Effects of the CAN-SPAM Act on E-Mail Marketing


This article was originally published in the Spring 2004 edition (Vol. 4, No. 1) of Thelen Reid's Intellectual Property and Tade Regulation Journal.

A common marketing technique today is for businesses to send unsolicited e-mail messages to a targeted group of recipients. Even when e-mail advertisements notify recipients that they may "opt out" of receiving future e-mails, such e-mail campaigns may be significantly impacted by a new federal law known as the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003," or the "CAN-SPAM Act."

Purpose of the Act

The CAN-SPAM Act's primary goal is to curb fraudulent and abusive e-mail practices and the unsolicited electronic distribution of pornographic material. However, as with most consumer legislation, the Act is deliberately broad and subjects nearly all commercial e-mail messages to regulation. The Act further applies to any business entity, within or outside of the U.S., whether a private or public company, a non-profit organization or an individual entrepreneur. Businesses should act now to ensure that their e-mail advertisements are in compliance with the Act.

The good news is that the Act supersedes any statute, regulation or rule of a state (or political subdivision of any state) that expressly regulates the use of e-mail to send commercial messages. In fact, the Act was motivated by the impending effectiveness of tough anti-spam legislation in California that was signed into law on January 1, 2004. California's anti-spam law would have given individuals the right to sue and would have allowed plaintiffs to recover a significantly greater amount of damages than provided for under the Act. As such, the e-mail marketing industry promoted the Act over a collection of conflicting, and more restrictive, state laws, thus making compliance easier.

Persons Subject to the Act

The bulk of the Act primarily targets persons who engage in blatantly fraudulent or abusive conduct, and persons who initiate the transmission of commercial electronic mail messages that include sexually-oriented material. However, Section 5 of the Act imposes requirements on any person who initiates the transmission of a "commercial electronic mail message." The Act defines a "commercial electronic mail message" as any e-mail message in which the primary purpose is commercial advertisement or promotion of a commercial product or service (including content on an Internet Web site that is operated for a commercial purpose).

Compliance With the Act

Under Section 5 of the Act, businesses must now be careful to comply with certain disclosure and address list-maintenance obligations. Business entities must ensure that each commercial electronic mail message that they send contains the following:

  • A clear and conspicuous identification that the message is an advertisement or solicitation,

  • A clear and conspicuous notice of an e-mail address or other Internet-based mechanism that the recipient may use to request that no future commercial electronic mail messages be sent by the sender, and

  • The sender's valid physical postal address.

Furthermore, if a recipient requests not to receive some or any e-mail messages from a business, then neither that business nor any person acting on behalf of that business may initiate the transmission of such e-mail messages to the recipient more than 10 business days after the receipt of such request.

A business entity must also ensure that no other person or entity is promoting its business by e-mails that contain false or misleading information. Under Section 6 of the Act, it is unlawful for a business entity to promote its business in a fraudulent commercial electronic mail message that violates the Act if it knows or should know that its business is being promoted in such a message, if it receives or expects to receive an economic benefit from such a promotion, or if it takes no reasonable action to prevent the transmission.

Remedies Under the Act

The Act gives federal and state enforcement agencies significant leverage to use against violators, including statutory damages. Internet access providers may also sue for damages, conceivably in a class action. Individuals do not have the right to sue under the Act. It is noteworthy that the Act expressly permits a court to consider, when assessing damages, commercially reasonable practices a company has implemented to avoid violations.

Section 7 of the Act provides that it will be enforced by the FTC as if violation were an unfair or deceptive trade practice proscribed under the Federal Trade Commission Act. Accordingly, the FTC may bring a civil action against a person it believes to be in violation, and the court may liberally grant such relief as it finds necessary to redress injury to consumers or other persons. Such relief may include rescission or reformation of contracts, a refund of money or return of property, payment of damages or public notification of the unfair or deceptive trade practice.

Section 7 also allows the attorney general, or any official or agency of a state that has reason to believe an interest of the residents of the state has been or is threatened or adversely affected, to bring a civil action on behalf of the residents of that state, either to enjoin further violations of Section 5 of the Act or to obtain damages on behalf of residents. Damages awarded will be in an amount equal to the greater of the actual monetary loss suffered by such residents, or the amount of statutory damages prescribed in Section 7(f)(3) of the Act. Section 7(f)(3) provides that damages will be calculated by multiplying the number of violations (with each separately addressed unlawful e-mail message treated as a separate violation) by up to $250, but the amount of damages for any violation of Section 5 (other than the use of false or misleading transmission information) shall not exceed $2 million. If it determines that the defendant acted willfully and knowingly, or included other aggravated conduct, the court may increase a damage award up to three times the amount otherwise available. A provider of Internet access service adversely affected by a violation of Section 5 may also bring a civil action to obtain damages.

As noted above, in assessing damages the court may also consider whether the defendant has established and implemented, with due care, commercially reasonable practices and procedures designed to effectively prevent such violations, and whether the violation occurred despite commercially reasonable efforts to maintain compliance with such practices and procedures.

Recent Developments

In early 2004, several Internet access providers filed lawsuits under the CAN-SPAM Act. America Online, Microsoft, EarthLink and Yahoo filed six combined lawsuits in federal courts in California, Georgia, Virginia and Washington, charging the defendants with sending hundreds of millions of bulk e-mail messages to customers of the four Internet access providers. It is important to note that these lawsuits target blatantly fraudulent and abusive e-mail practices of the type the Act seeks to eliminate. The complaints allege that the defendants sent deceptive solicitations for a variety of products via e-mail messages through third-party computers in order to disguise their point of origin.

Perhaps more alarming is the first lawsuit filed under the CAN-SPAM Act. Hypertouch, a California Internet service provider, sued BobVila.com and its marketing affiliate, BlueStream Media, for sending e-mail advertisements that did not contain the required contact information. The lawsuit also charges BlueStream Media with sending e-mail messages with forged header information.

Conclusion

Accordingly, it is recommended that businesses do the following to comply with the CAN-SPAM Act of 2003:

  • Create a standard format for all commercial e-mail messages they send (or that any person sends on their behalf), including each piece of information identified above;

  • Implement internal controls to ensure that each e-mail campaign complies with the prescribed format; and

  • Designate a central authority to receive and act on deletion requests from recipients, and to control, update and maintain e-mail address lists on an ongoing basis.

For more information, please contact:

Rauer L. Meyer
415.369.7370
[email protected]

Heather Stewart
415.369.7237
[email protected]

©2004 By Thelen Reid & Priest LLP. This article has been published as an information service to clients and friends. Please recognize that the information is general in nature and must not be relied upon as legal advice. The authors, listed above, or your Thelen Reid attorney contact, would be happy to discuss the information in this article in greater detail and its application to your specific situation. We welcome your comments and suggestions.