Effective January 1, 2004, the CAN-SPAM
ACT of 2003 (a/k/a "Controlling the Assault of Non-Solicited Pornography
and Marketing Act of 2003") (the "Act") supersedes existing anti-spam
laws in thirty-six states.
The Act applies to U.S. businesses who send
commercial e-mail and is defined in the Act as "any electronic mail message
the primary purpose of which is the commercial advertisement or promotion of a
commercial product or service (including content on an Internet web site operated
for a commercial purpose)." (section 3(2)(A)). However, it is important to
note that the inclusion of a reference to a business or a link to web site in
an electronic mail message does not, by itself, cause such e-mail message to be
treated as a commercial e-mail message for purposes of the Act if the contents
or circumstances of the message indicate a primary purpose other than commercial
advertisement or promotion of a commercial product or service.
Section 5 of the Act prohibits initiation of commercial e-mails
- Contain or are accompanied by a header, source, destination
or routing information that is misleading or otherwise false.
knowingly deceptive “subject” headings or subject lines that are in any way unclear
or inconspicuous in identifying that the e-mail is an advertisement or solicitation.
- Do not contain an operational return e-mail address or other electronic
reply mechanism. The address or other mechanism must be operational for a minimum
of 30 days after the initiation of the e-mail (unforeseen technical difficulties
- Fail to provide the recipient with an "opt-out"
option which effectively stops receipt of further messages. (“transactional or
relationship” e-mail messages excepted).
In addition, the
Act makes it unlawful:
- To fail to honor requests for
removal from future e-mails within 10 business days after the receipt of such
- For anyone to sell or transfer the e-mail address of a
recipient who submitted an opt-out request.
- For a commercial e-mail
not to include a valid physical postal address for the sender.
The Act defines “aggravated violations” that
trigger more severe penalties. They are:
- Obtaining e-mail
addresses from web sites with explicit policies prohibiting the sale or transfer
of e-mail addresses;
- Obtaining e-mail addresses through automation
such as "generating potential e-mail addresses by combining certain names,
letters and numbers into numerous permutations" or "as registering for
multiple e-mail accounts or online user accounts" that are used to generate
- Retransmission through computers with unauthorized access.
The Act prescribes civil penalties enforced by the Federal
Trade Commission ("FTC"). The FTC also has authority to promulgate regulations
pursuant to the Act. Several actions are slotted for the next 6 to 24 months including
the creation of a "DO NOT E-MAIL" list.
Companies relying on e-mail to keep in touch with customers should
be compelled to take stock of current practices. It has become imperative for
companies to develop protective e-mail methodologies and policies compliant with
the Act. Certain actions that may be taken include the following:
- Make sure your unsubscribe system works.
- Use a confirmed
or double opt-in system.
- Be honest in the manner used to obtain
- Be aware that sending e-mails to potential
reciprocal linking partners whose e-mail address is identified by automatic means
is illegal under the Act.
- Avoid CDs or downloads of e-mails
addresses from so-called "opt-in" or "safe" e-mail address
services. You'll be responsible for the legality of purchased or rented lists.
- Affiliates Agreements - Ensure that terms of the Agreement regarding
e-mails are prohibited and any breach of such prohibition is considered cause
Depending upon the capability of your
IT department, it may be helpful and cost-effective to use an "opt-in"
or "permission-based" marketing campaigner such as Gotmarketing.
Among many benefits, Gotmarketing helps to (a) assure that their client activities
are compliant with current laws, and (b) protect databases of e-mail addresses
from theft and (c) assure that opt-out clients are unsubscribed as requested.
ACT of 2003 represents an attempt to control spam and alter the ways in which
businesses conduct e-mail marketing practices. This issue of LeapLaw's Ledger
is meant to be a summary of the Act and should not be considered legal advice.
LeapLaw subscribers are kept up-to-date through the LeapLaw database.
LeapLaw is part search
engine, part repository
and part virtual colleague. We
compile and maintain information commonly sought by business lawyers and paralegals.
Using LeapLaw expedites legal procedures, saving significant time and money.