Q: Is anything being done to control e-mail “spam”?
A: Yes. Congress passed the “CAN-SPAM Act” (“Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003,” effective January 1, 2004) to help curb “spam” e-mails. The Act allows you to demand that a party stop sending commercial e-mails. It also empowers federal agencies (primarily the Federal Trade Commission or “FTC”), state agencies, and Internet service providers to enforce its provisions. The CAN-SPAM Act supersedes all existing state spam laws, except for state laws that prohibit falsity or deception in any portion of a commercial e-mail.
Q: Has the Act been effective since it was passed?
A: Opinions are mixed, and the spam problem has grown. In 2003, according to the Congressional findings, over half of all e-mail was spam, and most of that was unsolicited advertising. In 2008, 81 percent of all email was spam (www.messagelabs.com/mlireport/MLIReport_Annual_2008_FINAL.pdf), and now some is aimed at damaging your computer, stealing information, or tricking you into giving up information (“phishing,” a practice not covered by the Act). Prosecutors can use the Act if they catch a spammer, but your e-mail inbox may not see a difference.
Q: What’s new since 2004?
A: Spammers now use multiple sending systems in multiple locations. Rewards are still great for spammers, and risks are only slightly increased. Spammers, as well as those trying to prevent spam, are investing in research and development. The FTC issued clarifications (effective July 7, 2008) that provide some help for the consumer, but also give some concessions to advertisers.
Q: Does the CAN-SPAM Act apply to all e-mail ads?
A: Yes. The Act applies to all “commercial e-mail” (e-mails that have the primary purpose of advertising or promoting products or services) and against anyone who initiates, sends or retransmits commercial e-mail. Also, businesses are responsible for commercial e-mails sent on their behalf by any third party they hire.
Q: Does the Act cover e-mails referring to something I’m buying or have already bought?
A: The restrictions in the Act do not apply to “transactional or relational messages” (e-mails sent to facilitate, complete, or confirm a transaction, or provide warranty or safety information for a product or service used or purchased by the recipient).
Q: I rely on e-mail to keep my customers informed. What is the new rule on e-mailing “transactional or relationship messages”?
A: E-mail now likely to be declared "transactional or relationship messages” rather than violations of the Act include:
1) e-mails sent to facilitate, complete, or confirm registration for a free Internet service;
2) newsletter e-mails issued periodically and that are entirely informational or that mix informational and commercial content (although entirely commercial emails or those sent unsolicited may violate the Act);
3) e-mails sent to complete an existing, viable, non-terminated negotiation if the negotiation was related to a commercial transaction (although emails attempting to persuade someone to return to negotiations likely will violate the Act);
4) e-mail messages limited to legally required notices (although this determination may be made case by case).
E-mails containing opinion and research surveys also are outside the scope of the Act unless they contain advertising or promote a company, product, or service.
Q: What happens if a spam-sender continues to send spam after an Internet user complains?
A: Government agencies and Internet service providers may seek money damages (for example, the FTC can seek fines of up to $16,000 per violation) or criminal prosecution against violators. Violators include those who retransmit commercial e-mails to conceal the origins of spam e-mails. Spammers with multiple violations have been fined hundreds of millions of dollars and given several years in prison.
Q: What must businesses do to comply with the CAN-SPAM Act?
A: Unless the e-mail recipient has expressly agreed to receive a message or initiated contact with the business, businesses must make sure that commercial emails:
• clearly indicate they are ads;
• have correct header information and accurate subject lines that do not mislead recipients;
• allow recipient to send a reply message or other “Internet-based communication” to opt-out of future e-mails, and honor this request within 10 days. Also, the “opt-out” information must include the sender’s valid, physical postal address.
Q: Does Ohio have anything like the CAN-SPAM Act?
A: Yes. Ohio has a law against “illegally transmitting multiple commercial electronic mail messages” (effective May 6, 2005) which complements the Federal CAN-SPAM Act. It covers phishing where the e-mail’s origin is misleading. The Ohio Attorney General may file civil action on violations of both the Ohio statute and the Federal CAN-SPAM Act. For more information about federal spam law, visit http://www.ftc.gov/spam/. Information about privacy law in Ohio, including spam issues, can be found through http://privacy.ohio.gov/education and http://privacy.ohio.gov/citizens.
This “Law You Can Use” column was provided by the Ohio State Bar Association. It was prepared by attorney A. Brian Dengler of the Columbus office of Vorys Sater & Pease LLP, and updated by Steven A. Hill, Columbus attorney and general counsel for STAN Solutions LLC, Dayton.