Colorado Spam Law
The Colorado Spam Law is titled the “Spam Reduction Act of 2008”, found at CRS 6-1-702.5. It is part of the Colorado Consumer Protection Act.
The Colorado Spam Law makes it a deceptive trade practice to:
1. Violate any portion of the federal “Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003, found in 15 USC 7701-7713;
2. Knowingly fail to disclose the actual point-of-origin e-mail address of a commercial e-mail message to mislead or deceive the recipient;
3. Knowingly falsify e-mail transmission information or other routing information of a commercial e-mail message to mislead or deceive the recipient;
4. Knowingly use a third party’s internet address or domain name without the third party’s consent for the purposes of transmitting a commercial e-mail message;
5. Knowingly send a commercial e-mail message to any person who has previously given the sender a do-not-email directive under 15 USC 7704(a)(3)(A), or
6. Provide the e-mail address of any such person to a third party for the purpose of enabling the third party to send a commercial e-mail message, without affirmative consent.
“Affirmative consent“, “commercial e-mail message” and “sender” have the same meanings as in 15 USC 7702.
“Electronic mail service provider” means a provider of internet access service, defined in 47 USC 231.
CAN-SPAM Compliance Checklist
Each separate email in violation of the federal CAN-SPAM Act is subject to civil penalties of up to $16,000 by the Federal Trade Commission (FTC). Criminal penalties may also be imposed by the Department of Justice (DOJ) in certain circumstances, including fines and up to five years’ imprisonment.
1. Determine if the primary purpose of the message is commercial content, to advertise or promote a commercial product or service, transactional or relationship content, to update an existing customer, or other content.
2. Do not use false or deceptive header information
3. Do not send e-mail to recipients without written opt-in approval, as a best practice, double opt-in is the best method to prevent false sign-ups by pranksters
4. Do not use blank or deceptive subject lines, the subject must describe message contents and may not include any sexually-oriented material
5. Identify the message as an advertisement, make the notice clear and conspicuous with large letters
6. Include the sender’s name and valid physical postal address
7. remind the reader of the sign-up date and method, as a best practice
8. Include an easy, clear and conspicuous explanation of how to opt-out of receiving all or certain types of future messages
9. Honor opt-out requests promptly, within 10 business days
10. Monitor messages that are sent on your behalf by assistants and marketing agencies
11. Do not send a commercial message to a mobile service wireless device without express prior opt-in authorization
12. Check the process periodically to make sure it is working in compliance with the law, opt-out must be functional
Colorado Spam Law Penalties
An e-mail service provider (ESP), whose network was used to send spam, may file a civil action to recover damages, attorney fees, and costs.
In addition, the e-mail service provider is entitled to recover statutory damages of $1,000 for each spam e-mail sent, up to $10 million per occurrence.
E-mail service providers that adopt and implement terms, conditions or technical measures to prevent or prohibit spam shall be immune from civil liability for actions of the spam sender.
The Colorado spam law applies when spam e-mail is sent to a computer located in Colorado or to an e-mail address held by a Colorado resident.
In addition to all other actions, remedies and penalties under state and federal law, the Colorado Attorney General is authorized to take all actions found in 15 USC 7706(f), Enforcement by States, to recover statutory damages of $250 for each spam e-mail sent, up to $2 million per occurrence, plus attorney fees and costs. Triple damages may be awarded for willful, knowing, or aggravated violations, including address harvesting, spoofing, or automated creation of multiple e-mail accounts to send spam.
Reporting Spam in Colorado
You can also submit Unsolicited Commercial E-mail to the FTC at firstname.lastname@example.org. The FTC cannot resolve individual complaints, but your report is shared with local, state, federal, and foreign law enforcement partners and might be used to investigate cases or in a legal proceeding.
Here is an example of a reply I receive when reporting spam to Microsoft email:
RE: SRX1286244878ID – FW: Affordable SEO And Link Building Services
Online Safety Team
If the sender is a legitimate business, with a valid physical postal address included in the spam e-mail, you may decide to send an e-mail request or cease and desist notice to be removed from their e-mail list. Be polite. Keep your notice for your records. Allow 10 business days to be removed. Keep any spam e-mail received after you have sent notice to be removed.
CEASE and DESIST NOTICE
Remove my email address from your list immediately.
Do not send me email again.
Do not give my email address to any other party.
I am not waiving any legal rights or remedies.
Your email will be used as evidence of your illegal activity.
Violations of state and federal laws and email terms of service will be reported.
Remedies include account termination, monetary damages and criminal prosecution.
1. Colorado SPAM Reduction Act CRS 6-1-702.5
Disclaimer: This information is not legal advice. For legal advice, contact a licensed, competent attorney.