Signed into
law by President Bush in December 2003, the CAN-SPAM Act (also known by its official name, Controlling the Assault of Non-Solicited
Pornography and Marketing Act of 2003) has recently been invoked in several federal and state actions brought against businesses
employing commercial email advertising. As these cases illustrate, the CAN-SPAM
Act carries potentially serious pitfalls for any business that advertises its products or services through email.
Heightening this concern is the expanding role of email in today's business markets.
The CAN-SPAM
Act, effective January 1, 2004, applies to email messages whose primary purpose is to advertise or promote a commercial product
or service. The Act clearly covers unsolicited emails containing pure commercial
advertising. Conversely, it is apparent that the Act would not apply to emails
that are personal and non-commercial in nature. However, a grey area exists with
respect to emails which contain elements of both. The scope of the CAN-SPAM Act
is not limited to large “bulk-emailers”. In fact, any company that
uses email to directly or indirectly market its services or products risks violating the provisions of the Act unless
it follows the proper procedures. The following is a brief overview of some
recent proceedings as well as an overview of the general requirements of the CAN-SPAM Act.
Federal
Trade Commission
In April, the
Federal Trade Commission (“FTC”) filed separate complaints against two companies, purveyors of diet patches, for
violation of the CAN-SPAM Act. According to the actions, since January 1, 2004, the FTC has received nearly 1 million complaints of illegal "spam" connected to the two companies. The companies are being held in violation of the CAN-SPAM Act for allegedly failing
to include an “opt-out” provision and obscuring their identity by using innocent third party email addresses for
reply address. Under the CAN-SPAM Act, each company could be forced to pay up
$2,000,000 in fines with individuals facing up to 5 years imprisonment.
New York
On July 19, 2004, the New York Attorney General’s office settled a lawsuit against a Colorado-based email
marketing company for $50,000. According to the Attorney General’s office,
the company had sent thousands of unsolicited commercial emails which used subject lines and email addresses that were misleading
to recipients. The company has agreed to provide the Attorney General’s
office with customer information and all advertisements (i.e., commercial emails) that the company sends in the future
as well as comply with the terms of the CAN-SPAM Act.
Massachusetts
The Massachusetts
Attorney General’s office is currently proceeding with an enforcement action against a Florida-based email advertiser
of mortgage broker services. A hearing to determine whether a preliminary injunction
was warranted in this case occurred on July 21, 2004. Allegedly, the defendant in the case had sent unsolicited commercial emails to consumers while failing
to provide the required opt-out provision, failing to identify messages as advertisements, failing to use a functioning email
address to receive consumer replies, and failing to supply consumers with a valid physical postal address for the company. Under the CAN-SPAM Act, the company could stand to be assessed penalties of $250 per
violation (up to a maximum of $2,000,000).
Complying
with the Act
While the CAN-SPAM
Act does not prohibit commercial email entirely, it sets forth rules governing acceptable forms of such email and makes
illegal many techniques commonly used by bulk email advertisers. Senders of email
that could be considered unlawful "spam" under the Act should know the applicable rules and ensure that their methods of sending
emails comply with the Act's requirements.
All commercial
emails must, at a minimum, comply with the following:
- Provide clear identification that
the message is an advertisement or solicitation (unless the recipient has previously given affirmative consent to receive
the email).
- Provide a clear notice of the method
by which recipients can “opt-out” of receiving further messages from the sender.
- Provide a functioning return e-mail
address or other Internet-based mechanism through which an email recipient may indicate their desire to not receive further
emails. This email address or other Internet-based mechanism must remain functional
for at least 30 days after the original message is sent.
- Provide a valid physical postal
address for the sender.
In addition,
the CAN-SPAM Act prohibits the use of false or misleading transmission information which includes failure to include accurate
identification of the computer used to initiate the email including the use of misleading or deceptive headers. Likewise, the use of deceptive subject headings is barred by the CAN-SPAM Act. Additionally, senders of email must comply with a recipient’s request not to receive commercial emails
within 10 business days. It is not a defense under the CAN-SPAM Act for a business
to advertise its services through illegal spam sent by a third-party as the Act holds businesses which knew, or should have
known, that their services were being promoted through illegal spam.
The CAN-SPAM
Act excludes email messages that are considered "transactional" or "relationship" messages. Examples include email communications
whose primary purpose is to facilitate, complete or confirm a commercial transaction; provide warranty or product recall
information, or safety or security information; or deliver goods and services, including product updates or upgrades.
The CAN-SPAM
Act preempts or supercedes most state anti-spam laws. Most of the Act's provisions will be enforced by the FTC and states'
Attorneys General.
The
requirements of the CAN-SPAM Act can be complex when applied to real-world situations, and penalties for even unintentional
violations can be severe. Thus, companies advertising their services through
email should ensure that all email communications are in compliance with the CAN-SPAM Act. Moreover, the CAN-SPAM Act
allows a court to consider whether a business had adopted a policy designed to ensure compliance with the Act. We therefore
strongly suggest legal compliance audits (assessing existing email marketing guidelines, procedures and templates) and the
adoption of policies and procedures designed to avoid liability under the CAN-SPAM Act.
July 2004
Back
