A CAN-SPAM Checklist

1 June 2009

Today, we will create a checklist of things required for CAN-SPAM compliance.

So, you want to ensure that you comply with the CAN-SPAM Act of 2003 and not just say that you do. This post isn’t for you. You might learn something here; if you do, that’s great. But, instead, this post is really for the Delivery Professional. You know who you are. You are the one who wants a little checklist to slap your clients around with when they cry that their email isn’t getting delivered like they think it should and that it, of course, complies with CAN-SPAM.

This is your guide to CAN-SPAM.

  • What email is covered?
  • Understand labeling requirements
  • Don’t lie
  • Make it easy to leave
  • Edge cases
Read moreIt’s hard being in court so much

What email is covered? Some email is not covered by what most people think of when they think of CAN-SPAM. Email that CAN-SPAM does not cover includes:

  • Political email
  • Relationship email
  • Transactional email
  • Personal email
  • Relationship and Transactional email are special cases. The statute defines both terms ​(Chandler 2008)​. In short, the relationship/transactional email has to be directly related to something that has happened. The primary purpose of the client’s piece is to touch that event directly. If your client thinks that if they try hard, they can shoehorn their email into that exception and slap them around. The pain that it causes is never worth it.

    Also, one section of CAN-SPAM still applies to even relationship and transactional email. Section 5(a)(1), codified at 15 USC 7704(a)(1), provides: “It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message, or a transactional or relationship message, that contains, or is accompanied by, header information that is materially false or materially misleading” (emphasis added).

    If your client wants to create false headers, well…. First of all, that’s what spammers do. Second of all, it’s illegal. Tell them: “Don’t. Just don’t.”

    Politicians have always exempted themselves from laws such as this one (for various reasons, not all of which are self-serving), but even so, CAN-SPAM may provide them with some best practice guidelines, even though it’s not binding. And, of course, your email to your best friend from high school doesn’t have to comply with CAN-SPAM either.

    All other emails must comply with CAN-SPAM.
  • Labeling requirements. Emails that comply with CAN-SPAM have to be properly labeled. So, what is “properly labeled?” A properly labeled email is an email that contains a:
    • clear and conspicuous identification that the message is an advertisement or solicitation,
    • clear and conspicuous identification of a way to opt out, and
    • proper postal address for the sender.

We’ll talk about senders here under “edge cases,” as there are some arcane rules over who is a sender and in what circumstances. But remember that a properly labeled CAN-SPAM compliant email has a “clear and conspicuous identification” that the email is an advertisement, a “clear and conspicuous” means of opting out of further communication, and a proper postal address. Putting that information in 2pt type colored light grey on a white background separated from the body by 20 blank lines isn’t going to cut it.

  • Don’t lie. You might think this one is a no-brainer, but it’s not. We quoted the relevant bits above, but we’ll do so again so you don’t have to scroll around the page: Section 5(a)(1), codified at 15 USC 7704(a)(1), provides: “It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message, or a transactional or relationship message, that contains, or is accompanied by, header information that is materially false or materially misleading” (emphasis added). First of all, this provision (as we already mentioned) applies not only to commercial email but also to transactional and relationship messages. Second, I must admit ignorance about the legal difference between “contains” and “is accompanied by” as it touches on email messages. Finally, since the sender of the message is going to be found in the headers, who is the sender? We’ll cover that in “edge cases” below. Now that we’ve gotten that bit out of the way, the rest of it is, in fact, a no-brainer. Clients can’t falsify what they put in their emails. With apologies to Ray Gilbert and James Baskett, what you find in the email must fit into “It’s the truth, it’s actual” for everything to be “satisfactual.” Legal cases touching on this requirement include FTC v. Sili Neutraceuticals, Inc., et al., United States of America v. Ralsky et al., and Comcast’s countersuit in e360Insight, LLC v. Comcast Corporation. None of them are definitive on what constitutes a materially misleading header, as Sili Neutraceuticals was a default judgment, and the other two are still litigated.
  • Make it easy to leave. With its 2008 FTC rule revision, CAN-SPAM now requires simple opt-out procedures. Requiring someone to edit settings or pay money to be removed from a list is now out. The DMA had argued to the FTC that “tracking by account information also makes it easier to honor opt-out requests for customers regardless of what they change their email address to.” The Commission did not find this argument persuasive because, as the Commission stated in the Notice of Proposed Rulemaking (NPRM): “according to CAN-SPAM, opt-out requests are specific to a recipient’s email address, not his or her name,” and, in this case, certainly not to his or her account information. The rule is stated in full legalese:


    Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient’s electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:

    (a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or

    (b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).
    (emphasis added)


    As a best practice, clients should not link to a subscription center to collect unsubscriptions unless one of the options is a discrete option to opt out of everything. That said, I have seen at least one non-profit that provides a four-step process for opting out of communications via a subscription center as the “best way” and also provides a link to a page that fulfills the “single Internet Web page” requirement. I can’t say what they are doing is a violation, but I cannot say it’s a best practice.
  • Edge cases
    The only real edge cases involve defining a sender. In most cases, this is obvious, so we didn’t discuss senders in the previous sections. There are two edge cases, though. Those edge cases were clarified in last year’s FTC rule updates.

    • Multiple marketers advertising in a single message CAN-SPAM now provides that multiple “senders” of a commercial email (such as newsletters with multiple content and advertising providers), under certain conditions, may identify one among them as the “sender” who will be deemed the sole “sender” of the message. This designated sender
      1. must include its non-deceptive name, trade name, product, or service in the “from” line of the email,
      2. is the only one that is charged with honoring opt-out requests made by recipients, and
      3. is the only one who must include their contact information.
    • By requiring the designated sender to comply with these provisions, the other marketers using a single email message must ensure that the designated “sender” entity complies with the Act and the Commission’s rules. Otherwise, the other marketers using the email risk losing the protections provided by the proviso, and each will be a “sender” of the message.
    • Forward to a Friend To avoid liability for “Forward to a friend” or “Send to a friend,” there cannot be a linkage between sending the mail and any enticement or offer for having done so. The “sender” will fill out the form if the linkage does not exist. If the linkage exists, the “sender” will be the company. The rule here is a “bright line” rule. The FTC says that any form of enticement at all will be enough to change the “sender” from the person filling out the form to the company:


      CAN-SPAM defines “procure” to mean “intentionally to pay or provide other consideration to, or induce another person to initiate [a commercial email] on one’s behalf.” As explained in the NPRM, if a seller offers to “pay or provide other consideration” to a visitor to its website in exchange for forwarding a commercial message, the seller will have “procured” any such messages forwarded by the visitor. As noted in the NPRM, the term “consideration” is not defined in the Act, but is generally understood to mean ‘something of value (such as an act, a forbearance, or a return promise) received by a promisor from a promisee.’ This includes things of minimal value. Accordingly, a message has been ‘procured’ if the seller offers money, coupons, discounts, awards, additional entries in a sweepstakes, or the like in exchange for forwarding a message. Even the offer to provide de minimis consideration takes the seller beyond the mere ‘routine conveyance’ of the forwarded message and into the ‘procurement’ of the forwarded message….Likewise, if the seller ‘induces’ the forwarding of the message — such as by offering payment in exchange for generating traffic to a website — it will be an ‘initiator,’ and thus also the ‘sender,’ of the forwarded message.


      So, who should the sender be? To be safest, clients should assume that they are the sender and send accordingly. Sending with the client’s name, with perhaps “on behalf of” the friend tacked on for recognition, is probably the best way to go here.

So, that’s our CAN-SPAM checklist. Any questions?

References

  1. Chandler, Mickey. 2008. “A CAN-SPAM Checklist.” Spamtacular. October 7, 2008. http://spamtacular.com/2008/10/07/prior-business-relationships-are-irrelevant/?utm_source=Spamtacular&utm_medium=blog&utm_id=can-spam-checklist.
Mickey Chandler
Latest posts by Mickey Chandler (see all)