The High-touch Legal Services® Blog • For Startup/Early-stage Companies

Earlier this month I posted “Commercial E-mail and CAN-SPAM: What You Need to Know“, which explains CAN-SPAM (15 U.S.C. Sections 7701-7713), the federal law that aims to make commercial e-mail more truthful, more transparent and more avoidable.

This post discusses an interesting variation on the CAN-SPAM theme: Whether and how CAN-SPAM applies when a company uses third-party mailing lists.

Important Provisions

CAN-SPAM’s most important provisions ban false or misleading e-mail content; require that commercial messages be clearly and conspicuously so identified; and require a mechanism by which recipients can opt out of receiving such messages in the future.

One of my clients relies on commercial e-mail to help build a rapidly-growing software business. Since CAN-SPAM took effect, this client has amassed an opt-out list (often called a suppression list) of more than one million e-mail addresses.

That client’s database marketing manager shared with me his belief that so long as the company was using a third-party e-mail list rather than the company’s own list, CAN-SPAM’s obligation to honor opt-out requests did not apply.

I was immediately skeptical: The law typically does not allow obligations to be avoided so easily.

Statutory Details

Section 7702(16)(A) says that “sender” means “a person who initiates [a commercial e-mail] message and whose product, service, or Internet web site is advertised or promoted by the message.”

Section 7702(9) says that “initiate” means “to originate or transmit such message or to procure the origination or transmission of such message,” but does not include routine conveyance of the message.

Because my client’s activities come within Section 7702(9), my client initiates messages and, thus, under Section 7702(16)(A) is a sender.

Section 7704(a)(4)(A)(i) makes it unlawful for a sender to initiate transmission of messages to any recipient more than ten business days after receiving the recipient’s opt-out request. The prohibition does not distinguish between sender-owned mail lists and those owned by third parties.

Inescapable Conclusion

The answer was clear: My client had to honor opt-out requests, even if the company was using a third party mailing list.

The company now has a centralized suppression list that it applies to all commercial e-mail distributions, irrespective of the source of the list – and the comfort in knowing that its e-mail campaigns comply with applicable law.

This blog does not provide legal advice and does not create an attorney-client relationship. If you need legal advice, please contact an attorney directly.

Unsolicited commercial electronic mail – “spam” – is the bane of the modern electronic existence. In an effort to limit this problem, the One hundred Eighth Congress enacted the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (usually referred to as the “CAN-SPAM Act of 2003” or “CAN-SPAM”), which took effect January 1, 2004.

The Act

CAN-SPAM has four main provisions, which together aim to make ommercial e mail (including commercial content on websites) more truthful, more transparent and more avoidable.

First, CAN-SPAM bans false or misleading e-mail header information. A message’s “From,” “To” and routing information must be accurate and must identify the sender. This requirement attacks the common spammer practice of disguising the source of a message.

Second, CAN-SPAM prohibits deceptive “Subject” information. Spammers often make up enticing subject lines, betting that the user will open a message that would be ignored if the description were truthful.

Third, CAN-SPAM requires that the message include an e-mail or other Internet-based mechanism by which the recipient can opt out of receiving e-mail messages in the future. The sender must process the opt-out request within ten business days of receipt. Once a recipient has opted out, the spammer cannot provide that recipient’s e-mail address to a third party (except to comply with CAN-SPAM or any other law).

Finally, CAN-SPAM requires that commercial e-mail clearly and conspicuously state that it is an advertisement or solicitation and that the recipient may opt out of receiving commercial e-mail in the future. Furthermore, commercial e-mail must include the sender’s postal address.

In addition to the foregoing, CAN-SPAM has brief provisions – and calls for Federal Trade Commission rulemaking – regarding e-mail depicting sexually explicit conduct and commercial e-mail messages to mobile wireless devices.

Enforcement and Penalties

The FTC is authorized to enforce CAN-SPAM, and the Department of Justice is authorized to enforce criminal sanctions. In addition, other federal and state agencies may enforce the law against organizations under their jurisdiction, and Internet service providers (ISPs) may sue violators.

Statutory damages can go as high as $2 million ($1 million for suits by ISPs), subject to trebling for willful and knowing violations and certain aggravated violations (e.g., harvesting addresses from websites), plus attorney fees. E-mail recipients other than ISPs do not have the right to bring suit under CAN-SPAM

CAN-SPAM’s criminal penalties may include fines; imprisonment for up to five years, depending on the nature of the offense and any prior convictions; and forfeiture of gross proceeds obtained from the offense as well as equipment, software and other technology used in committing the offense.

Uncertainty

One of the greatest challenges in complying with CAN-SPAM is figuring out exactly which communications are covered. Most of the Act addresses “commercial electronic mail messages,” which means any message “the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.”

Commercial messages expressly exclude “transactional or relationship messages,” which means, among others, any message “the primary purpose of which is…to facilitate, complete or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender [or] notification[s] with respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender….”

Suppose, for example, that your company has ongoing relationships with clients and wants to tell them about a new service that you now offer. Is an e-mail promoting that new service part of the existing relationship (thus not a commercial message), or does the new service mean a new relationship, so the e-mail is a commercial message subject to CAN-SPAM? Does the answer to the foregoing depend on how closely the new service is related to existing services? Does it matter whether the new service involves any third parties in addition to your company and the client? If there is any doubt, the prudent approach is to assume that the message is commercial and to comply fully with CAN-SPAM.

This blog does not provide legal advice and does not create an attorney-client relationship. If you need legal advice, please contact an attorney directly.

Last month, my post Court Curbs Inspection of Employee Text Messages discussed an employer that was held to have unreasonably searched employee text messages because, despite a policy stating that employer-supplied technology must be used only for the employer’s business activities, that policy was undercut when it was only selectively enforced.

Continuing this theme, in a more recent case, Guard Publishing v. NLRB, the D.C. Circuit held that selective enforcement of a policy limiting employee e-mails constituted a violation of federal labor law.

In my opinion, Guard Publishing actually made two mistakes. First, the e-mail policy prohibited “non-job-related solicitations” (emphasis added) but did not prohibit other other non-job-related communications. So the employer gave itself the ability to limit only a fraction of all possible non-business communications.

Second – and this is what decided the case – the only solicitations that the employer actually prohibited were union solicitations!

This case suggests two recommendations (consistent with the recommendations offered last month) if you want to implement a policy to limit employees’ non-business use of e-mail on the job:

1. Define the limited communications broadly (for example, “all non-business e-mail”).
2. Enforce the policy consistently.

This blog does not provide legal advice and does not create an attorney-client relationship. If you need legal advice, please contact an attorney directly.

A well-intentioned friend recently distributed – to many dozens of people – an e-mail claiming that next month all mobile phone numbers will be released to telemarketers, so it is essential to call the Federal Trade Commission’s toll-free number to opt out of receiving unwanted calls. The e-mail finished by telling recipients to forward it to all of their friends.

This e-mail is false and perpetuates an urban legend that has been circulating for years, wasting bandwidth, processing cycles and disk space!

The truth is that mobile phones are protected from telemarketing; the toll-free opt-out number should be used for landline phones.

For more details, check out Snopes.com and the FTC website.

This blog does not provide legal advice and does not create an attorney-client relationship. If you need legal advice, please contact an attorney directly.

Today a client received an e-mail bounce-back from Spam Arrest, which provides a challenge-response system to stop automated junk mail. The first time a sender sends e-mail to a protected recipient, the sender must follow a link in the bounce-back message to a web page where, following user entry of a one-time verification code, the sender is identified as a legitimate e-mail sender.

During the past several years I have gone through the Spam Arrest verification process a few times and never thought much of it. But when I followed the link in the client’s e-mail, I saw something that, to the best of my knowledge, I had never seen before: the Sender Agreement reproduced toward the end of this post.

I was pretty shocked. In effect, the agreement requires that the sender send commercial e-mail only if the recipient has opted-in. Furthermore, the sender agrees to pay the recipient and Spam Arrest $2,000 for each violation of the agreement!

I’m not a spammer, but I do send a monthly e-mail to hundreds of recipients on an opt-out, rather than opt-in, basis in accordance with the CAN-SPAM Act of 2003. Nevertheless, if I were to agree to the terms of the Sender Agreement, I would subject myself to liability for liquidated damages of $2,000 per month. As a result, the next time I receive a Spam Arrest bounce-back, I probably will be forced to cease e-mail communication with the intended recipient.

Here are my thoughts about how Spam Arrest should be approached:

• Recipients / prospective Spam Arrest customers – Be sure that you want to impose an agreement that may be impossible for some legitimate senders to satisfy.
• Senders – Stay as far away from Spam Arrest as possible.

SENDER AGREEMENT – By clicking the “VERIFY” button above, and in consideration for Spam Arrest, LLC forwarding your e-mail (and any e-mails you may send in the future) to the intended recipient (the “Recipient”), you agree to be bound by the following Sender Agreement:
You represent and warrant to Spam Arrest and the Recipient that any e-mail you desire to send to the Recipient is not “unsolicited commercial e-mail” i.e., the e-mail does not primarily contain an advertisement or promotion of a commercial product, service or Web site; unless the Recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the Recipient’s own initiative. Further, you represent and warrant that your transmission of any e-mail does not violate any local, state or federal law governing the transmission of unsolicited commercial e-mail, including, but not limited to, RCW § 19.190.020 or the CAN-SPAM Act of 2003. You understand and acknowledge that it is fair and reasonable that you agree to abide by the restrictions set forth in this agreement. You acknowledge and agree that this agreement is central to Spam Arrest’s decision to forward your e-mails to the Recipient. Accordingly, if you violate this agreement, Spam Arrest and the Recipient shall be entitled to (1) temporary and/or permanent injunctive relief to restrain any further breaches or violations of this agreement; and (2) damages in the amount of two thousand dollars ($2,000.00) for each violation of this agreement. You acknowledge that such remedies are appropriate and reasonable in light of the costs and expenses Spam Arrest incurs as a result of eradicating and filtering unsolicited commercial e-mail. You acknowledge that the $2000.00 remedy is a reasonable estimate of Spam Arrest’s and the Recipient’s actual damages. This agreement is governed by the laws of the State of Washington and the exclusive venue for any action related to this agreement shall be held in the state and federal courts located in Washington. You hereby waive any right to object to venue or jurisdiction based on inconvenient forum, lack of personal jurisdiction or for any other reason.

This blog does not provide legal advice and does not create an attorney-client relationship. If you need legal advice, please contact an attorney directly.