When we think of spam, most of us envision an organization like SpamIt.com, which allegedly paid spammers to promote online pharmacies and is now under investigation by Russian authorities. According to the New York Times, in the month after SpamIt.com suddenly ceased operations on September 27, spam traffic worldwide dropped by an estimated 50 billion messages per day.
However, even if you’re not sending out billions of unsolicited e-mails promoting impotency drugs, this does not mean that Federal and State anti-spam laws don’t apply to you. When Congress passed the federal anti-spam law in 2003 -- the CAN-SPAM Act -- in classic legislative overreach, it wrote the law so that it even applies to broad classes of everyday, normal, “garden-variety” business communications.
Anti-spam laws can apply to a single business e-mail message
A stated purpose of the CAN-SPAM Act ostensibly was to control “bulk unsolicited commercial” e-mails. (fn1) However, instead of limiting its reach to bulk e-mailers, the text of the Act actually specifies no minimum number of e-mails that must be sent before CAN-SPAM applies. As a result, the Act can apply to a person who sends out just a single e-mail message. (fn2)
In certain cases, CAN-SPAM can apply even to an e-mail message that was “solicited” by the recipient. For example, according to the Federal Trade Commission, which regulates this area, if a recipient subscribes to a periodical which is delivered via e-mail, transmission of the periodical by the publisher is subject to the CAN-SPAM Act. (fn3)
It also doesn’t matter whether the e-mail message was sent by an individual, a for-profit corporation or a non-profit corporation. If the message relates to a business conducted by such a person or entity, CAN-SPAM can apply. (fn4)
What Is the Impact on Your Business If CAN-SPAM Applies?
If CAN-SPAM applies to your e-mails, it is unlawful for you to send out e-mail traffic that does not comply with the CAN-SPAM regulatory scheme. Violations of the CAN-SPAM Act can be punished with fines of up to $250 per unlawful e-mail, a cease-and-desist order, and an award of attorneys fees. (fn5) State anti-spam laws (which we will discuss in subsequent posts) can impose even higher fines.
The CAN-SPAM Act divides e-mails into three classes: (1) commercial e-mails, (2) transactional and relationship e-mails, and (3) other e-mails.
“Commercial e-mails” must comply with the following five requirements:
- Header information (e.g., IP address, To, From) cannot be materially false or misleading.
- Subject headings cannot contain messages that are likely to mislead the recipient about a material fact regarding the contents or subject matter of the e-mail.
- The e-mail must contain a working return e-mail address that the recipient can use to request that no further messages be sent to it.
- If a recipient makes a request not to receive further messages, no further commercial e-mail messages that fall within the scope of its request may be sent.
- The e-mail must: (i) clearly and conspicuously state that the message is an ad, (ii) provide a clear and conspicuous notice that the recipient has the right to decline further e-mail messages, and (iii) a contain a valid physical postal address for the sender. (fn6)
“Transactional and relationship e-mails” only need to comply with the first of these requirements – that header information cannot be materially false or misleading, (fn7)
Other e-mails, that don’t fit into the categories of “commercial” or “transactional and relationship” e-mails are not subject to the requirements of CAN-SPAM.
The five requirements for commercial e-mails are more onerous than they may seem at first glance. To comply with the “opt out” requirement, a business must set up a mechanism to ensure the opt-out notices are captured and acted on. To comply with the “subject heading” rules, businesses may need to change their traditional marketing messages. Some courts have found that subject headings are “materially misleading” even if the contents of the e-mail would not be considered actionable under common law fraud standards. For example, two California Federal courts have held that an e-mail subject line can be considered misleading where it offers a free gift, which the text of the e-mail reveals requires a handling fee. (fn8)
When Do These Rules Apply To Business E-mails?
The Act defines “commercial e-mails” as those whose message has the primary purpose of “the commercial advertisement or promotion of a commercial product or service.” (fn9)
According to FTC regulations, the use of the term “commercial” means that CAN-SPAM only applies to “commercial speech.” (fn10) The term “commercial speech” was coined by the U.S. Supreme Court in a series of First Amendment cases to refer to speech that proposes a commercial transaction or promotes specific products and services. (fn11) This means that the CAN-SPAM Act does not apply to non-commercial e-mail messages, such as e-mails that solely contain religious, political, charitable, or social messages. (fn12)
FTC rulemaking documents further indicate that a message is “commercial” only if it is sent in connection with a business activity. According to the FTC, the CAN-SPAM Act would not apply to “isolated e-mail messages sent by individuals, who are not engaged in commerce, but nevertheless seek to sell something to a friend, acquaintance or other business contact.” (fn13)
“Commercial e-mails” are also limited to those whose primary purpose is the “advertisement or promotion of a . . . product or service. This means that commercial e-mails are generally limited to those that concern “sell-side” activities. E-mails concerning buy-side activities, such as requests for proposals or inquiries about prices, would generally not be covered.
However, sell-side e-mails that likely would be considered “commercial e-mails” under CAN-SPAM include more than just the proto-typical e-mail ad. According to the FTC, they can also include “business-to-business relationship” e-mails, such as e-mails sent from banks to brokers to inform them about current interest rates, or e-mails sent from media sources to ad buyers to inform them about upcoming publications. (fn14) According to the FTC, they could also include the e-mails sent from the sales staff of a manufacturer to a distributor or retailer that were part of the ordinary negotiations between the parties for the sale of product – prior to the customer’s agreement to purchase the product. (fn15)
Transactional and relationship e-mails
The Act defines “transactional and relationship e-mails” as those whose primary purpose is to facilitate or complete a transaction that the recipient has already agreed to enter into with the sender. These include:
- e-mails that provide warranty, recall or safety and security information to a person who has already purchased or used a product,
- e-mails that provide notifications regarding a subscription, membership, account or loan,
- e-mails that provide information regarding an employment relationship, and
- e-mails that deliver goods and services that the recipient is entitled to receive. (fn16)
These rules sweep in broad classes of business activities, including some that are not immediately obvious. For example. according to the FTC, legally-mandated notices and debt collection e-mails would probably fall into the category of transactional and relationship e-mails. (fn17)
E-mails that are not covered by CAN-SPAM include those with non-commercial messages, such as those whose content is political, religious, charitable or social. They would also include “buy-side” business e-mails, such as requests for product and price information, and requests for bids and proposals. According to the FTC, they would also include e-mails sent to conduct market research or to provide a copyright infringement notice. (fn18)
In many cases, business e-mails will contain material falling into each of these three classes. For such e-mails, the application of CAN-SPAM rests on the primary purpose of the e-mail.
This blog post has only provided the outlines of Federal anti-spam rules. Given the broad scope of Federal and State anti-spam laws, and the growing risk of suits for non-compliance by the FTC and other federal regulators, State attorneys general, ISPs and “spam spiders,” businesses are well-advised to consult an attorney to ensure that their compliance efforts are sufficient.