Digital Harbor Online Digital Harbor Online Digital Harbor Online Digital Harbor Online Digital Harbor Online
Who We Are
Subscribe
News
Calendar
advertise
Resources
Columns
Boards
Seach DHO
spotlights
Digital Harbor
Columns
3-dot bullet CAN-SPAM Frequently Asked Questions

By Jeff Renaud, Regional Account Manager for ExactTarget (Published Jan. 19, 2004)

Important Reminder for the New Year!
The Federal CAN-SPA*M Act, recently signed by President Bush, took effect on January 1st, 2004. This new federal law preempts the 37 state laws regarding email, and requires both a valid physical mailing address of the sender (your organization's address) as well as a working unsubscribe mechanism. Without these in place, your organization could be liable under this law which allows for substantial financial penalties. Here is a list of FAQ's for your review:

What is prohibited under the law?

· False or Misleading email header information - This is a tactic used often by spammers to disguise their "sending" identity by falsifying the information in the "header" of their email, which is the portion of the email that is typically only seen by the receiving mail server. Spammers are constantly changing and falsifying this information to evade detection, confuse spam filters, and continue sending spam.
· Deceptive or Misleading Email Subject Lines - Again, this requirement focuses on the deceptive practices often used by spammers to encourage recipients to open a message and respond to an offer or scam.
· Failure to provide an opt-out method and honor opt-out requests - The law presumes that only spammers would want to ignore their recipients and disallow them from removing themselves from future promotions.
· Failure to Identify a Message as Commercial - This requirement stops short of many state laws and does not require labeling commercial email with ADV in the subject line. The law doesn't specify how emails should be labeled, but gives the FTC 120 days to define how and if a commercial email is to be labeled.
· Failure to Provide a Valid Physical Mailing Address - Part of the problem with spam is that it is notoriously untraceable. Spammers can vanish into this air. This law says that if you are sending commercial email, you must provide a physical address, presumably at which you can be contacted for questions, problems or violations of your email.
· Failure to Label a Sexually-Oriented Message - 120 days after the law takes effect, the FTC's labeling recommendation must be implemented for emails containing adult or sexual content.

What is required under the law?

· All Commercial Email Must Contain Valid Opt-out - Essentially the federal law is an opt-out law. It allows the sending of unsolicited email, as long as the recipient is given an opportunity to opt-out of future communications.
· Opt-out Request Must Be Honored Within 10 Business Days - Though the FTC will review the number of days and recommend another number that may be more appropriate, this requirement will be the first time many companies have had to develop a process around ensuring full name removal.
· All Commercial Email Must Include a Valid Physical Address - As mentioned above, this is a nod towards legitimate marketers. The law essentially says, "If you're not a spammer, then stand up and be responsible for the email you're sending."
· All Email Must Provide a Clear Notice that the Email is an Advertisement - This may be the vaguest portion of the law in that no recommendation is made for the language to be used or how it is positioned in the email. For now, no specific labeling is required, though the FTC has 120 days to define any labeling requirement.
· Labeling for Emails with Sexually-Oriented Content - Again, though not a problem for most businesses, there may be some potential pitfalls here for health related products.

Is a PO box a valid physical mailing address? No. Under the law, the address must be a physical postal, street, address.

Can clients eliminate the unsubscribe function?
An unsubscribe function is required on every email unless a client-managed unsubscribe agreement is signed, though only a few types of email could not have an unsubscribe (such as emails to employees) or other non-commercial email messages.

What types of email does it apply to?
The law applies to all email messages where the primary purpose is the commercial advertisement or promotion of a commercial product or service (including content on a commercial Web site). This will include most B2B newsletters and communication.

What types of email are exempt?
Transactional or relationship messages are exempt under the law and do not require any opt-out or physical address. However, we still recommend including this information in all emails to reduce the chance of challenge or litigation. A transactional message is an email that meets one of the following:
- Facilitates commercial transaction w/ sender
- Provides warranty, recall, safety or security info
- Customer notices re: subscription, status, account
- Related to employment relationship or benefits
- Deliver goods or services, including updates or upgrades

Are non-profit organizations exempt?
The law does not provide any specific exemptions for non-profit organizations, so we recommend including a valid physical address and unsubscribe mechanism for all emails sent via our system.

What are the penalties under the law?
$250 per violation, capped at $2 million for any violations other than false or misleading headers. Amounts can be trebled (tripled) if violation if email address harvesting or dictionary attacks can be shown. Law allows for prison time for willful violations, spamming by relaying spam from another computer, falsifying headers, or using more than 5 false domains or bogus email accounts to send spam.

Does it preempt the other state laws?
Yes, the federal law preempts all state laws that deal specifically with email and spam. However, it does not apply to state laws that are not specific to email, such as trespass, contract or tort law or to state laws related to fraud or computer crime. Also it does not preempt state laws focused on fraud/falsity/deception in email (i.e., Virginia).

Who can sue?
Suit can only be brought by ISP's, FTC or States Attorney General under law. It does not allow individuals to sue or bring about class action suits.

What about the Do Not Email list?
The law requires the FTC to investigate the development of a list, but does not require them to implement one. The FTC has 6 months to study this issue and make a recommendation.

NOTE: The information above is based on ExactTarget's interpretation of the federal law. The document may be used to help set strategy and plan for changes that may be necessary, but it is not legal advice. Please contact your own attorneys for their recommendations on the compliance steps necessary for your organization.

Jeff Renaud is the Regional Account Manager for ExactTarget in Washington, DC 20001
jrenaud@exacttarget.com (m): 301-801-7092 www.exacttarget.com

Back to top
Current Digitalharboronline Columns Page
SIte Design and Development by Natoli Design Group
Copyright 2003, Digital Harbor Online | Privacy Policy | Subscribe