This ebook outlines basic legal requirements for sending commercial email in the United States. Checklists for avoiding pitfalls are included. The ebook is adapted from content in Internet Law: The Complete Guide, published by STP.

Commercial Email and CAN-SPAMWhat Every Business Needs to Know

Commercial Email and Can-Spam2

Email has become a primary tool for most businesses to communicate and, for many, to promote themselves or sell products and services. With a click of the mouse, you can send a message to thousands of people instantly at minimal cost—a message that can include text, graphics, and audio, plus links to your best marketing materials.

Nevertheless, this attractive sales tool can annoy Internet users who are constantly bombarded with unwanted commercial email messages, also known as “spam.” What’s more, some messages may contain offensive material or carry malware to infect the recipient’s computer.

In the United States, the federal government has responded by putting laws in place such as the CAN-SPAM Act of 2003 that regulate the sending of commercial email. The CAN-SPAM Act was created to deal with the problem of unsolicited commercial email and regulates email in the United States that affects interstate or foreign commerce. The penalties for non-compliance can be harsh and may include fines, imprisonment as long as five years, and forfeiture of property.

Perhaps the most sweeping change effected by the CAN-SPAM Act is that it preempts all state and local statutes, regulations, and rules that regulate commercial email, except to the extent that they prohibit falsity or deception in commercial email messages or the information attached to those messages.

This ebook presents an overview of how the CAN-SPAM Act may apply to your email so that you can understand its requirements, comply and send commercial email safely.

introduction

Commercial Email and Can-Spam 3

Introduction 2

Does CAN-SPAM Apply to Your Email? 4Self-Assessment Checklist 5

Labeling Requirements 6 Self-Assessment Checklist 6

Opt-Out Requirements 7 Self-Assessment Checklist 8

Sending Multiple Commercial Messages 9Self-Assessment Checklist 10

Mailing Lists and Other Sources of 11Email Addresses

Self-Assessment Checklist 11

Good Business Practices for Commercial Email 12Self-Assessment Checklist 12

Summary 13

About the Authors 14

contents

Commercial Email and Can-Spam4

The CAN-SPAM Act applies to both “commercial electronic mail messages” and “transactional or relationship messages.”

A “commercial electronic mail message” is any email message whose “primary purpose ... is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).”

The act does not define “primary purpose.” Instead, it requires the Federal Trade Commission to define relevant criteria for determining the “primary purpose” of an email message. However, the act does say that merely referring to a commercial entity or including a link to a commercial website in an email message does not automatically cause that message to be treated as a commercial message under the act “if the contents or circumstances of the message indicate a primary purpose other than commercial advertisement or promotion of a commercial product or service.”

The law defines a “transactional or relationship message” as an email message whose primary purpose is one of the following:

• “to facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender”

• to provide information about a warranty, product recall, safety, or security for a commercial product or service that the recipient uses or has purchased

Does CAN-sPAM APPly to your eMAil?… what types of email are regulated?

Commercial Email and Can-Spam 5

• to provide certain types of information concerning “a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender”

• to provide information that is directly related to an employment relationship or an employee benefit plan in which the recipient is currently involved, participating, or enrolled

• to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.

While transactional or relationship messages are excluded from the definition of “commercial electronic mail messages,” they are still regulated under CAN-SPAM. Do not make the mistake of thinking that your messages are exempt from CAN-SPAM because they concern an existing relationship between recipient and sender.

Further, the law authorizes the FTC to modify the definition of “transactional or relationship message” to accommodate changes in email technology or practices.

C… f

1. Does my email message consist entirely of transactional or relationship content?

2. Does my email message consist primarily or entirely of a commercial advertisement?

3. Does my email message contain a commercial advertisement and would a recipient reasonably interpreting the subject line of the message likely conclude that the message contains a commercial advertisement?

4. Does my email message contain a commercial advertisement and would a recipient reasonably interpreting the body of the message likely conclude that the primary purpose of the message is a commercial advertisement?

If you answered Yes to any one of questions 1 through 4, you must comply with the CAN-SPAM Act.

Yes No

selF-AssessMeNt CHeCKlist

to determine if the CAN-SPAM Act applies to your email

Commercial Email and Can-Spam6

for commercial email labeling requirements

1. Does my commercial email message include identification that the message is an advertisement or solicitation? (Optional if the recipient has previously given me consent to receive my email, but always recommended.)

2 Does my commercial email message include notice to the recipient telling him or her that he or she may opt out of receiving further commercial email messages from me?

3. Does my commercial email message include my valid physical postal address?

Yes No

selF-AssessMeNt CHeCKlist

lAbeliNg requireMeNts… a rose by any other name may get you into trouble

The CAN-SPAM Act requires all commercial email messages, including those sent via online social networking sites, to contain both of the following:

• a clear and conspicuous notice to the recipient telling him or her that he or she may opt out of receiving further commercial email messages from the sender

• the sender’s valid physical postal address.

Unless the recipient has previously given the sender his or her consent to receive the sender’s messages, the message must also include clear identification that the message is an advertisement or solicitation. Even if the recipient has given permission, identifying a commercial message as an ad is always a good idea.

Commercial Email and Can-Spam 7

Under the CAN-SPAM Act, every commercial email must include a way for the recipient to opt out of receiving further messages from the sender, and the opt-out mechanism must remain capable of receiving the recipient’s request for at least 30 days after the transmission of the original message. Opt-out requirements also apply to commercial messages sent via social networking websites.

The opt-out system need not force recipients into an “all-or-nothing” choice. The law allows senders to give recipients a list or menu by which a recipient may select the specific types of commercial email messages he or she does not want to receive. However, such a system must allow a recipient to choose not to receive any commercial messages from the sender.

Once a recipient has opted out of receiving further commercial email from the sender, the sender and anyone acting on the sender’s behalf must honor the recipient’s opt-out request within 10 business days of receiving that request. To honor the recipient’s request, the sender and any person acting on the sender’s behalf must not:

• send commercial email to the recipient

• help another person to send commercial email to the recipient by knowingly giving that person the recipient’s email address

• sell, lease, exchange, or otherwise transfer or release the recipient’s email address for any purpose other than to comply with the CAN-SPAM Act or another law.

oPt-out requireMeNts… giving recipients a choice

See the checklist for Commercial Email Opt-out Requirements below

Commercial Email and Can-Spam8

selF-AssessMeNt CHeCKlist for commercial email opt-out requirements

1. In each commercial email message I send, do I include a functioning return email address or another Internet-based mechanism by which the recipient may opt out of receiving further commercial email from me?

2 Does my opt-out mechanism receive the recipient’s opt-out request for at least 30 days after the transmission of the original message?

3. If I provide recipients with a list or menu by which a recipient may select the specific types of commercial email he or she wants to receive, is one of the options “no commercial email messages”?

4. Do I honor any opt-out request immediately and no later than within 10 days of receiving that request?

5. Once a recipient has opted out, do I stop sending commercial email to the recipient?

6. Once a recipient has opted out, do I stop selling, leasing, exchanging, or otherwise transferring or releasing the recipient’s email address for any purpose other than to comply with the CAN-SPAM Act or another law?

Yes No

Written specifically for directors and officers, Ways to Get Into Trouble outlines the risks inherent in corporate responsibility, and the preventative measures directors and officers can put into practice to manage and reduce risks.

Written by compliance expert and author, Jon Elliott, this detailed 28- page eBook helps you understand and fulfill the growing assortment of responsibilities assigned to officers and directors.

Learn which standards apply to you and how to meet them.

Learn how to avoid potential pitfalls and personal responsibility

Covers a range of subjects and easy-to- follow checklists

Download the free eBook now

Directors’ and Officers’ Liability 01 ways to get into trouble

Commercial Email and Can-Spam 9

The CAN-SPAM Act particularly addresses the problem of sending multiple commercial email messages. The law states that “multiple” means a number that exceeds a certain number of messages during a specific time period. Those thresholds are 100 messages in 24 hours, 1,000 messages in 30 days, and 10,000 messages in one year. Any number of email messages that exceeds the maximum number of messages for a given time period will be deemed “multiple” messages under the act. Note that these are total messages sent, not messages sent to a single recipient.

If you are sending multiple commercial emails, you must ensure that you are not doing any of the following actions prohibited under the act:

• sending commercial email messages with false header information (e.g., a subject heading that would likely mislead a recipient as to the content or subject matter of the message, or a false sender identity)

• falsifying an identity and registering for five or more email accounts or online user accounts or two or more domain names and sending multiple commercial emailmessages from any combination of such accounts or domain names

• falsely representing yourself as the registrant or the legitimate successor to the registrant of five or more Internet Protocol addresses, and sending multiple commercial email messages from those addresses

• accessing a computer without authorization in order to send multiple commercial messages

• retransmitting multiple commercial email messages with the intent to mislead the recipients or an Internet access service as to the origin of the messages.

seNDiNg MultiPle CoMMerCiAl MessAges… how many is too much?

Commercial Email and Can-Spam10

1. Do I send commercial messages that exceed any of the following limits?

• 100 messages in 24 hours?

• 1,000 messages in 30 days?

• 10,000 messages in one year?

If you answered No to all of the above, your messages are not multiple commercial email messages. You have now completed this checklist.

If you answered Yes to any of the above, your messages are considered multiple commercial messages.

2. Use the questions below to ensure that you are not violating CAN-SPAM’s restrictions on multiple commercial messages.

• Do I make sure that I do not access a computer without authorization and intentionally send multiple commercial email messages from or through that computer?

• Do I make sure that I do not use a computer to relay or retransmit multiple commercial email messages with the intent to deceive or mislead the recipients or any Internet access service as to the origin of such messages?

• Do I make sure that I do not falsify header information in multiple commercial email messages and intentionally send those messages??

• Do I make sure that I do not falsify my identity and register for five or more email accounts or online user accounts or two or more domain names, and intentionally send multiple commercial email messages from any combination of such accounts or domain names?

• Do I make sure that I do not falsely represent myself to be the registrant or the legitimate successor to the registrant of five or more Internet Protocol addresses, and send multiple commercial email messages from those addresses?

• Do I make sure that I do not conspire with another person to do any of the above?

Yes No

selF-AssessMeNt CHeCKlist for sending multiple commercial messages

Commercial Email and Can-Spam 11

As part of your email best practices, you should keep your commercial email lists focused on people who are likely to be interested in your product or service and who have expressed some interest in receiving your messages. Stay away from purchased lists or other lists that contain addresses of recipients who have not asked for your email messages and be sure to remove from your mailing list anyone who has specifically asked to be removed.

Do not harvest email addresses from someone else’s website or proprietary online service or use an automated “dictionary attack” to generate possible email addresses by combining names, letters, or numerals into many permutations. The CAN-SPAM Act prohibits these practices, including their use on online social networking sites.

MAiliNg lists AND otHer sourCes oF eMAil ADDresses… keep your mailings on target

selF-AssessMeNt CHeCKlist for mailing lists and other sources of email

1. Have I targeted my mailing to people who are likely to be interested in my product or service??

2 Do I avoid using purchased lists or other lists likely to contain addresses of recipients who have not asked for my mail?

3. Do I remove from my mailing list anyone who has specifically asked to be removed?

4. Do I limit any commercial email I send to those people who have requested information from me, or to those who have expressly consented to receive such email??

5. Do I make sure that I do not harvest email addresses automatically from a website or a proprietary online service that another person operates?

6. Do I make sure that I do not use any automated means to generate possible email addresses by combining names, letters, or numerals into many permutations?

Yes No

Commercial Email and Can-Spam12

gooD busiNess PrACtiCes For CoMMerCiAl eMAil

for good business practices for commercial email

selF-AssessMeNt CHeCKlist

Yes No1. Is the product or service I am advertising unlikely to be considered unsuitable for children and is it unlikely to offend significant portions of the public?

2. Does my advertising identify the true source of the email?

3. Does my advertising contain only true statements?

4. Does the subject line of the email include only correct information?

5. Is my commercial email sent without intent to deceive or defraud the recipient?

6. Have I ensured that my email does not contain false, malicious, or misleading information that purposely or negligently injures any person?

7. Have I ensured that my email is not sent with the intent to harass any person?

8. Have I obtained written permission from my ISP or proprietary online service to conduct a bulk emailing?

9. Is my mailing limited to a reasonable amount of email, depending upon the capacities and policies of my ISP?

10. Do I understand and abide by all terms of service and policies regarding commercial or bulk communications for each Internet service that I use to send such communications?

11. Have I ensured that I do not falsify or forge email transmission or routing information?

12. Have I ensured that I do not use another person’s Internet domain name without that person’s permission?

13. Have I ensured that I do not misrepresent the point of origin of the email?

14. Does my email identify the point of origin or the transmission path of the email?

15. Does my email message provide the date and time the email is sent?

16. Does my email message provide the true identity of the person, business, or other entity sending the email?

17. Does my email message provide the return email address of the person, business, or other entity sending the email?

18. Does my email message provide my street address?

19. Does my email message provide my valid Internet domain name?

Commercial Email and Can-Spam 13

This ebook outlines steps businesses can take to ensure their commercial email complies with the CAN-SPAM Act, but it is important to note that complying with the act is only a first step. While CAN-SPAM sets minimum requirements for sending commercial email, ISPs and other operators of mail systems are free to set stricter requirements for the mail they handle. Some mailers nonetheless believe that if their mail is CAN-SPAM-compliant, recipient systems have a duty to deliver it. In reality, email system providers have great discretion about what to deliver. CAN-SPAM and related laws set a very low standard, analogous to minimum wage for employers. Every ISP in the United States has an acceptable-use policy with stricter rules than those in the law, and nearly all ban bulk unsolicited mail outright.

Be aware that state and international laws can also govern your commercial emails. Always check the laws in the specific regions from which and to which you are sending messages.

The content of this ebook is a general outline of some areas of compliance and should not be considered a definitive or comprehensive discussion of all requirements relating to commercial email.

summary

Commercial Email and Can-Spam14

About tHe AutHors

John R. Levine, PhD, earned his degrees from Yale University. He has worked in a variety of technical positions, including as system architect for the original version of IBM’s AIX workstation system, and as one of the authors of Javelin, an award-winning modeling package. He now lives in upstate New York, where he writes and consults on the Internet and Internet law.

John has served as an expert witness in a variety of Internet-related cases, including Field vs. Google, Perfect 10 vs. Google, Commonwealth vs. Jaynes, U.S. vs. Soloway, and U.S. vs. McDaid in the United States, and also Century 21 vs. Rogers in Canada, and Crown vs. Atkinson in New Zealand.

John is the author of many books including the well-known Internet for Dummies, now in its 13th edition, as well as more technical works.

He is a senior technical advisor to the Messaging Anti-Abuse Working Group (www.maawg.org), an industry association of Internet providers and other organizations that deals with spam, malware, and other online threats. He is also the president of the Coalition Against Unsolicited Commercial Email (www.cauce.org), the leading grassroots anti-spam organization.

Steven D. Imparl, JD, holds a law degree and a Bachelor of Science degree, With High Honor, from DePaul University. He resides and practices law in Chicago, Illinois, concentrating his practice in Internet, e-commerce, and computer law. Besides his legal experience, Steven has extensive professional experience in information technology, having served as an IT programmer, analyst, and manager at a large public utility for nine years. He is a former member of the Congressional Internet Caucus Advisory Committee, a group of experts in the Internet and e-commerce industries that provides information and education to the US Congressional Internet Caucus about technology, public policy, and legislation affecting the Internet.

Commercial Email and Can-Spam 15

Head Office

Suite 306 - 267 West Esplanade North Vancouver, BC, Canada V7M 1A5

1 800.251.0381

www.stpub.com

Copyright © 2014 Specialty Technical Publishers. All Rights Reserved.This publication does not constitute legal, accounting or other professional advice. STP Specialty Technical Publishers and its authors make no warranties, whether express or implied, regarding the accuracy of any information or materials contained herein or the results of any course of action described herein, and STP and its authors expressly and specifically disclaim the implied warranties of merchantability and fitness for a particular purpose.