The bulk of the requirements of the CAN-SPAM Act apply only to “commercial electronic mail messages,” defined as: “emails the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” Significantly, the legislation does not prohibit the transmission of most types of commercial email. It does however, establish rules that will apply to entities that send commercial email messages.
Based upon the requirements of the CAN-SPAM Act, we offer the following recommendations to companies that wish to send commercial messages.
1. Do not engage in any fraudulent or deceptive activity when transmitting commercial email.
The CAN-SPAM Act prohibits a variety of fraudulent activity committed in connection with email.1& For instance, the legislation prohibits the falsification of header information in multiple commercial emails. Likewise, the law also prohibits the use of a protected computer to relay or retransmit multiple commercial emails, with the intent to deceive or mislead recipients, or any Internet access server, as to the origin of such messages. Penalties for violating the law’s provisions regarding fraudulent activity are rather severe and can include fines, as well as imprisonment. Accordingly, it is very important for companies to ensure that they do not engage in any fraudulent activity when transmitting commercial emails. In addition, when contracting with any third parties to send commercial emails on their behalf, companies should ensure that all such third parties are contractually bound to comply with the requirements of the CAN-SPAM Act and all other applicable legislation.
1 See, CAN SPAM Act of 2003, at Sec 5(a)(1) and (2)
2. Implement a system for opting-out and honor opt-out requests.
The CAN-SPAM Act mandates the inclusion of a clear and conspicuous notice of the recipient’s right to “opt-out” from receiving future commercial emails. It also requires the inclusion of a mechanism that may be used or an email address to which a recipient may send a message requesting not to receive any future commercial emails from the sender.2 Pursuant to the legislation, companies that receive opt-out requests must honor such requests and must cease the transmission of commercial emails to individuals who have opted-out within 10 business days of the sender’s receipt of the opt-out request. Companies sending unsolicited commercial emails must include clear and conspicuous opt-out information on all commercial emails that it sends. Companies must also implement a system for processing individuals’ opt-out requests and must honor such requests by ceasing to transmit commercial emails to those who have opted-out.
2Id. at Sec. 5(a)(3)