Spot the CAN SPAM violations


I received this piece of unsolicited email today, to an address harvested off a website. How many CAN SPAM violations can you count?

Received: by (Postfix, from userid 1003)
  id 166562E196; Wed,  5 Oct 2011 13:50:25 -0700 (PDT)
Received: from [] (
  []) by (Postfix) with SMTP id
  850862E185 for <MUNGED>; Wed,  5 Oct 2011 13:50:23 -0700 (PDT)
Received: from [][] by []
  [] (SMTPD32); Wed, 5 Oct 2011 13:49:44 -0700
  Message-ID: <>
From: "Ashley Anderson"
Subject: Do You Want Access to NEW Customers?
Date: Wed, 5 Oct 2011 13:49:42 -0700
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Does you company need access to fresh databases that can be used
for E-mail Marketing, Direct Mail & Telemarketing?
We have access to 200 Million Consumers & 45 Million
Some of our most popular lists are:
> U.S. Realtors - 1,281,916 Full Records=09
> U.S. Lawyers - 269,787 Full Records=09
> U.S. Financial Planners - 265,425 Full Records=09
> U.S. Businesses - 4.8 Million Full Records=09
> U.S. Manufacturers - 1,057,119 Full Records=09
> U.S. Homeowners - 1,326,620 Full Records=09
> U.S. Physicians - 741,809 Full Records=09
> Worldwide Investors - 8,562,140 Emails Only=09
*Much More Available Upon Request=2E
Call us to get a FREE quote!
Thank You,
Ashley Anderson
Data Specialist
Business Networking Services
1 (800) 841-5070

I’m counting at 4 violations, plus aggravated damages because the address was harvested.
How many violations can you find?
Would you trust this company to sell you actual opt-in addresses?

About the author


This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Without looking at CAN-SPAM…….
    1. Sender’s e-mail address have to be valid and not masqueraded
    2. Message has to say it’s an advertisement
    3. Business name and physical address
    Curious if I’m right or wrong and what I missed!

  • Ooh fun! I spot 1 for sure, maybe a 2nd (missing physical address, missing a “from” address?).

  • Well, starting with the header information… the spammer sent their spew from, but HELO’d as, so thats one violation right there for false or misleading transmission information. So far 1.
    Based on the above, the third Received line from the top is probably completely bogus, not sure if that counts as a separate violation for false or misleading transmission information, or if its all one violation. keeping count at 1 for now.
    The spam was sent through VZW’s network. Presumably, Verizon does NOT approve of such activities, and IIRC its prohibited in their terms of usage, so that would be relay or retransmission through unauthorized access. Violation number 2.
    The spam does not contain clear and conspicuous identification that the message is an advertisement or solicitation, Violation number 3.
    The spam does not contain an unsubscribe mechanism, Violation number 4.
    The spam does not contain a valid physical postal address of the spammer, Violation number 5.
    If the spammer’s name is not Ashley Anderson and/or if the return address is bogus, that might be an additional ding. (or not, it might be wrapped up in the materially misleading header info which the spammer already violated. idk)
    Not sure what the average person would think upon reading the subject line, so honestly idk if its deceptive of not. if so, of course that would be a violation, if not well then they got enough violations already so no biggie.
    So, with regards to the first question, I believe I’ve found 5 violations.

  • Let’s see:
    1. No postal address
    2. No opt-out instructions
    3. No notice that it’s an ad
    4. Harvesting
    5. False header, in the likely event that “Ashley Anderson” is not a real person
    I don’t see a 1037 violation, since as I read the law it applies if you break into a computer and send spam, not if you spam from one that you had legitimate access to.

  • “Ashley” doesn’t care about Can Spam. She’s in India.
    And unfortunately, yes, people are buying from pitches like this one.
    Otherwise the pitches would stop. Very sad.

  • I didn’t count harvesting as a violation. I also think that the forged header counts as the false header.

  • Where are you getting India out of this? I’m seeing that she’s using Verizon wireless in New Jersey.

By laura

Recent Posts


Follow Us