Complying with the CAN-SPAM Act
 

Complying with the CAN-SPAM Act

Posted on 11-08-2016

By Mark W. Brennan, Hogan Lovells US LLP

The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act), 15 U.S.C. §§ 7701–7713, imposes a number of detailed requirements on persons and entities that initiate and send commercial e-mail messages. Complying with the CAN-SPAM Act is crucial, as the failure to do so may lead to regulatory scrutiny, steep fines of up to $16,000 per violation, and significant public relations and reputational consequences.

This article will discuss what persons and entities are subject to the CAN-SPAM Act (i.e. “initiators” and “senders”); what types of messages are considered commercial and thus subject to the Act; the various CAN-SPAM requirements for commercial e-mail messages, including for sexually-oriented messages and messages sent to wireless devices; enforcement; preemption; and best practices for compliance.

Overview of the CAN-SPAM Act

The CAN-SPAM Act applies to any person or business entity that initiates or sends a commercial e-mail message to a business or individual consumer (regardless of whether the message is unsolicited). Commercial e-mail messages must generally comply with the following requirements:

  • No false or misleading header information
  • No deceptive subject lines
  • Inclusion of an opt-out mechanism
  • Inclusion of the sender’s valid physical postal address
  • Identification of the message as an advertisement or solicitation1

A commercial e-mail message is defined as any e-mail that has a “primary purpose of . . . commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).”2

The CAN-SPAM Act is enforced primarily by the Federal Trade Commission (FTC), which can seek civil penalties of up to $16,000 per violation (with no maximum penalty). The CAN-SPAM Act may also be enforced, in certain circumstances, by various other federal agencies (including the Federal Communications Commission (FCC)), state attorneys general, and Internet Service Providers (ISPs). There is no private right of action.

Definitions of Initiators and Senders

The CAN-SPAM Act applies to initiators and senders of commercial e-mail messages, with different requirements applicable to each. ). The definition of each term is discussed in further detail below, along with the related issues of CAN-SPAM liability with respect to multiple senders and forward-to-a-friend e-mail marketing campaigns.

Who Is an Initiator?

A person or entity initiates a commercial e-mail message by:

  • Originating or transmitting the e-mail
  • Procuring the origination or transmission of the e-mail (i.e., intentionally paying or providing other consideration to, or inducing, another person to transmit the e-mail on one’s behalf)3

Initiators of commercial e-mail messages must comply with all aspects of CAN-SPAM (except for certain opt-out requirements that apply only to senders). For more on these requirements, see Commercial Message Requirements (Initiators), below.

Note that the definition of initiate does not include actions that constitute routine conveyance—i.e., transmitting, routing, or storing e-mails through an automatic technical process (if another person has identified the recipients or provided the recipients’ addresses).4

Who Is a Sender?

A sender is an initiator whose own product, service, or Internet website is advertised or promoted in a commercial e-mail message.5 Senders of commercial e-mails must process and honor opt-out requests, and the sender’s valid physical postal address must be included in such e-mails.

Interplay between the Definitions

Given the above definitions, note that commercial e-mails may have multiple initiators and senders. For instance, if a company engages a marketing affiliate to send commercial e-mails advertising the company’s products, both the company and the affiliate would be considered initiators under CAN-SPAM.

The affiliate is an initiator because it transmits the e-mail, while the company is an initiator because it procures the transmission of the e-mail. The company would also be considered a sender under CAN-SPAM because it is an initiator whose products are also advertised in the e-mail.6

Multiple Senders / Designating a Sender

If multiple persons’ and/or entities’ products, services, or websites are advertised or promoted in a single message (common in joint marketing campaigns), each person or entity is considered a sender for purposes of CAN-SPAM Act compliance, unless:

  • Only one person or entity is identified in the “From” line as the sole sender of the message.
  • The person/entity meets the above definition of sender.
  • The person/entity complies with various CAN-SPAM requirements, including: (1) no false or misleading header information; (2) no deceptive subject line; (3) inclusion of a functioning opt-out mechanism; (4) clear and conspicuous identification that the message is an advertisement or solicitation, inclusion of a clear and conspicuous opt-out notice, and inclusion of a valid physical postal address of the person/entity; and (5) placement of warning labels if the commercial e-mail contains sexually-oriented material.7

If each of the above is satisfied, then only the designated sender need comply with the CAN-SPAM requirements applicable to senders (processing and honoring opt-out requests, valid physical postal address). Otherwise, all of the persons/entities must comply.

Note, however, that even if a particular person/entity is designated as the sender, the non-senders are still considered initiators and must comply with all of the CAN-SPAM requirements applicable to initiators.

To guard against potential liability (e.g., if the designated sender fails to comply with the various CAN-SPAM requirements), persons/entities involved in joint marketing campaigns or similar arrangements should ensure that the relevant contracts specify which party is required to comply with the CAN-SPAM Act and the remedies for non-compliance. Such persons/entities should also audit all third-party service providers and marketing affiliates on a regular basis to help ensure compliance.

Forward-to-a-Friend E-mail Marketing Campaigns

Companies commonly participate in forward-to-a-friend e-mail marketing campaigns (i.e., campaigns encouraging consumers to forward e-mails that advertise or promote the company’s products). Such campaigns are typically conducted via one of the following methods:

  • Consumer’s own e-mail program. The company sends a commercial e-mail directly to a consumer, who may then forward the e-mail to others.
  • Web-based forwarding mechanism. A website allows consumers to enter friends’ e-mail addresses so that commercial e-mails can be sent to those addresses. 8

A company is considered both an initiator and sender under CAN-SPAM if it “procures” the origination or transmission of the forwarded e-mail by:

  • Offering consideration (i.e., something of value). Consideration might include money, coupons, discounts, awards, additional entries in sweepstakes, or similar consideration, for forwarding the e-mail.
  • Inducement. For example, a company might offer to pay an affiliate who, in turn, uses sub-affiliates. In this scenario, e-mails forwarded by the sub-affiliates would be considered induced, even though there is no direct relationship between the company and sub-affiliates.9

However, merely encouraging a consumer to forward a message, without more, is permissible and will not subject a company to CAN-SPAM liability.10

The FTC has also indicated that consumers who forward commercial messages—without being offered any consideration or inducement—are not subject to CAN-SPAM (even though they would technically be considered initiators under a strict reading of the statute). 11

Threshold Requirement: Is the E-mail Message a Commercial Message?

The main requirements of the CAN-SPAM Act only apply to commercial e-mail messages. As such, the first step in assessing CAN-SPAM Act compliance is to determine whether a particular e-mail message is commercial or, instead, a transactional or relationship message or other type of message (to which CAN-SPAM generally does not apply).

When conducting this inquiry:

  • Assess whether the message contains any transactional or relationship content.12
  • If the message contains both transactional or relationship content and commercial content, assess whether the message’s primary purpose is commercial under 16 C.F.R. § 316.3(a)(2).
  • If the message contains both commercial content and non-transactional or non-relationship content, assess whether the message’s primary purpose is commercial under 16 C.F.R. § 316.3(a)(3).

If the message is commercial, then you must comply with all of CAN-SPAM’s requirements. If the message is a transactional or relationship message (as discussed below), you need only ensure that the message does not contain false or misleading header information.

Transactional or Relationship Messages

To determine whether an e-mail message contains any transactional or relationship content, assess whether the message does one or more of the following:

  • Facilitates, completes, or confirms a commercial transaction previously agreed to by the recipient
  • Provides warranty, product recall, safety, or security information for a product or service purchased by the recipient
  • Provides certain information regarding a membership, subscription, account, loan, or similar ongoing relationship between the recipient and sender (e.g., notification of a change in the terms or features of a membership or subscription, periodic account balance information)
  • Provides information about an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled
  • Delivers goods or services (such as product upgrades or updates) as part of a transaction to which the recipient previously agreed13

If the message contains any of the above information and no commercial content, then it is considered a transactional or relationship message.14

Transactional or relationship messages may not contain false or misleading header information (i.e., the “From,” “To,” “Reply To,” and routing information, including the originating domain name and e-mail address).15 However, such messages are otherwise exempt from the CAN-SPAM Act’s more detailed requirements.

Primary Purpose Test: Messages with Commercial Content and Transactional or Relationship Content

If a message contains both commercial content and transactional or relationship content (as discussed above), assess whether the message’s primary purpose is commercial under 16 C.F.R. § 316.3(a)(2). Such messages have a commercial primary purpose if either:

  • The recipient would reasonably interpret the subject line to mean that the message contains commercial advertising.
  • A substantial part of the transactional or relationship content does not appear at the beginning of the message.16

If the message is commercial, then you must comply with all of CAN-SPAM’s requirements.

Primary Purpose Test: Messages with Commercial Content and Non-transactional or Non-relationship Content

If a message contains both commercial content and non-transactional or non-relationship content, assess whether the message’s primary purpose is commercial under 16 C.F.R. § 316.3(a)(3). Such messages have a commercial primary purpose if either:

  • The recipient would reasonably interpret the subject line to mean that the message contains commercial advertising.
  • The recipient would reasonably interpret the body of the message to mean that the message’s primary purpose is commercial advertising.17

The following factors are relevant to the analysis:

  • The location of the commercial content (beginning, middle, or end of the message)
  • The proportion of the message devoted to commercial content
  • The aesthetics used to highlight the commercial content (e.g., color, graphics, font size, style)18

If the message is commercial, then you must comply with all of CAN-SPAM’s requirements.

Commercial Message Requirements (Initiators)

Any person or entity that initiates a commercial e-mail message (i.e., a message with a primary purpose of commercial advertisement or promotion of a commercial product or service) must comply with the following requirements under CAN-SPAM:

  • No false or misleading header information
  • No deceptive subject lines
  • Inclusion of an opt-out mechanism
  • Inclusion of the sender’s valid physical postal address
  • Identification of the message as an advertisement or solicitation19

Each of these requirements is discussed in further detail below. Note that separate requirements apply to senders of commercial e-mail messages – see Commercial Message Requirements later in this article.

No False or Misleading Header Information

The CAN-SPAM Act prohibits the transmission of a commercial e-mail message or a transactional or relationship message that contains materially false or misleading header information. This is the only requirement that applies to both commercial and transactional or relationship messages.

To comply with this aspect of CAN-SPAM, header information (i.e., the “From,” “To,” “Reply To,” and routing information, including the originating domain name and e-mail address) must be accurate and must clearly identify the person who initiated the message.20

No Deceptive Subject Lines

The CAN-SPAM Act prohibits the transmission of commercial e-mails with deceptive subject lines. A subject line is deceptive if the initiator of the message had actual knowledge (or knowledge fairly implied on the basis of objective circumstances) that the subject line would be likely to mislead the recipient about a material fact regarding either:

  • The contents of the message
  • The subject matter of the message21

To comply with this aspect of CAN-SPAM, the subject line must accurately describe the content of the e-mail (e.g., by using Advertising, ADV, or similar language).

Opt-Out Mechanisms

Commercial e-mails must clearly explain how the recipient can opt out of receiving future commercial messages from the sender via one of the following opt-out mechanisms:

  • A functional return e-mail address
  • An Internet-based mechanism (such as an opt-out link)22

If there is an opt-out menu offered, one menu option must allow a complete opt-out of all commercial messages from the sender.23

The opt-out mechanism must be functional for at least 30 days after the e-mail is sent. Note, however, that an unexpected, temporary inability to receive messages or process opt-out requests—due to a technical problem beyond the sender’s control—does not violate CAN-SPAM if the problem is corrected within a reasonable time period.24

To comply with this aspect of CAN-SPAM, opt-out notices must be clear and conspicuous, and all opt-out mechanisms must be functional. Businesses should therefore consider ways to make the opt-out notice stand out from other parts of the message, such as through font size, color use, or other formatting approaches. They should also test their opt-out mechanisms on a regular basis and promptly correct any issues.

Sender’s Valid Physical Postal Address

The sender’s valid physical postal address must be included in a commercial e-mail message.25 To comply with this requirement, the message must include either of the following:

  • The sender’s current street address
  • A Post Office box that the sender has accurately registered with the U.S. Postal Service
  • A private mailbox that the sender has accurately registered with a commercial mail receiving agency established pursuant to U.S. Postal Service regulations26

Identification of Message as Advertisement or Solicitation

A commercial e-mail message must identify the message as an advertisement or solicitation (unless the recipient previously consented to receive the message).27

To comply with this requirement, the message must contain a clear and conspicuous notice that it is an advertisement or solicitation (unless the recipient previously opted in to receive such messages). The notice should be legible and stand out against the rest of the text, for example, by appearing in a larger font size or a different font and/or color.

Commercial Message Requirements (Senders)

To comply with CAN-SPAM, senders of commercial e-mail messages must:

  • Process and honor opt-out requests
  • Include the sender’s valid physical postal address in the message

Each issue is discussed in further detail below.

Opt-out Requirements for Senders

Senders of commercial e-mail messages (or those acting on behalf of a sender) may not require a recipient to do any of the following in order to submit an opt-out request or have such a request honored:

  • Pay a fee
  • Provide any information other than the recipient’s e-mail address and opt-out preferences
  • Take any steps other than sending a reply message or visiting a single webpage28

Once a recipient submits an opt-out request, the following applies:

  • The sender must process the opt-out request within 10 business days. The request does not expire unless the recipient later expressly consents to receive commercial e-mails from the sender.
  • After this time, the sender (or any person acting on its behalf) may not transmit further commercial e-mails falling within the scope of the request to the recipient without the recipient’s affirmative consent.
  • The sender (or any person who knows of the opt-out request) may not sell, exchange, or otherwise transfer the recipient’s e-mail address without the recipient’s affirmative consent, except as required by law.29

To comply with these aspects of CAN-SPAM, senders should test their processes for opt-out requests on a regular basis and promptly correct any issues. Senders should also regularly assess their internal procedures for tracking and honoring opt-out requests (e.g., scrubbing mailing lists prior to sending any commercial e-mails) and, where appropriate, conduct audits for vendor compliance.

Sender’s Valid Physical Postal Address

The sender’s valid physical postal address must be included in a commercial e-mail message.30 To comply with this requirement, the message must include any of the following:

  • The sender’s current street address
  • A Post Office box that the sender has accurately registered with the U.S. Postal Service
  • A private mailbox that the sender has accurately registered with a commercial mail-receiving agency established pursuant to U.S. Postal Service regulations31

Sexually-Oriented Commercial Messages

Additional CAN-SPAM requirements apply to initiators of commercial e-mail messages that contain sexually-oriented material. Such material is defined as “any material that depicts sexually explicit conduct . . . unless the depiction constitutes a small and insignificant part of the whole, the remainder of which is not primarily devoted to sexual matters.”32

If a commercial e-mail contains sexually-oriented material, and the recipient has not previously consented to receive such messages, warning labels must appear in:

  • The subject line
  • The body of the message33

Note that the warning-label restrictions are in addition to the general CAN-SPAM requirements that are applicable to all commercial e-mails.

Subject Line Restrictions

If a commercial e-mail contains sexually-oriented material, the subject line must include the warning “SEXUALLY-EXPLICIT:” in capital letters as the first 19 characters in the subject line (the colon and the space following the phrase are the 18th and 19th characters). The subject line may not include any sexually-oriented material.34

Content Restrictions

If a commercial e-mail contains sexually-oriented material, the body of the message must include the electronic equivalent of a “brown paper wrapper,” such that when the recipient opens the message, the only things initially viewable are:

  • The warning “SEXUALLY-EXPLICIT:”
  • The information required for all commercial e-mails
  • Any necessary instructions on how to access the sexually-oriented material (e.g., scrolling down or clicking on a hyperlink), preceded by a clear and conspicuous statement that the recipient should delete the e-mail, without following such instructions, to avoid viewing the content35

Commercial Messages Sent to Wireless Devices

The CAN-SPAM Act authorizes the FCC to regulate unwanted mobile service commercial messages (i.e., commercial e-mails sent to e-mail addresses associated with a wireless device, such as 5551212@verizon.net).36 To that end, the FCC has enacted rules addressing such messages.

Among other things, the FCC rules:

  • Prohibit sending mobile service commercial messages without express prior authorization
  • Set forth requirements for obtaining express prior authorization
  • Set forth opt-out requirements for mobile service commercial messages

Each of these issues is discussed in further detail below.

Prohibition on Sending Mobile Service Commercial Messages without Express Prior Authorization

A person or entity may not initiate a mobile service commercial message without express prior authorization.37 This opt-in requirement is in contrast to the FTC’s opt-out requirements for commercial e-mail messages.

A mobile service commercial message is a commercial e-mail message “that is transmitted directly to a wireless device that is utilized by a subscriber of a commercial mobile service . . . in connection with such service.”38 An example would be a commercial e-mail message sent to 5551212@att.mobile.net.

A commercial message is presumed to be a mobile-service commercial message “if it is sent or directed to any address containing a reference, whether or not displayed, to an Internet domain listed on the FCC’s wireless domain names list.”39 The list, available on the FCC’s website, is periodically updated by wireless carriers, per FCC regulations.40

There is no liability for sending a message where a domain has appeared on the FCC’s list for fewer than 30 days, so long as the person or entity does not knowingly initiate a mobile service commercial message.41

To ensure compliance with the rules, check the FCC’s wireless domain names list within 30 days of sending any commercial e-mails to addresses associated with a wireless device. If the domain at issue appears on the list, you must:

  • Obtain the recipient’s permission before sending a commercial message (see “Obtaining Express Prior Authorization” below)
  • Include one or more opt-out mechanisms in the message (see “Opt-Out Requirements for Mobile Service Commercial Messages” below)

Obtaining Express Prior Authorization

When requesting express prior authorization, an initiator of a mobile service commercial message must clearly disclose the following:

  • The identity of the sender
  • The fact that the recipient agrees to receive mobile service commercial messages to his/her wireless device from the sender
  • The fact that the recipient may be charged by his/her wireless service provider in connection with receipt of such messages
  • The fact that the recipient may revoke his/her consent at any time42

Express prior authorization may be obtained by oral or written means, including electronic methods. If written, the authorization must contain the recipient’s signature (or electronic signature, in accordance with the E-Sign Act).43

Opt-Out Requirements for Mobile Service Commercial Messages

Mobile service commercial messages (if properly authorized) must include one or more opt-out mechanisms, such as a functional return e-mail address or other Internet-based mechanism (such as an opt-out link). The following rules also apply:

  • If the recipient’s express prior authorization was granted electronically, at least one opt-out mechanism must use the same electronic means that was used to obtain authorization.
  • At least one opt-out mechanism must not result in additional charges to the recipient.44

The opt-out mechanism(s) must be functional for at least 30 days after a message is sent, and all opt-out requests must be processed within 10 business days.45

To comply with this aspect of the FCC’s rules, opt-out notices must be clear and conspicuous, and all opt-out mechanisms must be functional. Businesses should therefore test their opt-out mechanisms (and their processes for tracking opt-out requests) on a regular basis and promptly correct any issues. They should also, where appropriate, conduct audits for vendor compliance.

Enforcement of the CAN-SPAM Act

While the CAN-SPAM Act is enforced primarily by the FTC, a host of federal and state agencies, along with Internet service providers (ISPs), also have authority to enforce the CAN-SPAM Act. There is no private right of action for consumers.

Penalties for violations vary based on which entity is enforcing the Act and may be enhanced in the case of aggravated violations. Criminal penalties may also be imposed by the Department of Justice (DOJ) in certain circumstances.

The various types of CAN-SPAM enforcement and penalties are discussed below.

FTC Enforcement

The FTC has authority to enforce CAN-SPAM Act violations as unfair and deceptive trade practices under the FTC Act.46 The FTC can seek civil penalties of up to $16,000 per e-mail that violates CAN-SPAM, with no maximum penalty.47 The FTC may also seek injunctive relief.48

Enforcement by Other Federal Agencies

Other federal agencies have authority to enforce the CAN-SPAM Act against entities or activities that fall outside the scope of the FTC’s jurisdiction; such agencies include the Securities and Exchange Commission (SEC) and the FCC, among others. The penalties for non-compliance vary depending on the agency and the statutes/regulations at issue.49

State Enforcement

State attorneys general and other state officials and agencies can bring claims for CAN-SPAM Act violations affecting state residents. Such agencies can seek to recover:

  • Injunctive relief
  • Actual damages or statutory damages up to $250 per e-mail, whichever is greater, up to a maximum award of $2 million (Note that claims for false or misleading header information do not count towards the $2 million cap.)
  • Three times the amount of statutory damages for willful, knowing, or aggravated violations
  • Attorney’s fees and costs50

Aggravated violations are explained in detail later in this article.

ISP Enforcement

ISPs can bring claims for certain CAN-SPAM Act violations (e.g., false or misleading header information, failure to place warning labels on commercial e-mails containing sexually-oriented material). ISPs can seek to recover:

  • Injunctive relief
  • For false or misleading header information: Actual damages or statutory damages up to $100 per e-mail, whichever is greater, with no cap on the maximum award
  • For all other violations: Actual damages or statutory damages up to $25 per e-mail, up to a maximum award of $1 million
  • Three times the amount of statutory damages for willful, knowing, or aggravated violations
  • Attorney’s fees and costs51

Note that in actions brought by ISPs, the term procure (which bears on the definition of initiator) has a different meaning. Specifically, a person or entity that provides consideration to, or induces, another person to initiate a commercial e-mail on its behalf must have actual knowledge, or must consciously avoid knowing, that such person is engaging, or will engage, in a pattern or practice that violates the CAN-SPAM Act.52

Aggravated Violations

In CAN-SPAM actions brought by ISPs or state attorneys general or other state agencies, statutory damage awards may be tripled if the defendant committed one or more of the following aggravated violations:

  • Address harvesting. This is when a party automatically obtains e-mail addresses from an Internet website or proprietary online service.
  • Dictionary attacks. A dictionary attack is when a party generates a list of possible e-mail addresses by combining names, letters, and numbers.
  • Automated creation of multiple e-mail accounts. This is when a party uses scripts or other automatic means to register multiple e-mail accounts so that such accounts may be used to transmit commercial e-mails.
  • Spoofing. Spoofing is the relaying or retransmitting of commercial e-mails from a computer that was accessed without authorization.53

Criminal Penalties

The DOJ may assess fines and/or up to five years’ imprisonment for knowing violations of the CAN-SPAM warning-label requirements for sexually-oriented material.54 The DOJ may also assess fines, up to five years’ imprisonment, and/or forfeitures for fraud and related activities in connection with e-mail.55

CAN-SPAM Act Preemption

The CAN-SPAM Act preempts state laws that expressly regulate the use of e-mail to send commercial messages, except to the extent such laws prohibit “falsity or deception” in any portion of a commercial e-mail message.56 As such, states’ general consumer protection laws and similar laws are not preempted. Additionally, the Act expressly does not preempt:

  • State laws that are not specific to e-mail (including trespass, contract, and tort law)
  • State laws related to acts of fraud or computer crime57

The CAN-SPAM Act also has no effect on an ISP’s “adoption, implementation, or enforcement” of a policy of declining to transmit, route, handle, or store certain types of e-mail messages (e.g., spam policies).58


To find this article in Lexis Practice Advisor, follow this research path:

Research Path: Intellectual Property & Technology > Privacy & Data Security > Privacy & Data Security Compliance > Practice Notes > Complying with Privacy & Data Security Laws


Mark W. Brennan is a partner in the Washington, D.C. office of Hogan Lovells US LLP, and his practice spans communications technology and privacy issues.


1See 15 U.S.C. § 7704. 2 15 U.S.C. § 7702(2)(A). 3 See15 U.S.C. § 7702(9),(12). 4 See 15 U.S.C. § 7702(15). 5 See 15 U.S.C. § 7702(16). 6 See 15 U.S.C. § 7702(9),(12),(16). 7 See16 C.F.R. § 316.2(m). 8 See Statement of Basis and Purpose, 73 FR 29654 (FTC May 21, 2008). 9 Id. 10 Id. 11 Id. 12 See15 U.S.C. § 7702(17)(A). 13 See15 U.S.C. § 7702(17)(A);16 C.F.R. § 316.3(c). 14 See 16 C.F.R. § 316.3(b). 15 See 15 U.S.C. § 7704(a)(1). 16 See 16 C.F.R. § 316.3(a)(2). 17 See16 C.F.R. § 316.3(a)(3). 181 See16 C.F.R. § 316.3(a)(3)(ii). 19 See generally 15 U.S.C. § 7704. 20 See 15 U.S.C. § 7704(a)(1). 21 See15 U.S.C. § 7704(a)(2). 22 See15 U.S.C. § 7704(a)(3)(A). 23 See 15 U.S.C. § 7704(a)(3)(B). 24 See 15 U.S.C. § 7704(a)(3)(C). 25 See 15 U.S.C. § 7704(a)(5)(A). 26 See 16 C.F.R. § 316.2(p). 27 See15 U.S.C. § 7704(a)(5)(A). 28 See16 C.F.R. § 316.5. 29 See 15 U.S.C. § 7704(a)(4)(A)(B). 30 See15 U.S.C. § 7704(a)(5)(A). 31 See 16 C.F.R. § 316.2(p). 32 See 15 U.S.C. § 7704(d)(4). 33 See 15 U.S.C. § 7704(d)(1),(2). 34 See 16 C.F.R. § 316.4(a)(1). 35 See 16 C.F.R. § 316.4(a)(2). 36 See generally 15 U.S.C. § 7712. 37 See 47 C.F.R. § 64.3100(a)(1). 38 See 47 C.F.R. § 64.3100(c)(7). 39 See 47 C.F.R. § 64.3100(c)(7). 40 See 47 C.F.R. § 64.3100(f). 41 See 47 C.F.R. § 64.3100(a)(4). 42 See 47 C.F.R. § 64.3100(d)(5). 43 See 47 C.F.R. § 64.3100(d)(1). 44 See 47 C.F.R. § 64.3100(b). 45 See 47 C.F.R. § 64.3100(b)(1), (6). 46 15 U.S.C. § 7706(a). 47 See 15 U.S.C. § 7706(d). 48 See 15 U.S.C. § 7706(e). 49 See 15 U.S.C. § 7706(b). 50 See 15 U.S.C. § 7706(f). 51 See 15 U.S.C. § 7706(g). 52 See 15 U.S.C. § 7706(g)(2). 53 See 15 U.S.C. § 7704(b),15 U.S.C. § 7706(f)(3)(C), 15 U.S.C. § 7706(g)(3)(C). 54 See 15 U.S.C. § 7704(d)(5). 55 See 18 U.S.C. § 1037. 56 See 15 U.S.C. § 7707(b)(1). 57 See 15 U.S.C. § 7707(b)(2). 58 See 15 U.S.C. § 7707(c).