Close

Spam Advertising Rules

Spam e-mails (more commonly called "spam") are unsolicited commercial emails. Spam was entirely regulated at the state level until CAN-SPAM was enacted in 2003. Yet, with CAN-SPAM, this is now an issue primarily governed by federal law. CAN-SPAM Act sets basic rules for commercial e-mail, and establishes requirements for messages and penalties for violations.

In general, CAN-SPAM (under 15 U.S.C. § 7704) requires business entities to do the following:

  1. Don't use false or misleading header information. The "from," "to," reply-to" and routing information-like the original domain name and e-mail address-should be accurate and identify the entity or person that initiated the message.
  2. Don't use deceptive subjects. The subject line must reflect the content of the message.
  3. Always identify advertisements. You must disclose clearly that the message is an advertisement, though there is some discretion allowed in how you do so.
  4. Tell your recipients your location. An e-mail must include a valid (physical) postal address. It doesn't matter if it is a street address, a post office box, or a private mail box at a commercial mail receiving agency.
  5. Allow recipients to opt-out. The e-mail must give a clear and conspicuous explanation of how the recipient can opt out. This can be done through a hyperlink at the end of messages, or an online form to fill out.
  6. When recipients opt-out, honor them promptly. Any mechanism you offer to help recipients opt-out must be honored within 10 business days. Furthermore, it must be able to process opt-out requests for at least 30 days after the message has been sent.
  7. Keep an eye on your agents and marketers. Generally, you as an entity or person is responsible for the actions of your authorized agents. Because of this, even if you hire others to manage email-marketing, you will be liable for any mistakes they make in complying with the law.

To determine whether an e-mail is subject to CAN-SPAM, it depends on whether the message's primary purpose is "commercial" or "transactional/relationship" as both are defined in 15 U.S.C. § 7702. Commercial purposes include promoting commercial websites and online businesses, or some business-to-business communications. An example would be a message informing a customer of a new product or service that is available on a business's website. Commercial messages are anything that have the primary purpose of advertising a product or service like an advertisement or promotion. Those types of content are subject to the requirements of CAN-SPAM.

Transactional and relationship purposes are treated more leniently. Transactional and relationship purposes cover what wouldn't be considered a commercial purpose. This includes messages primarily meant to facilitate, complete, or confirm a transaction that was agreed upon like a receipt. This type of content is mostly exempt from CAN-SPAM, although, it cannot include false or misleading header information in the electronic message (e.g., Amazon order update coming from a non-Amazon address).

However, there are many circumstances where the two types of purposes can be blurred or difficult to discern. So, a better determination would be needed to evaluate which aspects of CAN-SPAM would apply to the message.

Any violation of CAN-SPAM is subject to penalties of that can be capped between one and two million dollars, if the enforcement action is brought by the Internet Service Provider or the state government, respectively. There are other ways to violate CAN-SPAM as well, such as "aggravated violations." This includes any knowing violation of CAN-SPAM, or actions like address harvesting or dictionary attacks. These would result in potentially trebled damages.

The international community has joined in on regulating spam by enacting similar measures. These include Canada, United Kingdom, Australia, Japan, China, Germany, and European Union. In general, when it comes to the differences between the foreign policies and the American counterpart, it has to do with the recipient's consent, such as the European Union Directive On Privacy requiring "prior explicit consent" before messages are sent. For example, this task may be accomplished by providing a button that says: "Click here to be notified of our upcoming products." Other pitfalls that can lead to violations in these jurisdictions are a failure to prove consent before sending the spam (e.g., purchasing an email list for advertising purposes).