Spot the CAN SPAM violations


I received this piece of unsolicited email today, to an address harvested off a website. How many CAN SPAM violations can you count?

I’m counting at 4 violations, plus aggravated damages because the address was harvested.
How many violations can you find?
Would you trust this company to sell you actual opt-in addresses?

About the author


This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Without looking at CAN-SPAM…….
    1. Sender’s e-mail address have to be valid and not masqueraded
    2. Message has to say it’s an advertisement
    3. Business name and physical address
    Curious if I’m right or wrong and what I missed!

  • Ooh fun! I spot 1 for sure, maybe a 2nd (missing physical address, missing a “from” address?).

  • Well, starting with the header information… the spammer sent their spew from, but HELO’d as, so thats one violation right there for false or misleading transmission information. So far 1.
    Based on the above, the third Received line from the top is probably completely bogus, not sure if that counts as a separate violation for false or misleading transmission information, or if its all one violation. keeping count at 1 for now.
    The spam was sent through VZW’s network. Presumably, Verizon does NOT approve of such activities, and IIRC its prohibited in their terms of usage, so that would be relay or retransmission through unauthorized access. Violation number 2.
    The spam does not contain clear and conspicuous identification that the message is an advertisement or solicitation, Violation number 3.
    The spam does not contain an unsubscribe mechanism, Violation number 4.
    The spam does not contain a valid physical postal address of the spammer, Violation number 5.
    If the spammer’s name is not Ashley Anderson and/or if the return address is bogus, that might be an additional ding. (or not, it might be wrapped up in the materially misleading header info which the spammer already violated. idk)
    Not sure what the average person would think upon reading the subject line, so honestly idk if its deceptive of not. if so, of course that would be a violation, if not well then they got enough violations already so no biggie.
    So, with regards to the first question, I believe I’ve found 5 violations.

  • Let’s see:
    1. No postal address
    2. No opt-out instructions
    3. No notice that it’s an ad
    4. Harvesting
    5. False header, in the likely event that “Ashley Anderson” is not a real person
    I don’t see a 1037 violation, since as I read the law it applies if you break into a computer and send spam, not if you spam from one that you had legitimate access to.

  • “Ashley” doesn’t care about Can Spam. She’s in India.
    And unfortunately, yes, people are buying from pitches like this one.
    Otherwise the pitches would stop. Very sad.

  • I didn’t count harvesting as a violation. I also think that the forged header counts as the false header.

  • Where are you getting India out of this? I’m seeing that she’s using Verizon wireless in New Jersey.

By laura

Recent Posts


Follow Us