Is harvesting illegal under CAN SPAM

I

This issue comes up repeatedly, as many people have read the CAN SPAM act and believe that CAN SPAM specifically prohibits sending mail to harvested address. This is not how I read the law.
The FTC publishes a CAN SPAM Compliance Guide for Businesses that only mentions harvesting in the context of criminal penalties for violations. They list the following 7 main requirements of CAN SPAM.

  1. Don’t use false or misleading header information.
  2. Don’t use deceptive subject lines.
  3. Identify the message as an ad.
  4. Tell recipients where you’re located.
  5. Tell recipients how to opt out of receiving future email from you.
  6. Honor opt-out requests promptly.
  7. Monitor what others are doing on your behalf.

No mention of “don’t send to harvested addresses there.”
The clause people always point to, when they’re arguing that address harvesting is illegal is subsection (b) Aggravated violations relating to commercial electronic mail

(1) Address harvesting and dictionary attacks
(A) In general
It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message that is unlawful under subsection (a), or to assist in the origination of such message through the provision or selection of addresses to which the message will be transmitted, if such person had actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that—
(i) the electronic mail address of the recipient was obtained using an automated means from an Internet website or proprietary online service operated by another person, and such website or online service included, at the time the address was obtained, a notice stating that the operator of such website or online service will not give, sell, or otherwise transfer addresses maintained by such website or online service to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages; or
(ii) the electronic mail address of the recipient was obtained using an automated means that generates possible electronic mail addresses by combining names, letters, or numbers into numerous permutations.

To me, it’s very clear this says that it is unlawful to transmit a message to a harvested address if that message is unlawful under subsection (a). If mailing to a harvested message itself were unlawful, then I would expect the section to say it is unlawful to transmit a message to a harvested address.
I’m not a lawyer, this is not legal advice, talk to your own advisor before believing anything anyone writes on the internet. I have talked to lawyers about this, though, and they’re the ones that convinced me that the act does not prohibit harvested addresses.

About the author

2 comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • I would prefer it if you were correct as I would like to scrape emails and email to them however I think your analysis is not correct as section i states you can’t use emails obtained by automated methods.
    ?? just wondering?

  • Jeff, even though it may be legal to scrape addresses from websites, it’s not effective. Mail sent to these addresses will quickly be blocked and rejected by all the major providers when their recipients ignore/mark it as spam.
    Not to mention that you will have a hard time finding an email service provider that will allow you to send to these addresses. Even if you don’t inform them of the source of the data, most ESPs have algorithms, human review, or both to spot lists that are not permission-based.

By laura

Recent Posts

Archives

Follow Us