(1) This section shall be known and may be cited as the "Spam Reduction Act of 2008".
(2) A person engages in a deceptive trade practice when, in the course of such person's business, vocation, or occupation, such person:
(a) Violates any provision of the federal "Controlling the Assault of Non-Solicited Pornography and Marketing ("CAN-SPAM") Act of 2003", 15 U.S.C. secs. 7701 to 7713, or any rule promulgated under the federal act that can be enforced by states or providers of internet access service pursuant to 15 U.S.C. sec. 7706 (f) or (g);
(b) Knowingly fails to disclose the actual point-of-origin electronic mail address of a commercial electronic mail message in order to mislead or deceive the recipient as to the source or sender of the message;
(c) Knowingly falsifies electronic mail transmission information or other routing information for a commercial electronic mail message in order to mislead or deceive the recipient as to the source or sender of the message;
(d) Knowingly uses a third party's internet address or domain name without the third party's consent for the purposes of transmitting a commercial electronic mail message; or
(e) Knowingly sends a commercial electronic mail message to any person that has previously given the sender a do-not-email directive under 15 U.S.C. sec. 7704 (a)(3)(A) or provides the electronic mail address of any such person to a third party for the purpose of enabling the third party to send a commercial electronic mail message, other than pursuant to affirmative consent, to that electronic mail address.
(3) As used in this section:
(a) "Affirmative consent" has the same meaning as set forth in 15 U.S.C. sec. 7702.
(b) "Commercial electronic mail message" has the same meaning as set forth in 15 U.S.C. sec. 7702.
(c) "Electronic mail service provider" means a provider of internet access service, as defined in 47 U.S.C. sec. 231.
(d) "Sender" has the same meaning as set forth in 15 U.S.C. sec. 7702.
(4) (a) In the case of any violation of this section, an electronic mail service provider whose network or facilities were used in the transmission or attempted transmission of a commercial electronic mail message may file a civil action in a court of competent jurisdiction and may, upon proof of such violation, recover such sums as are allowed under this subsection (4).
(b)
(I) In any such action, if the electronic mail service provider prevails, the provider shall be entitled to actual damages. Upon a showing that the sender of a commercial electronic mail message violated any provision of this section, whether or not the violation resulted in a financial loss or injury, the electronic mail service provider may recover attorney fees and costs.
(II) In any such action, if the electronic mail service provider prevails, the provider is also entitled to recover, as part of the judgment, statutory damages in the amount of one thousand dollars for each commercial electronic mail message transmitted in violation of this section; except that the total amount of statutory damages awarded against a single defendant based on one transaction or occurrence shall not exceed ten million dollars.
(c) The remedies, duties, prohibitions, and penalties of this subsection (4) are not exclusive and are in addition to all other causes of action, remedies, and penalties provided by law.
(d) At the request of any party to an action brought pursuant to this subsection (4), the court may, in its discretion, conduct all legal proceedings in such a way as to protect the secrecy and security of any computer, computer network, computer data, or computer software involved in order to prevent possible recurrence of the same or similar conduct by another person and to protect the trade secrets of any party.
(e) Electronic mail service providers that adopt and implement terms, conditions, or technical measures in good faith to prevent or prohibit the origination or transmission of commercial electronic mail messages in violation of this section shall be immune from civil liability for any such actions, and no provision of this section shall be construed to create any liability for such actions.
(f) No electronic mail service provider shall be liable for the mere transmission of commercial electronic mail messages over the provider's computer network or facilities.
(g) This section shall not be construed to require any electronic mail service provider to carry or deliver any electronic mail merely because a sender complies with the provisions of this section.
(h) This section shall apply when a commercial electronic mail message is sent to a computer located in Colorado or to an electronic mail address that the sender knows, or has reason to know, is held by a Colorado resident.
(5) (a) The attorney general is hereby specifically authorized to take all actions and invoke all remedies authorized under 15 U.S.C. sec. 7706 (f) to enforce this section. Such actions and remedies are not exclusive and are in addition to all other causes of action, remedies, and penalties provided by this article and any other state or federal law.
(b) The attorney general is encouraged to and may, in his or her discretion, cooperate with an electronic mail service provider in an action by such provider under 15 U.S.C. sec. 7706 (g).
(6) The general assembly:
(a) Finds that all violations of the federal "CAN-SPAM Act of 2003" are inherently false and deceptive;
(b) Determines that falsity and deception in any portion of a commercial electronic mail message or an attachment thereto harms Colorado consumers and threatens Colorado's economy; and
(c) Declares that the intent of this section and of section 18-5-308, C.R.S., is to exercise state authority in a manner consistent with, and to the maximum extent permissible under, the federal preemption provisions of 15 U.S.C. sec. 7707 (b).