Friday, October 21, 2005

Email address list request project - CAN-SPAM Act of 2003

Recently I was contacted by (anonymous as requested) with a request for a $50 Project under which I was to use my Google search results page parsing code in conjunction with my email address parsing code to compile a list of email addresses from web pages returned for Google searches of some very specific search keywords and terms provided by (anonymous).

I told (anonymous) that I would have to first research anti-SPAM legislation to be sure that in doing said project, I wouldn't be breaking the law. Specifically, somewhere I had been lead to believe that it may be illegal to harvest email addresses from website "automatically" and then send unsolicited emails to those addresses.

What I found is that the CAN-SPAM Act of 2003 is THE law of the land when it comes to unsolicited bulk email, and interpretation of the CAN-SPAM Act of 2003 is all over the board, depending upon which interest group (Advertisers or Anti-SPAM groups) is providing their interpretation.

Here's my (as) objective (as possible) take:


  1. Access a computer without authorization and intentionally initiate the transmission of multiple commercial electronic mail messages from or through such computer.

  2. Use a computer to relay or retransmit multiple commercial emails with the intent to deceive or mislead recipients or any ISP as to the origin of such emails

  3. Materially falsify header information in multiple commercial emails

  4. Register, using false registrant information, for five or more email or online user accounts or two or more domain names, and use such accounts to send multiple commercial emails.

  5. Falsely represent onself to the the registrant or the legitimate successor in interest to the registrant of five or more IP addresses and use such addresses to send multiple commercial emails.

  6. Send multiple commercial emails with false or misleading header information

  7. Send multiple commercial emails with deceptive or misleading subject lines.

  8. Send multiple commercial emails with no functioning return email address (and such address must remain capable of receiving message for 30 days after transmission of said emails)

  9. Send a commercial email message to a recipient who has asked to be removed from the list or not to receive any more messages.

  10. Send commercial email messages without including "identification" that the message is an advertisement, without an opt-out mechanism, and without the physical address and contact information of the sender.

Further, it will be considered an "aggravated offense" to break any of the rules in 6 - 10 when also doing the things in 1 - 5, or when having either 1) gathered the email addresses using automated means from websites, or 2) using a dictionary-type attack, generating possible email addresses by combining names, letters, or numbers into numerous permutations.


Now, I am not an attorney by any stretch (and I will not be held liable for any damages relating from others' actions on the "advice" of my interpretation of the Act), but my interpretation of the CAN-SPAM Act of 2003, as it relates to the project requested by (anonymous), is that it would NOT be a violation of the Act on my part to provide a list of email addresses collected using "automated" means from websites to someone else provided I had reasonably been assured by that person that they would not be using those email addresses in such a way as to violate the Act, and (anonymous) would not be violating the Act provided that he/she did not do any of the things in 1 - 5 and that he/she did include all of the things required in 6 - 10.

I will perform this $50 Project and any similar others requested by people who give me an assurance that they will not use the addresses in violation of the CAN-SPAM Act of 2003.

No comments: