12 Aug What do you think about the new rules under the CAN-SPAM Act?
Businesses that rely heavily on Internet marketing and business communications are keenly aware of the Federal Trade Commission’s (FTC) new provisions to the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, more commonly known as “CAN-SPAM” (sometimes referred to as the “Act”). After requesting and considering public comments on a number of proposed provisions, the FTC adopted new provisions under CAN-SPAM, which touch on four areas.
- First, the definition of the term “person” is added to the Act to make clear that CAN-SPAM is not limited in its application to natural persons.
- Second, the definition of “sender” is modified to simplify determining which of multiple parties that may advertise in a single e-mail is responsible for complying with the opt-out provisions of the Act.
- Third, the requirement that a “sender” of commercial e-mail provide a physical address in the text of the e-mail can now be satisfied by including an accurately registered post office box or private mail box established in accordance with the U.S. Postal Service regulations.
- And fourth, CAN-SPAM now specifies that, in order to opt out of future e-mail from the sender, an e-mail recipient cannot be required to pay a fee, provide any information other than his or her e-mail address and opt-out preferences, or take any other steps beyond sending a reply e-mail message or going to a single opt-out Web page.
CAN-SPAM became effective on January 1, 2004, and imposes a series of requirements on the use of commercial e-mail. It provides civil and criminal enforcement mechanisms to deter unwanted e-mail and allows the state attorneys general to enforce its provisions. CAN-SPAM prohibits the transmission of any e-mail that contains a false or misleading header or “from” line, or false or misleading subject headings. It requires that a commercial e-mail contain a functioning return e-mail address or similar Internet-based mechanism for a recipient to opt-out of receiving future commercial e-mail messages, and prohibits the sender from initiating a commercial e-mail to a recipient more than 10 days after he or she has opted out. It also requires commercial e-mail messages to contain: (1) a clear and conspicuous identification that the message is an advertisement or solicitation; (2) a conspicuous notice of the opportunity to opt-out of receiving further commercial e-mail messages from the sender; and (3) a valid physical postal address of the sender. CAN-SPAM authorizes the FTC to enforce violations of the Act in the same manner as an FCC Trade Regulation.
Prior to the enactment of the new provisions, CAN-SPAM did not define “person,” even though this term is used throughout CAN-SPAM’s provisions. The new rules adopt a definition of the term “person” as meaning an individual, group, unincorporated association, limited or general partnership, corporation or other business entity. Commentators generally supported adding this definition, with the exception of one association, which argued that unincorporated nonprofits should be excluded from the definition of “person” – effectively exempting them altogether from CAN-SPAM. The reason behind this objection was that the risk of liability under CAN-SPAM could discourage an association’s or nonprofit organization’s members from volunteering to serve in a leadership capacity. The FTC did not find this persuasive, noting that associations and other nonprofit organizations often send e-mails that contain advertisements or promotions of commercial products or services, which entitle the recipients to the protections of CAN-SPAM.
The new rules also modified CAN-SPAM’s definition of “sender” to address situations where multiple marketers use a single e-mail message (for example, where a commercial e-mail from a car rental agency also promotes an airline or hotel chain). The FTC modified the definition of “sender” to provide that under certain conditions, multiple senders of a commercial e-mail may identify one among them as the “sender” who will then be deemed to be the sole “sender” of the message, or the “designated sender.” Under the final rule, only the designated sender is required to honor opt-out requests made by commercial e-mail message recipients. Also, the physical address of the designated sender, but not the other marketers using the same e-mail message, must appear in the message.
The FTC noted that the definition of “sender” in the final rule provides marketers the flexibility to structure their messages in a way that reduces redundant obligations for the various marketers in a single e-mail, while insuring that recipients of these messages receive the benefit of CAN-SPAM’s opt-out protection. Under the final rule, the “designated sender” must be identified in the “from” line as the sole sender of the message; if two or more senders appear in the “from” line, the multi-marketer exception would not be met.
The rule requiring a commercial e-mail message to include sender’s “valid physical postal address” can be satisfied by including the sender’s current street address, a post office box that the sender has accurately registered with the U.S. Postal Service or a private mailbox that the sender has accurately registered with a commercial mail receiving agency established pursuant to the U.S. Postal Service regulations. Several commentators expressed concern over this provision and felt that post office boxes and private mailboxes should not be included in the definition because they are often used in fraud schemes to shield their owners’ identities. The FTC disagreed, noting that an individual or entity intent on evading identification can just as easily use an inaccurate street address.
The FTC also adopted a new rule which prohibits the imposition of any fee, any requirement to provide personally identifying information beyond one’s e-mail address or any other obligation as a condition for accepting or honoring a recipient’s opt-out request. Commentators generally agreed with an opt-out fee prohibition, but challenged the prohibition on collection of additional personal information or the requirement that an e-mail recipient interface with more than one Web page to opt-out. These commentators argued that collecting personal information or requiring multiple opt-out steps may be necessary to verify the identity of the recipient, citing concerns such as risk of typographical errors, computer security issues, on-line identity theft and sabotage by competitors. The FTC responded by stating that imposing additional requirements on consumers who attempt to opt-out would likely increase the risk of information being intercepted by a hacker or rogue third party and would do anything but minimize the risk of these problems.
With these new rules, all businesses that use e-mails in a commercial context must modify their practices and bring them in line with the new requirements. If you have any issues regarding e-mail marketing, compliance with CAN-SPAM or use of Internet commerce in general, please feel free to contact us.
The opinions expressed herein or statements made in the above column are solely those of the author, and do not necessarily reflect the views of Wisconsin Technology Network, LLC. WTN accepts no legal liability or responsibility for any claims made or opinions expressed herein.