Announcements | White Papers | Blog

CAN-SPAM … But it's better not to!

OTOi, Executive Team | One to One Interactive
February 29, 2004

After 7 weeks, "Controlling the Assault of Non-Solicited Pornography and Marketing Act" aka "CAN-SPAM" herein referred to as "the Act", is making many unhappy. In fact, the Act doesn't appear to have made any noticeable impact on the volume of spam. Criticism of the Act ranges from accusations that the federal government has failed miserably, to statements that CAN-SPAM affirmatively harms the cause of the war on spam by overriding more stringent State legislation[1]. Others note that the Act has created a workable and nationally unified approach to the problem of spam.

In fact, under the Act it is permissible, even if inadvisable, for marketers to send at least one commercial email message to every single person. Complying with the Act is not the same as comporting with best practices in permission based marketing. In our experience, permission marketing is the most effective for credible marketers to initiate and sustain profitable relationships with their customers.

Criticism and accolades aside, the facts are that CAN-SPAM is the current law of the land regarding unsolicited commercial email and marketers must adhere to its requirements. This article is intended to be an overview of some key provisions, and provides links for more information.

Preemption

The most important result of the federal CAN-SPAM act is that it pre-empts State legislation on the issue of unsolicited commercial email. This means that marketers are no longer at the mercy of a patchwork of often conflicting State laws that change every couple of years. The effect of this is that marketers now have a workable and single definition of what unsolicited commercial email is and what happens if you don't comply with the law when sending it.

No Private Right of Action
Another important provision relates to who can bring an action under the Act. Consumers individually are not empowered under the act to bring an action but rather State and Federal authorities in the form of regulators like the FTC and Attorneys General. The effect of this is that you probably have to be a pretty egregious offender to attract the attention and merit the resources required to be targeted by these enforcement agencies. That doesn't exempt anyone from complying with the provisions of the act; it simply means that a simple mistake isn't going to end up resulting in huge lawsuits for a single email.

Here are some important definitions.

Commercial Email

"The term 'commercial electronic mail message' means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)[2]". The operative word here is commercial. A commercial message is one that the purpose of which is to sell or promote the sale of a product or service. The mere mention of a company website does not make a message commercial in nature unless the website or a destination page in the email has the primary purpose of selling or promoting the sale of a product or service. This definition will be tightened up over time through litigation.

An important exception to this definition is transactional or relationship emails. These email are defined in the Act at Section 3(17) and exempt from the definition of unsolicited commercial email. These are the emails that are associated with an existing commercial relationship where the subject of these types of email is transactional in nature or required to service the existing purchases of the email recipient (e.g., if Sears sends you notification that the warranty on your washing machine has expired or Amazon.com notifies you that your order has shipped).

Sender

The other interesting thing this legislation does is break down the barriers between the sender of the email (like a 3d party list provider) and the owner of the subject of the content of the email. The Act indicates that "… the term 'sender,' when used with respect to a commercial electronic mail message, means a person who initiates such a message and whose product, service, or Internet web site is advertised or promoted by the message"[3]. The Act does recognize different lines of business as senders as long as the email message explicitly identifies the separate line of business from the parent entity. The other relevant provision with regard to the sending of email is that a sender is one who initiates a commercial email transmission. Initiation includes by definition one who originates, transmits or procures the transmission of a covered email. For example, if Unisys hires One to One Interactive to send email on its behalf, both Unisys and One to One could be considered a sender.

Clear and Conspicuous

The Act makes reference to several requirements of being "clear and conspicuous". This refers to obtaining affirmative consent, identifying an email as an advertisement or solicitation or providing notice of the ability to opt out.

The FTC has created a document called "dot com disclosures". This resource applies to the use of the Internet as a commercial medium and discussed the elements of clear and conspicuous in detail. These are the elements the FTC says are relevant to determining whether something is "clear and conspicuous":

  1. the placement of the disclosure in an advertisement and its proximity to the claim it is qualifying,
  2. the prominence of the disclosure,
  3. whether items in other parts of the advertisement distract attention from the disclosure,
  4. whether the advertisement is so lengthy that the disclosure needs to be repeated,
  5. whether disclosures in audio messages are presented in an adequate volume and cadence and visual disclosures appear for a sufficient duration, and
  6. whether the language of the disclosure is understandable to the intended audience.

Other

In Section 6, the Act specifically states that advertisers may not promote or allow others to promote their product or service through email that violates the Act. The Act also makes reference and includes wireless messaging.

OK, so those are some important definitions. But what does the Act actually require us marketers to do? The Act has some specific requirements and prohibitions. Here are a few of the important ones for the readers of this newsletter.

Do's and Don'ts

 You Must:

  1. Enable recipients to opt-out through a reply email or other form of compliant Internet based communication (see the Act at Section 5(a)(3)(A)).
  2. Honor opt-out requests within 10 business days, unless the recipient opts back in, in which case email may be sent to recipient (see the Act at Section 5(a)(4)).
  3. Provide clear and conspicuous identification that the message is an advertisement or solicitation unless the sender has affirmative consent to send the email (see the Act at Section 5(a)(5)(A)(i) and 5(a)(5)(B)).
  4. Provide clear and conspicuous means to opt-out of receiving future emails from the sender (see the Act at Section 5(a)(5)(A)(ii)).
  5. Provide a valid postal address of the sender in the email (see the Act at Section 5(a)(5)(A)(iii)).

You May Not:

  1. Send email using false or misleading header information.
  2. Use a misleading From line.
  3. Use misleading Subject lines.
  4. Send email to someone who opts-out any time after 10 days from the time of the opt-out.

You Should:

  1. Create a suppression list for opt-outs and revise your privacy policy to incorporate the suppression list.
  2. Create a formal process to handle the routing and handling of opt out requests.

Penalties For Non-Compliance

  1. FTC: Cease and desist orders and fines up to $11,000 per violation.
  2. State: Individual states may also bring action on behalf of their residents: Up to $250 per violation capped at $2 million for violations other than false or misleading headers.
  3. "Harvesting" e-mail addresses is considered an "Aggravated Violation" and will cause the fines to triple to $750 per spammed e-mail address capping at $6,000,000 plus attorney fees.
To learn more about the impact of this legislation on your business, feel free to contact myself or your Interactive Marketing Adviser at One to One Interactive. You may also check out the following resources online:

Other Relevant Articles from One to One:

"Email Marketing: Opportunity And Risk" By Michael Donnelly, Esq.
"The Tangled Web Of E-Mail" By Michael Donnelly, Esq.
"Raising The Stakes In Permission Marketing: The Need To Better Manage Enterprise E-Mail Processes" By Jeremi Karnell

FTC Links:
http://www.ftc.gov/bcp/workshops/spam
http://www.ftc.gov/bcp/conline/pubs/buspubs/ruleroad.htm
Dot Com Disclosures

News:
http://www.nwfusion.com/topics/spam.html
http://www.eweek.com/category2/0,4148,1304524,00.asp

Law:
http://www.spamlaws.com/
http://law.spamcon.org/us-laws/index.shtml

Associations:
http://www.privacyassociation.org/
http://www.cauce.org/news/index.shtml
http://www.privacyexchange.org/
http://www.privacyrights.org/links.htm
http://www.privacyfoundation.org/

Healthcare Specific Privacy Info:
http://www.hhs.gov/ocr/hipaa/

[1]Comments made by Lawrence Lessig, Stanford Law Professor at a California conference on Spam, see Wired online article at http://www.wired.com/news/business/0,1367,62020,00.html?tw=wn_tophead_3
[2] CAN-SPAM Act of 2003 cited at http://www.spamlaws.com/federal/108s877.html section 3(2)(A).
[3] ibid at section 3(16)(A).

back back to White Papers
Copyright © 2008 One to One Interactive, Inc. All Rights Reserved. Privacy Policy | Terms and Conditions