On May 12, 2008 the Federal Trade Commission issued its long awaited final set of rules under the CAN-SPAM Act of 2003 (the “Act”). The rule:

  • Modifies the term “sender” with respect to multi-advertiser e-mails;
  • Clarifies the opt-out request process;
  • Defines the term “person”; and
  • Clarifies the meaning of “valid physical postal address” of the sender.
  • The accompanying report:
  • Explains the FTC’s interpretation of the Act’s application to affiliate marketing programs and tell-a-friend campaigns.

The rule will take effect on July 7, 2008.

Multi-advertiser E-mails

The FTC’s modification of the term “sender” addresses the situation in which there is more than one advertiser in a commercial e-mail. Prior to this rule’s enactment, the Act, strictly read, required that each advertiser in a commercial e-mail was responsible for complying with the Act’s requirements. In other words, each advertiser was required to provide an opt-out mechanism, display a valid physical postal address, honor opt-out requests, and otherwise comply with the Act’s requirements.

This new rule allows one of the advertisers to assume the role of “sender” as defined by the Act. This sole advertiser would then have the responsibility of honoring opt out requests, etc., and only the opt-out mechanism and “physical postal address” of the designated sender would have to be included in the e-mail in order to comply with the Act.

In order for one advertiser to become the designated sender with respect to the Act, the advertiser must meet three requirements:

1. the person must be a “sender” as defined by the Act – simply put, this person must induce the e-mail to be sent and have their product, service, or web site advertised or promoted in the e-mail;

2. the person must be identified as the sole sender in the “from” line of the e-mail message; and

3. the person must be in compliance with the following five sections of the Act:

  • the header information must not be materially false or misleading and it must accurately identify the sending computer (15 U.S.C. 7704(a)(1));
  • the subject heading cannot mislead a reasonable recipient as to a material fact about the contents of the e-mail (15 U.S.C. 7704(a)(2));
  • the e-mail must include a valid opt-out mechanism (15 U.S.C. 7704(a)(3)(A)(i));
  • the e-mail must include a clear commercial identifier, opt-out notice, and physical address (15 U.S.C. 7704(a)(5)(A)); and
  • a sexually oriented e-mail must have the appropriate disclaimer and be formatted correctly (16 CFR 316.4).

As an example of how the FTC’s new rule would be implicated, take the situation in which a travel agency sends out a commercial e-mail that includes advertisements from the travel agency, a car rental shop, and a hotel chain. In this case, each of these three entities would be advertisers in the e-mail, but if they collectively designate the travel agency to be the “sender” of the e-mail under the Act, and if the travel agency meets the three requirements above, then only the travel agency would be considered the sender, and all sender responsibility under the Act would fall on the travel agency, not the hotel chain nor the car rental shop.

This new definition clarifies the responsibility of each advertiser and alleviates redundant obligations for the various advertisers in a single e-mail while still providing recipients with the benefits of the CAN-SPAM Act. However, while all sender responsibility is shifted to one advertiser, all advertisers are still responsible as initiators under the Act and must still comply with the provisions that apply to initiators. (That is, they are all responsible for ensuring that the header information in the e-mail is not false or deceptive.) Also, if the designated sender fails to comply with its obligations, the other advertisers can be held accountable. For this reason, from the perspective of the other advertisers, it is imperative that they secure a written agreement with the designated sender that includes contractual obligations on the sender to perform the required duties, and a strong indemnification provision protecting the other advertisers who are counting on the designated sender’s compliance with the Act.

Tell-A-Friend Campaigns and Affiliate Marketing Programs

Since the inception of the Act, advertisers have been confused about how the Act applies to their “tell-a-friend” campaigns and affiliate marketing programs.

Strictly read, the Act would make advertisers responsible in at least some instances for CAN-SPAM compliance with respect to e-mails that are sent to a person’s friend in connection with a tell-a-friend campaign. This would mean that the e-mails cannot be sent to a friend who has opted out of receiving commercial e-mails from the company (which is, in many cases, burdensome or impossible to prevent). Also, the e-mails that are sent to the friend would have to include the company’s physical postal address and opt-out mechanism, accurate routing information, a subject line that is not misleading, and, in some cases, be identified as an ad. Depending on how a particular tell-a-friend campaign functions (e.g., a company may encourage e-mail recipients to forward an e-mail to a friend or use a web-based interface to allow people to cause a message to be sent to their friend), it may be impossible for a company to ensure that these requirements are complied with.

The FTC’s report accompanying the rule makes the FTC’s interpretation of the Act’s application to tell-a-friend campaigns clear. First off, if a company offers to “pay or provide other consideration” to a person in exchange for sending the commercial e-mail to his or her friend, the company will be responsible for the e-mail’s compliance with the Act. Consideration includes offering “something of value (such as an act, forebearance or return promise),” even things of minimal or de minimis value including coupons, discounts, awards, sweepstakes entries or the like.

Similarly, when a company offers consideration to someone in exchange for driving traffic to the company’s Web site or generating other forms of referrals (e.g., a marketing affiliate relationship), resulting in the transmission of the company’s e-mail message by the affiliate or its sub-affiliate, the company will be responsible for the CAN-SPAM compliance of the e-mails that are sent.

In contrast, where a company merely “urges” or “exhorts” a person to forward a message to a friend, without offering something of value in exchange, the company will not be responsible for the CAN-SPAM compliance of the e-mails that are sent.

In summary, the FTC’s newly issued interpretation in effect will cause most companies to avoid CAN-SPAM coverage with respect to their tell-a-friend campaigns by refraining from offering anything of value in exchange for a person sending or forwarding a promotional message to a friend. Instead, such programs will be completely void of incentive. A company may, however, verbally encourage people to send their commercial messages on to their friends. As for affiliate marketing programs, since inherent in them is some form of consideration to the affiliate marketer, it will be harder to avoid responsibility for CAN-SPAM compliance.

Opt-out Requests

This rule requires senders to allow recipients to opt-out of subsequent commercial e-mails in at least one of two ways. The recipients should be able to opt-out by (1) replying to a specified e-mail address or (2) visiting a single Web page and selecting their opt-out preferences. Recipients cannot be required to pay a fee or provide any other information besides their e-mail address and opt-out preferences. For example, the recipient can be asked to indicate which kind of e-mails, if any, she would like to receive, but can not be required to log into her account or to submit her name, address, or any form of payment in order to opt-out. This new rule could prove burdensome on companies that currently rely on recipients to log into an account in order to opt out, or to click through to more than one web page.

The FTC declined to shorten or lengthen the amount of time senders have to process opt-out requests. The final rule maintains the original ten-business day opt-out request processing period (or, for wireless e-mail addresses, ten days). After the applicable time period from receipt of an opt-out request, senders are prohibited from initiating commercial e-mail messages to the recipient.

Definition of Person

The FTC added a definition of “person” to clarify that the CAN-SPAM Act applies to more than just natural persons. As defined by the rule, person includes:

  • individuals,
  • groups,
  • unincorporated associations,
  • limited or general partnerships,
  • corporations; and
  • other business entities.

Valid Physical Postal Address

Since the Act was enacted, legitimate e-mailers (in particular small businesses) have been asking whether they can use a P.O. box to meet the requirement that a physical postal address be included in commercial e-mails. The final rule adds a definition of “Valid physical postal address” to clarify its meaning. Under the definition, the sender may use his current street address, a Post Office box the sender has accurately registered with the United States Postal Service, or a private mailbox the sender has accurately registered with a commercial mail-receiving agency that is established pursuant to United States Postal Services regulations.