With little fanfare, on May 21, 2008 the Federal Trade Commission published a new final Rule that is certain to find unwary advertisers in violation of the CAN-SPAM Act (the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, codified at 15 U.S.C. § 7701 et seq.) See Federal Register, vol. 73, no. 99, May 21, 2008 at 29654 et seq.: http://edocket.access.gpo.gov/2008/pdf/E8-11394.pdf.
The new Rule, which went into effect on July 7, 2008, promulgates regulations that supplement and modify the Act in a number of ways, including by:
- modifying the definitions of the “person[s]” and “sender[s]” covered;
- permitting, under specified conditions, multiple advertisers to designate a single responsible email “sender” to be identified in the “from” line of a commercial email message; and
- amending the “valid physical postal address” that a sender is required to identify in commercial email to include the sender’s option to provide a properly-registered Post Office box or private mailbox in lieu of its current street address.
See 16 C.F.R. Part 316: http://cfr.law.cornell.edu/cfr/.
While each of these regulatory revisions should be carefully reviewed for their possible impact on your commercial email practices, the one change that seems most likely to have a pronounced effect on email advertisers is the Rule’s new opt-out requirements. These requirements are set forth in an amended Section 316.5, which provides, in relevant part:
§ 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out.
Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient’s electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based mechanism, . . . to submit a request not to receive future commercial electronic mail messages from a sender; or
(b) Have such a request honored . . . .
16 C.F.R. § 316.5 (emphasis added).
In so providing, the Rule enlarges the CAN-SPAM Act’s opt-out requirements in a manner that places many well intending advertisers at risk of violating the Act. The statutory opt-out requirements themselves are merely as follows:
(3) Inclusion of return address or comparable mechanism in commercial electronic mail
(A) In general
It is unlawful for any person to initiate the transmission to a protected computer of a commercial electronic mail message that does not contain a functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed, that —
(i) a recipient may use to submit, in a manner specified in the message, a reply electronic mail message or other form of Internet-based communication requesting not to receive future commercial electronic mail messages from that sender at the electronic mail address where the message was received; and
(ii) remains capable of receiving such messages or communications for no less than 30 days after the transmission of the original message.
15 U.S.C. § 7704(a)(3) (emphasis added).
On its face, therefore, the CAN-SPAM Act does not prohibit the advertiser from requiring the recipient who wishes to opt out of future commercial email messages to do any of the following:
- pay a fee;
- provide personal or other information, such as the recipient’s name, street address and/or customer account number, in addition to its email address and opt-out preferences; or
- view an intermediate Web page or message, log on to the recipient’s Website account, or take other measures in addition to the new Rule’s mandatory “single step” of sending an email reply or visiting a single Internet Web page in order to register an opt-out request.
The new Rule 316.5, however, clearly does prohibit the advertiser from adopting any of these requirements. With this new Rule in place, advertisers who currently require email recipients to state their name or customer account number, to visit or click through an intermediate Web page, or to view a notice or other message, before the opt-out request can be completed are now in violation of the CAN-SPAM Act. As a result, these advertisers may be subject to liability for civil and statutory damages — and even treble damages in cases of willful or aggravated violations. See 15 U.S.C. §§ 7704(b) and 7706.
Thus, if you engage in the email advertising or promotion of your products, services or Website, it is critical that you conduct a thorough audit of your commercial email practices, and especially, your email opt-out requirements, lest you run afoul of the new and enlarged requirements of the CANSPAM Act.