CAN-SPAM allows spammers to continue spamming you if you (1) consent by not opting out or (2) provide subsequent affirmative consent after opting out. 15 U.S.C.A. § 7704(a)(4) (West Supp. 2003). So where does our Gmail spam lab map?
Aaron Pratt has a website which consents to (actually asks for) spam (see LawMeme's previous coverage here). He is receiving a great deal of spam, and as an American user, that spam is governed by the groundbreaking American nationwide spam regulations, CAN-SPAM. This is true of overseas spam recieved by Pratt also but easier to enforce domestically. Obviously if Pratt never opts out of any offers, he has not entered CAN-SPAM's opt-out regulatory scheme. Like never putting his number on the do-not-call list, the messages can flow freely subject to some other blanket restrictions (in this case forged header requirements and labeling of pornographic spam).
If Pratt decides to opt-out of an offer, say the Pooper Family Insurance Notice (an actual offer received) Pooper Insurance must make sure he is off the list within ten days or further messages are illegal.
However, were he to decide he wanted to get back on a list, he could subsequently affirmatively consent. "A prohibition in subparagraph (A) does not apply if there is affirmative consent by the recipient subsequent to the request under subparagraph (A)" (15 U.S.C.A. § 7704(a)(4)(B)). So what is affirmative consent?
The term "affirmative consent", when used with respect to a commercial electronic mail message, means that--
(A) the recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the recipient's own initiative; and
(B) if the message is from a party other than the party to which the recipient communicated such consent, the recipient was given clear and conspicuous notice
at the time the consent was communicated that the recipient's electronic mail address could be transferred to such other party for the purpose of initiating commercial electronic mail messages.
15 U.S.C.A. § 7702(1). So looks like Pooper Insurance could take consent from Pratt's initiative to consent as long as it is subsequent to his opt-out request. If Pratt simply leaves his blanket consent up on his webpage, is that consent after the opt-out?
A spammer could make a good case that the consent was given--read and recieved--after the opt-out. So what if Pratt dates it?
The real catch comes at the introduction of the Do-Not-Spam List. CAN-SPAM requires The FTC to present a report by June about the feasibility such a list, and many think it will happen (the FTC took public comments until recently about the report). Putting other fears aside about the list, let us assume for a moment that it works perfectly and Pratt's email to be spammed, prattboy@gmail.com, is indeed on the list. If his website were still up consenting to spam is this subsequent approval? The Do-Not-Spam list runs into problems if it is possible to opt-out using the list and opt back in using the Internet. If time is controlling, as it is for other ways to consent, there needs to be some statutory way to date consent given via websites.
Perhaps a better way would be to make the settings on the Do-Not-Spam list binding in some way, as either a ceiling or a floor for acceptable communications. Since CAN-SPAM's entire rationale is opt-out based it makes most sense to think of the Do-Not-Spam list as a more organized opt-out. This seems to be the least amount that the consumer can opt out of. It makes little sense for Pratt to put prattboy@gmail.com on the list only so he can pick and choose what to opt-in to; then it becomes an opt-in regime. Instead, his opt-out choices on the list should be binding until he changes his list registry, though he is free to opt-out from further messaging.
In the meantime, it looks like Pratt could be free to opt-out, especially if his consent were dated as before the opt-out. Without a website at all, his consent is old and no longer binding after he opts out. This discussion, of course, is highly academic since federal lawsuits are expensive and only states, the federal government, and ISPs can sue under CAN-SPAM--none of these parties seem likely to help poor spammed Pratt.
See Pratt's previous story here.
See more international spam law here.