The “Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003” or the “CAN-SPAM Act” is the United States’ first federal legislation concerning unsolicited commercial email. The law requires unsolicited commercial email messages to be labeled (though not by a standard method) and to include opt-out instructions, as well as the sender’s physical address. It also prohibits the use of deceptive subject lines and false headers in such messages.
Under the law, the Federal Trade Commission (FTC) is authorized (but not required) to establish a “do-not-email” registry. Also, quite significantly, state laws that require labels on unsolicited commercial email or prohibit such messages entirely are pre-empted, although provisions merely addressing falsity and deception remain in place.
The bulk of the requirements of the CAN-SPAM Act apply only to “commercial electronic mail messages,” defined as: “emails the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” Significantly, the legislation does not prohibit the transmission of most types of commercial email. It does however, establish rules that will apply to entities that send commercial email messages.
Based upon the requirements of the CAN-SPAM Act, we offer the following recommendations to companies that wish to send commercial messages.
1. Do not engage in any fraudulent or deceptive activity when transmitting commercial email.
The CAN-SPAM Act prohibits a variety of fraudulent activity committed in connection with email.1 For instance, the legislation prohibits the falsification of header information in multiple commercial emails. Likewise, the law also prohibits the use of a protected computer to relay or retransmit multiple commercial emails, with the intent to deceive or mislead recipients, or any Internet access server, as to the origin of such messages. Penalties for violating the law’s provisions regarding fraudulent activity are rather severe and can include fines, as well as imprisonment. Accordingly, it is very important for companies to ensure that they do not engage in any fraudulent activity when transmitting commercial emails. In addition, when contracting with any third parties to send commercial emails on their behalf, companies should ensure that all such third parties are contractually bound to comply with the requirements of the CAN-SPAM Act and all other applicable legislation.
1 See, CAN SPAM Act of 2003, at Sec 5(a)(1) and (2)
2. Implement a system for opting-out and honor opt-out requests.
The CAN-SPAM Act mandates the inclusion of a clear and conspicuous notice of the recipient’s right to “opt-out” from receiving future commercial emails. It also requires the inclusion of a mechanism that may be used or an email address to which a recipient may send a message requesting not to receive any future commercial emails from the sender.2 Pursuant to the legislation, companies that receive opt-out requests must honor such requests and must cease the transmission of commercial emails to individuals who have opted-out within 10 business days of the sender’s receipt of the opt-out request. Companies sending unsolicited commercial emails must include clear and conspicuous opt-out information on all commercial emails that it sends. Companies must also implement a system for processing individuals’ opt-out requests and must honor such requests by ceasing to transmit commercial emails to those who have opted-out.
2 Id. at Sec. 5(a)(3)
3. Comply with all applicable labeling requirements.
In addition to including language regarding the individual’s right to opt-out of future transmissions of commercial emails, the CAN-SPAM Act mandates the inclusion of the following information on all commercial emails:3
- A legitimate return email and physical postal address;
- A clear and conspicuous notice that the message is an advertisement or solicitation;4 and
- Clear notice in the subject heading if messages include pornographic or sexual content.
As such, all companies should review all of the commercial emails they plan to send and ensure that each commercial email contains the foregoing information.
3 Id. at Sec. 5(a)(5)
4 This requirement does not apply to the transmission of a commercial electronic mail message if the recipient has given prior affirmative consent to receipt of the message.
4. Be cautious when compiling mailing lists.
5 CAN-SPAM Act. at Sec. 5(b)
The recommendations above are applicable to unsolicited commercial email. They do not apply to any “transactional or relationship message,” which is defined under the CAN-SPAM Act as any email message, the primary purpose of which is:
- To facilitate, complete or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender;
- To provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient;
- To provide information with respect to a subscription, membership, account, loan or comparable ongoing commercial relationship involving the ongoing purchase or use of products or services offered by the sender to the recipient;
- To provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating or enrolled; or
- To deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.
The FTC issued a final Rule setting forth criteria for determining the primary purpose of various kinds of email messages. These criteria include:
- For email messages that contain only the commercial advertisement or promotion of a commercial product or service (“commercial content”), the primary purpose of the message will be deemed to be commercial;
- For email messages that contain both commercial content and “transactional or relationship” content as set forth in the Act’s definition of “transactional or relationship message” and in the final Rule, the primary purpose of the message will be deemed to be commercial if either: (i) a recipient reasonably interpreting the subject line of the email would likely conclude that the message contains commercial content; or (ii) the email’s “transactional or relationship” content does not appear in whole or substantial part at the beginning of the body of the message;
- For email messages that contain both commercial content and content that is neither “commercial” nor “transactional or relationship,” the primary purpose of the message will be deemed to be commercial if either: (i) a recipient reasonably interpreting the subject line of the message would likely conclude that the message contains commercial content; or (ii) a recipient reasonably interpreting the body of the message would likely conclude that the primary purpose of the message is commercial. Factors relevant to this interpretation include the placement of commercial content in whole or in substantial part at the beginning of the body of the message; the proportion of the message dedicated to commercial content; and how color, graphics, type size and style are used to highlight commercial content; and
- For email messages that contain only “transactional or relationship” content, the message will be deemed to have a “transactional or relationship” primary purpose.
On a going forward basis, we recommend that companies remain vigilant about changes in the legislative landscape. The CAN-SPAM Act allows, but does not require, the FTC to investigate the creation of a “do not spam” registry similar to the “do not call” registry.
You should consult with an attorney if you have additional questions regarding anti-SPAM issues or any of the information contained herein.