addresses?

Obtaining e-mail addresses from an Internet Web site or online service with a notice against transferring electronic addresses (B)

What does initiating a message include according to the CAN-SPAM Act?

Originating, transmitting, or procuring the origination or transmission of the message (C)

What is prohibited by the CAN-SPAM Act in relation to subject headings?

False or misleading information (D)

What is the primary purpose of an email message according to the CAN-SPAM Act?

To be deemed transactional or non-commercial if it contains only transactional or relationship content (B)

What does the CAN-SPAM Act define as a 'protected computer'?

A computer used exclusively by a financial institution or the US government (D)

How does the CAN-SPAM Act define a 'recipient'?

An authorized user of the email address to which the message was sent or delivered (A)

What is a 'Transactional or Relationship E-mail Message' according to the CAN-SPAM Act?

An email facilitating a commercial transaction or providing warranty or subscription information (C)

What does the CAN-SPAM Act prohibit in commercial email messages?

Use of false or misleading transmission information (A)

What are financial institutions required to have for implementing CAN-SPAM?

Compliance programs (D)

What do examination objectives include under CAN-SPAM?

Assessing the quality of a financial institution's compliance program and determining reliance on audit or compliance reviews. (C)

When should corrective actions be initiated according to CAN-SPAM?

When violations of law are identified, or when policies or internal controls are deficient. (B)

What do initial examination procedures involve under CAN-SPAM?

Assessing the applicability of CAN-SPAM, reviewing internal controls, and revising the scope of examination based on identified risks. (A)

What do verification procedures include under CAN-SPAM?

Obtaining a list of promoted products or services, reviewing email messages for compliance with CAN-SPAM provisions, and assessing organizational responsibilities and compliance planning. (C)

What must commercial email messages provide according to CAN-SPAM provisions?

A clear and conspicuous identification as an advertisement or solicitation and a valid physical postal address of the sender, unless the recipient has given prior affirmative consent. (B)

Study Notes

CAN-SPAM Act Key Definitions and Prohibitions

• Affirmative consent for commercial e-mail messages requires express consent from the recipient and clear notice if the e-mail address is transferred to another party.
• Final rules on determining the primary purpose of an e-mail message and governing labeling of commercial e-mails were published in the Federal Register.
• The definition of a commercial e-mail message includes the primary purpose of advertising or promoting a commercial product or service.
• Dictionary attacks involve obtaining e-mail addresses through automated generation of possible permutations.
• Harvesting refers to obtaining e-mail addresses from an Internet Web site or online service with a notice against transferring electronic addresses.
• Header information includes source, destination, and routing details of an e-mail message.
• Hijacking involves using automated means to register for multiple e-mail or online user accounts to transmit unlawful commercial e-mail messages.
• Initiating a message includes originating, transmitting, or procuring the origination or transmission of the message.
• The primary purpose of an e-mail message is deemed commercial if it contains commercial content or both commercial and transactional/relationship content.
• The CAN-SPAM Act prohibits the use of deceptive subject headings and requires a functioning e-mail return address or Internet-based response mechanism.
• It also requires a clear and conspicuous identification of the message as an advertisement, notice of the opportunity to decline further commercial e-mails, and a valid physical postal address of the sender.
• The Act prohibits address harvesting, dictionary attacks, and hijacking in the transmission of commercial e-mail messages.

Compliance with CAN-SPAM Statute

• CAN-SPAM prohibits the transmission of unlawful commercial email messages and requires warning labels on messages containing sexually oriented material.
• The primary purpose of an email message is deemed transactional or non-commercial if it contains only transactional or relationship content.
• The statute defines a "protected computer" as one exclusively used by a financial institution or the US government or used in interstate or foreign commerce.
• A "recipient" is an authorized user of the email address to which the message was sent or delivered.
• "Transactional or Relationship E-mail Message" is defined as an email facilitating a commercial transaction or providing warranty or subscription information.
• The statute prohibits the use of false or misleading transmission information in commercial email messages.
• Financial institutions are required to have compliance programs for implementing CAN-SPAM.
• Examination objectives include assessing the quality of a financial institution's compliance program and determining reliance on audit or compliance reviews.
• Initiate corrective actions when violations of law are identified, or when policies or internal controls are deficient.
• Initial examination procedures involve assessing the applicability of CAN-SPAM, reviewing internal controls, and revising the scope of examination based on identified risks.
• Verification procedures include obtaining a list of promoted products or services, reviewing email messages for compliance with CAN-SPAM provisions, and assessing organizational responsibilities and compliance planning.
• Commercial email messages must provide a clear and conspicuous identification as an advertisement or solicitation and a valid physical postal address of the sender, unless the recipient has given prior affirmative consent.

Description

Test your knowledge of the regulations outlined in the CAN-SPAM Act with this quiz. The quiz covers topics such as prohibited content in commercial e-mail messages, requirements for warning labels, and restrictions on relaying unlawful messages.