CAN-SPAM ACT of 2003
Published in Massachusetts Bar Association Section Review, Vol. 17 No. 2, 2005
by Thomas V. Bennett
As business people, we are increasingly looking for ways to stay in contact with our clients and colleagues, and, naturally, one of the most convenient ways these days is email (like this one!). However, it is important that, in order to protect yourself, you know the legal limitations of commercial emails ("spam"). The Congress of the United States enacted a new law entitled “Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003” and, for short, called it the “CAN-SPAM Act of 2003.” The Act initially became effective January 1, 2004. The Act further provided for the Federal Trade Commission to adopt rules implementing the Act. The final rule of the FTC has come out and becomes effective February 18, 2005.
Congress found that email has become an extremely important and popular means of communication relied on by millions of Americans on a daily basis for personal and commercial purposes. Its low-cost global reach makes it extremely convenient and efficient and offers unique opportunities for the development and growth of frictionless commerce. Congress also found that the convenience and efficiency of email has been threatened by the extremely rapid growth of the volume of unsolicited commercial email. In addition to the annoyance of commercial messages, some email contains material that many recipients may consider vulgar or pornographic in nature. Congress, therefore, decided to put in place some regulations in order to separate the wheat from the chaff and also preempted the state laws which may be contrary to the Act so that there will be a consistency of policy on a national level with respect to email communications.
With respect to the marketing issues addressed by the Act, it first defines commercial email communications that are allowed and not regulated. Secondly, it addresses commercial email communications that are allowed but addresses what those email communications must contain and, finally, it prohibits certain activities with respect to commercial email communications.
Commercial email communications are unregulated by the terms of the Act if they are transactional or relationship messages . In general, the term “transactional or relationship message” means an email message, the primary purpose of which is:
(i) to facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender;
(ii) to provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient;
(iii) to provide:
(I) notification concerning a change in the terms or features of;
(II) notification of a change in the recipient's standing or status with respect to; or
(III) at regular periodic intervals, account balance information or other type of account statement with respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender;
(iv) to provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or
(v) to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.
If the commercial email communication is not of the foregoing type, it is considered to be commercial advertisement or promotion of a commercial product or service (including content on an Internet web site operated for a commercial purpose). The Act has certain requirements in connection with these promotional emails . These commercial email communications must comply with the following rules:
(i) It is unlawful to send a commercial email message which is accompanied by a header that is materially false or materially misleading. That means you have to identify who the message is from truthfully and accurately.
(ii) The subject heading may not be deceptive which means it will not be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message.
(iii) The email message must also clearly and conspicuously display a functioning return email address or other Internet based mechanism which the recipient may use to submit in a manner specified in the message a reply email message requesting not to receive future email messages from the sender (the “opt-out”). The return address must remain capable of receiving such messages for no less than thirty days after the transmission of the original message. If the recipient of the message “opts out” the recipient may not be communicated with again more than ten days after the receipt of the requested opt-out .
(iv) The email must provide a clear and conspicuous identification that the message is advertisement or solicitation
(v) The email must contain a valid physical postal address of the sender .
Each violation of the above provisions is subject to fines of up to $11,000.00. Deceptive commercial email also is subject to laws banning false or misleading advertising.
The following are activities which are proscribed by the Act and are subject to additional fines:
(i) “harvesting” email addresses from Web sites or Web services that have published a notice prohibiting the transfer of email addresses for the purposes of sending mail;
(ii) generating email addresses using a “dictionary attack” - combining names, letters, or numbers into multiple permutations;
(iii) using scripts or other automated ways to register for multiple email or user accounts to send commercial email;
(iv) relaying emails through a computer or network without permission - for example, by taking advantage of open relays or open proxies without authorization.
The Act allows the Department of Justice to seek criminal penalties, including imprisonment, for commercial emailers who do - or conspire to:
(i) use another computer without authorization and send commercial email from or through it;
(ii) use a computer to relay or retransmit multiple commercial email messages to deceive or mislead recipients or an internet access service about the origin of the message;
(iii) falsify header information in multiple email messages and initiate the transmission of such messages;
(iv) register for multiple email accounts or domain names using information that falsifies the identity of the actual registrant;
(v) falsely represent themselves as owners of multiple Internet Protocol addresses that are used to send commercial email messages.
An example of this is an action taken in 2004 by the Attorney General's Office in Massachusetts under the Act against an unincorporated business and the company's principal who resided in Florida who had sent thousands of misleading email messages from a business address in Newton , Massachusetts , where the company had no physical presence. The complaint filed with the Suffolk Superior Court alleged that DC Enterprises had failed to include an opt-out provision; failed to clearly identify messages as advertisements and used a non-functioning sender address when disseminating messages, all of which violate the Act protecting against unwanted SPAM, as well as the Massachusetts Consumer Protection Act.
Although the Act is intended to punish the spammers of the world, a small business intending to stay in touch with its customer base could easily violate the law if it does not follow each of the steps set forth above in communicating with its customers or clients or those to whom it would like to present its goods or services through email.
In addition to the foregoing, the Act has far-reaching provisions dealing with pornographic email communications.
If you have questions regarding this or any other legal matter, please contact Thomas V. Bennett at tvb@barronstad.com or (617) 531-6574.