Law Column: Canning Spam

Before you hit the "send" button on your next e-mail, make sure the e-mail is CAN-SPAM compliant. The CAN-SPAM Act took effect last year and made it a criminal offense to engage in a variety of fraudulent practices by e-mail. The act also introduces certain generally applicable requirements and limitations as to legitimate commercial e-mail. In short, the act makes it more difficult for organizations to market their meetings and events.

It is important to ensure that an organization's current e-mail marketing campaign complies with the act—either by being exempt from the act due to an existing commercial relationship with the recipient or by being in compliance with the act as it relates to e-mail requirements.

The Act defines commercial e-mail as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service." Exempted from the commercial e-mail definition, however, are "transaction or relationship messages," which primarily "facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender." Transactional or relationship messages also include certain notifications with respect to ongoing commercial relationships such as subscriptions, memberships, and accounts. With respect to commercial e-mail, the act prohibits false or misleading transmission information contained in the message's header, including the originating e-mail address and "from" line. Deceptive subject headings are also prohibited.

CAN-SPAM requires that each commercial e-mail message contain "clear and conspicuous identification that the message is an advertisement or solicitation," although the manner in which this identification must appear is not specified. Such messages must also contain the postal address of the sender. The act applies not just to senders of commercial messages and related entities but also to those who allow the promotion of their business through unsolicited commercial e-mail.

CAN-SPAM requires all commercial e-mail to include a functioning e-mail address or other Internet-based mechanism, clearly and conspicuously displayed, that the recipient can use to opt out by requesting that no further message be sent. The sender of the message is given 10 business days to honor such opt-out requests, at which point sending any additional commercial e-mail represents a violation of the act. Primary enforcement authority is given to the Federal Trade Commission (FTC) and state attorneys general; damages are discretionary and can be as high as $2 million.

Those who believe that CAN-SPAM does not go far enough in preventing unsolicited e-mail have joked that the law should have been titled "You Can Spam" since it contains no outright prohibition on unsolicited commercial e-mail. Many have lamented the fact that the act preempts many state laws that were much more strict, such as the California law passed in 2003. Also, since federal and state governmental agencies are left to enforce the act, critics contend that the law will only be applied to the high-profile violators, allowing many small-time spammers to carry on unscathed. Preliminary reports do indeed suggest that the volume of unsolicited commercial e-mail has not decreased since the act was passed.