Your Business and the CAN-SPAM Act
Does your business send out emails? If so, you should be familiar with the CAN-SPAM Act. The Act is a 2003 federal law that creates civil and criminal penalties related to certain types of email communications. It divides emails into several different categories, imposing different regulations on each category. If your business sends email, you should have a basic understanding of the different types of emails and the regulations that apply to them.
CAN-SPAM regulates ALL email. If your business sends out email, you should know CAN-SPAM.
Requirements for All Email
First, there are some requirements that the Act imposes on all email, regardless of type. Fortunately, unless you are deliberately trying to deceive your customers, complying with these regulations should not be a problem.
- The CAN-SPAM Act forbids falsifying email headers. In other words, you cannot change the header to make an email look like it came from an address other than your address.
- Second, you may not send email from domains or addresses that were fraudulently obtained.
- Third, you may not make unauthorized use of other computers to send your messages.
If you are using a legitimate email marketing service you should not have to worry about this–a legitimate service will take care of this for you.
The Act imposes additional requirements on “commercial” emails. The CAN-SPAM Act defines a commercial email as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” An email is obviously commercial if it consists exclusively of the advertisement or promotion of a commercial product or services. But an email can also be deemed commercial based on interpretation. In other words, an email is also commercial if a recipient might reasonably interpret the subject or body as an advertisement or promotion of a commercial product or service. This is not a simple test. According to the FTC, factors relevant to this interpretation include the placement of content that is the advertisement or promotion of a commercial product or service, in whole or in substantial part, at the beginning of the body of the message; the proportion of the message dedicated to such content; and how color, graphics, type size, and style are used to highlight commercial content. This is essentially a fact question for a judge or a jury.
It is not unlawful to send commercial email. However, if your business sends commercial email, it must comply with certain requirements (in addition to the previously mentioned requirements).
- Do not use deceptive subject headings. Whether a subject is misleading is based on whether it would be likely to mislead a recipient about a material fact regarding the contents of subject matter of the message. If it feels like you are being misleading you probably are.
- The emails must contain a valid from address or include an opt-out mechanism. Users must be able to inform you if they do not wish to receive further commercial messages from you. Once a user opts out, you may not send additional commercial messages to that user. Of course, you may send non-commercial messages, transactional messages, and, if the user subsequently affirmatively consents, you may resume sending commercial messages.
- If the recipient has not consented to receiving messages, the message must contain a clear and conspicuous indication that it is an advertisement. It must also contain a clear and conspicuous notice of how to opt out of receiving further messages. Finally, it must contain the valid physical postal address of the sender.
Since business would be stifled if every email had to comply with the requirements imposed on commercial messages, the Act creates a safe harbor for “transactional” messages. A transactional message is one related to a transaction a customer has already entered into with your business. Examples of transactional messages include:
- Emails to complete or confirm a transaction the recipient has agreed to enter into with the sender
- Emails providing information about warranties, product recalls, safety, or security regarding products or services purchased by the recipient
- Certain employment-related emails
If you are emailing a customer about a transaction you’ve already entered into with the customer, you are probably sending a transactional email.
CAN-SPAM can impose criminal liabilities.
Criminal Provisions and Civil Enforcement
It is important to know that the Act does contain criminal penalties. Generally, these penalties apply to persons committing crimes using email. Violations of the Act act as enhancements to other crimes, such as the crime of committing fraud by email.
Civil damages can be substantial. The FTC can impose penalties of up to $16,000 per email. States can impose penalties of up to $250 per email, up to a total of $2,000,000. And penalties can be imposed not just on the sender, but on third parties who knew of the violations and benefited from them (called “initiators”).
There is one piece of good news for businesses: individuals may not sue your business for violations of the CAN-SPAM Act. Civil enforcement is mostly handled by state and federal government. Although many federal agencies may enforce the Act, the primary agency is the FTC (which maintains a helpful compliance guide for small businesses). At the state level, the Act may be enforced by state attorneys general. And, in limited circumstances, private entities qualifying as “internet access services” (think ISPs) may have standing to sue. Of course, individuals may still sue under state laws regulating fraudulent or deceptive behavior, or may report your emails to the FTC or their state attorney general.
We Can Help
The CAN-SPAM Act is complicated and can be difficult for the non-lawyer to read. Fortunately, compliance is not difficult. If you need help making sure your emails will not expose you to fines or penalties under the Act, you should contact your business lawyer. With fines of up to $16,000 per email, a little law now really can save a lot later. Contact us.