Definitions and Implementation Under the CAN-SPAM Act (United States)

Definitions and Implementation Under the CAN-SPAM Act

Published: 2008-05-21

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Unlimited Searches
Weekly Updates on New Laws
Access to 5,345,848 Global Laws from 110 Countries
View the Original Law Side-by-Side with the Translation

Subscribe Now for only USD$40 per month.

ACTION:
Final Rule.
SUMMARY:
In this document, the Federal Trade Commission (“FTC” or “Commission”) issues its Statement of Basis and Purpose and final Discretionary Rule (“final Rule”) pursuant to section 7711(a) of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM” or “the Act”), which gives the FTC discretionary authority to “issue regulations to implement the provisions of [the] Act.”
EFFECTIVE DATE:
The provisions of the final Rule will become effective on July 7, 2008.
ADDRESSES:
Requests for copies of the provisions of the Statement of Basis and Purpose and final Rule should be sent to: Public Records Branch, Room 130, Federal Trade Commission, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. Copies of these documents are also available at the Commission’s Website: http://www.ftc.gov.
FOR FURTHER INFORMATION CONTACT:
Janis Claire Kestenbaum, (202) 326-2798, and Sana Coleman Chriss, (202) 326-2249, Division of Marketing Practices, Bureau of Consumer Protection, Federal Trade Commission, 600 Pennsylvania Avenue, N.W., Washington, DC 20580.
SUPPLEMENTARY INFORMATION:
The final Rule: (1) Adds a definition of the term “person”; (2) modifies the term “sender” in those instances where a single email message contains advertisements for the products, services, or websites of multiple entities; (3) clarifies that a sender may comply with section 7704(a)(5)(A)(iii) of the Act by including in a commercial email message a post office box or private mailbox established pursuant to United States Postal Service regulations; and (4) clarifies that to submit a valid opt-out request, a recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single page on an Internet website. This Statement of Basis and Purpose also explains the Commission’s rationale for not adopting other proposals contained in the Commission’s May 12, 2005 Notice of Proposed Rulemaking (“NPRM”), 1
and addresses the application of CAN-SPAM to forward-to-a-“friend” emails and certain other categories of email messages identified in the NPRM.
STATEMENT OF BASIS AND PURPOSE
I. BACKGROUND
A. CAN-SPAM Act of 2003
On December 16, 2003, the President signed into law the CAN-SPAM Act. 2
The Act, which took effect on January 1, 2004, imposes a series of new requirements on the use of commercial electronic mail (“email”) messages. In addition, the Act gives federal civil and criminal enforcement authorities new tools to combat commercial email that is unwanted by the recipient and/or deceptive. The Act also allows state attorneys general to enforce its civil provisions, and creates a private right of action for providers of Internet access service.
In enacting the CAN-SPAM Act, Congress made the following determinations of public policy, set forth in section 7701(b) of the Act: (1) there is a substantial government interest in regulation of commercial email on a nationwide basis; (2) senders of commercial email should not mislead recipients as to the source or content of such mail; and (3) recipients of commercial email have a right to decline to receive additional commercial electronic mail from the same source.
Based on these policy determinations, Congress, in sections 7704(a) and (b) of the CAN-SPAM Act, outlawed certain commercial email acts and practices. Section 7704(a)(1) of the Act prohibits transmission of any email that contains false or misleading header or “from” line information. Section 7704(a)(2) prohibits the transmission of commercial email messages with false or misleading subject headings. Section 7704(a)(3) requires that a commercial email message contain a functioning return email address or similar Internet-based mechanism for recipients to use to “opt out” of receiving future commercial email messages. Section 7704(a)(4) prohibits the sender, or others acting on the sender’s behalf, from initiating a commercial email to a recipient more than ten business days after the recipient has opted out. Section 7704(a)(5) prohibits the initiation of a commercial email message unless it contains three disclosures: (1) clear and conspicuous identification that the message is an advertisement or solicitation; (2) clear and conspicuous notice of the opportunity to decline to receive further commercial email messages from the sender; and (3) a valid physical postal address of the sender. And section 7704(b) specifies four “aggravated violations” — practices that compound the available statutory damages when alleged and proven in combination with certain other CAN-SPAM violations. 3
The Act authorizes the Commission to enforce violations of the Act in the same manner as an FTC trade regulation rule. 4
Section 7706(f) authorizes the attorneys general of the states to enforce compliance with certain provisions of section 7704(a) of the Act by initiating enforcement actions in federal court, after serving prior written notice upon the Commission when feasible. 5
CAN-SPAM also authorizes providers of Internet access service to bring a federal court action for violations of certain provisions of sections 7704(a), (b), and (d). 6
B. Notice of Proposed Rulemaking
In its May 12, 2005 NPRM, the Commission proposed rule provisions on five topics: (1) defining the term “person,” a term used throughout the Act, but not defined; (2) modifying the definition of “sender” to make it easier to determine which of multiple parties advertising in a single email message must have its valid physical postal address included in the message and is responsible for honoring “opt-out” requests; (3) clarifying that Post Office boxes and private mailboxes established pursuant to United States Postal Service regulations constitute “valid physical postal addresses” within the meaning of the Act; (4) shortening from ten days to three days the time a sender may take before honoring a recipient’s opt-out request; and (5) clarifying that to submit a valid opt-out request, a recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single page on an Internet website. 7
In response to this NPRM, the Commission received 152 comments from email marketers and their associations, email recipients, and other interested parties. 8
Based upon the entire record in this proceeding and the Commission’s law enforcement experience, the Commission hereby adopts final Rule provisions that are very similar, but not identical, to the proposed Rule provisions. As discussed in detail below, the adopted provisions are based upon the recommendations of commenters to make certain modifications in the proposed provisions, as well as the Commission’s anti-spam law enforcement experience. Commenters’ recommendations that the Commission has declined to adopt in its final Rule are also identified, along with the Commission’s reasons for rejecting them.
II. DISCUSSION OF THE FINAL RULE
A. Section 316.2 — Definitions
Section 316.12, 9
one of the Rule provisions previously adopted under CAN-SPAM, defines thirteen terms by reference to the corresponding sections of the Act that define those terms. 10
The NPRM proposed modification of the previously-adopted definition of “sender” by adding a proviso to cover multiple sender scenarios. The NPRM also proposed adding definitions of “person” and “valid physical postal address.” All other definitions were to remain as adopted. While the NPRM did not propose any changes to the Act’s definition of “transactional or relationship message,” it posed a series of questions about the interpretation and potential expansion of this definition, and similarly requested comment on the application of the Act’s definitions of “sender” and “initiate” to forward-to-a-“friend” email campaigns.
1. Section 316.2(h) — Definition of “Person”
In the NPRM, 11
the Commission proposed adding a definition of “person,” a term used throughout the Act, 12
pursuant to its authority to “issue regulations to implement the provisions of this Act.” 13
Under the definition proposed in the NPRM, which is identical to the definition contained in the Telemarketing Sales Rule, 16 CFR 310.2, the term “person” would mean “an individual, group, unincorporated association, limited or general partnership, corporation, or other business entity.”
Seven of the eight commenters that addressed this issue supported the addition of the Commission’s proposed definition of “person,” opining that it would clarify the types of entities to which the Act applies. 14
The sole objection came from the Society for Human Resources Management (“SHRM”), which argued that unincorporated nonprofit associations should be excluded from the definition of “person” and, therefore, wholly exempt from CAN-SPAM. 15
SHRM argued that, without such an exemption, the risk of liability under the Act could discourage the organization’s members from volunteering to serve in a leadership capacity.
Having considered the comments, the Commission adopts without modification the definition of “person” in the proposed Rule. The Commission believes that the addition of this definition will advance the implementation of the Act by clarifying that the term “person” is broadly construed and is not limited to a natural person. The Commission rejects the argument that there should be a blanket exemption for all messages sent by unincorporated nonprofit entities. As we have previously observed, CAN—SPAM does not set up a dichotomy between “commercial” and “nonprofit” messages. 16
Accordingly, when nonprofit organizations send emails the primary purpose of which is the advertisement or promotion of a commercial product or service, recipients are entitled to the Act’s protections. In any event, as discussed below, see infra Part II.A.3.j., messages from an association to its members will often be “transactional or relationship messages” under section 7702(17) of the Act and thus not required to include a functioning Internet-based mechanism for consumers to use to opt out of receiving future commercial messages. 17
2. Section 316.2(m) — Definition of “Sender”
Section 7702(16)(A) of CAN-SPAM defines “sender” as “a person who initiates [a commercial electronic mail] message and whose product, service, or Internet web site is advertised or promoted by the message.” 18
In the NPRM, the Commission proposed amending the definition of “sender” to address concerns identified in the ANPR comments about the application of CAN-SPAM’s definition of “sender” to scenarios where multiple marketers use a single email message —— for example, where a commercial email from an airline also contains advertisements or promotions for a hotel chain and a car rental company. The Commission received almost 60 comments in response to this proposal, many of which suggested modifications to the proposed Rule provision. After consideration of these comments, the Commission has modified the definition of “sender” as proposed in the NPRM. The final Rule provides that multiple “senders” of a commercial email, under certain conditions, may identify one among them as the “sender” who will be deemed the sole “sender” of the message (the “designated sender”). Thus, under the final Rule, the designated sender, but not the other marketers using the same email message, must honor opt-out requests made by recipients of the message. 19
Moreover, under the final Rule, the physical address of the designated sender, but not the addresses of the other marketers using the same email message, must appear in the message.
a. Background
As discussed in the ANPR, the Act itself does not specifically address multiple-marketer emails. Rather, under the Act, if multiple senders using a single email message meet the definition of “sender,” each would need to provide an opt-out mechanism, a valid physical postal address for each sender would have to appear in the message, and each would be responsible for honoring an opt-out request by a recipient. 20
The ANPR sought comment on “whether it would further the purposes of CAN—SPAM or assist the efforts of companies and individuals seeking to comply with the Act if the Commission were to adopt rule provisions clarifying the obligations of multiple senders under the Act.” 21
Commenters responding to the ANPR claimed that implementation of the Act may be impeded in multiple marketer scenarios because marketers and consumers will encounter certain difficulties under a regime that holds more than one party responsible as the sender of a single email. First, commenters claimed that consumer confusion would result from multiple opt-out mechanisms and valid physical postal addresses in a single email message. 22
Second, some ANPR commenters predicted that rigid application of CAN-SPAM’s sender definition would likely chill electronic commerce and destroy the type of joint marketing arrangements that are common in industry. 23
According to these commenters, marketers would have to develop mechanisms for receiving suppression lists (lists of email addresses of consumers who previously had opted-out of receiving messages from a sender) from every marketer or co-marketer with which they deal, and for comparing their own mailing lists against multiple suppression lists. 24
In addition, a marketer would have to develop processes for managing multiple opt-outs, i.e. , ensuring that the consumer can opt out from each marketer and that all opt-outs sent to the marketer are forwarded to the marketers from whom the consumer no longer wishes to receive commercial email. These commenters argued that existing CAN-SPAM treatment of multiple senders in a single email is needlessly complex and results in unnecessary administrative costs and delays for legitimate email marketers because of the need to maintain and effectuate multiple suppression lists. 25
Third, commenters stated that a requirement to check names against multiple lists would necessitate passing lists back and forth among several parties, increasing the risk that consumers’ private information may be shared with inappropriate entities or exposed to hackers. Moreover, these commenters opined that multiple suppression lists could force a business to divulge customer names to list owners and other marketers, even when the business has promised to protect that information under its privacy policy. 26
For these reasons, many commenters responding to the ANPR urged that the Act’s “sender” definition be modified to provide that when more than one company’s products or services are advertised or promoted in a single email message, only one among them be responsible as the sender of a message for purposes of the Act.
Based upon these comments, in the NPRM, the Commission proposed adding a proviso to the definition of “sender” to allow multiple sellers advertising in a single email message to designate one among them as the single “sender” of the message for purposes of the Act. Under the NPRM’s proposed proviso, only one of multiple persons whose products or services are advertised or promoted in an email message would have been the “sender” if that person: (A) initiated the message and otherwise met the Act’s definition of “sender,” and (B) was the only person who: (1) “controls the content of such message,” (2) “determines the electronic mail addresses to which such message is sent,” or (3) “is identified in the ‘from’ line as the sender of the message.” Under the proposed Rule, if more than one person meeting the Act’s definition of “sender” were to satisfy one of these three criteria, then each such person who satisfied the definition would have been considered a sender for purposes of CAN-SPAM compliance obligations. 27
b. The Final Rule
Based upon the comments responding to the NPRM proposal, the Commission believes that modification of the proposed Rule’s definition of “sender” as it relates to multi-marketer emails is necessary. The final Rule drops the proposed “controls the content” and “determines the electronic mail addresses to which such message is sent” elements, adds compliance with the core provisions of CAN-SPAM as an element, makes the elements conjunctive rather than disjunctive, and makes the element requiring identification of the person in the “from” line mandatory. The Commission believes that these modifications will meet the concerns of marketers while still preserving CAN-SPAM opt-out protections.
Thus, under the final Rule, multiple marketers can designate as a single “sender,” for purposes of compliance with the Act, a person who: (A) meets the Act’s definition of “sender,” i.e. , such person initiates a commercial electronic mail message in which it advertises or promotes its own goods, services, or Internet website; (B) is identified uniquely in the “from” line of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. 28
In 16 CFR 316.2(m), the final Rule thus states:
The definition of the term “sender” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(16), provided that , when more than one person’s products, services, or Internet website are advertised or promoted in a single electronic mail message, each such person who is within the Act’s definition will be deemed to be a “sender,” except that , only one person will be deemed to be the “sender” of that message if such person: (A) is within the Act’s definition of “sender”; (B) is identified in the “from” line as the sole sender of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4.
The Commission makes this clarification pursuant to its discretionary rulemaking authority to “issue regulations to implement the provisions of this Act.” 29
The definition of “sender” in the final Rule provides marketers flexibility to structure their messages in a way that alleviates redundant obligations for the various marketers in a single email while ensuring that recipients of such messages receive the benefit of CAN-SPAM’s core opt-out protections. Specifically, the final Rule makes it more practicable than the proposed Rule for multiple marketers promoting their products in a single email to designate a single entity as the “sender” under the Act because the marketers’ decision as to which of them will appear in the “from” line resolves the question of which will be considered a “sender” under the Act and will be charged with the resulting responsibilities. The final Rule eliminates the complex fact determination of who “controls” the content and the element of who “determines the electronic mail addresses to which such message is sent.” By placing the focus on the “from” line, the best point of reference for consumers, the modification in the final Rule more directly conforms to consumers’ expectations as to the identity of the entity responsible for sending them a multi-marketer email.
An example illustrates how the final Rule’s “sender” definition applies in the multi-marketer email context. Suppose A, B, and C have goods advertised or promoted in a single email message and that each is an initiator under the Act. If A’s name appears in the “from” line of the message, A is considered the “sender” under the final Rule. While B and C promote their goods, services, or Internet website in the message, may control portions or all of the content of the message, and may supply email addresses for A to use to address the message, neither B nor C would be considered “senders,” unless A did not comply with the listed requirements that apply to “initiators,” namely 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. It would be clear to a consumer that an opt-out request would be sent to A, the one person identified in the “from” line.
The comments and the FTC’s law enforcement experience suggest that a provision, such as the final Rule’s sender definition, that allows multiple senders flexibility in determining who will be the sole “sender” raises the possibility of abuse by illegitimate marketers. As discussed below, this concern is addressed in part by the addition of certain initiator provisions to the proviso: 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. If the designated sender is not in compliance with the initiator provisions, then all marketers in the message will be liable as senders.
c. Comments on the NPRM’s Definition of “Sender”
Commenters who addressed the proposed definition of sender were nearly unanimous in supporting a “sender” definition that would enable marketers to designate a single “sender” when multiple marketers use a commercial email message. Reiterating ANPR comments, several commenters noted that such a rule provision would avoid “daunting compliance challenges” for email marketers, such as the heavy burden of cross-checking the opt-out lists of all the individual marketers with the designated sender’s opt-out list. 30
Likewise, commenters supported the NPRM’s proposed Rule because it would enable recipients to determine the party responsible for honoring opt-out requests. 31
Others noted with approval that designating a single sender would eliminate confusion for consumers who otherwise would face multiple opt-out links and postal addresses. 32
Finally, other commenters opined that the proposed Rule would promote protection of consumer privacy. 33
In contrast to the almost unanimous support for a multi-marketer proviso, however, few commenters supported the definition of “sender” as proposed in the NPRM without change. 34
Many commenters raised concerns about the workability and clarity of the proposal, as well as its consistency with consumer expectations. Most commenters urged the Commission to modify or clarify the criteria articulated in the proposed Rule. Such comments concerned four issues. The first three issues relate to the three listed criteria in the NPRM’s proposed proviso: (1) the significance of the person identified in the “from” line; (2) the meaning of “controls the content of the message” and the structure of the proviso; and (3) the meaning of “determines the electronic mail addresses” to which a message is sent. A fourth category of comments addressed what it means to “advertise” or “promote” a product, service, or website under the Act, which is related to the question posed in the NPRM about whether “list owners” can be “senders” under the Rule and thus be required (or allowed) to process opt-out requests in lieu of other marketers who promote a product, service, or website in the email. 35
(i) “From” Line
Many commenters favored looking to the “from” line of the message in order to determine who, under the Act, is the “sender” of a multi-marketer message. Commenters urged that this element is most critical for recipient expectations 36
and would be easy to use as a way to designate a single sender. 37
Some commenters argued that the other two proposed elements should be deleted. 38
A few commenters also requested that the Commission provide additional guidance on which non-deceptive names can be used in the “from” line, including a company’s brands and service names. 39
(ii) “Controls the Content”
Most commenters voiced concerns about the “controls the content” element of the proposed proviso and its likely effect. Many of these commenters found this criterion vague and urged the Commission to provide additional guidance concerning what it means to “control” the content of commercial email. 40
Many advocated eliminating this factor altogether, 41
and others urged various ways to modify it. 42
Two primary themes emerged from the comments: (1) several parties may exercise some degree of “control” over content, and (2) “control” in this context is a vague and ill-defined concept. Commenters explained that in joint marketing arrangements, it is standard industry practice for each marketer to exercise control over the use of its own trademarks, branding, legal disclosures, and advertising copy. 43
Commenters further explained that in highly regulated industries, such as life insurance, securities, pharmaceuticals, and alcoholic beverages, marketers may be required to include certain text and legal disclosures. 44
Some commenters also stated that, in addition to controlling their own trademarks and disclosures, marketers sometimes influence the content of other parts of a message without “controlling” it, or may suggest advertising text without making the final decision about the advertising content. 45
To protect their brand reputations, commenters explained that they need to be able to review and approve the advertising content of other marketers. 46
A number of commenters opined that, without clarification, under a literal application of the proposed Rule, essentially all marketers would be deemed to “control” the content of a multi-marketer email, thereby preventing the designation of a single sender and defeating the purpose of the proposed Rule. 47
Conversely, according to commenters, a standard that forced marketers to cede all control of the content of messages to one marketer among several using a single email message would greatly disrupt standard industry practices. 48
To alleviate these perceived problems, a number of commenters suggested that the Commission eliminate the “controls the content” element, because they believed that the proposed Rule could operate effectively in its absence. 49
Others suggested that the Commission clarify that “control” means control of the “primary” or “overall” content of the message, but does not mean either control by a company over its own advertisement 50
or the practice of reviewing and approving the advertising content of other marketers. 51
These commenters asked the Commission to clarify that “control” should refer to control over what content will be distributed in the email message as a whole and not control over the design, content, or placement of a particular advertisement in a multi-marketer message. 52
Other commenters advocated that “control” of the content of the message should mean the ultimate ability to determine whether and when the message is transmitted. 53
In a similar vein, some commenters felt that the structure of the proviso as proposed in the NPRM would have limited the ability of legitimate marketers to co-promote their products without any corresponding benefit to consumers. 54
Commenters pointed out that there are circumstances when one entity provides the email addresses to which a message is to be sent and one or more other entities control the content of the message. Under the proposal in the NPRM, all entities would be considered senders because the proposed Rule’s definitional requirements allowing one sender to be designated could not be met. 55
These commenters asked that the final Rule be made more flexible to accommodate the variety of marketing agreements commonly used in the industry. 56
(iii) “Determines the Electronic Mail Addresses to Which Such Message is Sent”
Few commenters discussed the third element of the proposed proviso for the definition of “sender”: that the sender be the party that determines the email addresses to which such message is sent. Some commenters objected to this element of the definition because, they contend, entities in joint marketing campaigns may want to contribute or recommend some email addresses without being considered the primary “sender.” 57
(iv) “Promote”
Finally, a few commenters suggested that the Commission define broadly the term “promote” in the Act’s definition of sender. They argued that a person “advertises” or “promotes” the person’s “product, service, or Internet website” by appearing in the “from” line of the message or simply by having the person’s name referenced in the email. 58
Under this interpretation, they argued, more persons could qualify as designated “senders” under the proviso.
d. Response to Comments on the Definition of “Sender” and Explanation of the Final Rule’s Definition of “Sender”
Having considered the comments on the proposed definition of “sender,” the Commission adopts a modified version as its final Rule. These modifications mitigate the concerns of marketers raised in the comments, recognize the benefits afforded by advertising by multiple entities in a single email, conform more closely to the expectations of email recipients, and continue to provide the CAN-SPAM protections contemplated by Congress. In summary, as discussed below, the Commission retains the “from” line element in the proviso as a mandatory element, drops the “controls the content” and “determines the electronic mail addresses to which the message is sent” elements, and adds a requirement that the designated sender be in compliance with certain provisions of the Act and Rules that apply to initiators.
In response to comments regarding the “from” line, the Commission found persuasive the suggestions that the “sender” of a multi-marketer email should be the person identified in the “from” line of the message. The Commission agrees that a rule that uses the “from” line as the sole determinant of the sender in a multi-marketer email would be straightforward for marketers to follow and is the single most helpful element of an email to enable recipients to identify the sender of the email. 59
A designated “sender” for purposes of a multi-marketer email must, in addition to meeting the other requirements listed below, include its non-deceptive name, trade name, product, or service in the “from” line of the email. 60
And, under the final Rule, the designated sender must be “identified in the ‘from’ line as the sole sender of the message” — if two or more senders appear in the “from” line, the multi-marketer proviso would not be met.
On the second issue identified by commenters, the Commission has deleted the “controls the content of such message” element from the proviso. Comments urging its removal were persuasive, and comments that advocated clarification rather than removal revealed that retaining this element would not serve to assist recipients in identifying or confirming the sender of a multi-marketer message. By its nature, a multi-marketer message promotes more than one company’s content, and thus more than one company controls its content in at least some way. 61
Modifying the criterion to require “overall” control of the content would simply add further nuance and complication and make enforcement difficult. Deleting this criterion will make the proviso more practicable for legitimate marketers to designate a single “sender” while preserving for email recipients the protections of CAN-SPAM. 62
Under the final Rule, therefore, a non-designated sender under the multi-marketer proviso will not have “sender” liability just because it controls its own advertising copy, including its trademarks and legal disclosures, or reviews other marketers’ content to ensure the absence of objectionable material in proximity to its own brand.
The Commission has deleted the third element discussed by commenters that required that the designated “sender” of a multi-marketer email determine the email address to which such message will be sent. The NPRM rationale for this element was to ensure that the designated sender had the ability to process opt-out requests. The Commission is now convinced that requiring the designated sender to determine recipient email addresses would serve little, if any, purpose. Under the Act, as a sender, the designated sender already must check to make sure that none of the email recipients appears on its opt-out list. In a multi-marketer email, if the designated sender receives a list of proposed email addresses from a non-designated sender, the designated sender must scrub that list against its own opt-out list before sending the message to the addresses on that list.
On the fourth and final issue raised by commenters, the Commission declines to make any additional changes to the definition of “sender” proposed by the NPRM. Some commenters suggested that the FTC define broadly the phrase “advertised or promoted” in the Act’s definition of “sender,” so that more entities could qualify as “senders” under the multi-marketer proviso. The Commission believes that the definition of a “sender” should be based on consumer expectations. If a reasonable consumer would not believe that a person’s product, service, or website were “advertised or promoted” in the message, then that person does not qualify as a “sender.” The Commission believes that the meaning of “advertised or promoted” is clear and broadly understood. 63
Lastly, based on its law enforcement experience, the Commission recognizes that illegitimate marketers may attempt to use the proviso to escape liability under CAN-SPAM. Both CAN-SPAM’s definition of “initiator” and the final Rule’s revised definition of “sender” substantially reduce the likelihood of such abuse. 64
First, marketers in a single email message who are not designated senders are still “initiators” under CAN-SPAM and liable under any of the provisions that apply to initiators, such as the prohibition against use of deceptive headers and subject lines and the requirement to include an opt-out link. 65
Second, the final Rule’s definition of “sender” requires that the designated “sender” be in compliance with certain initiator provisions of the Act: 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. 66
The proviso states that if the designated sender does not comply with these five “initiator” responsibilities, all the marketers will be liable as senders (and not just initiators) under the Act because the proviso will not apply. By requiring the designated sender to comply with these provisions of law, the other marketers using a single email message must ensure that the entity that is the designated “sender” complies with the Act and the Commission’s rules. Otherwise, the other marketers using the email risk losing the protections provided by the proviso and each will be a “sender” of the message. The final Rule, therefore, provides senders of multi-marketer emails a method of reducing the burdens associated with multiple opt-out links and postal addresses while guarding against possible abuse. Nonetheless, if the Commission finds such abuse through the operation of the proviso, it will reconsider whether the final Rule is justified under the Act. 67
e. List Owners
In the NPRM, the Commission asked whether under CAN-SPAM, third-party list providers who do nothing more than provide a list of names to whom others send commercial emails could be required to honor opt-out requests. 68
Specifically, the NPRM asked whether such list providers could satisfy the statutory definition of sender, i.e. , a person that both initiates a message and advertises its product, service, or website in the message.
Some commenters opposed extending opt-out responsibilities to third-party list providers because it would be contrary to congressional intent, difficult to implement and monitor, and would impose administrative costs and complexity for legitimate list providers and email marketers. 69
Although the NPRM asked about list owners who have no other involvement in the message besides providing a list of names to others, commenters discussed other list rental arrangements in which both the marketer and the list owner have some degree of control over the content of the message. 70
In those cases, list owners typically do not have control over the specific creative content within an advertisement, but they can approve or disapprove an advertisement for delivery to email addresses on their lists.
On the other hand, two commenters argued in favor of extending opt-out obligations to third-party list providers. 71
Some of these commenters thought the Commission should clarify that in such situations the list owner exercises fundamental “control” of the content of the message for purposes of the then-proposed regulatory definition of “sender.” 72
Other commenters urged the Commission to adopt the position that a list owner would be considered a sender if the list owner “advertises or promotes” its services merely by being referenced in the “from” line or in the message itself, thereby making it responsible for the opt-out function and other CAN-SPAM compliance. 73
Because of the variety of situations in which a list owner might be involved in a commercial email, and because none of the commenters provided a workable mechanism for all of these situations, the Commission is persuaded that amending the rules under CAN-SPAM to create a specific provision for list owners is not feasible.
The Commission finds that a list owner must honor opt-out requests only if it qualifies as the “sender” of a commercial email ( i.e., it is an initiator and its “product, service, or Internet web site” are “advertised or promoted” in the email). And, if it does qualify as a “sender,” it may avail itself of the multi-marketer proviso added to the definition of sender in the final Rule.
f. Safe Harbor for Email Messages Sent By Affiliates
In the NPRM, the Commission asked whether it should adopt a “safe harbor” with respect to opt-out and other obligations for a sender whose product, service, or website is advertised by affiliates or other third parties. Moreover, the Commission sought guidance on the criteria for a safe harbor. 74
Although the Act does not provide a definition of “affiliate,” the Commission noted in the NPRM that “affiliates” are induced to send commercial email messages by sellers seeking to drive traffic to their websites, and that sellers generally pay affiliates based on the number of individuals who, directed by the affiliates, ultimately visit the seller’s website and/or purchase the seller’s product or service. 75
Before turning to the issue of whether a safe harbor is appropriate to shield marketers from liability for CAN-SPAM violations of affiliates, two preliminary questions must be considered. First, is the marketer who uses an affiliate an “initiator” under the final Rule? Second, in scenarios where a marketer uses an affiliate, what is the impact of the final Rule on the status of both the marketer and the affiliate as “senders”?
With regard to whether a marketer that uses affiliates is an “initiator,” under the Act, a person is an “initiator” if the person originates, transmits, or “procure[s] the origination or transmission of” a message. 76
In the typical affiliate marketing scenario, the affiliate originates and transmits the message, and is therefore an initiator. The marketer, however, does not originate or transmit the message, but does “ procure ” the origination of the message. The Act defines “procure” as “intentionally to pay or provide other consideration to, or induce , another person to initiate[]a message on one’s behalf.” 77
A few commenters argued that a marketer does not actually “initiate” an email message if it does not provide consideration to an affiliate for each message , because it provides consideration to the affiliate for visits to its website or completed sales made as a result of the affiliate’s email messages. 78
According to this argument, in these circumstances, the marketer pays consideration for the referral , but not for the message itself.
The Commission believes that this interpretation is too narrow. By agreeing in advance to pay an affiliate for sales to persons who come to a marketer’s website as a result of an affiliate’s referral, a seller or marketer creates an inducement for the affiliate to originate or transmit commercial email messages to the public. In the language of the Act, the seller induces another person — the affiliate — to initiate messages on the seller’s behalf.
With regard to the second question, in the typical affiliate program, the marketer is a “sender” because its product, service, or website is promoted in the email message, and the affiliate is only an “initiator.” It is only when the affiliate promotes its own product, service, or website along with that of the marketer that the affiliate is also a “sender” under the Act. In such a case, under the final Rule, the affiliate may serve as the designated sender, provided that it is listed in the “from” line of the message and is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. If, however, the affiliate promotes its own product, service, or website in addition to that of the marketer, but does not comply with the designated sender requirements in the final Rule, then both the affiliate and the marketer are liable as “senders” under the final Rule. 79
A “safe harbor” would absolve a marketer of initiator liability (or of sender liability if the affiliate is not the designated sender under the final Rule) if the marketer takes prescribed steps to ensure that the affiliate complies with CAN-SPAM. Those who commented on this issue were split on whether the Commission should adopt a safe harbor for CAN-SPAM liability for marketers whose products are promoted by affiliates or other third parties. Those opposed to a safe harbor stated that it would allow marketers to circumvent CAN-SPAM requirements. 80
Those in favor of a safe harbor stated that it would: (1) provide clarity to marketers that practice due diligence when selecting third-party email marketers; (2) encourage marketers to maintain reasonable practices and procedures to prevent violations of CAN-SPAM; and (3) effectuate congressional intent. 81
Many online businesses advocated the adoption of a safe harbor in principle, 82
but only a fraction of those commenters suggested specific components to the safe harbor. Those suggestions included the following requirements: (1) that the contract between the marketer and the affiliate specifically require the affiliate to comply with CAN-SPAM; 83
(2) that the affiliate periodically certify that it complies with CAN-SPAM; 84
(3) that the marketer provide the affiliate with written guidelines on how to comply with CAN-SPAM; 85
(4) that the marketer maintain additional reasonable procedures to determine whether the affiliates are complying with CAN-SPAM; 86
(5) that a marketer comply with its privacy policy relating to the conduct of third parties sending email messages on its behalf; 87
and (6) that a marketer have “flexibility to determine what procedures are reasonable.” 88
After considering all the comments submitted and in the light of the changes to the Rule’s definition of “sender” for multi-marketer messages as well as its law enforcement experience, the Commission has decided against creation at this time of a “safe harbor” for companies whose products, services, or website are advertised by affiliates or other third parties. First, the requisite criteria for a safe harbor have not been articulated clearly. Second, email marketing models continue to evolve, and there may not be enough transparency in email marketing to support a safe harbor.
The Commission believes that the final Rule’s definition of “sender” gives marketers the necessary flexibility to market their products using email on their own or in conjunction with other parties while at the same time preserving the protections afforded to consumers by CAN-SPAM. If, after marketers have had the opportunity to conduct business under the “sender” definition in the final Rule, concerns about the necessity of a safe harbor persist, the Commission can reconsider this issue.
g. Messages Sent to Members of Online Groups
The NPRM asked whether CAN-SPAM should apply to email messages sent to members of online groups. According to ESPC, online groups are also known as discussion lists, list servs, mailing lists, and chat groups. They often constitute communities engaging in both commercial and non-commercial speech via email. Many such lists are volunteer efforts, but their messages sometimes include commercial content. Lists can be fee-based or free. 89
Generally discussion groups are permission-based, that is, “opt-in.” Those lists that are free to join often include advertising in messages sent to subscribers, either with or without content relating to the purpose of the group. Depending on the type of discussion group, different individuals may be able to send messages to the entire group. In some groups, any member may send a message; in other groups, only the moderator or list owner may send messages; in still other groups, anyone may send a message, but the message must be approved by a moderator. It is rare for mailing list software to allow subscribers to choose the senders from whom they want to receive messages. In other words, they opt to receive all messages in the discussion group or none at all. 90
Four commenters stated that they believe online groups should not be subject to CAN-SPAM. 91
They felt that compliance with CAN-SPAM would be too burdensome for unpaid list moderators and might cause them to cease operations, potentially chilling free speech. ESPC argued that email service providers that host mailing list services generally are considered to be engaged in routine conveyance under the Act, taking them outside the definition of initiator under the Act. ESPC also argued that most moderators also would be engaging in routine conveyance when sending messages to the group on behalf of group members. 92
One commenter urged the Commission not to distinguish between email messages sent to members of groups and email messages sent to recipients who are not members of groups. That commenter stated that an exception from CAN-SPAM would give an unfair advantage to the operators of online groups without compelling justification, and would create an incentive for “group” status that would likely be exploited by aggressive marketers. 93
The Commission believes that CAN-SPAM compliance is not unduly burdensome for online groups. Of course, in some cases, the primary purpose of emails sent by and to online groups will not be commercial, and thus the Act will not apply. 94
However, for those messages with a primary purpose that is commercial, group members should be entitled to the benefits of CAN-SPAM’s opt-out provisions. Indeed, best practices in the industry already require group members to opt into listservs and provide straightforward mechanisms for opting out. 95
The Commission, therefore, has determined not to exempt online groups from CAN-SPAM at this time, but may reconsider the issue in the future should circumstances warrant.
3. Section 316.2(o)—Definition of “Transactional or Relationship Message”
CAN-SPAM designates five broad categories of emails as “transactional or relationship messages.” 96
The Act excludes these messages from its definition of “commercial electronic mail message,” 97
and thus relieves them from most of the Act’s requirements and prohibitions. 98
In the NPRM, the Commission proposed no modification to Rule 316.2(n), which incorporates the Act’s definition of “transactional or relationship message” by reference. Under the Act, the Commission can expand or contract the definition of “transactional or relationship message” only if two conditions are met: (1) such modification is necessary to accommodate changes in email technology or practices; and (2) such modification is necessary to “accomplish the purposes of [the Act].” 99
None of the 50 comments submitted on this issue demonstrated that an expansion or contraction of the “transactional or relationship message” categories were necessary to accommodate changes in email technology of practices. Accordingly, the final Rule leaves the statutory definition unaltered. 100
The NPRM also invited comment on a series of questions concerning the application of the existing categories of “transactional or relationship messages” to certain types of messages. The Commission has carefully reviewed these comments and discusses its views on these issues below.
a. Legally Mandated Notices
In the NPRM, the Commission asked whether an email message that contains only a “legally mandated notice” — i.e. , communications mandated by state or federal law — should be considered a “transactional or relationship message.” 101
Commenters identified messages mandated by the Truth in Lending Act, the Gramm-Leach-Bliley Act, and the USA PATRIOT Act as well as messages concerning billing errors and changes in terms or account features as examples of legally mandated notices. 102
All 13 commenters that addressed this issue opposed classifying messages that solely contained legally mandated notices as “commercial electronic mail messages.” 103
Commenters were divided on whether such messages should be exempt from the Act, 104
categorized under a new definition of “transactional or relationship message,” 105
or classified under one of the existing, statutory categories of transactional or relationship emails, such as messages to facilitate a commercial transaction that the parties have entered into (section 7702(17)(A)(i)) 106
or messages to provide notification regarding a change in the terms and features of an account (section 7702(17)(A)(iii)). 107
The Commission declines either to expand the definition of “transactional or relationship message” to include legally mandated notices or to make a blanket determination that such messages fall under one of the existing categories of transactional or relationship emails. Despite the unanimity of opinion expressed in the comments that such notices should not be treated as commercial in nature, none of the commenters demonstrated that expansion of the definition of “transactional or relationship message” to include legally mandated notices was necessary to accommodate changes in email technology or practices and to accomplish the purposes of the Act. 108
That said, the Commission believes that, in most cases, the types of legally mandated notices described by the commenters likely would be categorized as transactional or relationship messages. Such determinations, however, must be made on a case-by-case basis depending on the specific content and context of such messages. Moreover, if a message providing a non-commercial legally mandated notice also includes commercial content, it should be evaluated under the Commission’s primary purpose criteria as a dual purpose message. 109
b. Debt Collection Emails
In the NPRM, the Commission invited comment on the Act’s application to debt collection email messages, including messages sent by a third party on behalf of the seller from whom the recipient purchased goods or services rather than by the seller itself. 110
Nearly all of the 15 commenters that addressed this issue urged that debt collection emails by a seller from whom the consumer made a purchase should be considered transactional or relationship in nature. 111
Most of these commenters also stated that the same conclusion should apply to emails sent by third-party debt collectors. 112
The Commission declines to modify the definition of “transactional or relationship messages” to include an express provision addressing debt collection emails because there is no evidence in the record that such a modification is necessary to accommodate new email technology or practices. Such a modification is also unwarranted because debt collection messages will usually qualify as “transactional or relationship messages” under the existing definition of the term. The primary purpose of debt collection emails is not the “advertisement or promotion of a commercial product or service,” and, therefore, they generally would not be “commercial electronic mail messages” under section 7702(2)(A) of CAN-SPAM. 113
Rather, debt collection emails from a seller from whom the consumers made a purchase are best understood as “complet[ing] . . . a commercial transaction that the email recipient has previously agreed to enter into with the sender,” and thus are “transactional or relationship messages” under section 7702(17)(A)(i). Morever, the Commission agrees with the overwhelming majority of commenters that the “sender” with whom the “recipient has previously agreed to enter into” a commercial transaction can be interpreted to encompass a third party acting on behalf of a seller from whom the consumer made a purchase. 114
Thus, an email from a third party collecting on behalf of a seller likely is a “transactional or relationship message.”
c. Copyright Infringement Notices and Market Research
Two business organizations urged the Commission to clarify that messages containing copyright infringement notices or marketing and opinion research surveys are neither commercial nor transactional or relationship in nature and thus are exempt from the Act. 115
One of these commenters further asserted that an email containing a copyright infringement notice that also provided information on how to obtain a legitimate, licensed version of the copyrighted material in question would not fall within the scope of the Act. 116
In the NPRM, the Commission acknowledged that there may be messages that are neither “commercial electronic mail messages” nor “transactional or relationship messages” as defined by the Act, and thus are not addressed in CAN-SPAM. 117
As a general matter, the Commission agrees that if a sender has had no previous dealings with the recipient — thus lacking the predicate for a message to be deemed “transactional” — and that sender’s messages contain only a copyright infringement notice, the messages also are not primarily commercial in purpose and thus are not subject to the requirements and prohibitions of CAN-SPAM. Nevertheless, where a copyright infringement notice also contains information on how to obtain licensed versions of copyrighted materials, evaluation under the Primary Purpose Rule provisions governing dual purpose messages may lead to the conclusion that such messages are covered by CAN-SPAM. 118
Likewise, emails containing true opinion and research surveys may fall outside the scope of the Act, but to the extent that any such message seeks to advertise or promote a brand, a company, or a product or service to the recipient, it also may be primarily commercial in purpose, and therefore subject to the Act’s requirements and prohibitions.
d. Transactions that Do Not Involve an Exchange of Consideration
The NPRM invited comment on the Act’s application to messages sent pursuant to a relationship in which no consideration passes, such as messages from a “free” Internet service (such as Evite or Shutterfly). No commenters provided any evidence of changes in email practices or technology that would warrant modifying the definition of “transactional or relationship message” specifically to address such messages. Indeed, as explained in the NPRM, even without a Rule change, the existing definition of “transactional or relationship message” includes two categories that could include messages sent pursuant to a relationship in which there has been no exchange of consideration: section 7702(17)(A)(i), under which an electronic mail message the primary purpose of which is to “facilitate, complete, or confirm a commercial transaction [emphasis added] that the recipient has previously agreed to enter into with the sender” is deemed transactional or relationship in nature; and section 7702(17)(A)(v), which provides that an email the primary purpose of which is “to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction [emphasis added] that the recipient has previously agreed to enter into with the sender” also qualifies as transactional or relationship in nature. In the NPRM, the Commission explained that it believed an email from a free Internet service to someone who has registered with the service would be considered a message “to deliver goods or services * * * that the recipient is entitled to receive under the terms of a transaction” under section 7702(17)(A)(v) rather than a “ commercial transaction” under section 7702(17)(A)(i) (emphasis added), but sought comment on this question. 119
Ten of the 13 commenters that addressed this issue took the position that an email message that is primarily for the purpose of facilitating, completing, or confirming a commercial transaction with the sender previously agreed to by the recipient is “transactional” under section 7702(17)(A)(i), even when the transaction at issue involves no exchange of consideration. 120
A few of these commenters argued further that, in any event, many “free” Internet services do involve an exchange of consideration; these commenters contended that agreeing to receive commercial email or to view advertising, for example, constitutes consideration. 121
Three commenters argued that a “commercial transaction” under section 7702(17)(A)(i) must involve an exchange of consideration. 122
The Commission continues to believe that in many cases it is unnecessary to reach the question of whether registration with a “free” Internet service constitutes a “ commercial transaction” under section 7702(17)(A)(i) (emphasis added), because it is likely a “transaction” under section 7702(17)(A)(v). That said, having reviewed the comments, the Commission has been persuaded that the term “commercial transaction” in section 7702(17)(A)(i) can encompass situations in which there has been no exchange of consideration between the sender and the recipient. 123
This is consistent with the Commission’s interpretation of the term “commercial electronic mail message,” which, as defined in section 7707(2), includes an email the primary purpose of which is the advertisement or promotion of a commercial product or service that is free and does not involve the exchange of consideration so long as it is a “commercial product or service (including content on an Internet website operated for a commercial purpose).” Many free Internet services are undoubtedly engaged in “commerce” and offer consumers goods or services that are “commercial” in nature whether or not they involve an exchange of consideration. 124
e. Affiliated Third Parties Acting on Behalf of a Person With Whom the Recipient Has Previously Entered Into a Commercial Transaction
The NPRM invited comment concerning the application of the Act to messages sent by affiliated third parties that are acting on behalf of an entity with whom a consumer has transacted business. All but one of the dozen commenters addressing this issue argued that messages “to facilitate, complete, or confirm a commercial transaction to which the recipient has previously agreed” are generally “transactional or relationship messages” under section 7702(17)(A)(i) regardless of whether the messages were transmitted by the entity with whom the consumer transacted business or an affiliated third party acting on the business’s behalf. 125
Because there is no evidence of changes in email technology or practices that would warrant amending the Rule expressly to address messages sent by affiliated third parties that are acting on behalf of an entity with whom the recipient has done business, the Commission does not make any modifications to the Rule concerning such messages. In addition, the Commission notes that the examples provided by commenters ( e.g. , travel agents, insurance agents) are fairly straightforward examples of types of messages that would likely qualify as a “transactional or relationship message” under section 7702(17)(A)(i). 126
The Commission, however, does not interpret this provision as necessarily covering every email message sent by an affiliated third party. For example, if an affiliated third party were to market its own product, service, or Internet website in an email message in which the affiliated third party is also facilitating or completing a transaction on behalf of another vendor, then that message would contain both commercial and transactional content, thus triggering analysis of the primary purpose of the dual purpose message.
f. Messages Sent to Effectuate or Complete a Negotiation
In the NPRM, the Commission asked under what circumstances an email sent to effectuate or complete a negotiation should be considered a “transactional or relationship message” under section 7702(17)(A)(i). 127
Twelve of the 13 commenters addressing this issue agreed that such messages should be deemed transactional or relationship messages or should fall outside the scope of the Act. 128
The Commission declines to alter the definition of “transactional or relationship message” to address communications for the purpose of effectuating or completing a negotiation because of the lack of any evidence in the record that such a modification would be necessary to accommodate changes in email technology or practices and to further the purposes of the Act. However, even without such a modification, the Commission continues to believe that, as it stated in the NPRM, to the extent that negotiation may be considered a “commercial transaction” that a recipient has previously agreed to enter into, such messages likely would be considered transactional or relationship under section 7702(17)(A)(i) if they were sent to facilitate or complete the negotiation. 129
The Commission, however, does not interpret the term “transactional or relationship message” to include an initial unsolicited message that proposes a transaction and attempts to launch a negotiation by offering goods or services. Likewise, after a party has terminated a negotiation, an email from the other party seeking to restart the negotiations would not be a “transactional or relationship message.”
g. Messages in the Employment Context
In the NPRM, the Commission sought comment on the Act’s application to several types of emails that arise in the employment context. Due to the lack of evidence in the record that would satisfy the statutory standard for modifying the definition of “transactional or relationship message,” the Commission does not adopt any provision in the final Rule concerning such messages.
(i) Messages Concerning Employee Discounts or Similar Messages
The NPRM asked whether it is appropriate to classify emails from employers offering employee discounts or similar messages as communications that “provide information directly related to an employment relationship” under section 7702(17)(A)(iv). 130
In addition, the Commission asked whether it was relevant whether the employee’s email address to which the message was sent had been assigned to the employee by the employer. 131
All 20 commenters that addressed this issue argued either that such messages should be considered “transactional or relationship messages” under section 7702(17)(A)(iv) 132
or that they are neither “commercial” nor “transactional or relationship” messages and thus fall outside the scope of the Act. 133
A consistent theme in the comments was that an employer should be free to send whatever information it wants to an email address that the employer owns and assigns to an employee. 134
In such circumstances, these commenters argued, the employer is both the “sender” and the “recipient” under the Act.
The comments persuade the Commission that section 7702(17)(A)(iv) should be interpreted to encompass messages that offer employee discounts from employers to email accounts they have provided to their employees. Moreover, there is nothing in the legislative history suggesting that such emails were of concern to Congress in enacting CAN-SPAM. Further, it seems unlikely that employers would inundate their employees’ workplace email accounts with offers of employee discounts and the like and thereby divert their employees’ attention from their job responsibilities. 135
Thus, because the definition of “transactional or relationship message” is broad enough to encompass emails from employers to their employees offering discounts, it is unnecessary to modify the definition to address such messages.
(ii) Messages From a Third Party on Behalf of the Recipient's Employer
In the NPRM, the Commission asked whether an email that “provide[s] information directly related to an employment relationship or related benefit plan in which the recipient is currently involved” and that would be a “transactional or relationship message” under section 7702(17)(A)(iv) if it were sent by the recipient’s employer would retain its transactional or relationship character if sent by a third party acting on the employer’s behalf. Most of the handful of commenters that addressed this question agreed with the Commission’s view that messages sent by a third party on behalf of an employer should be considered transactional or relationship in nature. 136
The Commission reiterates its interpretation of section 7702(17)(A)(iv) as being sufficiently broad to allow an employer to retain a third party as its agent to send a message to its employees that would otherwise fit within the confines of a “transactional or relationship message.” 137
Thus, because the definition of “transactional or relationship message” is broad enough to include a message sent by the third-party agent of an employer to its employees, provided the message would be considered transactional or relationship in nature if sent by the employer itself, there is no need to modify the definition of “transactional or relationship message” to address such messages.
(iii) Messages Sent After an Offer of Employment is Tendered
In the NPRM, the Commission asked whether, for purposes of section 7702(17)(A)(iv) of the Act, providing information directly related to an employment relationship should include providing information related to such a relationship after an offer of employment is tendered, but prior to the recipient’s acceptance of the job offer. 138
The several commenters that addressed the issue believed that such messages provide “information directly related to an employment relationship” and thus are transactional and relationship in nature. 139
None of the commenters argued that prospective employees would be subject to unwanted commercial email messages from their prospective employers between the time an offer of employment is made and the time it is either accepted or rejected.
As an initial matter, the Commission notes that, where the primary purpose of an email from an employer to a prospective employee is something other than the promotion or advertisement of a commercial product or service, the message would not be subject to CAN-SPAM’s requirements for commercial email messages. 140
Where, for example, a message provides only information about a prospective employee’s salary and job responsibilities and does not advertise or promote a commercial product or service, it is not a “commercial electronic mail message” under the Act. Rather, an email sent to a prospective employee who has received a bona fide offer of employment after actively seeking such employment would be considered information “directly related to an employment relationship or related benefit plan” under section 7702(17)(A)(iv), provided the email concerned only the prospective employment relationship. 141
To the extent, however, that such messages included both information about the job offer and an advertisement or promotion of a commercial product or service, e.g. , an effort to induce the job applicant to purchase the employer’s goods or services, then the message would be analyzed as a dual purpose message under the Primary Purpose provisions of the Commission’s CAN-SPAM Rules. 142
h. Electronic Newsletter Subscriptions and Other Content that a Recipient is Entitled to Receive as a Result of a Prior Transaction with the Sender
The NPRM asked “where a recipient has entered into a transaction with the sender that entitles the recipient to receive future newsletters or other electronically delivered content, should email messages the primary purpose of which is to deliver such products or services be deemed transactional or relationship messages?” 143
The commenters that addressed this issue generally believed such emails were “transactional or relationship messages” under section 7702(17)(A)(v). 144
Several commenters thought the Commission’s “primary purpose” rule already addressed the issue and supported the position that transmission of a periodical delivered via email “falls within one of the ‘transactional or relationship message’ categories.” 145
In addition, three commenters stressed that it is irrelevant whether electronic newsletters or other content provided via subscription are entirely commercial in nature ( e.g. , a catalog), so long as the content conforms to the consumer’s reasonable expectations about the material he or she has requested. 146
The comments do not establish the statutory prerequisite to modifying the definition of “transactional or relationship message” expressly to address electronic newsletters and other content sent pursuant to a subscription. Specifically, there is no showing that such a modification is necessary to accommodate changes in email technology or practices and to accomplish the goals of the Act. Moreover, the Commission believes that the existing definition of “transactional or relationship message” already adequately addresses such emails. In view of the comments received on this issue, the Commission continues to believe, as it stated in the Primary Purpose Rulemaking, that when a recipient subscribes to a periodical delivered via email, transmission of that periodical to that recipient falls within section 7702(17)(A)(v), which includes “goods or services . . . that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender,” provided the periodical consists exclusively of informational content or combines informational and commercial content. 147
On the other hand, when a sender delivers an unsolicited newsletter or other periodical via email, and there is no subscription, the situation is materially different for purposes of CAN-SPAM than when such content is delivered with the consent of the recipient. In such a scenario, the emails likely would not be “transactional or relationship messages” within the meaning of the Act.
i. “Business Relationship” Messages
The NPRM asked whether the Commission should expand the Act’s definition of “transactional or relationship message” to include what some commenters call “business relationship messages,” which are individualized messages sent from one employee of a company to an individual recipient (or a small number of recipients) at another business. 148
Or, as one commenter described this type of message “one-to-one e-mail that is sent by employees in the business-to-business context.” 149
The nine commenters who addressed the issue of “business relationship” messages all supported expanding the definition of “transactional or relationship message” to include this type of email. Commenters did not claim that business relationship messages are “commercial electronic mail messages” under the Act, but, rather, opined that if such messages were deemed “commercial electronic messages,” they would face significant administrative and technological burdens, because business email systems are not designed to scrub each email sent by each employee against the business’s CAN-SPAM opt-out list. 150
In addition, commenters argued that such a requirement would interfere with legitimate practices that are critical to business relationships and operations. 151
To avoid any such potential problems, the commenters urged the Commission to add a new category of “transactional or relationship message” to cover business relationship messages.
None of the commenters, however, demonstrated changes in email technology or practices that would warrant an express carve-out for business relationship messages. For example, there is no evidence that the technological burdens that the commenters cite as a basis for creating the exemption did not exist when the Act was passed in 2003. There is, therefore, an insufficient evidentiary basis to modify the definition of “transactional or relationship message” under the statutory standard. Thus, the Commission declines to add a “business relationship message” category to the definition of “transactional or relationship.”
In any event, the commenters’ concerns about the impact of the Act on the ability of one of their employees to send emails to a small number of employees at another company with which they have a preexisting relationship may be overblown. For example, to the extent an employee at one company provides affirmative consent to receive emails from an employee of another company, or from that company in general, such consent overrides any prior opt-out request. 152
Consequently, when affirmative consent has been given, there is no need to “scrub” the email against the business’s CAN-SPAM opt-out list. Nevertheless, the recipient can always opt out of receiving future emails from the sender, notwithstanding his or her prior affirmative consent. As the Commission has previously observed, affirmative consent to receive commercial emails from a sender does not eliminate the sender’s obligation to provide a functioning Internet-based mechanism to opt out of receiving future emails or any of the sender’s other obligations under CAN-SPAM.
j. Messages from an Association to its Membership
In the NPRM, the Commission stated that it believes that email messages from an association or membership entity to its members are likely “transactional or relationship messages” under section 7702(17)(A)(v). 153
The Commission inquired whether messages from such senders to lapsed members should also be considered transactional or relationship under section 7702(17)(A)(v), and whether messages to lapsed members should be considered commercial electronic messages when they advertise or promote the membership entity. 154
The seven commenters that addressed this question argued that email messages to lapsed members should be considered “transactional or relationship messages,” 155
but most recommended limiting the amount of time that such email messages may be sent to former members. 156
Under the existing definition of “transactional or relationship message” the Commission believes that where a recipient is no longer a member of an organization, it is unlikely that messages from the organization fall within any of the categories of “transactional or relationship messages.” 157
For example, a message that advertises or promotes the sale of a new or renewed membership would be a “commercial electronic mail message” (or a dual purpose message to the extent it also includes non-commercial content). However, the Commission declines to modify the definition of “transactional or relationship message” to include such emails. None of the commenters offered any evidence that either such modification is necessary to accommodate changes in email practices or technology or to accomplish the purposes of the Act, and thus the statutory standard for amending the definition of “transactional or relationship message” is not satisfied.
4. Section 316.2(p) — Definition of “Valid Physical Postal Address”
Proposed Rule 316.2(p) clarified that a sender may comply with section 7704(a)(5)(A)(iii) of the Act — which requires inclusion in any commercial email message of the sender’s “valid physical postal address” — by including in any commercial email message any of the following: (1) the sender’s current street address; (2) a Post Office box the sender has registered with the United States Postal Service; or (3) a private mailbox the sender has registered with a commercial mail receiving agency (“CMRA”) that is established pursuant to United States Postal Service regulations. A substantial majority of commenters supported the proposed definition. In consideration of these comments, the Commission adopts as a final Rule a modified version of the definition proposed in the NPRM. This modified definition allows for the use of Post Office or private mailboxes, but clarifies that a sender must “accurately” register such mailboxes pursuant to postal regulations to be considered a “valid physical postal address” under the Act. Comments addressing the proposed definition are discussed in detail below.
In response to the NPRM, the Commission received 25 comments addressing the definition of “valid physical postal address.” Of these, 18 commenters supported the definition as proposed. Specifically, supporters noted that the proposed definition appropriately recognized that many legitimate businesses, large and small alike, use Post Office boxes or private mailboxes, and that allowing commercial email messages to disclose such a P.O. box or private mailbox would provide flexibility and security to email marketers without compromising law enforcement efforts. 158
Other commenters, including small businesses and independent contractors, supported the proposed definition because it recognizes the privacy and security concerns of individuals who work from home or are fearful of publishing their street address for other reasons. 159
Two additional commenters supported the Commission’s proposal that P.O. boxes and private mailboxes be included under the definition of “valid physical postal address,” but objected to the additional requirement that the sender be registered with the United States Postal Service (“USPS”). Specifically, HSBC Bank Nevada (“HSBC”) and MasterCard suggested that the definition be modified to allow for any address to which mail is delivered for a particular sender, whether or not that sender is registered with the USPS. 160
HSBC noted that several affiliated companies often will receive mail at the same P.O. box, yet not all such companies may be registered to use that box with the USPS, as the proposed definition would require. 161
HSBC and MasterCard argued that their proposed modifications would achieve the purposes of the Act by providing consumers with a mechanism to contact senders other than by email. 162
The approach suggested by MasterCard and HSBC, however, does not take into account the other important purpose of the valid physical postal address provision — that law enforcement authorities be able to identify a sender using a given address, which would be difficult if not impossible without registration of all mailbox users with the USPS. 163
Furthermore, USPS regulations require that anyone registering an individual P.O. box identify the names of all persons authorized to receive mail at such address, and to provide two forms of identification for each listed person. 164
Similarly, with respect to “organization” P.O. boxes or private mailboxes where the applicant is a “firm,” USPS regulations require any of the organization’s members or employees who receive mail at such mailbox to be listed on the requisite postal form. 165
Thus, USPS regulations specifically require that anyone receiving mail at a given address be registered with the USPS.
Only five commenters opposed the Commission’s proposed definition of “valid physical postal address.” Three of these commenters felt that P.O. boxes and private mailboxes should not be included in the proposed definition because they are often used in fraud schemes as a way to shield their owners from identification. 166
The Commission previously addressed this argument in the NPRM, noting that “‘[a]n individual or entity seeking to evade identification can just as easily use inaccurate street addresses’ as hide behind a Post Office box or private mailbox.” 167
No commenters provided any information to refute this statement.
One consumer commenter opposing the proposed definition suggested that P.O. boxes have proven insufficient as a means of contacting senders that fail to honor opt-out requests. 168
The Commission, however, has no evidence to suggest that certain senders are difficult to contact because of the fact that those senders have provided P.O. boxes or private mailboxes as their contact addresses. It is more likely the case that such senders are unscrupulous and have either provided a false or nonexistent address as a means of evading identification, or simply do not respond to consumer inquiries. In such instances, the Commission sees no added benefit to requiring that senders provide a street address, which could just as easily be falsified or simply disregarded.
Finally, ACUTA suggested that the Commission assess and evaluate the relevant postal regulations to ensure that they adequately protect the interests of consumers and law enforcement. 169
Such evaluation, however, goes beyond the scope of this rulemaking proceeding — especially when the Commission has no basis upon which to question the effectiveness of the USPS regulations.
In consideration of all of these comments, the Commission adopts a modified definition of “valid physical postal address.” In the final Rule, the Commission has modified slightly the definition of “valid physical postal address” to clarify that a sender must “accurately” register a P.O. box or private mailbox in compliance with these regulations. For example, if a sender provides a P.O. box or private mailbox address in its commercial email message and is not accurately identified on the applicable postal form, fails to provide two forms of valid identification if required, 170
or otherwise fails to comply with applicable USPS regulations, such address would not be considered a “valid physical postal address” for purposes of the Act. Accordingly, the Commission adopts final Rule 316.2(p), which provides that a “‘valid physical postal address’ means the sender’s current street address, a Post Office box the sender has accurately registered with the United States Postal Service, or a private mailbox the sender has accurately registered with a commercial mail receiving agency that is established pursuant to United States Postal Service regulations.” (Emphasis added.)
5. Applicability of the Act to Forward-to-a-“Friend” Email Marketing Campaigns
In the NPRM, the Commission sought comment on CAN-SPAM’s impact on forward-to-a-“friend” email — a type of commercial email that can take a variety of forms. In its most basic form, a person (the “forwarder”) receives a commercial email message from a seller and forwards the email message to another person (the “recipient”). Other scenarios include those in which a seller’s web page enables visitors to the seller’s website to provide the email address of a person to whom the seller should send a commercial email.
Due to the myriad forms of forward-to-a-“friend” email, CAN-SPAM’s applicability to such messages is a highly fact specific inquiry. As explained below, the central question in this analysis often will be whether the seller has “procured” the origination or transmission of the forwarded message.
a. Background
In the NPRM, the Commission discussed the interplay of multiple definitions in CAN-SPAM and their relevance in analyzing the Act’s applicability to forward-to-a-“friend” emails. The Commission began its analysis by examining CAN-SPAM’s definition of “sender” which the Act defines to mean “a person who initiates [a commercial electronic mail] message and whose product, service, or Internet web site is advertised or promoted by the message.” 171
Thus, to be a “sender,” a seller must be both an “initiator” of the message and have its product, service, or Internet website advertised or promoted by the message.
A forward-to-a-“friend” email will ordinarily advertise a seller’s product, service, or website. Thus, the NPRM focused on whether a seller would meet CAN-SPAM’s definition of “initiate.” The Act defines “initiate” to mean “to originate or transmit such message or to procure the origination or transmission of such message, but shall not include actions that constitute routine conveyance of such message.” 172
In the NPRM, the Commission then examined the meaning of the term “procure” and concluded that a seller “procures” an email by either: (1) providing a forwarder with consideration (such as money, coupons, discounts, awards, additional entries in sweepstakes, or the like) in exchange for forwarding the message, or (2) intentionally inducing the initiation of a commercial email through an affirmative act or an explicit statement that is “designed to urge another to forward the message.” 173
Thus, the Commission opined that CAN-SPAM’s inclusion of the word “induce” in the definition of “procure,” meant that a seller could “procure” the initiation of a message without offering to provide a forwarder with any consideration if it exhorted visitors to its website to forward a message. 174
Finally, the Commission concluded by stating that a seller who offered a web-based “click-here-to-forward” mechanism, but did not exhort visitors to forward a message or offer to pay or provide other consideration in exchange for forwarding the message, would be engaged in the “routine conveyance” of the message and therefore not be an “initiator” of the message. 175
b. Comments Received in Response to the NPRM
The Commission received more than forty comments concerning forward-to-a-“friend” emails. Some of these comments asserted that: (1) forward-to-a-“friend” messages are not “commercial electronic mail messages”; (2) most marketers whose products, services, or website are promoted by a forward-to-a-“friend” message are engaged in “routine conveyance”; (3) the Commission’s view of “routine conveyance” was unduly narrow; (4) forward-to-a-“friend” emails sent through a seller’s web-based mechanism should be treated the same as emails that the seller sends to a forwarder who then forwards the messages to a recipient; (5) making CAN-SPAM’s applicability hinge on whether a seller offered to pay a forwarder consideration was contrary to the language and purpose of the Act; (6) sweeping forward-to-a-“friend” messages into CAN-SPAM would impose high compliance burdens for sellers. Each cluster of comments is elaborated upon below.
First, some commenters opined that the most relevant inquiry in a forward-to-a-“friend” scenario is whether the primary purpose of the forwarded message is “commercial.” If the message’s primary purpose is not “commercial” (and it is not a “transactional or relationship message”), CAN-SPAM does not apply. 176
Second, a handful of commenters asserted that the key factor in determining whether a forward-to-a-“friend” message is covered by the Act should be whether the seller is engaged in “routine conveyance.” 177
These commenters argued that under section 7702(9) of the Act, any person engaged in “routine conveyance” is necessarily not an “initiator,” and thus it is unnecessary to inquire whether it “procured” the message in question.
Third, a number of commenters posited that the Commission’s understanding of what constitutes “routine conveyance” was unduly narrow. 178
Many commenters opined that all, or almost all, forward-to-a-“friend” mechanisms constitute “routine conveyance.” 179
Some commenters argued that under the Act’s definition of “initiate,” whether a company pays consideration or otherwise induces a person to forward an email is irrelevant to whether the company is engaged in “routine conveyance.” 180
The majority of commenters, however, expressed the view that a company that offers consideration to a person to send or forward an email to another person is not engaged in “routine conveyance” under the Act. 181
Within this group, commenters were divided as to whether the offer of de minimis consideration, such as coupons, sweepstakes entries, or points towards the purchase of a good or service, was sufficient to render a company ineligible for the “routine conveyance” exception. 182
Fourth, many commenters also stated that web-based mechanisms for forwarding emails should be treated no differently than the “forward” button on a typical email program. 183
In these email programs, the “sender” of the email, according to the commenters, is the person forwarding the email.
Fifth, many of the commenters noted that making the offer of consideration the standard for determining whether a forwarder “procured” the origination or transmission of a message or engaged in “routine conveyance” would both be contrary to Congress’s intent in passing the CAN-SPAM Act, 184
and unnecessary because there is no evidence to suggest that Congress or consumers viewed forward-to-a-“friend” messages as spam. 185
Finally, some commenters noted the compliance burdens that would result from the inclusion of forward-to-a-“friend” emails in CAN-SPAM’s regulatory regime. According to these commenters, once a person forwards an email using his or her own email program, the original “sender” loses the ability to control the email message’s content and whether the message retains its compliance with CAN-SPAM. 186
Commenters also stated that it was very difficult to check the names of recipients of forwarded messages against company opt-out lists. 187
Moreover, some commenters who operate websites directed to children opined that if they were considered the “sender” of certain forwarded emails, they would have to honor opt-out requests and maintain opt-out lists, which might cause conflicts with the Children’s Online Privacy Protection Rule. 188
c. Commission Statement on Forward-to-a-“Friend” Emails
Whether a seller or forwarder is a “sender” or “initiator” is a highly fact specific inquiry. Nonetheless, the application of the Act to a forward-to-a-“friend” message likely often will turn on whether the seller has offered to pay or provide other consideration to the forwarder. Below, the Commission expands upon its discussion contained in the NPRM by discussing the liability of sellers in two common forms of forward-to-a-“friend” emails: (1) those sent using a web-based forwarding mechanism and (2) those forwarded using the forwarder’s own email program. The Commission then discusses the potential liability CAN-SPAM imposes on consumers who send forward-to-a-“friend” emails.
(i) Seller’s Liability in the Context of a Forwarding Mechanism on a Seller’s Website
With a web-based mechanism, a seller’s website includes a button that enables a visitor to the website to send an email advertising the seller’s product, service, or website. When the visitor clicks on the button, the seller requests the recipient’s email address and often additional information such as the visitor’s name and email address. The seller may also enable the visitor to add text that will be included in the message sent to the recipient. Upon entering the information, the visitor must press a “send” button for the message to be sent. The message will be sent to the recipient via the seller’s or seller’s agent’s email server.
The starting point in analyzing CAN-SPAM’s applicability to forward-to-a-“friend” messages is the language of the Act. A seller is a “sender” if it “initiates” the message and its product, service, or Internet website is advertised or promoted in the message. 189
Because the message sent using the seller’s web-based mechanism will ordinarily advertise the seller’s product, service, or website, the seller will be a “sender” if it “initiates” the message sent to the recipient.
CAN-SPAM defines “initiate” to mean “to originate or transmit [a commercial email] or to procure the origination or transmission of such message, but shall not include actions that constitute routine conveyance of such message.” 190
Thus, where a seller is involved solely in “routine conveyance,” the seller will be exempt from the responsibilities of an “initiator” or a “sender” under the Act. The Act defines “routine conveyance” to mean the “transmission, routing, relaying, handling, or storing, through an automatic technical process, of an electronic mail message for which another person has identified the recipients or provided the recipient addresses.” 191
The Act’s legislative history explains that a company engages in “routine conveyance” when it “simply plays a technical role in transmitting or routing a message and is not involved in coordinating the recipient addresses for the marketing appeal.” 192
Thus, under the web-based scenario described above, a seller that transmits a message through an automatic technical process to an email address provided by a forwarder, absent more, is engaged in “routine conveyance” and is exempt from liability under the Act.
However, under the Act, “routine conveyance” is narrowly circumscribed. Where the seller goes beyond serving as a technical intermediary that transmits, routes, relays, handles, or stores the email, the seller will be liable as the “initiator” and “sender” of the message forwarded from its website. A seller who “procures” the origination or transmission of an email goes well beyond the technical role of transmitting or routing the message.
CAN-SPAM defines “procure” to mean “intentionally to pay or provide other consideration to, or induce another person to initiate [a commercial email] on one’s behalf.” 193
As explained in the NPRM, if a seller offers to “pay or provide other consideration” to a visitor to its website in exchange for forwarding a commercial message, the seller will have “procured” any such messages forwarded by the visitor. 194
As noted in the NPRM, the term “consideration” is not defined in the Act, but is generally understood to mean “something of value (such as an act, a forbearance, or a return promise) received by a promisor from a promisee.” 195
This includes things of minimal value. Accordingly, a message has been “procured” if the seller offers money, coupons, discounts, awards, additional entries in a sweepstakes, or the like in exchange for forwarding a message. 196
Even the offer to provide de minimis consideration takes the seller beyond the mere “routine conveyance” of the forwarded message and into the “procurement” of the forwarded message.
The definition of “procure,” however, does not merely cover those scenarios in which a seller offers to pay or provide other consideration to a forwarder. A seller who “induces” another person to initiate a commercial email will also fall within the definition of “procure.” The NPRM explained that “to induce” is much broader than “to pay consideration.” While CAN-SPAM does not define the term “induce,” in the NPRM, the Commission applied the word’s common definition: “to lead on to; to influence; to prevail on; to move by persuasion or influence.” 197
The Commission then opined that “to induce” did not require the transfer of something of value. 198
Rather, the Commission explained, “one must do something that is designed to encourage or prompt the initiation of a commercial e-mail.” 199
Thus, the Commission stated that, “in order to ‘intentionally induce’ the initiation of a commercial email, the sender must affirmatively act or make an explicit statement that is designed to urge another to forward the message.” 200
In addition, the Commission stated that whether a seller “induced” a person to forward a message could hinge on the forcefulness of the language used by the seller. 201
The Commission believes that this description of “induce” in the NPRM is unduly narrow and inconsistent with the statute’s text and purpose. First, “inducement” need not take the form of an “explicit statement” or “affirmative act” specifically urging someone to send an email. The word “induce” in the definition of “procure” simply makes clear that a seller may “procure” the origination or transmission of a message even where it does not specifically pay or provide other consideration to someone for sending an email. For instance, where a seller offers to pay or provide consideration to someone in exchange for generating traffic to a website or for any form of referrals, and such offer results in the forwarding of the seller’s email message, the seller will have “induced,” and therefore “procured,” the forwarding of the seller’s email. Likewise, in an affiliate program where the seller does not directly offer to pay a sub-affiliate in exchange for generating web traffic or other referrals, the seller’s offer to pay the affiliate for generating web traffic or other referrals will constitute “inducement” of emails sent by the sub-affiliate that advertise the seller’s product, service, or website. Under each of these scenarios, the seller will have “induced” the forwarding of an email and will have gone well beyond routine conveyance.
However, CAN-SPAM’s applicability should not rest on the specificity or forcefulness of the language used by the seller, notwithstanding the suggestion to the contrary in the NPRM. 202
Accordingly, a seller’s use of language exhorting consumers to forward a message does not, absent more, subject the seller to “sender” liability under the Act.
A seller, of course, is not prohibited from offering consideration to a visitor to its website in exchange for forwarding a commercial message, or otherwise inducing the visitor to do so. If it does, however, it will not be engaged in mere “routine conveyance” and must therefore comply with CAN-SPAM’s requirements for a “sender.” For instance, the seller will need to ensure that it does not forward a message to a recipient who has previously made an opt-out request and will need to include in the message an opt-out mechanism.
(ii) Seller’s Liability for Email Forwarded Using a Consumer’s Email Program
In the most basic forward-to-a-“friend” scenario, a seller sends a commercial email to a consumer who then, using his or her own email program, forwards the message to a recipient. 203
Typically, the seller will have no liability under CAN-SPAM for the original recipient’s forwarding of an email. It is only where the seller “initiates” the forwarding of the message that it will be deemed the “sender” of the forwarded message under the Act. 204
Again, the starting point is the language of the Act, which defines “initiate” as “to originate or transmit [a commercial email] or to procure the origination or transmission of such message, but shall not include actions that constitute routine conveyance of such message.” 205
In contrast to the web-based scenario discussed above, the “routine conveyance” exemption has no applicability when a consumer forwards a message using his or her own email program, because the seller would not be involved in the transmission, routing, relaying, or storage of the forwarded message. Nor is the seller “originating” or “transmitting” the message in this scenario. The inquiry thus turns on whether the seller has “procured” the forwarded message. The principles guiding the determination of whether the seller has “procured” the forwarded message are the same here as when the forwarding occurs through the seller’s website. Accordingly, if the seller “pays or provides other consideration” to someone in exchange for forwarding the commercial message, the seller will have “procured” the forwarding of the email. 206
For the reasons explained above, this is true regardless of the amount of the consideration offered; offering de minimis consideration in the form of coupons, discounts, sweepstakes entries and the like in exchange for forwarding a commercial email constitutes “procurement” of the forwarded message. Likewise, if the seller “induces” the forwarding of the message — such as by offering payment in exchange for generating traffic to a website — it will be an “initiator,” and thus also the “sender,” of the forwarded message. In such a circumstance, the seller will be obligated to comply with CAN-SPAM’s requirements for a “sender,” such as ensuring that the forwarded message contains a functioning opt-out mechanism and ensuring that email is not forwarded to someone who has already opted out of receiving commercial emails from the seller. 207
(iii) Liability of a Consumer-Forwarder
The NPRM did not discuss the potential liability of a consumer who forwards a commercial message via a seller’s web-based mechanism or using his or her own email program. Such a consumer-forwarder would be an “initiator” under CAN-SPAM regardless of whether the seller “procured” the message because, as explained above, the definition of “initiate” includes the “origination” of a message and the consumer-forwarder would be the “originator” of the message. Thus, while a seller who provided a web-based forwarding mechanism (and did not “procure” the message) would be exempt from “initiator” or “seller” liability where it was engaged in “routine conveyance,” the consumer-forwarder still would be an “initiator.” Likewise, a consumer who forwarded a message using his or her own email program (and the message was not “procured” by the seller) would be an “initiator” of the message, while the seller would not be.
Thus, the Act’s terms result in an anomaly: a seller in such situations would be exempt from liability under CAN-SPAM, but the consumer-forwarder would be required to comply with CAN-SPAM’s “initiator” obligations. In other words, as “initiators,” ordinary consumers who, without being offered any consideration or inducement, forward a commercial message using either a seller’s web-based forwarding mechanism or their own email program, would be required to provide recipients with a mechanism for opting out of receiving future commercial emails from the “sender,” a clear and conspicuous disclosure that the message is an advertisement or solicitation, a clear and conspicuous notice of the right to opt out of receiving commercial emails from the “sender,” and a clear and conspicuous disclosure of the “sender’s physical address.” Yet, because the seller is not an “initiator,” there would be no “sender” of the message under the Act.
The Commission believes that Congress did not intend to sweep into CAN-SPAM’s regulatory scheme consumers who, without being offered any consideration or inducement for doing so, use a seller’s web-based forwarding mechanism or their own email programs to send isolated commercial email messages to recipients. Indeed, as the Commission recognized in promulgating the Primary Purpose Rule, “the repeated inclusion of the modifying word ‘commercial’ in section 7702(2)(A) is not merely tautological, but evidences an intention to ensure that the CAN-SPAM regulatory scheme would not reach isolated email messages sent by individuals who are not engaged in commerce, but nevertheless seek to sell something to a friend, acquaintance, or other personal contact.” 208
Hence, the Commission believes that under these facts, such a consumer-forwarder would not be swept into CAN-SPAM’s regulatory scheme. 209
B. Section 316.4 — Prohibition Against Failure to Effectuate An Opt-Out Request Within Ten Business Days of Receipt
Section 7704(a)(4) of the Act prohibits senders from initiating the transmission of a commercial email message to a recipient more than ten business days after the senders have received the recipient’s opt-out request. Section 7704(c)(1) gives the Commission authority to issue regulations modifying the ten-business-day period — what is, in effect, a “grace period” — for processing recipients’ opt-out requests if the Commission determines that a different time frame would be more reasonable after taking into account “(A) the purposes of [subsection 7704(a)]; (B) the interests of recipients of commercial electronic mail; and (C) the burdens imposed on senders of lawful commercial electronic mail.” 210
Accordingly, in the ANPR, the Commission sought comment on the reasonableness of the ten-business-day grace period for processing opt-out requests and whether a shorter grace period would be more reasonable, in view of the three considerations enumerated in the statute and the relative costs and benefits.
In consideration of the comments received in response to the ANPR, the NPRM proposed to shorten the time period for honoring an opt-out request from ten to three business days. The Commission also posed a number of questions in Part VII of the NPRM about the appropriate time to allow for processing an opt-out request, including questions about: technical procedures and cost implications associated with opt-out processing; the level of risk associated with “mail bombing” — the bombardment of an email address with commercial email in the nine business days following an opt-out request, aggressive email targeting tactics; and the effect of third-party arrangements on the timing of opt-out processing. In response to the NPRM, the Commission received numerous comments opposing the proposed rule.
Based on the Commission’s analysis of the comments received in response to the NPRM, the Commission is persuaded that: (1) reducing the opt-out grace period from ten to three business days would not necessarily advance the privacy interests of consumers; (2) the time period for processing opt-out requests required by legitimate commercial emailers varies, and often exceeds three business days depending upon a number of factors, including the size of the business, the existence of third-party marketing agreements, and the maintenance of multiple email databases; and (3) neither the current record nor the Commission’s experience reflects that email bombing of commercial email recipients is a wide-scale tactic deployed by lawful commercial emailers. Furthermore, the record does not reflect that shortening the opt-out grace period would necessarily reduce any potential threat of email bombing. Accordingly, the Commission declines to adopt a final Rule that would reduce the statutory grace period from ten business days to three business days, but will continue to monitor whether commercial emailers are using abusive targeting tactics and/or failing to honor opt-out requests in a timely manner to determine whether regulatory or other action is required in the future. Likewise, as explained below, the Commission reaffirms its refusal to impose a limit on the duration of opt-out requests at this time.
1. The Appropriate Deadline for Effectuating an Opt-Out Request
Approximately 100 commenters addressed the issue of whether the period for opt-out compliance should be reduced. The vast majority — over 85 percent — opposed reducing the time frame to less than ten business days. 211
Many of these commenters argued that the need for coordination and synchronization of opt-out mechanisms requires a minimum of ten days. 212
Some of these commenters also suggested that senders of email messages who are not now complying with the Act would not comply with the proposed change, but those who are attempting to comply would be burdened, with no gain in protection of consumers’s privacy interests. 213
A number of commenters provided substantive descriptions of the time frames that are involved with processing opt-out requests and coordinating such efforts with third-party vendors. Commenters explained that the time necessary to process opt-out requests varies based on a number of factors, such as whether the sender itself collects opt-out requests and removes email addresses from its own marketing list or uses a third-party vendor for the entire process or for certain portions of the process. 214
According to another commenter, some cable companies rely on third-party vendors to handle all email marketing, process opt-out requests, and manage suppression lists. “The cable operator may be able to input a customer’s opt-out request in one to two business days in its own internal database, but the third party vendor that provides a variety of targeted marketing and advertising services may take up to 8-10 business days to complete the processing.” 215
A few commenters argued that delays also can result from concerns about privacy with respect to negotiating non-disclosure agreements and using hard copy media, such as CDs, to transmit their suppression files. As one commenter explained:
We often see other situations that make the three-day period difficult at best, including large corporations with legacy databases that must plan for their marketing campaigns and use of suppression lists a week in advance, use of hard-copy media — such as CDs — to transmit the files via the postal service, and then the use by small businesses which only have access to low bandwidth connections. A three-day deadline could cause many advertisers, especially small or traditionally offline businesses, to abandon their e-mail acquisition efforts altogether in order to comply. 216
Finally, a few commenters pointed out that they offer not only Internet-based opt-out mechanisms but also opportunities to unsubscribe by telephone or other means, which can be very time-consuming. 217
In terms of potential benefits to consumers from reducing the grace period to three business days, nearly all of the commenters argued that bombarding a recipient with email following an opt-out request is not a valid concern and that the potential risk of mail bombing would not, in any event, be mitigated by shortening the opt-out period to three days. 218
A few commenters argued either in favor of the proposed three-day time period, 219
or recommended time periods of less than three days. 220
These commenters, several of whom are individual consumers, generally believe that there are no technical obstacles to automatic or near-automatic opt-out processing. Other commenters suggested that five to seven days could represent a reasonable period of time to process an opt-out request. 221
Many small businesses, however, opined that compliance with a shorter time frame would pose a significant burden due to the technical support needed. 222
For example, some small entities process opt-out requests manually or have only part-time staff. Given holidays and vacations, those entities do not believe they could process requests within three days. 223
Small membership-based associations such as the American Road and Transportation Builders Association and SHRM also expressed concern about staffing issues. SHRM argued that it would be unreasonable to expect volunteers or even a single paid staff director to check for, and handle, opt-out requests several times per week to satisfy the proposed three-day rule.
Finally, a few commenters argued that ten business days is not sufficient time for processing opt-out requests and a longer time frame would be better. 224
Some of these commenters pointed out that telemarketers have 31 days to process new listings on the National Do Not Call Registry 225
and that commercial email messages directed to certain mobile devices are prohibited if the wireless domain name referenced in the address has been posted on the Federal Communications Commission’s (“FCC”) wireless domain list for at least 30 days. 226
These commenters argued that, for consistency, 31 or 30 days should be allowed for processing opt-out requests. 227
Having carefully considered the comments concerning the amount of time required to process and coordinate opt-out requests, along with the Commission’s law enforcement experience, the Commission is persuaded that it should retain the ten-business-day grace period for honoring opt-out requests. The Commission is persuaded that its proposal in the NPRM to shorten the period to three business days could impose a substantial burden on legitimate commercial email marketers. In particular, the Commission is concerned that reducing the opt-out period could pose a significant challenge for small entities. In addition, the Commission believes that reducing the opt-out period would not necessarily advance the privacy interests of consumers. Neither the current record nor the Commission’s law enforcement experience indicates that email bombing of commercial email recipients is a wide-scale tactic deployed by lawful commercial emailers, or that reducing the opt-out grace period would necessarily reduce any potential threat of email bombing.
At the same time, the Commission rejects the argument that email marketers should have more than ten business days to process opt-out requests. The Commission finds that, based on the record, senders of commercial email are not unduly burdened by the ten-business-day grace period for honoring opt-out requests established by Congress. 228
Indeed, in 2005, a Commission study revealed that nearly 90% of the top 100 etailers honored the ten-business-day opt-out time period, 229
which suggests that, on balance, compliance is feasible for most senders of commercial email. Further, the Commission is not persuaded that the fact that telemarketers have 31 days to process new listings on the National Do Not Call Registry justifies extending the period for honoring CAN-SPAM opt-out requests to 31 days, in view of the difference in the structure and operation of email suppression lists as compared to the National Do Not Call Registry.
For all these reasons, the Commission declines to adopt proposed Rule 316.4, which would have reduced the statutory ten-business-day grace period for honoring opt-out requests. 230
The grace period therefore remains ten business days.
2. Expiration of Opt-out Requests
In the NPRM, the Commission declined to propose a time limit for how long an opt-out request will remain in effect, but indicated that it would consider submissions of information or data that would show whether such a time limit would be useful in implementing the provisions of the Act. The Commission noted that, in the somewhat similar context of the Do Not Call Registry, the Registry administrator is able routinely to purge defunct or changed telephone numbers from the Registry database, whereas email marketers do not appear to have similar capabilities for such purging. 231
The Commission also stated that an email marketer’s suppression list is likely to have far fewer entries than the then 91 million numbers 232
on the Do Not Call Registry, making the prospect of “scrubbing” far less daunting, and potentially vitiating the argument that setting an expiration period for opt-out requests is required. 233
Several commenters argued that the Commission should limit the length of time that requests should remain in effect. These commenters, however, were divided on what would be an appropriate time limit. 234
Other commenters argued that the Commission should not impose a time limit on a consumer’s opt-out request. 235
Various commenters submitted data to the Commission about the size of their suppression lists. That data showed that suppression list size varies, and it is not clear whether or in what instances suppression lists may exceed the Do Not Call Registry. While many suppression lists contain less than 100,000 addresses, 236
ESPC states that the suppression lists of some companies exceed the Do Not Call Registry by over 10 million entries. One commenter noted that “[f]rom a logistical perspective, many companies have large suppression lists that can exceed a million names.” 237
Another commenter reported that its suppression list will likely have fewer than the number of entries that the National Do Not Call Registry contains. 238
In analyzing the data submitted by these commenters, the Commission finds that, at this time, there is insufficient evidence to show that email suppression list scrubbing is impeded by the lack of a time limit on opt-out requests, or that imposing a limit will be useful in implementing the provisions of the Act under section 7711(a). Notably, Congress chose neither to impose such a time limit nor to specifically authorize the Commission to do so at this time. Consequently, the Commission declines to impose a time limit on the duration of an opt-out request.
C. Proposed Rule 316.5 — Prohibition on Charging a Fee or Imposing Other Requirements on Recipients Who Wish To Opt Out
In the NPRM, the Commission proposed to prohibit the imposition, as a condition for accepting or honoring a recipient’s opt-out request, of any fee, obligation to provide personally identifying information (beyond one’s email address), or any other requirement. 239
Several commenters agreed with the Commission’s proposal to prohibit senders from charging a fee to opt out, 240
but challenged the portion of the rule that would prevent the collection of additional personal information or require email recipients to interface with more than one Internet Web page to opt out from receiving future commercial email messages from the sender. These commenters cumulatively identified a host of factors — the risk of typographical errors, computer security issues, online identity theft, and sabotage by competitors — arguing for the necessity of collecting personal information or requiring multiple opt-out steps to verify the identity of the recipient. 241
While the Commission recognizes that computer security and identity theft are serious problems facing online consumers, the Commission is not persuaded that imposing additional requirements on consumers who are attempting to opt out would do anything to minimize the risk of these problems. To the contrary, the Commission believes that requiring consumers to transmit additional personally identifying information would increase the risk of that information being intercepted by a hacker or rogue third party.
Other commenters explained that verifying the identity of a recipient would be important because their suppression lists are connected to consumer account information rather than consumer email addresses. For example, DMA argued that “tracking by account information also makes it easier to honor opt-out requests for customers regardless of what they change their email address to.” 242
The Commission does not find this argument persuasive, because, as the Commission stated in the NPRM, “according to CAN-SPAM, opt-out requests are specific to a recipient’s email address, not his or her name,” and, in this case, certainly not to his or her account information. 243
At least one commenter argued in favor of allowing marketers an opportunity to “display an advertisement or other incentive in order to remind the recipient of the value of the list subscription prior to their unsubscription.” 244
The Commission reiterates its position stated in the NPRM that subjecting a recipient who wishes to opt out to sales pitches before the opt-out request is completed is an unacceptable encumbrance on a consumer’s ability to opt out of receiving unwanted commercial email messages.
Accordingly, the Commission adopts final Rule 316.5, which prohibits the imposition of any fee, any requirement to provide personally identifying information (beyond one’s email address), or any other obligation as a condition for accepting or honoring a recipient’s opt-out request.
D. Section 7704(c)(2) — Aggravated Violations Related to Commercial Email
The final Rule does not provide for any additional aggravated violations beyond those already specified in the Act. Committing an aggravated violation along with a violation of section 7704(a) could subject a defendant to triple damages in a CAN-SPAM enforcement action by a state attorney general or an ISP. 245
Section 7704(b) of the Act lists four practices which are to be considered “aggravated violations.” 246
According to a Senate Committee Report on an earlier version of the Act, designating specific practices as “aggravated” violations is intended to “apply to those who violate the provisions of the bill while employing certain problematic techniques used to either generate recipient email addresses, or remove or mask the true identity of the sender.” 247
Section 7704(c)(2) of the Act authorizes the Commission to specify activities or practices — in addition to the four already enumerated in the statute — as aggravated violations if the Commission determines that “those activities or practices are contributing substantially to the proliferation of commercial electronic mail messages that are unlawful under [section 7704(a) of the Act].” (Emphasis added.)
In response to the Commission’s request in the NPRM for comment on whether any specific practices were contributing substantially to the proliferation of email, the Commission received only five comments. Three of the commenters complained about various practices that either are already illegal under the Act or that the commenters believed should be made illegal, but did not provide any evidence that the practices were contributing substantially to the proliferation of commercial electronic mail messages that are unlawful under section 7704(a) of the Act, and, thus, should be deemed aggravated violations. 248
The other two commenters expressed concern that lists of email addresses of consumers who have opted out from receiving email (known as “suppression lists”) can be, and in some instances have been, misused by third parties to send unwanted email. 249
Specifically, these commenters indicated that, in some cases, third parties have obtained unauthorized access to another company’s suppression list, which the third parties have then used to send emails of their own. The record, however, lacks evidence that this practice is widespread and is “contributing substantially to the proliferation of commercial electronic mail messages that are unlawful under [section 7704(a) of the Act]. 250
Thus, there is an insufficient evidentiary basis for the Commission to designate this practice as an aggravated violation. In any event, depending on the facts, some of these practices may violate section 7704(a)(4)(A)(iv) of the Act. Under this provision, “the sender or any other person that knows that the recipient has made [an opt-out request to the sender]” may not “sell, lease, exchange, or otherwise transfer or release the electronic mail address of the recipient (including through any transaction or other transfer involving mailing lists bearing the electronic address of the recipient) for any purpose other than compliance with this chapter or other provision of law.”
III. PAPERWORK REDUCTION ACT
In accordance with the Paperwork Reduction Act of 1995, 44 U.S.C. 3501-3520 (“PRA”), the Commission reviewed the proposed and final Rule. The final Rule does not impose any recordkeeping, reporting, or disclosure requirements and, thus, does not constitute a “collection of information” as defined in the regulations implementing the PRA. 251
IV. REGULATORY FLEXIBILITY ACT
The NPRM included an initial regulatory flexibility analysis (“IRFA”) under the Regulatory Flexibility Act (“RFA”), 252
even though the Commission did not expect that the proposed Rule would have a significant economic impact on a substantial number of small entities. In addition, the Commission invited public comment on the proposed Rule’s effect on small entities to ensure that no significant impact would be overlooked. 253
This Final Regulatory Flexibility Analysis (“FRFA”) incorporates: the Commission’s initial findings, as set forth in the May 12, 2005 NPRM; addresses the comments submitted in response to the IRFA notice; and describes the steps the Commission has taken in the final Rule to minimize its impact on small entities consistent with the objectives of the CAN-SPAM Act.
A. Succinct Statement of the Need for, and Objectives of, the Final Rule
The final Rule was created pursuant to the Commission’s mandate under the CAN-SPAM Act. The Act authorizes the Commission, at its discretion and subject to certain conditions, to: promulgate regulations expanding or contracting the categories of “transactional or relationship messages”; 254
modify the ten-business-day period proscribed in the Act for effectuating a recipient’s opt-out request; 255
and specify additional activities or practices as “aggravated violations.” 256
The Act also authorizes the Commission to “issue regulations to implement the provisions of [the] Act.” 257
The final Rule modifies certain definitions of the Act, such as what constitutes a “sender” and a “valid physical postal address”; adds a definition of “person”; and clarifies other relevant provisions of the Act.
B. Summary of Significant Issues Raised by the Public Comments in Response to the IRFA
In the IRFA, the Commission sought comment regarding the impact of the proposed Rule and any alternatives the Commission should consider, with a specific focus on the effect of the proposed Rule on small entities. The public comments on the proposed Rule are discussed above throughout the Statement of Basis and Purpose, as are any changes that have been made in the final Rule. After reviewing the comments, including those that specifically addressed the impact of the Rule on small entities, the Commission does not believe that the final Rule will unduly burden entities that send commercial electronic mail messages or transactional or relationship mail messages. The majority of comments concerning the impact of the proposed Rule on small entities addressed the Commission’s proposal to shorten the opt-out period from ten business days to three. As noted in Part II.B above, these commenters argued that a shortened time frame would impose undue administrative costs and burdens on small businesses. 258
The Commission agrees that the final Rule must not be unduly burdensome to small businesses, and, while the record still lacks specific data describing the time and cost involved with processing opt-out requests for small businesses, the Commission finds that three business days would pose a challenge for some of these entities. In light of the concerns raised by the commenters, including small entities, the final Rule retains the opt-out period at ten business days.
C. Explanation as to Why No Estimate is Available as to the Number of Small Entities to Which the Final Rule Will Apply
Determining a precise estimate of the number of small entities subject to the final Rule, or describing those entities, is not readily feasible for two reasons. First, there is insufficient publicly available data to determine the number and type of small entities currently using email in any commercial setting. As noted in the IRFA, the final Rule will apply to “‘senders’ of ‘commercial electronic mail messages,’ and, to a lesser extent, to ‘senders’ of ‘transactional or relationship messages.’” 259
Thus, any company, regardless of industry or size, that sends commercial email messages or transactional or relationship messages would be subject to the final Rule.
In the IRFA, the Commission set forth the few sources of publicly available data to approximate the number of entities that send commercial email messages or transactional or relationship messages, noting that “[g]iven the paucity of data concerning the number of small businesses that send commercial e-mail messages or transactional or relationship messages, it is not possible to determine precisely how many small businesses would be subject to the proposed Rule.” 260
None of the comments provided information regarding the number of entities of any size that will be subject to the final Rule.
The second reason that determining a precise estimate of the number of small entities subject to the final Rule is not readily feasible is that the assessment of whether the primary purpose of an email message is “commercial,” “transactional or relationship,” or “other” turns on a number of factors that require factual analysis on a case-by-case basis. Thus, even if the number of entities that use email in commercial dealings were known, the extent to which the messages they send will be regulated by the final Rule depends upon the primary purpose of such messages, a determination which cannot be made absent factual analysis.
D. Description of the Projected Reporting, Recordkeeping, and Other Compliance Requirements of the Final Rule, Including an Estimate of the Classes of Small Entities that Will Be Subject to the Requirements of the Final Rule and the Type of Professional Skills that Will Be Necessary to Implement the Final Rule
The final Rule does not itself impose any reporting, recordkeeping, or other disclosure requirements within the meaning of the Paperwork Reduction Act. The final Rule primarily: clarifies the scope of certain definitions within the CAN-SPAM Act, such as “sender” and “valid physical postal address”; defines one new term, “person”; and clarifies that a recipient may not be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any other steps other than sending a reply email message or visiting a single Internet Web page to submit an opt-out request. Any costs attributable to CAN-SPAM are the result of the substantive requirements of the Act itself — such as the requirement that commercial email messages include an opt-out mechanism and certain disclosures — not the Commission’s interpretive final Rule.
E. Discussion of Significant Alternatives the Commission Considered That Would Accomplish the Stated Objectives of the CAN-SPAM Act and That Would Minimize Any Significant Economic Impact of the Final Rule on Small Entities
Through both the ANPR and the May 12, 2005 NPRM, the Commission sought to gather information regarding the economic impact of CAN-SPAM’s requirements on all businesses, including small entities. The Commission requested public comment on whether the proposed Rule would unduly burden such entities that use email to send messages defined as “commercial” or “transactional or relationship” messages under the Act and the FTC’s CAN-SPAM Rule; whether this burden is justified by offsetting benefits to consumers; what effect the proposed Rule would have on small entities that initiate messages the primary purpose of which are commercial or transactional or relationship; what costs would be incurred by small entities to “implement and comply” with the proposed Rule; and whether there were ways the proposed Rule could be modified to reduce the costs or burdens for small entities while still being consistent with the requirements of the Act. The Commission requested this information in an attempt to minimize the final Rule’s burden on all businesses, including small entities.
In drafting the final Rule, the Commission carefully considered and sought to mitigate the burdens placed on email marketers, both large and small alike. For example, because a shortened time frame for processing opt-out requests might place a significant burden on senders, including small businesses, the final Rule retains the original ten-business-day period set forth in the Act. Moreover, the final Rule’s definition of “valid physical postal address” provides for the use of commercial and postal mailboxes in light of the concerns many small entities expressed with respect to disclosing their physical addresses in email messages. Finally, to the extent that small entities participate in sending multiple marketer messages, the final Rule’s definition of “sender” minimizes the burden placed on such entities by permitting the designation of a single “sender” to comply with CAN-SPAM’s disclosure and opt-out requirements.
As explained earlier in this Statement of Basis and Purpose, the Commission has considered the comments and alternatives proposed by such commenters, and continues to believe that the final Rule will not create a significant economic impact on small entities or others who send or initiate commercial email messages or transactional or relationship messages.
List of Subjects in 16 CFR Part 316
Advertising, Business and industry, Computer technology, Consumer protection, Labeling.
Accordingly, for the reasons set forth in the preamble above, the Commission amends title 16, CFR Chapter I by revising Part 316 to read as follows:
PART 316—CAN-SPAM RULE
316.1
316.2
316.3
316.4
316.5
316.6
Authority:
15 U.S.C. 7701-7713.
§ 316.1
This part implements the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM Act”), 15 U.S.C. 7701-7713.
§ 316.2
(a) The definition of the term “affirmative consent” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(1).
(b) “Character” means an element of the American Standard Code for Information Interchange (“ASCII”) character set.
(c) The definition of the term “commercial electronic mail message” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(2).
(d) The definition of the term “electronic mail address” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(5).
(e) The definition of the term “electronic mail message” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(6).
(f) The definition of the term “initiate” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(9).
(g) The definition of the term “Internet” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(10).
(h) “Person” means any individual, group, unincorporated association, limited or general partnership, corporation, or other business entity.
(i) The definition of the term “procure” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(12).
(j) The definition of the term “protected computer” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(13).
(k) The definition of the term “recipient” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(14).
(l) The definition of the term “routine conveyance” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(15).
(m) The definition of the term “sender” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(16), provided that , when more than one person’s products, services, or Internet website are advertised or promoted in a single electronic mail message, each such person who is within the Act’s definition will be deemed to be a “sender,” except that, only one person will be deemed to be the “sender” of that message if such person: (A) is within the Act’s definition of “sender”; (B) is identified in the “from” line as the sole sender of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4.
(n) The definition of the term “sexually oriented material” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7704(d)(4).
(o) The definition of the term “transactional or relationship messages” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(17).
(p) “Valid physical postal address” means the sender’s current street address, a Post Office box the sender has accurately registered with the United States Postal Service, or a private mailbox the sender has accurately registered with a commercial mail receiving agency that is established pursuant to United States Postal Service regulations.
§ 316.3
(a) In applying the term “commercial electronic mail message” defined in the CAN-SPAM Act, 15 U.S.C. 7702(2), the “primary purpose” of an electronic mail message shall be deemed to be commercial based on the criteria in paragraphs (a)(1) through (3) and (b) of this section: 1
(1) If an electronic mail message consists exclusively of the commercial advertisement or promotion of a commercial product or service, then the “primary purpose” of the message shall be deemed to be commercial.
(2) If an electronic mail message contains both the commercial advertisement or promotion of a commercial product or service as well as transactional or relationship content as set forth in paragraph (c) of this section, then the “primary purpose” of the message shall be deemed to be commercial if:
(i) A recipient reasonably interpreting the subject line of the electronic mail message would likely conclude that the message contains the commercial advertisement or promotion of a commercial product or service; or
(ii) The electronic mail message’s transactional or relationship content as set forth in paragraph (c) of this section does not appear, in whole or in substantial part, at the beginning of the body of the message.
(3) If an electronic mail message contains both the commercial advertisement or promotion of a commercial product or service as well as other content that is not transactional or relationship content as set forth in paragraph (c) of this section, then the “primary purpose” of the message shall be deemed to be commercial if:
(i) A recipient reasonably interpreting the subject line of the electronic mail message would likely conclude that the message contains the commercial advertisement or promotion of a commercial product or service; or
(ii) A recipient reasonably interpreting the body of the message would likely conclude that the primary purpose of the message is the commercial advertisement or promotion of a commercial product or service. Factors illustrative of those relevant to this interpretation include the placement of content that is the commercial advertisement or promotion of a commercial product or service, in whole or in substantial part, at the beginning of the body of the message; the proportion of the message dedicated to such content; and how color, graphics, type size, and style are used to highlight commercial content.
(b) In applying the term “transactional or relationship message” defined in the CAN-SPAM Act, 15 U.S.C. § 7702(17), the “primary purpose” of an electronic mail message shall be deemed to be transactional or relationship if the electronic mail message consists exclusively of transactional or relationship content as set forth in paragraph (c) of this section.
(c) Transactional or relationship content of email messages under the CAN-SPAM Act is content:
(1) To facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender;
(2) To provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient;
(3) With respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender, to provide —
(i) Notification concerning a change in the terms or features;
(ii) Notification of a change in the recipient’s standing or status; or
(iii) At regular periodic intervals, account balance information or other type of account statement;
(4) To provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or
(5) To deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.
§ 316.4
(a) Any person who initiates, to a protected computer, the transmission of a commercial electronic mail message that includes sexually oriented material must:
(1) Exclude sexually oriented materials from the subject heading for the electronic mail message and include in the subject heading the phrase “SEXUALLY-EXPLICIT: ” in capital letters as the first nineteen (19) characters at the beginning of the subject line; 2
(2) Provide that the content of the message that is initially viewable by the recipient, when the message is opened by any recipient and absent any further actions by the recipient, include only the following information:
(i) The phrase “SEXUALLY-EXPLICIT: ” in a clear and conspicuous manner; 3
(ii) Clear and conspicuous identification that the message is an advertisement or solicitation;
(iii) Clear and conspicuous notice of the opportunity of a recipient to decline to receive further commercial electronic mail messages from the sender;
(iv) A functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed, that
(A) A recipient may use to submit, in a manner specified in the message, a reply electronic mail message or other form of Internet-based communication requesting not to receive future commercial electronic mail messages from that sender at the electronic mail address where the message was received; and
(B) Remains capable of receiving such messages or communications for no less than 30 days after the transmission of the original message;
(v) Clear and conspicuous display of a valid physical postal address of the sender; and
(vi) Any needed instructions on how to access, or activate a mechanism to access, the sexually oriented material, preceded by a clear and conspicuous statement that to avoid viewing the sexually oriented material, a recipient should delete the email message without following such instructions.
(b) Prior affirmative consent . Paragraph (a) does not apply to the transmission of an electronic mail message if the recipient has given prior affirmative consent to receipt of the message.
§ 316.5
Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient’s electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or
(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).
§ 316.6
The provisions of this Part are separate and severable from one another. If any provision is stayed or determined to be invalid, it is the Commission’s intention that the remaining provisions shall continue in effect.
By direction of the Commission.
Donald S. Clark
Secretary
Note: The following Appendix will not appear in the Code of Federal Regulations
List of Commenters and Acronyms
CAN-SPAM DISCRETIONARY RULEMAKING COMMENTS
Acronym
Commenter
ABA
American Bar Association
ABM
American Business Media
ACA
ACA International
ACB
America’s Community Bankers
ACLI
American Council of Life Insurers
ACUTA
ACUTA, Inc.
Adknowledge
Adknowledge, Inc.
AeA
American Electronics Association
Allen
Bobby Allen
Amin
J. Amin
aQuantive
aQuantive, Inc.
ARDA
American Resort Development Association
ARTBA
American Road and Transportation Builders Association
ASA
American Staffing Association
ASAE
American Society of Association Executives
Associations
Direct Marketing Association et al. on behalf of
American Advertising Federation,
American Association of Advertising Agencies,
American Bankers Association,
American Council of Life Insurers,
American Society of Association Executives,
American Society of Travel Agents, Inc. — Cruise Lines International Association,
Association of National Advertisers,
Consumer Bankers Association,
Direct Marketing Association, Inc.,
Electronic Retailing Association,
Email Service Provider Coalition,
The Financial Services Roundtable,
Information Technology Association of America,
Interactive Travel Services Association,
Internet Alliance,
Internet Commerce Coalition,
Magazine Publishers of America,
National Business Coalition on E-Commerce and Privacy,
National Retail Federation,
NetCoalition,
Network Advertising Initiative,
Promotion Marketing Association,
U.S. Chamber of Commerce
ASTA
American Society of Travel Agents, Inc.
ATAA
Air Transport Association of America
Ault
Russell Ault
Aurelius
Aurelius
Baker
Baker Hostetler, LLP
BD
BD, Inc.
Bigfoot
Bigfoot Interactive
BOA
Bank of America Corporation
BrightWave
BrightWave Marketing, Inc.
Brown
Brown-Foreman Corporation
BSA
Business Software Alliance
Buschner
Arthur Buschner
Cambridge
Cambridge Electronics Laboratory
Cantor
Elaine Cantor
CBA
Consumer Bankers Association
Cendant
Cendant Cooperation
Cha
Brian Cha
Charter
Charter Communications, Inc.
Christensen
Keith Christensen
Clark
Patrick Clark
Clear
Luanne Clear
Click
Click Tactics, Inc.
CMOR
The Council for Marketing and Opinion Research
Coalition
National Business Coalition on E-Commerce and Privacy
Comerica
Comerica Incorporated
CUNA
Credit Union National Association
Darling
RWR Darling
Dennis
David Dennis
Discover
Discover Financial Services
DMA
Direct Marketing Association, Inc.
DoubleClick
DoubleClick, Inc.
Edge
Ronald D. Edge
Edwards
Edwards
Ellenburg
George M. Ellenburg
Empire
Empire Corporate FCU
EPIC
Electronic Privacy Information Center
ePrize
ePrize, LLC
ERA
Electronic Retailing Association
ESPC
Email Service Provider Coalition
Exact
ExactTarget, Inc.
Experian
Experian Marketing Solutions
Ezines
The Circle of Ezines
FNB
First National Bank of Omaha
Footlocker
Footlocker.com/Eastbay
Goldbar
Goldbar Enterprises, LLC
Gorman
Richard Gorman
Gray
Woodrow Gray
HSBC
HSBC Bank of Nevada
IAC
IAC/InterActiveCorp
ICC
Internet Commerce Coalition
ICOP
International Council of Online Professionals
IMN
iMake News, Inc.
Independent
Independent Sector
Intermark
Intermark Media
iPost
Bart Schaefer on behalf of iPost
IPPC
International Pharmaceutical Privacy Consortium
Jarrell
Lon Jarrell, Jr.
Jumpstart
Jumpstart Technologies, LLC
Kapecki
Jon Kapecki
KeySpan
KeySpan Energy
Landesmann
Mark Landesmann
Lantow
Lantow
LashBack
LashBack, LLC
MasterCard
MasterCard International
Masterfoods
Masterfoods USA
Mattel
Mattel, Inc.
May
William May
MBNA
MBNA America Bank, N.A.
MCI
MCI, Inc.
Metz
Seymour Metz
Microsoft
Microsoft Cooperation
Morris
Ireeta Morris
MPA
Magazine Publishers of America
MPAA
Motion Picture Association of America
NAA
Newspaper Association of America
NADA
National Automobile Dealers Association
NAEDA
North American Equipment Dealers Association
NAFCU
National Association of Federal Credit Unions
NAIFA
National Association of Insurance and Financial Advisors
NAMB
National Association of Mortgage Brokers
NAR
National Association of Realtors
NCTA
National Cable and Telecommunications Association
Nelson
Nelson
NEPA
Newsletter and Electronic Publishers Association
NetCoalition
NetCoalition
Nextel
Nextel Communications, Inc.
NFCU
Navy Federal Credit Union
Nissan
Nissan North America, Inc.
NNA
National Newspaper Association
NRF
National Retail Federation
OPA
Online Publishers Association
Oriez
Charles Oriez
PCIAA
Property Casualty Insurers Association of America
Pernetian
Pernetian
PMA
Promotion Marketing Association, Inc.
Reed
Reed Elsevier, Inc.
Return
Return Path, Inc.
RIAA
Recording Industry Association of America
Roberts
Bart Roberts
Rubin
Kim Rubin
Rushing
Rushing
Rushizky
Paul Rushizky
SAG
Strategic Advisory Group
Satchell
Stephen Satchell
Schaefer
Mark Schaefer
Schnell
Ron Schnell
Sheu
Caroline Sheu
Shires
William Shires
SHRM
Society for Human Resource Management
SIA
Securities Industry Association
SIIA
Software Information Industry Association
Sing
Ah Sing-Bombard
Slachetka
Mike Slachetka
Sonnenschein
Sonnenschein Nath Rosenthal, LLP
Sowell
Sean Sowell
Sprint
Sprint Corporation
Subscriber
SubscriberMail, LLC
Swent
Norm Swent
Tietjens
Richard Tietjens
Time Warner
Time Warner, Inc.
Topica
Topica
Travaglini
Anne Travaglini
Unsub
UnsubCentral
UOL
United Online
VCU
Virginia Credit Union
VFCU
Visions Federal Credit Union
Verizon
Verizon, Inc.
Vertical
Vertical Response, Inc.
Visa
Visa U.S.A., Inc.
Wahmpreneur
Wahmpreneur Publishing, Inc.
Wells Fargo
Wells Fargo Company
West
Hal West
Wiederhoeft
Phyllis Wiederhoeft
Wyle
Ed Wyle
[FR Doc. E8-11394 Filed 5-20-08: 8:45 am]
BILLING CODE 6750-01-S