1 Marketing: CAN- SPAM Act Compliance David J. Ervin and Christopher M. Loeffler, Kelley Drye and Warren LLP This Practice Note is published by Practical Law Company on its PLC Law Department web service at A Note discussing the federal CAN-SPAM Act s requirements for commercial s, its enforcement and best practices for compliance. The widespread consumer acceptance of online communication provides marketers with a number of benefits compared to traditional direct marketing campaigns, including: Lower costs. Almost instantaneous delivery. A more interactive experience generally allowing users to immediately click through to the marketer s website. However, the ease and efficiency of marketing also brings drawbacks. The high volume of unsolicited commercial messages (spam) received by consumers makes it difficult for individual marketers to stand out. In addition, consumers do not want their inboxes full of spam, which, in some cases, are also fraudulent or contain offensive content. In 2003, Congress enacted the Controlling the Assault of Non- Solicited Pornography and Marketing Act (15 U.S.C ) (CAN-SPAM Act) to regulate unsolicited commercial . The CAN-SPAM Act does not flatly prohibit all unsolicited commercial . Instead, it sets out specific requirements for the content of these messages and to ensure that consumers can opt out of receiving them. This Note discusses the federal CAN-SPAM Act, including: The scope of the CAN-SPAM Act. The CAN-SPAM Act s requirements, including certain Federal Trade Commission (FTC) and Federal Communications Commission (FCC) implementing regulations and rules. Enforcement of the CAN-SPAM Act, including penalties for violations. Best practices for marketers compliance with the CAN-SPAM Act. Companies using to market and advertise their products and services also must pay careful attention to compliance with other applicable laws, including, for example, other laws addressing marketing and advertising practices (for more information, see Practice Notes, Advertising: Overview (http://us.practicallaw.com/ ), Online Marketing and Advertising (http://us.practicallaw.com/ ) and Direct Marketing (http://us.practicallaw.com/ )) and privacy and data security laws (for more information, see Practice Notes, US Privacy and Data Security Law: Overview (http:// us.practicallaw.com/ ) and Privacy and Data Security: Breach Notification (http://us.practicallaw.com/ )). SCOPE OF THE CAN-SPAM ACT The CAN-SPAM Act regulates the transmission of all commercial messages, not just unsolicited messages. A commercial message is defined as any that has a primary purpose of... commercial advertisement or promotion of a commercial product or service (15 U.S.C. 7702(2)(A)). This includes commercial s sent to business accounts, as well as those sent to individual consumers. The CAN-SPAM Act authorizes the FTC to issue regulations implementing the CAN-SPAM Act s provisions (the CAN-SPAM Rule codified at 16 C.F.R. part 316). Similarly, the FCC has authority under the CAN-SPAM Act to issue rules addressing unsolicited commercial messages sent to consumers wireless devices (see Sent to a Wireless Device).
2 Marketing: CAN-SPAM Act Compliance IS IT A COMMERCIAL MESSAGE? A first step in evaluating whether the CAN-SPAM Act applies to an message is to determine whether the is a commercial message. Not every message from a business is deemed a commercial message under the CAN-SPAM Act. Rather, the s primary purpose must be the commercial advertisement or promotion of a product or service. In particular, messages sent to consumers that have a primary purpose relating to a particular transaction or relationship between the sender and the consumer are expressly exempted from the CAN-SPAM Act s specific requirements for commercial messages (15 U.S.C. 7702(2)(B)). To qualify as a transactional or relationship message, the s primary purpose must be to do one or more of the following: Facilitate, complete or confirm a commercial transaction previously agreed to by the recipient. Provide warranty, product recall, safety or security information for a product purchased by the recipient. Provide certain information permitted under the CAN-SPAM Act regarding a subscription, membership, account, loan or similar ongoing relationship concerning the recipient s ongoing purchase or use of the sender s products or services (for example, notification of a change in terms or features of a membership or subscription or periodic account information). Provide information regarding an employment relationship or related benefit plan in which the recipient is currently involved, participating or enrolled. Deliver goods or services (for example, updates or upgrades) that the recipient is entitled to receive as a result of a previously agreed upon transaction. (15 U.S.C. 7702(17)(A).) If the message includes content only in one or more of the above categories, it is not a commercial message under the CAN-SPAM Act. If a message contains both transactional or relationship content and commercial content, the CAN-SPAM Act s commercial requirements apply if the message s primary purpose is commercial (see Is the Message s Primary Purpose Commercial?). The CAN-SPAM Act also contains compliance obligations and prohibitions for transactional or relationship messages (see Prohibition on False or Misleading Transmission Information), but these are less rigorous than the rest of the requirements specific to commercial messages (see generally, Commercial Message Requirements). IS THE MESSAGE S PRIMARY PURPOSE COMMERCIAL? Even if the does include some commercial content, the CAN-SPAM Act s commercial requirements apply only if the message s primary purpose is commercial. The FTC has clarified the analysis to determine a message s primary purpose as follows: Messages Containing Only Advertising Content. These messages have a commercial primary purpose. Messages Containing Both Advertising and Transactional or Relationship Content. These messages have a commercial primary purpose if either: The recipient would interpret the subject line to mean that the message contains commercial advertising. A substantial part of the transactional or relationship content does not appear at the beginning of the message. Messages Containing Both Advertising Content and Other Non-transactional or Non-relationship Content. These messages have a commercial primary purpose if either: The recipient would interpret the subject line to mean that the message contains commercial advertising. The recipient would determine from the body of the message that the message s primary purpose is commercial advertising. In making this determination, factors for the recipient to consider include: the placement of the commercial advertising at the beginning of the message; the proportion of the message dedicated to commercial advertising; and how prominent the commercial advertising is (for example, highlighted through use of graphics type size and style). Messages Containing only Transactional or Relationship Content. These messages do not have a commercial primary purpose (see also Is it a Commercial Message?). (16 C.F.R ) WHO MUST COMPLY WITH THE CAN-SPAM ACT? Initiators of Commercial Messages Any person, including business entities and nonprofit associations, that initiates commercial messages must comply with the CAN-SPAM Act requirements (see Can-Spam Act Requirements). As defined by the CAN-SPAM Act, a person is an initiator of a commercial message if it either: Originates or transmits the . Procures the transmission of the , meaning that the business either intentionally pays or provides other consideration to, or induces, another person to transmit the on its behalf. The CAN-SPAM Act contains an exception, however, when the person initiating the commercial is involved solely in routine conveyance. This is when the person s actions only relate to the transmission, routing or storage of the message through an automatic technical process and the person is not involved in identifying or providing the recipients addresses for the message. 2
3 Senders of Commercial Messages Certain other requirements apply specifically to senders (see Opt-Out Requirements and Other Requirements). A sender is an initiator whose own product or service, or internet website, is advertised or promoted in the commercial message. A commercial can have more than one initiator or sender. For example, where a business engages a third-party service provider to send a commercial advertising the business s products, both parties are initiators under the CAN-SPAM Act. The business is also a sender under the CAN-SPAM Act. For specific issues involving determining whether a person is an initiator or sender under the CAN-SPAM Act, see Common Marketing Practices: Forward-to-a-Friend s, Multiple Senders and Affiliate Marketing. CAN-SPAM ACT REQUIREMENTS PROHIBITION ON FALSE OR MISLEADING TRANSMISSION INFORMATION It is a violation of the CAN-SPAM Act to initiate the transmission of a commercial message or a transactional or relationship message that contains false or misleading transmission information, which is an s From, To, Reply to and routing information (also known as the header information). Instead, this information must be correct and identify the person initiating the message (15 U.S.C. 7704(a)(1)). COMMERCIAL MESSAGE REQUIREMENTS Prohibition on Deceptive Subject Headings The CAN-SPAM Act prohibits a person from initiating a commercial with a deceptive subject heading. This means that the initiator of the message cannot have actual knowledge (or knowledge fairly implied under the circumstances) that the subject heading would be likely to mislead the recipient about a material fact regarding the message s contents or subject matter (15 U.S.C. 7704(a)(1)). Opt-out Requirements The CAN-SPAM Act requires initiators of a commercial to include following elements in each commercial Clear notice of the recipient s right to not receive (opt out of) future messages from the sender of the . One of the following mechanisms for opting out: a functional return address, allowing the recipient to simply reply to the indicating the recipient s opt out; or another internet-based opt-out mechanism (for example, a link to a separate web page containing the opt-out mechanism). The opt-out mechanism must be functional for at least 30 days after the message is sent. If the return address or other mechanism, however, is unexpectedly and temporarily unable to receive messages or process opt-out requests resulting from a technical problem beyond the sender s control, it is not a violation of the CAN-SPAM Act s opt-out requirements if the problem is corrected within a reasonable time (15 U.S.C. 7704(a)(3)(C)). A sender of a commercial cannot require the recipient to do any of the following to submit (or have the sender honor) an opt-out request when using any of the opt-out methods required by the CAN-SPAM Act: Pay a fee. Provide any information other than the recipient s address and opt-out preferences. Take any steps other than sending a reply message or visiting a single website. (16 C.F.R ) If the message recipient submits a request to opt out of receiving future message from a sender, all of the following apply: The opt out must become effective within 10 business days. After this time, the sender (or anyone on its behalf) may not send further commercial messages falling within the scope of the opt-out request to that recipient, unless the recipient subsequently requests to receive (opts in) these messages. The opt out never expires. The sender (and any other person that knows the recipient has opted out of further commercial messages) cannot sell, exchange or otherwise transfer the recipient s address except as required by law unless that recipient has explicitly opted in to permitting the sale, exchange or transfer. (15 U.S.C. 7704(a)(3)-(5)(A)(i)-(iv).) Other Requirements Initiators of a commercial must also include following elements in each commercial Clear identification that the message is an advertisement or solicitation. The sender s valid physical postal address. This is typically the sender s street address, but can also be post office box that the business has accurately registered with the US Postal Service or a private mailbox that the business has accurately registered with a commercial mail receiving agency established pursuant to US Postal Service regulations. (15 U.S.C. 7704(a)(3)-(5)(A)(i)-(iii).) SEXUALLY ORIENTED MATERIAL The CAN-SPAM Act and the FTC s related rules set out additional restrictions on initiators of commercial s containing sexually oriented material. These restrictions relate to the s: Subject line (see Message Subject Line). Content (see Message Content). These restrictions do not apply, however, if the recipient has given prior affirmative consent to receive these messages from the sender. 3
4 Marketing: CAN-SPAM Act Compliance The CAN-SPAM Act defines sexually oriented material as any material that depicts sexually explicit conduct... unless the depiction constitutes a small and insignificant part of the whole where the remaining content is not primarily devoted to sexual matters (15 U.S.C. 7704(d)(4)). Message Subject Line The FTC s Adult Labeling Rule requires that the: Subject line of a commercial not contain any sexually oriented material. The phrase SEXUALLY-EXPLICIT: appears in capital letters as the first 19 characters in the subject line of any commercial message that contains sexually oriented material. (16 C.F.R (a).) Message Content To prevent recipients from being exposed unintentionally to sexually oriented material in a commercial message, the FTC rule also limits the content that can be initially visible by a recipient using the electronic equivalent of a brown paper wrapper. The content of these messages must only contain: The phrase SEXUALLY-EXPLICIT:. The same required information as other commercial s, including: Clear and conspicuous identification that the message is an advertisement or solicitation. Clear notice of the recipient s ability to opt out of receiving future messages and a valid opt-out mechanism (either a functioning return address or other internet-based mechanism) that remains operational for no less than 30 days after the was sent. The sender s valid physical postal address, clearly and conspicuously displayed. Any necessary instructions identifying how the recipient may access the sexually oriented material. If the includes these instructions, the instructions must come after a clear and conspicuous statement that to avoid viewing the sexually oriented material, a recipient should delete the message without following the instructions. (16 C.F.R (a)(2).) COMMON MARKETING PRACTICES: FORWARD-TO-A-FRIEND S, MULTIPLE SENDERS AND AFFILIATE MARKETING FORWARD-TO-A-FRIEND S Marketers use a common practice to enable recipients of a commercial to forward the message (or a similar one) to one or more friends. These Forward-to-a-Friend s are typically sent using one of two methods: A web-based mechanism provided by the business that originally sent or provided the content (either in an or on a website). Using the consumer s own program. When using forward-to-a-friend s as a marketing tool, a business must determine whether it is an initiator or sender of these messages under the CAN-SPAM Act (see Who Must Comply with the CAN-SPAM Act?). If the web-based mechanism merely provides a method for a recipient to forward the message along to a friend, or if the recipient forwards the message using a personal program, absent more, the originator is not likely the initiator of the forwarded message and is not subject to the CAN-SPAM Act. In this case, the business s role would probably be considered solely routine conveyance. Where the recipient forwards the message using a personal program, without consideration or inducement, the business likely is not involved at all. The FTC has clarified that a business s use of language merely encouraging a consumer to forward a message to a friend does not, without more, subject the business to the CAN-SPAM Act s requirements for senders of commercial s (see FTC s discussion at 73 Fed. Reg , 29671). If the business procures the forwarded message, however, the business is considered to be the initiator or sender, and the commercial message must comply with the CAN-SPAM Act. A business can procure the forwarding of a message through several actions, including by either: Offering the recipient money, coupons, discounts, awards, additional entries in a sweepstakes or similar consideration for forwarding the message. Intentionally inducing the recipient to forward the message, for example, by paying a marketing affiliate (see Affiliate Marketing) who in turn uses sub-affiliates, to send commercial messages to drive traffic to the business s website. Although no direct relationship between the business and the sub-affiliate exists, if the business intentionally induces the forwarding of the commercial messages through the affiliate, it is considered to be the sender. MULTIPLE SENDERS The FTC rules also clarify CAN-SPAM Act requirements when a single contains commercial messages from multiple senders (73 Fed. Reg , 29655). When multiple businesses products or services, or internet websites, are advertised or promoted in a single message, each business is a sender for purposes of CAN-SPAM Act compliance, unless the businesses have designated a single sender of the commercial message by complying with all of the following requirements: The single business meets the CAN-SPAM Act s definition of sender. This is the person that both initiates the message and whose products or services, or internet websites are advertised or promoted in the message. 4
5 The single business is identified in the From line as the sole sender of the message. The single business is in compliance with the: prohibition on false or misleading transmission information; prohibition on deceptive subject headings; requirement to include a functioning opt out; requirement to include clear and conspicuous identification that the message is an advertisement or solicitation, a clear and conspicuous notice of the opportunity to opt out, and a valid physical postal address of the sender; and requirement to include warning labels on commercial that contains sexually oriented material. (16 C.F.R (m)) (see also Commercial Message Requirements and Sexually Oriented Material). In this instance, only the designated sender must comply with the CAN-SPAM Act s requirements for senders, including the obligation to scrub against any opt-out lists maintained by the sender and honoring opt-out requests. Only the designated sender s valid physical postal address must appear in the message. If the above requirements are not complied with, each business must comply with the CAN-SPAM Act s requirements for senders (including the obligation to scrub against all of the senders opt-out lists). Even where a single sender is designated, the other businesses will be deemed initiators of the commercial for CAN-SPAM purposes. AFFILIATE MARKETING A commercial can have more than one initiator or sender (see Who Must Comply with the CAN-SPAM Act?). Companies often engage third-party affiliate marketers to increase traffic to the company s website. These affiliates are typically paid based on the number of individuals who, directed by the affiliates, ultimately visit the business s website or make a purchase on the website. FTC has brought several claims against both companies whose product or service was advertised in the commercial as well as the affiliate that sent the message. In these situations, the company is deemed the sender of the commercial . The affiliate, who typically originates or transmits the message, is an initiator. If the affiliate also advertises its own services or products, it is also a sender under the CAN-SPAM Act and the rules concerning multiple senders apply (see Multiple Senders). A company also may be liable for violations of the CAN-SPAM Act s prohibition on false or misleading transmission information (see Prohibition on False or Misleading Transmission Information) by a marketing affiliate or other third party promoting the company s business or its products or services if the company: Knows (or should have known) of the violations. Profits from the prohibited practice. Fails to stop or report the violations. (15 U.S.C. 7705(a).) SENT TO A WIRELESS DEVICE The FCC is authorized by the CAN-SPAM Act to regulate communication to wireless devices and has enacted certain regulations addressing certain commercial messages sent to wireless devices (47 C.F.R ). In contrast to the general opt-out requirements set out in the CAN- SPAM Act and FTC rules, the FCC has prohibited the sending of commercial messages to certain addresses provided by wireless carriers specifically for mobile messaging services, for example, (referred to as mobile service commercial messages), unless the subscriber gives express prior authorization (opts in), which can be written or oral. Specifically, the FCC maintains a list of domain names for wireless messaging services posted on its website (http://www. fcc.gov/cgb/policy/domainnamedownload.html). Wireless carriers are required to update this list periodically. Unless a recipient has given express prior authorization, a person must not initiate commercial to any address with a domain name that has been on the list for at least 30 days before the message is sent, or otherwise knowingly initiate a mobile service commercial message. When requesting express prior authorization, an initiator of a mobile service commercial message must, among other things: Clearly state the identity of the entity that will be sending the messages. Notify the subscriber that he may be charged by the wireless carrier for receipt of these messages. Disclose that the subscriber can revoke his authorization at any time. (47 C.F.R (d).) Once a recipient expressly authorizes these messages, similar to the FTC s rules for commercial messages, any person initiating a mobile service commercial message must include: Clear notice of the recipient s ability to opt out of receiving future messages from the sender of the . A clearly and conspicuously displayed functional return address or internet-based method for the subscriber to opt out. A sender must stop sending further messages within 10 days after receiving an opt-out request. Like the FTC s rules, the opt-out methods must be functional for at least 30 days after the message was sent. In addition, the FCC rule requires that where recipients have electronically provided express prior authorization (for example, by dialing a short code) they must be able to opt-out of future s by the same electronic method. The initiator of the message must also ensure that at least one opt-out option is provided that does not result in additional charges to the mobile service subscriber. (47 C.F.R (b).) 5
6 Marketing: CAN-SPAM Act Compliance ENFORCEMENT AND PENALTIES FOR NON- COMPLIANCE Although the FTC is the primary enforcer of the CAN-SPAM Act, the CAN-SPAM Act also allows various federal, state and private parties to bring claims for violations. Penalties for non-compliance vary based on: The party bringing the claim, for example, the FTC, the FCC and other federal agencies, state attorneys general and private actions brought by internet service providers (as described in more detail below). Whether the violation was willful, knowing or aggravated (see also Aggravated Violations). FTC ENFORCEMENT The FTC has authority to enforce the CAN-SPAM Act as if a violation were an unfair or deceptive act or practice prohibited under the Federal Trade Commission Act. The FTC can seek civil penalties for CAN-SPAM Act violations as if they were violations of trade regulation rules. This includes: Civil penalties up to $16,000 for each separate that violates the CAN-SPAM Act (if based on actual knowledge or knowledge fairly implied). Injunctive relief (even without a showing of knowledge). (15 U.S.C. 7706(a), (d), (e).) ENFORCEMENT BY OTHER AGENCIES Certain other agencies have authority under the CAN-SPAM Act to enforce it. These agencies generally regulate certain types of entities or activities outside the scope of the FTC s jurisdiction. Penalties for non-compliance are determined by the regulatory regime enforced by the specific agency (15 U.S.C. 7706(b)). These agencies include: The Office of the Comptroller of the Currency, the Federal Reserve Board, the Federal Deposit Insurance Corporation Board of Directors and the Director of the Office of Thrift Supervision under the Federal Deposit Insurance Act. The Board of the National Credit Union Administration, enforcing the CAN-SPAM Act under the Federal Credit Union Act. The Securities and Exchange Commission, enforcing the CAN- SPAM Act under the Securities Exchange Act of 1934, the Investment Company Act of 1940 and the Investment Advisors Act of State insurance authorities, enforcing the CAN-SPAM Act under state insurance laws. The Secretary of Transportation, enforcing the CAN-SPAM Act under the US Code s air commerce and safety provisions (49 U.S.C ). The Secretary of Agriculture, enforcing the CAN-SPAM Act under the Farm Credit Act of The FCC, enforcing the CAN-SPAM Act under the Communications Act of STATE ENFORCEMENT The CAN-SPAM Act authorizes state attorneys general, officials and other agencies to bring claims for CAN-SPAM Act violations against residents of that state. These state agencies can seek: Injunctive relief. Damages for actual loss or statutory damages up to $250 per violation, whichever is greater, with a maximum award of $2,000,000. Each separately addressed unlawful message is treated as a separate violation. Notably, claims for false or misleading headers (see Prohibition on False or Misleading Subject Headers) are not limited by this cap. Three times the amount of statutory damages for willful, knowing or aggravated violations (see also Aggravated Violations). Costs of bringing the action and reasonable attorney fees. (15 U.S.C. 7706(f).) INTERNET SERVICE PROVIDER CLAIMS Internet service providers (ISPs) are authorized to bring claims under the CAN-SPAM Act for certain violations (for example, violations of the prohibition on false or misleading transmission information or the requirement to place warning labels for sexually oriented material) and may seek: Injunctive relief. Actual damages or statutory damages for false or misleading headers up to $100 per violation, whichever is greater, with no limitation on the maximum award. For all other violations, actual damages or statutory damages of up to $25 per violation, whichever is greater, with a maximum award of $1,000,000. Three times the amount of statutory damages for willful, knowing or aggravated violations (see also Aggravated Violations). Costs of bringing the action and reasonable attorneys s fees. Each separately addressed unlawful message is treated as a separate violation. Where an ISP is bringing a claim, the term procure for purposes of initiating a commercial message ((see Who Must Comply with the CAN-SPAM Act?) requires that the person providing consideration or inducing another person to initiate the transmission has actual knowledge, or should have known, that the person transmitting the is engaging, or will engage, in a pattern of practice violating the CAN-SPAM Act. (15 U.S.C. 7706(g).) FCC CLAIMS The CAN-SPAM Act authorizes the FCC to bring claims for violations of its rule regarding the sending of commercial to wireless devices (see Sent to a Wireless Device). If the action is brought against a telecommunications provider (a common carrier), the FCC can seek up to $150,000 per 6
7 violation with a maximum of $1,500,000 per incident. If the action is brought against a marketer who is generally not a common carrier and therefore not subject to FCC jurisdiction, the FCC may first issue a citation. If additional claims are brought against a marketer that previously received a citation, the FCC can seek fines up to $16,000 per violation with a maximum of $112,500 per incident. The FCC can also bring claims for other violations of the CAN-SPAM Act (not just for commercial s sent to wireless devices) against entities subject to its jurisdiction, for example, telecommunications providers or marketers advertising telecommunications products (see Enforcement by Other Agencies). VIOLATIONS RELATING TO SEXUALLY ORIENTED MATERIAL Knowing violations of the CAN-SPAM Act s restrictions on commercial s containing sexually oriented material includes fines and imprisonment of up to five years (15 U.S.C. 7704(d)(5)). OTHER CRIMINAL PENALTIES In addition to criminal penalties associated with knowing violations of the rules for commercial s containing sexually oriented material (see Sexually Oriented Material), the CAN-SPAM Act also carries criminal penalties for fraud and related activities. Enforced by the Department of Justice and state attorneys general, violations subject to criminal penalties include: Accessing a computer without authorization and using it to intentionally initiate multiple commercial messages. Relaying or transmitting multiple commercial messages intending to deceive or mislead recipients or an ISP about the messages origin. Materially falsifying header information in multiple commercial s and intentionally initiating these messages transmission. Using materially false identifying information to register for five or more accounts or two or more domain names, and intentionally initiating multiple commercial messages from any combination of these accounts or domain names. Falsely representing oneself as the registrant of five or more Internet Protocol addresses and intentionally initiating the transmission of multiple commercial messages from those addresses. Address Harvesting. The automatic capturing of addresses posted to websites including social networking sites, blogs, newsgroups, message boards and chat rooms. Dictionary Attacks. The automated process of creating possible name combinations that may be valid addresses. Spoofing. The relay or retransmission of messages through another computer that is accessed without authorization. Automated Creation of Multiple Accounts. The automatic creation of a large number of accounts so that those accounts may be used to send commercial . While these are not considered separate violations, if a party commits an aggravated violation along with a violation of the requirements for commercial messages or sexually oriented material (see Commercial Message Requirements and Sexually Oriented Material), the party may be liable for enhanced statutory damages of up to three times the damages. (15 U.S.C. 7704(b).) PREEMPTION AND REMAINING CAUSES OF ACTION The federal CAN-SPAM Act preempts any state laws expressly regulating commercial messages, except to the extent that these laws generally prohibit false or deceptive acts or practices (such as states general consumer protection laws) (15 U.S.C. 7707(b)(1)). Although state laws generally are preempted by the CAN-SPAM Act, Congress has attempted to create a balance by permitting state attorneys general to bring claims under the CAN-SPAM Act for violations affecting residents in their states (see Enforcement and Penalties for Non-compliance). Additionally, the CAN-SPAM Act expressly does not preempt state laws that are Not specific to , including trespass, contract, or tort law. Related to fraudulent or deceptive acts or computer crimes. (15 U.S.C. 7707(b)(2).) Criminal penalties may include: Fines. Forfeiture of assets. Imprisonment up to five years. (18 U.S.C ) AGGRAVATED VIOLATIONS The following four specific practices are aggravated violations under the CAN-SPAM Act: 7
8 Marketing: CAN-SPAM Act Compliance BEST PRACTICES FOR MARKETING Practical tips for CAN-SPAM Act compliance are set out below. REQUIREMENTS FOR ALL COMMERCIAL MESSAGES The Mailing List The mailing list should include only persons who have affirmatively agreed (opted in) to receive commercial from the business. While this is not a legal requirement under the CAN-SPAM Act, it is an industry best practice. The mailing list must not include any recipient who has previously asked not to receive commercial from the business (opted out). Scrub the mailing list against the business s do not list at the last possible, commercially reasonable moment before the is sent. The Message The message must include complete and accurate transmission and header information. The From line must identify the business as the sender. This does not have to include the business s formal name. For example, it may contain the business s name, trade name or product or service name. The key requirement is that the From line provide the recipient with enough information to understand who is sending the message. The Subject line must accurately describe the message s content. The message must clearly include the business s valid, current physical postal address. This address can be a: zstreet address; zpost office box that the business has accurately registered with the US Postal Service; or zprivate mailbox that the business has accurately registered with a commercial mail receiving agency established pursuant to US Postal Service regulations. The message must disclose that it is an advertisement or solicitation unless the message is sent only to recipients who have affirmatively agreed (opted in) to receive these messages from the business. The Opt-out Mechanism The message must clearly explain that the recipient may opt out of receiving future commercial messages from the business. The message must include either an address or other online mechanism that the recipient may use for this opt out. The mechanism must not require the recipient to: zdo anything more than reply to the or visit a single web page to opt out; zmake any payment or submit any personal information, including account information (other than address), to opt out; and The opt-out mechanism must work for at least 30 days after the is sent. Ensure that the explanation of how a recipient can opt out is easy to read and understand. The business may include a menu of opt-out options that permit the recipient to select the types of commercial messages the recipient would like to continue receiving. However, one option must permit opting out of all commercial messages from the business. Honor all opt-out requests within ten business days. Opt-out requests do not expire. An opt-out is overridden only by the recipient s subsequent express (opt in) request to receive commercial . Do not sell, share or use the business s opt-out list for any reason other than to comply with the law. Monitoring Opt-out Capabilities The business should implement procedures to ensure that its opt-out capabilities actually work. An example of a basic procedure to test the opt-out procedure is as follows: Establish accounts with several major private account providers (for example, Gmail, Yahoo, Hotmail, AOL, and so on) and add these addresses to the business s mailing list. For each address created for monitoring purposes, use the business s opt-out mechanism to remove the address from the mailing list. Repeat this procedure on a regular basis (for example, at least every two weeks). Examine the received by the monitoring account to confirm that the: zopt-out mechanism works; zopt-out request is honored within 10 business days; and zmonitoring account no longer receives commercial messages from the business. If the monitoring and testing process reveals problems, the business should immediately fix the issues. Third-party Marketing Affiliates or Service Providers When using third-party service providers, including affiliate marketers: 8
FTC FACTS for Business ftc.gov FEDERAL TRADE COMMISSION FOR THE CONSUMER 1-877-FTC-HELP The CAN-SPAM Act: A Compliance Guide for Business D o you use email in your business? The CAN-SPAM Act, a law that
DECEMBER 2003 Congress Passes New Anti-Spam Legislation On December 16, 2003, President Bush signed into law the Controlling the Assault of Non-Solicited Pornography and Marketing Act (the CAN-SPAM Act
The DMA s Analysis of Can Spam Act of 2003 December 11, 2003 The following is a Direct Marketing Association analysis of the Can Spam Act of 2003 (S. 877), which Congress sent to the President for signing
Overview of Current Anti-Spam Regulations Privacy, Data Collection and Information Management Practice Team The proliferation of unsolicited commercial e-mail, more commonly known as spam, has prompted
SUMMARY OF PUBLIC LAW 108-187 THE CAN-SPAM ACT OF 2003 On December 16, 2003, President Bush signed into law the CAN-SPAM Act of 2003. CAN-SPAM stands for "Controlling the Assault of Non-Solicited Pornography
BIZ SERVICE PROVIDER CAN-SPAM Compliance & Data Verification Policy Document BSP CAN-SPAM Policy & Data Verification Guide BSP Page 1 of 5 Version 8.1 Effective Date; May 2015 BIZ SERVICE PROVIDER I. Summary
PRB 09-24E ANTI-SPAM LAWS IN WESTERN COUNTRIES: A COMPARISON Alysia Davies Legal and Legislative Affairs Division 18 January 2010 PARLIAMENTARY INFORMATION AND RESEARCH SERVICE SERVICE D INFORMATION ET
117 STAT. 2699 Public Law 108 187 108th Congress An Act To regulate interstate commerce by imposing limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet.
Privacy Bulletin April 2014 Key Differences between US and Canadian Anti-Spam Laws Canada's Anti-Spam Law (or "CASL") will be in effect in July 2014, about ten years after the U.S. has enacted its anti-spam
2012 Email and Text Message Campaigns Justine Young Gottshall Partner, InfoLawGroup What s the Risk? Effective and active marketing area This makes it a target for litigation and enforcement action Consumer
Frequently Asked Questions (FAQ) on Anti-Spam Legislation On December 16, 2003, the President signed the CAN-SPAM Act of 2003 (S.877) into law, which went into effect January 1, 2004. Though the legislation
Page 1 of 6 EMAIL SERVICES ADDENDUM TO EULA This Email Services Addendum to EULA (this Addendum ) applies to licenses of XMPie Software ( Users ) who have contracted with XMPie for services. This Addendum
dentons.com Focus on Communications Canada s New Anti-Spam Legislation: Overview and Implications for Businesses January, 2011 Contact Margot Patterson Dentons Canada LLP Counsel, Ottawa firstname.lastname@example.org
Anti-SPAM Policy v.3 06-01-2011 Each user must agree to this policy. comf5 has a no tolerance policy for the sending of spam and unsolicited email, and we prohibit the use of third-party, purchased, rented,
2012 Email and Text Message Campaigns Justine Young Gottshall Partner, InfoLawGroup What s the Risk? Effective and active marketing area This makes it a target for litigation and enforcement action Consumer
Broadband Acceptable Use Policy Contents General... 3 Your Responsibilities... 3 Use of Email with particular regards to SPAM... 4 Bulk Email... 5 Denial of Service... 5 Administration of Policy... 6 2
Journal of Applied Business and Economics Can Spam Be Legislated? Karen L. Hamilton Columbus State University Robert A. Fleck, Jr. Columbus State University Spam, the unsolicited email that shows up in
Acceptable Use Policy of UNWIRED Ltd. Acceptance of Terms Through Use This site provides you the ability to learn about UNWIRED and its products and services as well as the ability to access our network
Federal Regulations on Advertising: Phone, Fax, or E-mail By Jordan B. Hansell 700 Walnut, Suite 1600 Des Moines, Iowa 50309 Telephone: 515-283-8166 Facsimile: 515-283-8018 email@example.com Disclaimer
Design Email Marketing Tips for Outlook CAN-SPAM 2007Compliance whitepaper Email Marketing CAN-SPAM Compliance Overview The CAN-SPAM Act (the Act ) passed with a nearly unanimous vote in both the House
PARTNER EMAIL GUIDELINES The guidelines listed below are required pursuant to the Agreement entered into between Criteo and the Partner. Any breach of these guidelines except the last section related to
TO: FROM: SUBJECT: JCOTS CYBERCRIMES ADVISORY COMMITTEE PATRICK CUSHING, JOINT COMMISSION ON TECH NOLOGY AND SCIENCE HB 1354 - WIRELESS DEVICES; UNSOLICITED MESSAGES AND IMAGES SENT THERETO; PENALTY DATE:
BBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade Commission, Bureau of Consumer Protection Allison M. Lefrak, Attorney,
Exhibit A Federal Statutes Impacting Data Security Michele A. Whitham Partner, Founding Co-Chair Security & Privacy Practice Group Foley Hoag LLP 155 Seaport Boulevard Boston, MA 02210 Federal Law Citation
MODEL POLICY CONCERNING SOLICITATIONS SENT BY E-MAIL Disclaimer concerning the Use of this Model Policy: The following is a model that Texas REALTORS may use as a guide to develop an office policy related
GUIDELINES FOR THE PROVISION OF INTERNET SERVICE PUBLISHED BY THE NIGERIAN COMMUNICATIONS COMMISSION These Guidelines apply to all Licensees providing Internet access services or any other Internet Protocol
December 11, 2013 Canada s Anti-Spam Laws and Implications for the Health Industry Presented by: Kathryn Frelick, Co-chair, National Health Industry Group firstname.lastname@example.org 416.595.2979 OVERVIEW
Enterprise Email: Managing Risks and Liabilities Avoiding Common Pitfalls under the Federal CAN-SPAM Act These materials do not constitute specific legal advice and may not address all aspects of a legal
Published Date : 5/15/2012 Direct Edge Regulatory Notice #12-03: Telemarketing Rules - Effective June 29, 2012 Overview This Regulatory Notice (the Notice ) serves to inform Members of EDGA Exchange, Inc.
Telephone Consumer Protection Act 47 U.S.C. 227 SEC. 227. [47 U.S.C. 227] RESTRICTIONS ON THE USE OF TELEPHONE EQUIPMENT (a) DEFINITIONS. As used in this section (1) The term automatic telephone dialing
Messaging Service (SMS) Terms and Conditions This document provides the Terms and Conditions for the bestbet Messaging Service (SMS) (hereafter, the "Service"). By using the Service in any way, you are
13-25a-101. Title. This chapter is known as the "Telephone and Facsimile Solicitation Act." Enacted by Chapter 26, 1996 General Session 13-25a-102. Definitions. As used in this chapter: (1) "Advertisement"
Fair Credit Reporting Act Compliance Guide FAIR CREDIT REPORTING ACT TABLE OF CONTENTS Page I. INTRODUCTION...1 A. Increased Applicant and Employee Rights...1 B. What is a "Consumer Report?"...1 C. What
Combo security freeze bill with consensus areas. Where no consensus: AG language in left column, CDIA language in right column. In some cases, differences on specific points are identified in text of bill.
Service Schedule for Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION Service Overview 1.1 The Service is a hosted messaging service that delivers the capabilities of Microsoft
FEDERAL TELEMARKETING AND OUTBOUND CALLING COMPLIANCE GUIDE October 2013 TABLE OF CONTENTS I. INTRODUCTION... 3 II. TELEPHONE CONSUMER PROTECTION ACT REQUIREMENTS... 4 III. TELEMARKETING SALES RULE REQUIREMENTS...
Hibbett Sports Messaging Service (SMS) Terms and Conditions This document provides the Terms and Conditions for the Hibbett Sports Messaging Service (SMS) (hereafter, the Service ). By using the Service
ARE YOU DOING E-MAIL MARKETING? LEGALLY? Copyright 2008, Michael D. Jenkins, J.D., CPA All Rights Reserved Since so many small businesses now do a substantial part of their marketing on the Internet, it
[First Reprint] SENATE COMMITTEE SUBSTITUTE FOR SENATE, No. 0 STATE OF NEW JERSEY th LEGISLATURE ADOPTED MARCH, 00 Sponsored by: Senator JOSEPH CONIGLIO District (Bergen) Assemblyman JEFF VAN DREW District
Wrong Number: Hot Topics In TCPA Compliance & Litigation Yaron Dori Covington & Burling LLP Nancy Thomas Morrison & Foerster LLP Julie O Neill Morrison & Foerster LLP International Association of Privacy
COUGAR WIRELESS ACCEPTABLE USE POLICY I. INTRODUCTION Cougar Wireless and its various affiliates and subsidiaries (collectively we, us, our ) are committed to being responsible network citizens. To assist
ACCEPTABLE USE POLICY OF BROADVOX, INC; BROADVOX, LLC; WWW.BROADVOX.COM; WWW.BROADVOX.NET (COLLECTIVELY BROADVOX ) 1. ACCEPTANCE OF TERMS THROUGH USE This website (the Site ) provides you (the Customer
BUCKEYE EXPRESS HIGH SPEED INTERNET SERVICE ACCEPTABLE USE POLICY The Acceptable Use Policy ("the Policy") governs use of the Buckeye Express High Speed Internet Service ("the Service"). All subscribers
Title 9-A: MAINE CONSUMER CREDIT CODE Article 10: LOAN BROKERS Table of Contents Part 1. GENERAL PROVISIONS... 3 Section 10-101. SHORT TITLE... 3 Section 10-102. DEFINITIONS... 3 Part 2. REGISTRATION AND
Mailworks Anti-Spam Policy September 24, 2014 Guidelines Before adding new recipients to your contact list, you need to ensure that you have the proper permission for each and every recipient on your list.
Trext Details: Texting Best Practices, Legality and Security 1 For questions contact Kira McCoy: (303)-947-6583 email@example.com I. Texting Best Practices (Based on research from CTIA, Cellular Telecommunications
Below is the text of FINRA Rule 3230 (marked to show changes from NASD Rule 2212; NASD Rule 2212 is deleted in its entirety from the Transitional Rulebook). New language is underlined; deletions are in
Interplay Between FDA Advertising and Promotion Enforcement Activities, Product Liability, and Consumer Fraud Litigation Leslie M. Tector Quarles & Brady LLP September 30, 2014 Objectives Which federal
TERMS OF SERVICE These terms of service and the documents referred to in them ( Terms ) govern your access to and use of our services, including our website teleportapp.co ( our site ), applications, buttons,
Avoiding Internet Advertising and Recruitment Pitfalls Association of Private Sector Colleges and Universities November 17, 2011, 1 pm 2 pm ET Webinar Jonathan L. Pompan, Esq. Alexandra Megaris, Esq. Venable
Regulatory Policy Unsolicited Electronic Communications Version: 1.0 Issue Date: 30 December 2009 Copyright 2009 Telecommunications Regulatory Authority (TRA). All rights reserved. P O Box 26662, Abu Dhabi,
Crawford Chondon &Partners LLP Present Is your Business Ready for Canada s Anti Spam Law? By: Michael MacLellan Overview 1. What is Canada s Anti-Spam Legislation, and how will it apply? 2. What does CASL
Montana Code Annotated Title 30 Trade and Commerce Chapter 14 Unfair Trade Practices and Consumer Protection 30-14-1726. Definitions. As used in 30-14-1726 through 30-14-1736, the following definitions
Acceptable Use Policy PLEASE READ THIS AGREEMENT CAREFULLY BEFORE ACCESSING THE SERVICE. BY ACCESSING THE SERVICE YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONS BELOW. IF YOU DO NOT WISH TO BE BOUND
OKLAHOMA LAWS RELATING TO IDENTITY THEFT Prepared for VICARS by Legal Aid Services of Oklahoma Introduction: OKLAHOMA LAWS RELATING TO IDENTITY THEFT Identity theft takes place when someone uses your personal
Web Drive Limited STANDARD TERMS AND CONDITIONS FOR THE SUPPLY OF SERVICES Web Drive Limited trading is herein referred to as "Web Drive". 1. Definitions a) Web Drive includes its employees and directors.
Texas Security Freeze Law BUSINESS & COMMERCE CODE CHAPTER 20. REGULATION OF CONSUMER CREDIT REPORTING AGENCIES 20.01. DEFINITIONS. In this chapter: (1) "Adverse action" includes: (A) the denial of, increase
GOSFIELD NORTH COMMUNICATIONS CO-OPERATIVE LIMITED ( GOSFIELD ) ACCEPTABLE USE POLICY 1. Introduction This acceptable use policy ("Policy") sets out the principles, terms and conditions that govern the
Combo security freeze bill with consensus areas. Where no consensus: AG language in left column, CDIA language in right column. In some cases, differences on specific points are identified in text of bill.
Legal Affairs 1625 North Market Blvd., Suite S 309, Sacramento, CA 95834 www.dca.ca.gov Legal Guide CR-9 CREDIT REPAIR SERVICES (California Civil Code 1789.10 et seq.; 15 U.S.C.A. 1679 et seq.) January
How to Keep Marketing Email Out of the Spam Folder A guide for marketing managers and developers Sarah Longfors Web Developer marketing + technology 701.235.5525 888.9.sundog fax: 701.235.8941 2000 44th
FAX-TO-EMAIL END-USER LICENSE AGREEMENT This Agreement, which governs the terms and conditions of your use of the Fax-to-Email Services, is between you ("you" or "End-User") and ( we, us, our or Company
$25 Estimated Value 21st Century Marketing Presents AN INSIDER S GUIDE TO EMAIL MARKETING Your guide to navigating the evolving email landscape. THE LIST COMPANY THAT MAKES A DIFFERENCE CALL US TODAY AT
Spam Email Advisory Continuing increases in the volume and sophistication of spam email have, in some cases, impacted the performance of our email systems causing nondelivery or delayed delivery of email.
CUSTOMER PRIVACY STATEMENT For Cable Television, High-Speed Internet, and Phone Services Looking for our website privacy statement? Click here. Summary of this privacy notice This privacy notice applies
Hello. Here at MailChimp, we only allow you to send SMS messages through our SMS app, Gather. Since we're dipping our toe into the SMS-messaging pool, we wanted to give you some information about SMS rules.
FKCC AUP/LOCAL AUTHORITY The information contained in this section has its basis in Public Law 93.380. It is further enhanced however, by Florida State Board of Education Administrative Rule 6A-14.51 and
Best Practices: How To Improve Your Survey Email Invitations and Deliverability Rate Below, you will find some helpful tips on improving your email invitations and the deliverability rate from a blog post
TTCU THE CREDIT UNION ONLINE BANKING AGREEMENT & DISCLOSURES 1. Introduction. This Agreement is the contract which covers your and our rights and responsibilities concerning Online Banking ("Online Banking")
Terms and conditions of use 1. Introduction 1.1 These terms and conditions govern your use of our website. 1.2 By using our website, you accept these terms and conditions in full; accordingly, if you disagree
Managing the message Canada s new anti-spam law sets a high bar According to a recent Deloitte poll, only 13% of organizations say they understand CASL requirements and have begun to apply them to their
Canada s New Anti-Spam Regime: Practical Compliance Tips and Guidance for Your Organization Eloïse Gratton, Partner Janine MacNeil, Partner February 6, 2014 Overview 1) Introduction 2) CASL Requirements
Arizona State Senate Issue Brief September 17, 2015 Note to Reader: The Senate Research Staff provides nonpartisan, objective legislative research, policy analysis and related assistance to the members
PRIOR TO USING THE INNOCAPTION SERVICE YOU MUST REVIEW AND AGREE TO THE TERMS AND CONDITIONS OF THIS SERVICE AGREEMENT ( AGREEMENT ) BY COMPLETING YOUR REGISTRATION ( SIGN UP ) FOR INNOCAPTION SERVICE.
1. SERVICE DESCRIPTION 1.1 The Service enables the Customer to: set up a web site(s); create a sub-domain name associated with the web site; create email addresses. 1.2 The email element of the Service
Cablelynx provides a variety of Internet Services (the Services) to both residential and business customers (the Customer). Below, you will find the terms and conditions that you agree to by subscribing
This Acceptable Use Policy ("AUP") sets out the actions prohibited to users of the MNINET Network ( MNINET ). Users are defined as anyone who uses or accesses the.ms domain registry, who has responsibility
Cass Cable TV, Inc. and Greene County Partners, Inc. CASSCOMM ACCEPTABLE USE POLICY CONTENTS I. Introduction II. Violation of this Acceptable Use Policy III. Prohibited Uses and Activities IV. Customer
Telemarketing, E-mail, and Text Message Marketing: Tips to Avoid Lawsuits LeadsCouncil December 11, 2012 2 pm 3 pm ET Webinar Ari N. Rothman, Esq., Co-Presenter Molly T. Cusson, Esq., Co-Presenter Jonathan
Acceptable Use Policy 1. General Interoute reserves the right to modify the Acceptable Use Policy ( AUP ) from time to time. Changes to this Acceptable Use Policy will be notified to Customer in accordance
1. Acceptance of Terms Welcome to s Social Trading (the Social Trading Features ). Social Trading Features provide an integrated solution of equity trading and exploration of interactions among investors
Best Practice Standards for Email Marketing Updated January 2008 Scope The Marketing Association s emarketing Network (emn) champions the adoption of industrywide standards of best practice and ethical
Online Communication Suite Live Chat, Email-Ticket, Knowledge Base, Callback End User License Agreement Services and Support The Services are provided subject to this Agreement, as it may be amended by
1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that