A CAN-SPAM Refresher
After six years of litigation, the impetus behind the federal CAN-SPAM Act is now more relevant than ever. The next big splash in spamming appears to have arrived in the form of social media. Twitter recently announced a "report as spam" button on user profiles geared toward combating junk tweets, known as "spitter."
Every day, more and more companies are ditching traditional snail mail campaigns and turning their marketing efforts to the Internet. In this environment, it is a good time for a CAN-SPAM Act refresher.
The CAN-SPAM Rules.
Contrary to popular belief, the application of the Act isn't limited to massive bulk e-mails offering vulgar goods and services. The Act applies to any e-mail message that has the primary purpose of promoting a commercial product or service. Even an e-mail message to a former customer announcing a new product line must comply with the law.
Moreover, violating the CAN-SPAM Act can be pricey. A penalty of up to $16,000 can be imposed for each separate e-mail violating the law. That can add up quickly. Last year, Facebook was awarded $873 million in a lawsuit against a single spammer.
To avoid running afoul of the law, consult with a lawyer and follow these simple steps:
- Keep your e-mail header accurate. The "From," "To," "Reply-To," routing information, originating domain name and e-mail address must accurately identify the person or business initiating the message.
- Keep your subject lines accurate. The subject line must accurately reflect the content of the message.
- Identify the e-mail as an ad. You must disclose clearly and conspicuously that your message is an advertisement.
- Include your physical postal address. You can provide your current street address, a post office box you've registered with the U.S. Postal Service, or a private mailbox you've registered with a commercial mail receiving agency established under Postal Service regulations.
- Tell recipients how to opt out of future e-mails. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting future e-mail from you.
- Honor all opt-out requests in a timely manner. Any opt-out mechanism you offer must be able to process the request for at least 30 days after you send your message and you must honor a recipient's request within 10 business days.
- Monitor what others are doing on your behalf. Even if you hire another company to handle your e-mail marketing, you can't contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.
Suggestions for Outsourcing.
Rule number 7 is worth repeating. A merchant can't circumvent compliance with the CAN-SPAM Act simply by having someone else send their e-mails for them. It is not uncommon for a merchant to hire an affiliate who is financially compensated for sending commercial e-mails and directing traffic to the merchant. If you are a merchant who runs such a program, it is important to remember that you may still be on the hook.
Here are a few suggestions, when hiring affiliates:
- Require affiliates to follow the CAN-SPAM Act in your terms of service.
- Clearly state the CAN-SPAM rules that must be followed in your terms of service.
- Require that your affiliate indemnify you for any violations of the CAN-SPAM Act.
- Designate an employee to be placed on your affiliate's subscriber list and monitor e-mails for any violations.
- Educate your affiliates: hire an attorney to conduct a short seminar that explains the basics of the CAN-SPAM Act.
- Investigate any complaints from potential customers.
Best Practices for Compliance
While the CAN-SPAM rules are not complicated, it is easy to make a mistake if you are not vigilant. To avoid problems, there are some best practices any company engaged in e-mail marketing should follow.
First, your company should develop a written e-mail marketing policy. The policy should identify the specific rules to be followed and should be distributed to all marketing employees and outside vendors who send e-mail on your company's behalf.
Second, you may want to consider only sending e-mail advertisements to individuals who have opted-in to your promotions or have a prior relationship with your company. The CAN-SPAM Act does not prevent sending unsolicited e-mails to unknown addresses, but many of the leading ISP's (e.g., Yahoo, Google and Microsoft) use blocking technology that blacklists certain IP addresses reportedly sending unwanted e-mails. Some companies choose not to send unsolicited e-mails to avoid the blacklists.
Third, if your company purchases e-mail lists for marketing purposes, you should obtain a warranty stating that the lists were not obtained in violation of the CAN-SPAM Act. You should also make sure your agreement includes provisions indemnifying your company for any failure by the seller to comply with the law. Purchasing such a list carries a risk that your company may be sued for the misconduct of the seller.
Fourth, make sure you know the policies of any outside e-mail marketing vendor you intend to use before purchasing an e-mail list. Many vendors will not allow your company to use their service unless you certify that your lists only include persons who have "opted in" to your promotions. Thus, before your company buys a list of e-mails, make sure that your vendor will let you use that list.
Lastly, your company should keep a database of all e-mail addresses that have opted-out of future commercial e-mails and develop a program that permanently blocks any future e-mails to that address. Companies should require both employees and outside vendors to contribute to the opt-out database because both the merchant and outside vendor is responsible for honoring each other's opt-out lists.
For more information about this Legal Update, contact Kevin T. Shook, Jill P. Meyer or any other attorney in Frost Brown Todd's First Amendment, Media and Advertising or Intellectual Property Law & Litigation Practice Groups.