CANSPAM Flashcards
What are the two goals of the act?
The goals of the act are to:
• Reduce spam and unsolicited pornography by prohibiting senders of unsolicited commercial e-mail messages from disguising the source and content of their messages.
• Give consumers the choice to cease receiving a sender’s
unsolicited commercial e-mail messages.
What is the definition of Affirmative Consent? (2)
usage: commercial e-mail messages
• The recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the recipient’s own initiative; and
• If the message is from a party other than the party to
which the recipient communicated such consent, the recipient was given clear and conspicuous notice at the time the consent was communicated that the recipient’s e-mail address could be transferred to such other party for the purpose of initiating commercial e-mail messages.
What is a commercial e-mail message?
Any e-mail message the
primary purpose of which is to advertise or promote for a
commercial purpose, a commercial product or service (including content on the Internet). An e-mail message would not be considered to be a commercial e-mail message solely because such message includes a reference to a commercial
entity that serves to identify the sender or a reference or link to an Internet Web site operated for a commercial purpose.
What are dictionary attacks?
Obtaining e-mail addresses by using an automated means that generates possible e-mail addresses by
combining names, letters, or numbers into numerous
permutations.
What is harvesting?
Obtaining e-mail addresses using an automated means from an Internet Web site or proprietary online service operated by another person, where such service/person, at the time the address was obtained, had provided a notice stating that the operator of such Web site or online service would not
give, sell, or otherwise transfer electronic addresses.
What is header information?
The source, destination, and routing information attached to the beginning of an e-mail message, including the originating domain name and originating e-mail
address.
What is hijacking?
The use of automated means to register for
multiple e-mail accounts or online user accounts from which to transmit, or enable another person to transmit, a commercial e-mail message that is unlawful.
What is the definition of Initiate under CANSPAM?
To originate, transmit or to procure the origination
or transmission of such message but shall not include actions that constitute routine conveyance. For purposes of the Act, more than one person may be considered to have initiated the same message.
What conditions must be met for an email message to have a commercial promotion as its “primary purpose”? (4)
-If the ad or promotion contains only commercial advertisement or promotion of a commercial product or service (commercial content)
- If it contains both commercial content and transactional or relationship content if either:
- -recipient could read the subject line and likely conclude the message contains commercial content, or
- -transactional or relationship content does not appear at the beginning of the message.
- -Or reading the body of the message would likely conclude the primary purpose is commercial
The primary purpose of an email will be deemed non commercial if it contains only transactional or relationship content.
What is a protected computer? (2)
• Exclusively for the use of a financial institution or the
United States government, or, in the case of a computer
not exclusively for such use, used by or for a financial
institution or the United States government and the
conduct constituting the offense affects that use by or for the financial institution or the government; or
• Which is used in interstate or foreign commerce or
communication.
What is a transactional or Relationship email message?
An e-mail message with the primary purpose of facilitating, completing
or confirming a commercial transaction that the recipient had previously agreed to enter into; to provide warranty, product recall, or safety or security information; or subscription,
membership, account, loan, or other information relating to an ongoing purchase or use.
CANSPAM prohibits the use of what false or misleading transmission information? (3)
− False or misleading header information;
− A “from” line that does not accurately identify any
person who initiated the message; and
− Inaccurate or misleading identification of a protected
computer used to initiate the message because the person initiating the message knowingly uses another protected computer to relay or retransmit the message for purposes of disguising its origin.
What is prohibited under CANSPAM? (5)
- Prohibits use of false or misleading transmission info
- Prohibits use of deceptive subject headings
- Prohibits address harvesting and dictionary attacks.
- Prohibits hijacking
- Prohibits any person from knowingly relaying or retransmitting a commercial email message that is unlawful.
- Prohibits a person from promoting that person’s trade, business, goods, products, property, or services in an unlawful commercial email message.
What is required under CANSPAM? (3)
- Requires a functioning email return address or other internet based response mechanism.
- Requires clear and conspicuous identification that the message is an ad or solicitation, notice of opportunity to decline to receive further emails from the sender, and valid postal address of the sender.
- Requires warning labels in the subject line and within message body on commercial email messages containing sexually oriented material.
What is the first thing examiners should ascertain regarding CANSPAM compliance?
Ascertain if the bank is subject to CANSPAM by determining if the bank initiates emails whose primary purpose is commercial.
If they do not initial commercial email the bank is NOT subject to CANSPAM and no further examination is needed.
