Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:08 PM
W. David Gardner, TechWeb News
W. David Gardner, TechWeb News
Connect Directly

New Legislation Raises Host Of Bulk E-mail Issues for Banks

State laws will be preempted by the CAN-SPAM Act of 2003.

New Legislation Raises Host Of Bulk E-mail Issues for Banks State laws will be preempted by the CAN-SPAM Act of 2003. By: W. David Gardner, TechWeb News

Legitimate businesses face new state and federal anti-spam laws that took effect on New Year's Day, and they raise new issues for businesses trying to use e-mail within the letter of the law. The CAN-SPAM Act of 2003 may not have much impact on offshore operations-those beyond the reach of U.S. law enforcement-but it will affect some respectable companies, says Charles Kennedy, a lawyer specializing in computer and communications law, in the Washington, D. C., office of Morrison & Foerster.

"A guy with a server in Antigua sending porn won't comply. But a U.S. bank offering credit cards will have to comply," Kennedy says.

The legislation, signed by President Bush on Dec. 16, 2003, was aimed to eliminate the patchwork of states' anti-spam regulations. Kennedy says he has advised more than 200 clients-all legitimate users and would-be users of e-mail messages-to focus on two main issues regarding the new law. First, they must provide an "opt-out"-an e-mail or URL address users can utilize to stop the sender from sending future unsolicited messages. Second, there must be a label in the message specifying that the message is an ad or a solicitation.

"Everything is a little less confusing because of the federal law," Kennedy says. "A big reason for the federal law was the confusion caused by the state laws. The states can still enforce some anti-spam [provisions], and state prosecutors can even use some parts of the federal law."

Kennedy recommends that respectable operations sending legitimate e-mail should also acquaint themselves with European anti-spam regulations. "The Europeans," he says, "are generally more aggressive about e-mail. If you are an American company, you have to be careful if you have an office or a server in Europe."

This article originally appeared on, a sister property of BS&T, Jan. 1.



The Controlling the Assault of Non-Solicited Pornography and Marketing Act requires unsolicited commercial e-mail messages to be labeled (though not by a standard method) and to include opt-out instructions and the sender's physical address. It prohibits the use of deceptive subject lines and false headers in such messages. The FTC is authorized (but not required) to establish a "do-not-email" registry. State laws that require labels on unsolicited commercial e-mail or prohibit such messages entirely are preempted, although provisions merely addressing falsity and deception would remain in place.


Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.