Commercial E-mail and CAN-SPAM: What You Need to Know
Unsolicited commercial electronic mail – “spam” – is the bane of the modern electronic existence. In an effort to limit this problem, the One hundred Eighth Congress enacted the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (usually referred to as the “CAN-SPAM Act of 2003” or “CAN-SPAM”), which took effect January 1, 2004.
The Act
CAN-SPAM has four main provisions, which together aim to make commercial e mail (including commercial content on websites) more truthful, more transparent and more avoidable.
First, CAN-SPAM bans false or misleading e-mail header information. A message’s “From,” “To” and routing information must be accurate and must identify the sender. This requirement attacks the common spammer practice of disguising the source of a message.
Second, CAN-SPAM prohibits deceptive “Subject” information. Spammers often make up enticing subject lines, betting that the user will open a message that would be ignored if the description were truthful.
Third, CAN-SPAM requires that the message include an e-mail or other Internet-based mechanism by which the recipient can opt out of receiving e-mail messages in the future. The sender must process the opt-out request within ten business days of receipt. Once a recipient has opted out, the spammer cannot provide that recipient’s e-mail address to a third party (except to comply with CAN-SPAM or any other law).
Finally, CAN-SPAM requires that commercial e-mail clearly and conspicuously state that it is an advertisement or solicitation and that the recipient may opt out of receiving commercial e-mail in the future. Furthermore, commercial e-mail must include the sender’s postal address.
In addition to the foregoing, CAN-SPAM has brief provisions – and calls for Federal Trade Commission rulemaking – regarding e-mail depicting sexually explicit conduct and commercial e-mail messages to mobile wireless devices.
Enforcement and Penalties
The FTC is authorized to enforce CAN-SPAM, and the Department of Justice is authorized to enforce criminal sanctions. In addition, other federal and state agencies may enforce the law against organizations under their jurisdiction, and Internet service providers (ISPs) may sue violators.
Statutory damages can go as high as $2 million ($1 million for suits by ISPs), subject to trebling for willful and knowing violations and certain aggravated violations (e.g., harvesting addresses from websites), plus attorney fees. E-mail recipients other than ISPs do not have the right to bring suit under CAN-SPAM
CAN-SPAM’s criminal penalties may include fines; imprisonment for up to five years, depending on the nature of the offense and any prior convictions; and forfeiture of gross proceeds obtained from the offense as well as equipment, software and other technology used in committing the offense.
Uncertainty
One of the greatest challenges in complying with CAN-SPAM is figuring out exactly which communications are covered. Most of the Act addresses “commercial electronic mail messages,” which means any message “the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.”
Commercial messages expressly exclude “transactional or relationship messages,” which means, among others, any message “the primary purpose of which is…to facilitate, complete or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender [or] notification[s] with respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender….”
Suppose, for example, that your company has ongoing relationships with clients and wants to tell them about a new service that you now offer. Is an e-mail promoting that new service part of the existing relationship (thus not a commercial message), or does the new service mean a new relationship, so the e-mail is a commercial message subject to CAN-SPAM? Does the answer to the foregoing depend on how closely the new service is related to existing services? Does it matter whether the new service involves any third parties in addition to your company and the client? If there is any doubt, the prudent approach is to assume that the message is commercial and to comply fully with CAN-SPAM.
Related posts:
- What You Need to Know about CAN-SPAM and Third-party E-mail Lists
- Facebook Ads can be Electronic Mail for CAN-SPAM Purposes
This blog does not provide legal advice and does not create an attorney-client relationship. If you need legal advice, please contact an attorney directly.
Dana Shultz is a business-savvy lawyer located in Northern California's San Francisco Bay Area (in the East Bay, near Oakland) who has in-depth knowledge of law, business, technology, and the needs of startup and early-stage companies.