When CAN-SPAM was first introduced it was equally heralded and decried as legislation which would sweep aside all existing state statutes addressing spam.  It was tough to read a report describing the statute which would not insinuate that the Act would essentially legalize spam.  On closer examination this has not exactly borne out.  Let’s take that closer look.  

CAN-SPAM’s preemption language provides that it

supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.

The Statute also provides that it does not preempt laws not specific to email such as trespass, contract or tort, or laws relating to fraud or computer crime.  

A recent federal district court case considered and rejected a defendant’s argument that CAN-SPAM preempted Washington’s law regulating commercial email:  Gordon v. Impulse Mktg. Group, Inc., 375 F. Supp. 2d 1040, 1045 (E.D. Wash. 2005).  The Washington statute prohibits misrepresentation or obfuscation of the transmission path, misleading subject lines, or use of a third party domain name without permission.  Gordon held that the express language of the statutes precluded preemption:

the plain language of the CAN-SPAM Act does not support Defendant's argument that Plaintiff's claims are preempted by the CAN-SPAM Act.  Since subsection 1(a) prohibits misrepresentation in the transmission path or in identifying the point of origin, and subsection 1(b) prohibits false or misleading information in the subject line, the Court concludes that Washington's Commercial Electronic Mail Act is excepted from federal preemption because it prohibits “falsity and deception”.

(For some reason the Court did not get into detail on the issue of whether preemption extended to the prong of the Washington statute which covers use of a third party domain name without permission.  It would be a stretch to argue that this necessarily entails deception or falsity to the ultimate recipient.  Where emails are routed through third party servers this is a wrong committed upon the owner of the third party domain and does not always involve deception to the recipient (which would be covered under the mis-representation of transmission path prong).)  In any event, my guess is that defendants will continue to raise preemption arguments, only to have those arguments repeatedly rejected by courts.  Laws that impose labeling requirements (such as Utah’s now-repealed Unsolicited Commercial and Sexually Explicit Email Act (the Act) Utah Code Ann. § 13-36-103 (2002) (repealed 2004)) are likely preempted.  Another good candidate for preemption is the California statute seemingly imposing a blanket ban on spam (Cal. Bus. and Prof. Code § 17529.2 (blanket prohibition on unsolicited commercial email sent from California, or to a California email address)).  

The more interesting question is whether there is any interplay between CAN-SPAM’s standards for liability and state standards.  With respect to liability, plaintiffs often argue that state spam statutes (such as in California) impose strict liability.  It would seem to me that in this circumstance, a good argument can be made that they extend beyond “prohibit[ing] falsity or deception,” and are therefore preempted, particularly where state and federal standards for liability differ.