[Senate Report 107-318]
[From the U.S. Government Publishing Office]



                                                       Calendar No. 735
107th Congress                                                   Report
                                 SENATE
 2d Session                                                     107-318
_______________________________________________________________________


CONTROLLING THE ASSAULT OF NON-SOLICITED PORNOGRAPHY AND MARKETING ACT 
               OF 2002, OR THE ``CAN-SPAM ACT OF 2002''

                               __________

                              R E P O R T

                                 OF THE

           COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

                                    on

                                 S. 630



                                     

       DATE deg.October 16, 2002.--Ordered to be printed


       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION
                      one hundred seventh congress
                             second session

              ERNEST F. HOLLINGS, South Carolina, Chairman
DANIEL K. INOUYE, Hawaii             JOHN McCAIN, Arizona
JOHN D. ROCKEFELLER IV, West         TED STEVENS, Alaska
    Virginia                         CONRAD BURNS, Montana
JOHN F. KERRY, Massachusetts         TRENT LOTT, Mississippi
JOHN B. BREAUX, Louisiana            KAY BAILEY HUTCHISON, Texas
BYRON L. DORGAN, North Dakota        OLYMPIA J. SNOWE, Maine
RON WYDEN, Oregon                    SAM BROWNBACK, Kansas
MAX CLELAND, Georgia                 GORDON SMITH, Oregon
BARBARA BOXER, California            PETER G. FITZGERALD, Illinois
JOHN EDWARDS, North Carolina         JOHN ENSIGN, Nevada
JEAN CARNAHAN, Missouri              GEORGE ALLEN, Virginia
BILL NELSON, Florida
                     Kevin D. Kayes, Staff Director
                       Moses Boyd, Chief Counsel
                      Gregg Elias, General Counsel
      Jeanne Bumpus, Republican Staff Director and General Counsel
             Ann Begeman, Republican Deputy Staff Director
             Robert W. Chamberlin, Republican Chief Counsel


                                                       Calendar No. 735
107th Congress                                                   Report
                                 SENATE
 2d Session                                                     107-318

======================================================================



 
CONTROLLING THE ASSAULT OF NON-SOLICITED PORNOGRAPHY AND MARKETING ACT 
                OF 2002, OR THE ``CAN-SPAM ACT OF 2002''

                                _______
                                

                October 16, 2002.--Ordered to be printed

                                _______
                                

      Mr. Hollings, from the Committee on Commerce, Science, and 
                Transportation, submitted the following

                              R E P O R T

                         [To accompany S. 630]

    The Committee on Commerce, Science, and Transportation, to 
which was referred the bill (S. 630) TITLE deg. to 
prohibit senders of unsolicited commercial electronic mail from 
disguising the source of their messages, to give consumers the 
choice to cease receiving a sender's unsolicited commercial 
electronic mail messages, and for other purposes, having 
considered the same, reports favorably thereon with an 
amendment in the nature of a substitute and recommends that the 
bill (as amended) do pass.

                          Purpose of the Bill

  The purpose of this legislation is to allow consumers the 
option to decline to receive unsolicited electronic mail (e-
mail) from commercial sources. The bill would require senders 
of unsolicited commercial e-mail (UCE) to include accurate 
return address or ``header'' information to identify the 
sender. The legislation would mandate that senders of UCE 
provide an Internet-based system for consumers to opt-out of 
receiving further unsolicited messages from that sender. It 
would also require the sender to include a physical address in 
the e-mail itself for identification and opt-out purposes. 
Criminal sanctions could be imposed on parties who 
intentionally disguise the source of their UCE messages by 
falsifying header information. Civil sanctions would be 
available for other violations of the bill.

                          Background and Needs

  UCE, commonly known as ``spam,'' has quickly become one of 
the most pervasive intrusions in the lives of Americans who use 
e-mail. Software industry analysts report that approximately 15 
percent of all e-mail traffic is spam. Unlike unsolicited 
postal mail, spam can be sent in massive volumes for very 
little additional cost, so the volume of spam has been rising 
exponentially--by some estimates, more than doubling every 6 
months. As a result, e-mail users are forced to deal with a 
deluge of unsolicited, and in most instances unwanted, 
advertisements in their computer e-mail in-boxes.
  The inconvenience and intrusiveness of spam is exacerbated by 
the fact that, in many instances, the senders of UCE 
purposefully disguise the source of the e-mail or include 
misleading information in the e-mail's subject line. Thus, the 
recipient is left with no effective ability to manage the 
inflow of spam--he or she cannot easily tell who is sending the 
messages, what they contain, or how to contact the sender to 
instruct him or her to take the recipient off the mailing list.
  Moreover, the Federal Trade Commission (FTC) has noted that 
many unsolicited e-mail messages contain indecent, misleading, 
or fraudulent content. Common types of fraudulent spam promote 
chain letters, pyramid schemes, stock and investment scams, and 
so forth. Also common is spam with pornographic content or 
links to websites with pornographic content, which some 
recipients may find offensive and may place additional burdens 
on parents to more closely monitor their children's e-mail.
  Spam imposes economic burdens as well. Massive volumes of 
spam can clog a computer network, slowing Internet service for 
those who share that network. Internet service providers (ISPs) 
must respond to rising spam volumes by investing in equipment 
to increase capacity, and the costs of such investments 
ultimately get passed on to the consumers that ISPs serve. 
Meanwhile, individual consumers and businesses are forced to 
spend time sorting through crowded e-mail in-boxes and deleting 
unwanted messages. Additionally, some consumers may be assessed 
fees based on the amount of time they spend online, which would 
include time they spend deleting junk e-mail. Left unchecked, 
spam may significantly undermine the usefulness and efficiency 
of e-mail as a communications tool.
  The CAN-SPAM Act, S. 630, aims to address the problem of spam 
by creating a Federal statutory regime that would give 
consumers the right to demand that a spammer cease sending them 
messages, while creating civil and criminal sanctions for the 
sending of spam meant to deceive recipients as to its source or 
content. Under the legislation, enforcement would be undertaken 
by the FTC and, in some cases, industry-specific regulatory 
authorities. In addition, the bill would enable State attorneys 
general and ISPs to bring actions against violators.

                          Legislative History

  Senators Burns and Wyden introduced S. 630 on March 27, 2001. 
The bill is cosponsored by Senators Lieberman, Landrieu, 
Torricelli, Breaux, Murkowski, Allen, Snowe, Thomas, 
Hutchinson, and Stevens. On April 26, 2001, the Subcommittee on 
Communications held a hearing chaired by Senator Burns on the 
proliferation of UCE and methods to provide consumers 
meaningful solutions to opt out of receiving it. A diverse 
group of associations and private parties interested in this 
issue provided testimony. The FTC testified in support of S. 
630. On May 17, 2002, the Senate Commerce, Science, and 
Transportation Committee held an executive session at which S. 
630 was considered. The bill was approved unanimously by voice 
vote and was ordered reported with an amendment in the nature 
of a substitute offered by Senators Burns and Wyden, and an 
amendment thereto offered by Senator Boxer regarding the large 
scale third-party collection or ``harvesting'' of consumer e-
mail addresses from websites.

                            Estimated Costs

  In accordance with paragraph 11(a) of rule XXVI of the 
Standing Rules of the Senate and section 403 of the 
Congressional Budget Act of 1974, the Committee provides the 
following cost estimate, prepared by the Congressional Budget 
Office:

                                     U.S. Congress,
                               Congressional Budget Office,
                                     Washington, DC, June 24, 2002.
Hon. Ernest F. Hollings,
Chairman, Committee on Commerce, Science, and Transportation, U.S. 
        Senate, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for S. 630, the Controlling 
the Assault of Non-Solicited Pornography and Marketing Act of 
2002.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contacts are Ken Johnson 
(for federal costs), Erin Whitaker (for the revenue impact), 
Angela Seitz (for the state and local impact), and Lauren Marks 
(for the impact on the private sector).
            Sincerely,
                                          Barry B. Anderson
                                    (For Dan L. Crippen, Director).
    Enclosure.

S. 630--Controlling the Assault of Non-Solicited Pornography and 
        Marketing Act of 2002

    Summary: S. 630 would impose new restrictions on the 
transmission of unsolicited commercial electronic mail (UCE). 
The bill would require all senders of UCE to identify the 
messages as UCE, provide accurate header information, include a 
functioning return email address, and stop sending messages to 
recipients who opt not to receive them. In addition, the bill 
would create criminal penalties for knowingly sending UCE that 
contains false information in the email's header line.
    The provisions of S. 630 would be enforced primarily by the 
Federal Trade Commission (FTC) under the authorities provided 
in the Federal Trade Commission Act, which includes assessments 
of civil penalties for violations of the act. However, agencies 
such as the Office of the Comptroller of the Currency (OCC), 
the Board of Governors of the Federal Reserve System, the 
Federal Deposit Insurance Corporation (FDIC), the Office of 
Thrift Supervision (OTS), the National Credit Union 
Administration (NCUA), the Securities and Exchange Commission 
(SEC), and the Secretary of Transportation would enforce the 
bill as it applies to businesses within the agencies' 
respective jurisdictions. These agencies would punish 
violations of the bill's provisions with civil and criminal 
penalties.
    CBO estimates that implementing S. 630 would cost about $2 
million in 2003 and about $1 million a year in 2004 and 
thereafter, assuming appropriation of the necessary amounts. 
CBO estimates that civil penalties collected as a result of 
enacting this bill would increase governmental receipts 
(revenues) by about $3 million a year over the 2003-2012 
period. The bill also would have additional effects on revenues 
and direct spending by imposing costs on banking regulators and 
by creating new criminal penalties. However, CBO estimates that 
these additional effects would be negligible. Because the bill 
would affect both receipts and direct spending, pay-as-you-go 
procedures would apply.
    S. 630 would impose an intergovernmental mandate as defined 
in the Unfunded Mandates Reform Act (UMRA) because it would 
preempt certain state and local laws that regulate the use of 
electronic mail to send commercial messages. CBO estimates that 
complying with that mandate would result in no direct costs to 
state and local governments and thus would not exceed the 
threshold established by that act ($58 million in 2002, 
adjusted annually for inflation).
    S. 630 would impose private-sector mandates as defined by 
UMRA by requiring that senders of commercial electronic mail 
include certain information within their messages. Based on 
information provided by government and industry sources, CBO 
expects that the direct costs of complying with the mandates 
would fall well below the annual threshold established by UMRA 
($115 million in 2002, adjusted annually for inflation).
    Estiamted cost to the Federal Government; The estimated 
budgetary impact of S. 630 is shown in the following table. The 
costs of this legislation fall within budget function 370 
(commerce and housing credit).

----------------------------------------------------------------------------------------------------------------
                                                                       By fiscal year, in millions of dollars--
                                                                    --------------------------------------------
                                                                       2003     2004     2005     2006     2007
----------------------------------------------------------------------------------------------------------------
                               CHANGES IN FTC SPENDING SUBJECT TO APPROPRIATION 1

Estimated Authorization Level 2....................................        2        1        1        1        1
Estimated Outlays..................................................        2        1        1        1        1

                                               CHANGES IN REVENUES

Estimated Revenues.................................................        1        3        3        3        3
----------------------------------------------------------------------------------------------------------------
1 S. 630 also would increase direct spending by less than $500,000 a year.
2 The FTC received a gross 2002 appropriation of $156 million. This amount will be offset by an estimated $108
  million in fees the FTC collects for merger reviews.

    Basis of estimate: S. 630 would require that the FTC 
enforce the provisions of the bill under the Federal Trade 
Commission Act. Based on information from the FTC, CBO excepts 
that the agency would need to upgrade its database of UCE 
complaints, hire additional staff to investigate possible 
violations, and assist companies attempting to comply with the 
bill's provisions. CBO estimates that these activities would 
cost $2 million in 2003 and $1 million a year in subsequent 
years, assuming appropriation of the necessary amounts.
    S. 630 would create a variety of new civil and criminal 
penalties, which are classified in the budget as governmental 
receipts (revenues). The FTC would enforce the bill with civil 
penalties using its authority under the Federal Trade 
Commission Act. Based on information from the FTC, CBO 
estimates that these enforcement efforts would cause revenues 
to rise by $3 million a year under the bill. The bill also 
would create new criminal penalties and authorize other 
agencies, including the SEC and the Department of 
Transportation, to enforce the bill's provisions on industries 
within their jurisdictions using both civil and criminal 
penalties. However, CBO estimates that the effect of those 
additional provisions on revenues would not be significant in 
any year.
    Collections of criminal fines are deposited in the Crime 
Victims Fund and spent in subsequent years. Because any 
increase in direct spending would equal the amount of fines 
collected (with a lag of one year or more), the additional 
direct spending also would be negligible.
    The OCC, NCUA, OTS, FDIC, and the Board of Governors of the 
Federal Reserve System would enforce the provisions of S. 630 
as they apply to financial institutions. The OCC, NCUA, and OTS 
charge fees to the institutions they regulate to cover all of 
their administrative costs; therefore, any additional spending 
by these agencies to implement the bill would have no net 
budgetary effect. That is not the case with the FDIC, however, 
which uses insurance premiums paid by all banks to cover the 
expenses it incurs to supervise state-chartered banks. The 
bill's requirement that the FDIC enforce the bill's 
restrictions on UCE sent by these banks would cause a small 
increase in FDIC spending but would not affect its premium 
income. In total, CBO estimates that S. 630 would increase net 
direct spending of the OCC, NCUA, OTS, and FDIC by less than 
$500,000 a year.
    Budgetary effects on the Federal Reserve are recorded as 
changes in revenues (governmental receipts). Based on 
information from the Federal Reserve, CBO estimates that 
enacting S. 630 would reduce such revenues by less than 
$500,000 a year.
    Pay-as-you-go considerations: The Balanced Budget and 
Emergency Deficit Control Act sets up pay-as-you-go procedures 
for legislation effecting direct spending or receipts. The net 
changes inoutlays and governmental receipts that are subject to 
pay-as-you-go procedures are shown in the following table. (The 
estimated impact on outlays is less than $500,000 a year.) For 
the purposes of enforcing pay-as-you-go procedures, only the 
effects through 2006 are counted.

----------------------------------------------------------------------------------------------------------------
                                                       By fiscal year, in millions of dollars--
                                    ----------------------------------------------------------------------------
                                      2002   2003   2004   2005   2006   2007   2008   2009   2010   2011   2012
----------------------------------------------------------------------------------------------------------------
Changes in Outlays.................      0      0      0      0      0      0      0      0      0      0      0
Changes in Receipts................      0      1      3      3      3      3      3      3      3      3      3
----------------------------------------------------------------------------------------------------------------

    Estimated impact on state, local, and tribal governments: 
S. 630 would impose an intergovernmental mandate as defined in 
UMRA because it would preempt certain state and local laws that 
regulate the use of electronic mail to send commercial 
messages. CBO estimates that complying with that mandate would 
result in no direct costs to state and local governments and 
thus would not exceed the threshold established by that Act 
($58 million in 2002, adjusted annually for inflation).
    Estimated impact on the private sector: S. 630 would impose 
private-sector mandates as defined by UMRA by requiring that 
senders of commercial electronic mail include certain 
information within their messages. The bill would require that 
all senders of commercial electronic mail include a valid 
return electronic mail address and an accurate subject heading 
within their message. Senders of UCE would further be required 
to identify their messages as UCE and to include a valid 
physical postal address within their messages. The bill would 
specify that the electronic mail address of the UCE sender must 
remain functioning for at least 30 days after transmission of 
UCE.
    In addition, S. 630 would require persons who send UCE to 
provide the recipients of their messages with an option to 
discontinue receiving UCE from the sender and to notify 
recipients of that option to discontinue in each UCE message. 
If a recipient makes a request to a sender not to receive some 
or any UCE messages from such sender, then the sender, or 
anyone acting on their behalf, would be prohibited from 
initiating a transmission to the recipient 10 days after the 
receipt of such a request. Based on information from government 
and industry sources, CBO estimates that the direct costs of 
complying with the mandates contained in the bill would fall 
well below the annual threshold established by UMRA for 
private-sector mandates ($115 million in 2002, adjusted 
annually for inflation).
    Previous CBO estimate: On April 13, 2001, CBO transmitted a 
cost estimate H.R. 718, the Unsolicited Commercial Electronic 
Mail Act of 2001, as ordered reported by the House Committee on 
Energy and Commerce on April 4, 2001. Although the two bills 
are similar, H.R. 718 does not contain the provisions requiring 
banking regulators to enforce the bill within their 
jurisdictions. The estimated costs of the bills are very 
similar, with the only difference reflecting later enactment. 
In our earlier cost estimate for H.R. 718, CBO included an 
estimated impact for 2002, based on the assumption that the 
bill would be enacted near the start of 2002.
    Estimate prepared by: Federal Costs: Ken Johnson; Revenues: 
Erin Whitaker; Impact on State, Local, and Tribal Governments: 
Angela Seitz; and Impact on the Private Sector: Lauren Marks.
    Estimate approved by: Peter H. Fontaine, Deputy Assistant 
Director for Budget Analysis.

                      Regulatory Impact Statement

  In accordance with paragraph 11(b) of rule XXVI of the 
Standing Rules of the Senate, the Committee provides the 
following evaluation of the regulatory impact of the 
legislation, as reported:

                       NUMBER OF PERSONS COVERED

  S. 630 would provide all individuals using e-mail certain 
protections from fraudulent or misleading behavior by senders 
of commercial e-mail, and an opportunity to elect whether or 
not to receive UCE. Additionally, the legislation would mandate 
that all persons who send commercial e-mail meet certain 
requirements, including proper identification and providing an 
Internet-based reply system for recipients so they may opt out 
of future UCE sent by that sender. Therefore, S. 630 would 
cover all consumers who receive e-mail, and all senders of 
commercial e-mail.

                            ECONOMIC IMPACT

  The legislation would result in new or incremental costs for 
senders of commercial e-mail to comply with the legislation's 
requirements, to the extent that those senders have not already 
made provisions to prevent fraudulent or misleading headers or 
subject headings, ensure proper identification of the sender, 
and provide Internet-based reply mechanisms that allow 
recipients to choose whether to receive future messages. 
Certain reports have noted the fairly low cost borne by senders 
of commercial e-mail and the increased costs that ISPs and 
their customers pay to handle increasing commercial e-mail 
traffic. The Committee notes that many direct marketing groups 
and companies that use commercial e-mail have already 
implemented Internet-based response systems for recipients. 
Therefore, many of the costs that would be expected to be 
incurred from S. 630 have already been absorbed by the 
marketing and sales industries that send commercial e-mail. 
However, certain industries with extensive marketing affiliates 
claim that the costs of integrating opt-out systems network-
wide may be significant.

                                PRIVACY

  S. 630 would increase the personal privacy of all users of e-
mail by providing them with the ability to decline to receive 
future UCE from the same sender. S. 630 would also require 
senders of UCE to identify themselves to the recipients by 
truthful header information and a mailing address where a 
recipient can contact the sender, thereby better informing the 
recipient of the identity of the sender.

                               PAPERWORK

  S. 630 would require the FTC to perform a study, and submit a 
report to the Congress, within 24 months after the date of 
enactment of the legislation. The legislation should generate 
similar amounts of administrative paperwork as other 
legislation requiring multiple agency enforcement and a report 
to Congress.

                      Section-by-Section Analysis


Section 1. Short Title

  This section would provide that the legislation may be cited 
as the ``Controlling the Assault of Non-Solicited Pornography 
and Marketing Act of 2002'' or as the ``CAN-SPAM Act of 2002.''

Section 2. Congressional Findings and Policy

  This section cites the marketing benefits commercial e-mail 
can provide to businesses advertising on the Internet, but 
emphasizes that the ability to send virtually unlimited amounts 
of UCE could force recipients to waste substantial time and 
resources reviewing and discarding such e-mail. In addition, 
huge volumes of UCE could impose significant costs to ISPs via 
system upgrades to handle the volume of spam sent to end users, 
who ultimately would bear the costs of those upgrades through 
increased service rates. This section also states that an 
increasing number of spammers purposefully include misleading 
information in subject lines, and that some UCE contains 
material that recipients may consider vulgar or pornographic in 
nature. In light of the increased amount of UCE, the section 
finds that unless there is a reliable method by which consumers 
can refuse to accept such e-mail, the benefits of the Internet 
may be diminished. Because of the impact on Internet commerce, 
the section also states that there is a substantial government 
interest in regulating UCE to ensure such e-mail messages are 
not misleading as to their source and that recipients have a 
right to decline UCE from the same source.

Section 3. Definitions

  This section would define terms used throughout the bill, 
some of which have a specific contextual meaning in the 
statutory regime created by the legislation. The following 
definitions included in S. 630 are of particular importance:
          Affirmative Consent.--The term ``affirmative 
        consent'' means that the message is being sent with the 
        express consent, or at the express direction, of the 
        recipient. Pursuant to this definition, affirmative 
        consent is intended to require some kind of active 
        choice or selection by the recipient; merely remaining 
        passive, as in the case where a consumer fails to 
        modify a default setting expressing consent, is not a 
        sufficient basis for affirmative consent. However, this 
        definition does not require consent on an individual, 
        sender-by-sender basis. A recipient could affirmatively 
        consent to messages from one particular company, but 
        could also consent to receive either messages on a 
        particular subject matter (e.g., gardening products) 
        without regard to the identity of the sender, or 
        messages from unnamed marketing partners of a 
        particular company. All of these are examples of ways 
        consumers could provide affirmative consent under the 
        provisions of the legislation.
          Commercial Electronic Mail Message.--The term 
        ``commercial electronic mail message'' means any 
        electronic mail message where the primary purpose is 
        the commercial advertisement or promotion of a product 
        or service. This definition is intended to cover 
        marketing e-mails. Advertisements for content on an 
        Internet website operated for a commercial purpose are 
        included within the definition because an e-mail urging 
        the recipient to visit a particular commercial website 
        is just as much a marketing message as an e-mail urging 
        the purchase of a specific product or service. However, 
        the definition is not intended to cover an e-mail that 
        has a primary purpose other than marketing, even if it 
        mentions or contains a link to the website of a 
        commercial company or contains an ancillary marketing 
        pitch. Thus, the definition expressly excludes e-mail 
        messages whose primary purpose is to facilitate, 
        complete, confirm, provide, or request information 
        concerning a preexisting transaction or relationship. 
        For example, an e-mail message providing a monthly bank 
        account statement to the recipient, or providing a 
        product recall notice, would not be considered a 
        commercial electronic mail message under the 
        legislation, even if the message includes at the bottom 
        some promotional information about the sender's other 
        products.
          Header Information.--The term ``header information'' 
        means the source, destination, and routing information 
        attached to the beginning of an e-mail message, 
        including the originating domain name and originating 
        e-mail address.
          Implied Consent.--The term ``implied consent,'' in 
        reference to a commercial e-mail message, means that 
        two requirements are met. First, a business 
        transaction, between the sender and recipient, must 
        have occurred within a 3-year period ending upon 
        receipt of the message. A business transaction may 
        include a transaction involving the provision, free of 
        charge, of information, goods, or services requested by 
        the recipient. However, it is intended that merely 
        visiting a free website and browsing its content does 
        not constitute a ``transaction'' for purposes of this 
        definition. Second, the recipient of the message must 
        have been given clear and conspicuous notice of an 
        opportunity not to receive UCE from the sender and has 
        not exercised that opportunity. Unlike affirmative 
        consent, implied consent does not require an active 
        choice or request by the recipient, so long as the 
        recipient has the been given the ability via 
        conspicuous notice to decline receiving additional 
        messages from the sender.
          Initiate.--The term ``initiate,'' in reference to a 
        commercial e-mail message, means to originate or 
        procure the origination of such e-mail message. Thus, 
        if one company hires another to handle the tasks of 
        composing, addressing, and coordinating the sending of 
        a marketing appeal, both companies could be considered 
        to have initiated the message--one for procuring the 
        origination of the message, the other for actually 
        originating it. However, the definition specifies that 
        a company that merely engages in routine conveyance, 
        such as an ISP that simply plays a technical role in 
        transmitting or routing a message and is not involved 
        in coordinating the recipient addresses for the 
        marketing appeal, shall not be considered to have 
        initiated the message.
          Recipient.--The term ``recipient'' means an 
        authorized user of the e-mail address to which an e-
        mail message was sent or delivered. If such a user has 
        other e-mail addresses in addition to the address to 
        which the message was sent, each of those addresses 
        will be treated as an independent recipient for 
        purposes of this legislation. For example, a person may 
        have an e-mail address provided by his ISP and also 
        subscribe to a second free e-mail service. Under the 
        legislation, each of these addresses is considered 
        independent, although they are both owned by the same 
        person. Therefore, if an unsolicited commercial message 
        is sent by the same sender to each of the recipient's 
        e-mail addresses and the recipient does not wish to 
        receive future messages, the recipient must opt out for 
        each address. However, if an e-mail address is 
        reassigned to a new user, as may happen after one user 
        gives up an e-mail address in connection with a change 
        in ISP or a change in employer, the new user shall not 
        be treated as a recipient of any commercial e-mail 
        message sent or delivered to that address before it was 
        reassigned.
          Sender.--The term ``sender'' means a person who 
        initiates a commercial e-mail and whose product, 
        service or Internet web site is advertised or promoted 
        by the message. Thus, if one company hires another to 
        coordinate an e-mail marketing campaign on its behalf, 
        only the first company is the sender, because the 
        second company's product is not advertised by the 
        message.
          Unsolicited Commercial Electronic Mail Message.--The 
        term ``unsolicited commercial electronic mail message'' 
        means any commercial electronic message that is sent to 
        a recipient without the recipient's prior affirmative 
        or implied consent.

Section 4. Criminal Penalty for Unsolicited Commercial Electronic Mail 
        Containing Fraudulent Routing Information

  This section would provide misdemeanor criminal liability for 
intentionally sending UCE with falsified information concerning 
the transmission or source of the message. The section would 
amend chapter 63 of title 18, United States Code, to require 
that a person who sends an unsolicited commercial e-mail, with 
knowledge and intent that the message contains or is 
accompanied by header information that is materially false or 
materially misleading shall be fined or imprisoned for one 
year, or both. This section further states that header 
information that includes an originating e-mail address, the 
use of which was not authorized by the legitimate holder of the 
address, or access to which was obtained by means of false or 
fraudulent pretense or representations, would be considered 
materially misleading. This provision is intended to address 
the situation where a spammer hacks into, or upon false 
pretenses obtains access to, an innocent party's e-mail account 
and uses it to send out spam.

Section 5. Other Protections Against Unsolicited Commercial Electronic 
        Mail

  This section contains the bill's principal requirements for 
senders of UCE, violations of which would not be criminal but 
would be unfair or deceptive acts or practices enforced by the 
FTC and other Federal agencies.
  Section 5(a)(1) would prohibit falsified transmission 
information. Specifically, it would be unlawful to send a 
commercial e-mail message that contains or is accompanied by 
header information (source, destination and routing 
information) that is materially or intentionally false or 
misleading. As in section 4, if the sender includes an e-mail 
address in the header that was not authorized by the legitimate 
holder of that address, or if access to an e-mail address was 
obtained fraudulently, the commercial e-mail would be 
considered materially misleading. The intent of this subsection 
is to eliminate the use of inaccurate originating e-mail 
addresses that disguise the identities of the senders.
  Section 5(a)(2) would prohibit the knowing use of deceptive 
subject headings in commercial e-mail messages. The test is 
whether the sender knows that the subject heading would be 
likely to mislead a reasonable recipient about a material fact 
regarding the content or subject matter of the message. Thus, 
minor typographical errors or truly accidental mislabeling 
should not give rise to liability under this section.
  Section 5(a)(3) would require that when a commercial e-mail 
is unsolicited, the message must have a functioning return e-
mail address or other Internet-based reply mechanism (such as a 
link to a web page at which a user can ``click'' to select e-
mail options) through which a recipient can opt out of future 
messages. The return address, or other Internet-based reply 
mechanism, must remain capable of receiving communications from 
the recipient of the UCE for at least 30 days from the date of 
the original e-mail. The temporary inability of a return 
address to accept e-mails due to a technical or capacity 
problem would not be a violation of the law if the problem is 
corrected within a reasonable time period. It is recognized 
that computer systems are fallible on occasion, and this 
exception is intended to protect senders of UCE who act in good 
faith to receive opt-out messages but are unable do to so 
because of these occasional system failures. It is expected 
that these failures will be corrected in a time that is deemed 
reasonable to effect the necessary repairs according to 
industry standards and practice. Senders that do not make 
repairs in a reasonable time would be considered in violation 
of the law and subject to penalties. Subparagraph (B) is 
intended to make clear that the opt-out mechanism required by 
the subsection would not need to be an ``all or nothing'' 
proposition. A recipient must have the option of declining to 
receive all further messages, but a sender could also give the 
recipient the option of receiving some types of messages but 
not others.
  Section 5(a)(4) would require that once a sender receives a 
request from a recipient to not send any more UCE, the sender 
must cease the transmission of UCE to that recipient within 10 
days of receiving the recipient's request. This 10-day window 
also applies to any person acting on behalf of the sender to 
initiate the transmission of the UCE, or any person who 
provides or selects e-mail addresses for the sender, so long as 
those persons know that a request to cease the messages was 
made by the recipient. Those persons cannot avoid liability 
under this section by consciously avoiding knowing that a 
recipient requested to opt out of receiving unsolicited 
commercial messages. The intent of this requirement is to 
ensure that persons providing e-mail marketing services would 
be responsible for making a good faith inquiry of their clients 
(the senders, under the definitions of this bill) to determine 
whether there are recipients who should not be e-mailed because 
they have previously requested not to receive e-mails from that 
sender. E-mail marketers who willfully remain unaware of prior 
recipient opt-outs would not be excused from liability under 
this legislation.
  Section 5(a)(5) would require UCE to contain clear and 
conspicuous identification that the e-mail is an advertisement 
or solicitation. The section would also require clear and 
conspicuous notice of the opportunity to decline receiving 
further unsolicited commercial e-mail, and would require the 
inclusion of a valid physical postal address for the sender.
  Section 5(b) would address the activity known as ``address 
harvesting.'' This section would make it an additional 
violation of the law to initiate UCE to a recipient whose 
address was obtained, using an automatic address gathering 
program or process, from a website or proprietary online 
service that has a policy of not sharing its users' e-mails for 
purposes of sending spam.
  Section 5(c) would create an affirmative defense for senders 
of UCE in certain circumstances. A person would not be 
considered in violation of sections 5(a) (2), (3), (4), or (5) 
if that person has adopted reasonable practices and procedures 
to prevent violations and has made good faith efforts to 
maintain compliance with the bill's provisions. The affirmative 
defense is intended to protect those persons who have 
preventative practices in place but through unforeseen 
circumstances find themselves in violation. It is expected that 
persons who regularly fail to comply with the bill's provisions 
would not meet the requirements of reasonable practices or 
procedures, nor be able to make a clear showing of good faith 
efforts to be compliant.

Section 6. Enforcement by the Federal Trade Commission

  Sections 6(a) and 6(d) prescribe that section 5 would be 
enforced by the FTC under section 18 of the FTC Act (15 U.S.C. 
41 et seq.) as if the violation were an unfair or deceptive act 
or practice. The Commission would be required to prevent 
persons from violating this legislation in the same manner, by 
the same means, and with the same jurisdiction, powers, and 
duties as though all applicable terms and provisions of the FTC 
Act were incorporated and made a part of this legislation. 
Therefore, all the jurisdictional, remedial, and civil 
enforcement provisions of the FTC Act would be applicable to 
commercial e-mail under the provisions of this legislation.
  Sections 6(b) and 6(c) provide for enforcement by other 
agencies for entities subject to their jurisdiction due to the 
jurisdictional limitations of the FTC. These agencies include 
the Office of the Comptroller of the Currency, the Federal 
Reserve Board, the Federal Deposit Insurance Corporation, the 
Office of Thrift Supervision, the Department of Transportation, 
the Department of Agriculture, the Farm Credit Administration, 
the Securities and Exchange Commission and the Federal 
Communications Commission, for those entities subject to their 
jurisdiction. Under section 6(c), these agencies and the others 
set forth in section 6(b), may exercise authority provided by 
their own statutory grants to enforce the substantive 
provisions of this legislation.
  Section 6(e) would grant State attorneys general the right to 
bring a civil action for violations of section 5. A State may 
bring an action in parens patriae for aggrieved citizens of the 
State in Federal district court to obtain injunctive relief or 
recover actual or statutory damages, whichever is greater. 
Statutory damages under this section are up to $10 per unlawful 
message, with the precise per message amount set by the court 
based on the degree of culpability and other equitable factors. 
For any violation of section 5, the maximum total amount of 
damages would be capped at $500,000. If the court finds 
violations of section 5 were committed willfully or knowingly, 
the legislation would allow the maximum damages to be increased 
up to $1,500,000. Reasonable attorneys' fees would be awarded 
to the State for a successful action.
  Section 6(f) would allow a provider of Internet access 
service adversely affected by a violation of section 5 to bring 
a civil action in Federal district court. This could include a 
service provider who carried unlawful spam over its facilities, 
or who operated a website or online service from which 
recipient e-mail addresses were harvested in connection with a 
violation of section 5(b). The provider may obtain injunctive 
relief or actual or statutory damages calculated in the same 
manner as section 6(e). The court would be permitted to assess 
the costs of such an action, including reasonable attorneys' 
fees, against any party.

Section 7. Effects on Other Laws

  Section 7(a) would limit the effect the legislation would 
have on current Federal statutes. It clarifies that nothing in 
the legislation should be construed to interfere with the 
enforcement of the provisions of the Communications Act of 1934 
relating to obscenity, or sexual exploitation of children, or 
the FTC Act for materially false or deceptive representations 
in commercial e-mail messages.
  Section 7(b)(1) sets forth the general rule concerning the 
preemption of State law by the legislation. The legislation 
would supersede State and local statutes, regulations, and 
rules regulating the use of e-mail to send commercial messages. 
Given the inherently interstate nature of e-mail 
communications, the Committee believes that the creation of 
one, national standard would be beneficial to consumers, 
businesses, and regulators. Section 7(b)(2) of the legislation 
would create exceptions to the general rule in section 7(b)(1), 
providing that the legislation would not preempt any civil 
action under State trespass, contract or tort law, or any 
Federal or State criminal law or civil remedy that relates to 
acts of computer fraud perpetrated by means of the unauthorized 
transmission of unsolicited commercial e-mail.
  Section 7(b)(3) would clarify the scope of the exceptions set 
forth in 7(b)(2). Section 7(b)(3) is included to ensure that 
the preemptive effect of this bill could not be evaded by State 
enactment of a law that seeks to regulate UCE but simply uses a 
different label, such as fraud or trespass. To prevent such an 
evasion, section 7(b)(3) would limit the section 7(b)(2) 
exceptions so that State and local statutes would not be 
exempted from preemption if they treat the mere act of sending 
UCE as a sufficient basis for liability. Thus, section 7(b)(3) 
would clarify that this bill would preempt State laws that are 
simply re-titled efforts to impose a regulatory regime on UCE 
that differs from the regime imposed by this legislation, such 
as a law that makes it an unlawful ``trespass'' to transmit UCE 
without including the sender's phone number.
  Section 7(b)(3), however, is a narrow limitation. It would 
not require preemption of State trespass, contract, tort, and 
computer fraud laws under any circumstances that those laws are 
used to sue senders of unsolicited commercial e-mail. For 
example, the provision would not apply to State or local 
contract or trespass laws that allow Internet access providers 
to sue senders of UCE for violations of the providers' terms of 
use. Nor does the provision apply to the enforcement of State 
fraud laws against senders of UCE if the content of the e-mail 
message is fraudulent or the means of transmission of the e-
mail involves fraudulent or deceptive acts, such as using 
fraudulent pretenses to gain unauthorized access to an e-mail 
account from which to send UCE. In such cases, the State laws 
in question do not make the mere sending of an unsolicited 
commercial e-mail a sufficient basis for liability. Instead, 
liability rests on the sending of the e-mail plus some other 
action, such as violation of contractual terms, acts of fraud 
or deception in connection with initiating the transmission of 
the e-mail, or inclusion of fraudulent content in the e-mail 
message.
  Section 7(c) would clarify that this legislation would have 
no impact on the lawfulness of ISPs' efforts to filter or block 
e-mails traversing their systems.

Section 8. Study of Effects of Unsolicited Commercial Electronic Mail

  This section would require the FTC, in consultation with the 
Department of Justice and other appropriate agencies, to submit 
a report to Congress within 24 months after enactment of this 
legislation, on the effectiveness and enforcement of the 
provisions of this legislation and any modifications to the 
legislation which may be considered appropriate. The FTC would 
also be required to include in the report an analysis of the 
extent to which technological and marketplace developments may 
affect the practicality and effectiveness of the legislation.

Section 9. Separability

  This section states that if any provision or application of a 
provision of the legislation is held invalid, the remainder of 
the legislation and application of its provisions will not be 
affected.

Section 10. Effective Date

  This section provides that the provisions of this legislation 
would take effect 120 days after the date of enactment.

                        Changes in Existing Law

  In compliance with paragraph 12 of rule XXVI of the Standing 
Rules of the Senate, changes in existing law made by the bill, 
as reported, are shown as follows (existing law proposed to be 
omitted is enclosed in black brackets, new material is printed 
in italic, existing law in which no change is proposed is shown 
in roman):

                      TITLE 18, UNITED STATES CODE

                        CHAPTER. 63. MAIL FRAUD

Sec.  1351. Unsolicited commercial electronic mail containing 
                    fraudulent transmission information

  (a) In General.--Any person who initiates the transmission, 
to a protected computer in the United States, of an unsolicited 
commercial electronic mail message, with knowledge and intent 
that the message contains or is accompanied by header 
information that is materially false or materially misleading 
shall be fined or imprisoned for not more than 1 year, or both, 
under this title. For purposes of this subsection, header 
information that includes an originating electronic mail 
address the use of which in connection with the message was not 
authorized by the legitimate holder of the address, or access 
to which was obtained by means of false or fraudulent pretense 
or representations, shall be considered materially misleading.
  (b) Definitions.--Any term used in subsection (a) that is 
defined in section 3 of the CAN-SPAM Act of 2002 has the 
meaning given it in that section.

                                
