• Proposed CAN-SPAM Regulation May Affect Business: Proposed regulation attempts to increase protection for commercial e-mail recipients while clarifying the law for senders.
  • July 5, 2005 | Author: Theodore F. Claypoole
  • Law Firms: Womble Carlyle Sandridge & Rice - Charlotte Office ; Womble Carlyle Sandridge & Rice - Winston-Salem Office
  • With spam e-mail still a serious concern for businesses and individual Internet users, the United States federal government is proposing to adjust the rules affecting commercial e-mail and procedures for opting out from additional mailings. Businesses sending commercial e-mail should be ready to incorporate the changes into their online communications regimes.

    Last month, the Federal Trade Commission ("FTC") issued a Notice of Proposed Rulemaking on various provisions of the 18-month old spam law, named Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 ("CAN-SPAM"). When the CAN-SPAM Act was introduced, it required that e-mails which had a commercial primary purpose must include the sender's physical postal address, a clear and conspicuous indication that the e-mail is a solicitation or advertisement, and detailed instructions about how a recipient could opt-out from receiving continued e-mail solicitations. The FTC was charged with making rules to clarify the enforcement of the Act. The FTC's proposals, if adopted, would have a significant impact on any business that markets its goods and services via e-mail.

    The proposed rule address the following five topics: 1) defining a "person" who will be affected by the Act (the term has been used throughout the Act but has never been defined); 2) limiting the definition of a commercial e-mail "sender;" 3) explaining that post office boxes and private mailboxes constitute "valid physical postal addresses;" 4) reducing from ten to three days the opt-out processing time a sender has to give to a commercial e-mail recipient; and 5) simplifying the procedures that a commercial e-mail recipient must follow to submit an effective opt-out request.

    The proposed regulation reflects the dual focus of the CAN-SPAM Act: offering increased protection for commercial e-mail recipients while clarifying the law for senders. Recipients will benefit from a broad definition of "person" to include not just natural persons, but individuals, groups, unincorporated associations, limited partnerships, corporations, or other business entities. Additional protection will be offered by changes to the opt-out process. Specifically, businesses will no longer be able to require recipients to pay fees or disclose extraneous personal information to effectively opt-out; at most, businesses could require the recipient to send a reply e-mail message or visit a single website.

    Senders, particularly in situations where there are advertisements from multiple persons in a single e-mail message, will benefit from a clearer definition of "sender." Under the current regulations, "sender" is broadly defined as anyone who advertises in the message; thus, in cases of multiple advertisers there are multiple senders and the area between compliance and non-compliance is murky. Under the proposed rule, if only one person is within the Act's definition and meets one or more of the following criteria, only that person will be considered the "sender" of the message if: 1) the person controls the content of the message; 2) the person determines the e-mail addresses to which the message is sent; or 3) the person is identified in the "from" line as the sender. Furthermore, for this rule to apply, this "chief" advertiser need not satisfy all of the criteria, but no other sender may satisfy any of the criteria. This modification offers a much more defined guideline for compliance for the "chief" advertiser in increasingly common cases of messages involving multiple advertisements.

    Whereas the beneficiaries of modifications to the definitional sections are quite distinct, it is unclear which side will ultimately gain from the proposal allowing senders to give a valid post office box or private mailbox as a "valid physical address." Recipients have argued that this proposal encourages fraud by increasing the risk that senders will misrepresent information to avoid accurate identification and location. However, the FTC recognizes the increasing number of legitimate businesses -- particularly home-based businesses -- that use post office boxes, and it believes that any benefit of disallowing the use of such addresses would be outweighed by the burden on this group of rightful users.

    Perhaps the most controversial part of the proposed rule is the reduction of the amount of time that a sender has to honor a recipient's opt-out request, from ten days to three days. On the one hand, this reduction responds to and offers further protection for recipients who complained that senders would still be permitted to send spam their way for ten more days despite their efforts to unsubscribe. On the other hand, this measure may well be over-inclusive, with the smaller timeframe posing a significant problem for organizations that do not have the technology or resources to process opt-out requests so quickly. While some senders have the software products and mechanisms to process the near-instantaneous response demanded by the proposed rule, other senders will have to reform their departmental infrastructure to comply with the rule. Some comments from businesses have already cited the inherent complexity of their organizations as obstacles to compliance with the proposed rule, but their related failure to support these statements with evidence has reduced the merit of these arguments. During the official period that just ended June 27, 2005, the FTC had encouraged businesses to respond regarding the availability, cost, and general use of the current technology in processing opt-out requests.

    Although the CAN-SPAM Act was introduced over a year ago, more than half of all Internet users still believe that spam is a continuing problem. Despite this fact, there has been virtually no change among recipients to modify their Internet or e-mail use to potentially reduce spam. Should the proposed rule be enacted, some of these provisions could be effective immediately to protect recipients' personal information and more readily identify senders, while other provisions might be delayed for a thirty day window. Regardless, all of the changes are expected to be implemented within the upcoming year.