On December 16, 2003 President Bush signed into law the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, otherwise known as the CAN-SPAM Act of 2003 (the "Act").
The Act, which becomes effective on January 1, 2004, imposes limitations on and penalties for the transmission of certain commercial electronic mail messages ("commercial email"). Most significantly, and the reason that the Act garnered so much industry support, the Act preempts state SPAM laws (other than those laws that prohibit falsity or deception in commercial email), including a recently enacted and alarmingly broad California law that is scheduled to take effect on January 1, 2004.
As discussed more fully below, the Act is a benefit to all e-mail marketers since it does not prohibit the sending of unsolicited messages but rather uses an "opt-out" standard, pursuant to which the recipient may elect not to receive future e-mails. It also provides advertisers with significant flexibility in identifying the messages as solicitations - no longer will the somewhat ubiquitous "ADV:" in the subject heading be the sole method of indicating that the e-mail is unsolicited. Finally, since the Act contemplates an easy way for consumers to grant "affirmative consent" to third parties, marketers can feel a bit more secure that consent has been given in cases where e-mail lists have been obtained from list brokers or suppliers.
Application
The Act defines "commercial electronic mail message"1 as any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for commercial purpose). Under this definition whether the recipient is a business or consumer is irrelevant, the focus of the Act is not on the identity of the recipient, but rather on the content of the message. The Act does exclude from the definition of "commercial electronic mail message" messages that are transactional or relationship messages. The primary purpose of a transactional or relationship message is to:
- Facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender;2
- Provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient;
- Provide notification concerning a change in the terms or features of; notification of a change in the recipient's standing or status with respect to; or at regular periodic intervals, account balance information or other type of account statement with respect to, a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender;
- Provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or
- Deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.
Compliance
To comply with the requirements of the Act, commercial email must:
- Clearly and conspicuously identify that the message is an advertisement or solicitation, unless recipient has give prior affirmative consent to receipt of the message. Affirmative consent means that the recipient expressly consented to receive the message either in response to a clear and conspicuous request for such consent or at the recipient's own initiative. If the message is from a party other than the party to which the recipient communicated the consent, the recipient must have been given clear and conspicuous notice at the time the consent was communicated that the recipient's email address could be transferred to such other party for the purpose of initiating commercial email;
- Clearly and conspicuously notify the recipient of the opportunity to decline to receive further commercial email from the sender;
- Provide a valid physical postal address of the sender; and
- Provide a functioning return email address or other Internet-based mechanism, clearly and conspicuously displayed, that a recipient may use to submit, in a manner specified in the commercial email, a reply email or other Internet-based mechanism, a request not to receive future commercial email from that sender. The return address or Internet-based mechanism must be capable of receiving such messages for at least thirty (30) days after the transmission of the original message. The sender of the commercial email may not send subsequent commercial emails more than ten (10) business days after the recipient's request not to receive further emails has been received (unless there is subsequent affirmative consent by the recipient to receive such emails). Once the sender receives such a request, the sender may not sell, lease, exchange or otherwise transfer or release the email address of the recipient.
Prohibitions on False or Deceptive Information
The Act makes it unlawful for a person to initiate a commercial email or a transactional or relationship message that contains materially false or materially misleading header information. In addition, it is unlawful to initiate a commercial email using deceptive subject headings.
Generating Marketing Lists
The Act also makes it unlawful to initiate or assist in the transmission of commercial email using an email address: that was collected through automated means, from a third party website in violation of that third party's posted privacy policy (harvesting); or that was generated through automated means by combining names, letters or numbers into numerous permutations (dictionary attacks).
Criminal Fraud Provisions
The Act imposes forfeiture penalties, fines and/or criminal penalties for fraudulent activities related to electronic mail. The fraudulent activities covered include the material falsification of header or transmission information, the unauthorized use of someone else's computer to send bulk commercial email, and the registration of an email account that materially falsifies the identity of the actual registrant.
Do Not Email
The Act requires the Federal Trade Commission ("FTC") to set forth a plan and timetable for establishing a marketing Do-Not-E-Mail registry that includes the practical, technical, security privacy and enforceability concerns the FTC may have. The Act also provides the FTC with the authority (but does not require the exercise of that authority) to implement such a registry nine months after the enactment of the Act.
Interestingly, in an August 2003, address of business executives and government officials in Aspen, Colorado, FTC Chairman Timothy J. Muris publicly addressed the idea of creating a "Do Not Spam" registry modeled after the FTC's National Do Not Call Registry. Muris stated, that if a Do Not Spam list were created, "My advice to consumers would be: don't waste the time and effort to sign up." As Chairman Muris explained, a "Do Not Spam" registry would be ineffective because spammers have the ability to constantly create new email addresses and identities at virtually no cost. Chairman Muris reiterated this position while answering questions about the registry online after President Bush had signed the Act into law. Chairman Muris wrote, "I have previously expressed reservations about the registry because our studies have shown that almost all spammers are already violating various laws. As you know, the FTC develops and is now enforcing, along with the FCC and the states, the national do-not-call registry. Most telemarketers are legitimate businesses. Because most spammers are not legitimate, the attractiveness of a do-not-spam registry is in doubt." Given these statements, don't expect the FTC to establish a Do-Not-E-Mail Registry any time soon.
Application to Wireless
The Act requires that the Federal Communications Commission ("FCC") within nine (9) months promulgate rules to protect consumers from unwanted mobile service commercial messages. The FCC rules must address a commercial mobile service subscriber's ability to avoid receiving commercial messages and requires the FCC to consider whether a subscriber should be allowed to opt-out of receiving such messages at the time the consumer subscribes to the service or whether the service should provide for an opt-out in any billing mechanism.
Conclusion
The Act's impact on state SPAM laws is a tremendous victory for the marketing industry. However, due to the large number of illegitimate marketers that currently use SPAM in contravention of existing state laws, consumers may find that Act is not the panacea for inbox congestion that legislators had promised.
Footnotes
1. The Act's standards for the transmission of sexually orientated email are not discussed herein.
2. The Act defines "sender" as "a person who initiates such a [commercial electronic mail] message and whose product, service or Internet web site is advertised or promoted by the message. The Act addresses the affiliate issue as follows: if an entity operates through separate lines of business or divisions and holds itself out to the recipient throughout the message as that particular line of business or division rather than as the entity of which such line obusiness or division is a part, then the line of business or the division shall be treated as the sender of such message for purposes of this Act.