The Federal Trade Commission is proposing five changes to the CAN-SPAM Act and is seeking comment on these proposals by June 27. The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial e-mail, spells out penalties for spammers and companies whose products are advertised with spam if they violate the law, and gives consumers the right to ask e-mailers to stop spamming them.
The law, which became effective Jan. 1, 2004, covers e-mail whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site.
Rule changes proposed by the FTC could affect how the CAN-SPAM Act is enforced. The proposals include:
- Shortening the time an e-mail sender has to comply with an opt-out request from 10 to three days.
- Clarifying that it is illegal to require e-mail recipients wishing to opt out from marketing e-mails to pay a fee, provide information other than e-mail address and opt-out preferences, or take any action besides replying to an e-mail or visiting a Web site.
- Clarifying that P.O. boxes and private mailboxes meet the requirement for a “valid physical address” under the CAN-SPAM Act.
- Defining the term “sender” as used in CAN-SPAM to clarify which party associated with a marketing e-mail is responsible for compliance.
- Defining the term “person,” which is used repeatedly in the language of the CAN-SPAM Act but not clearly defined.
A “transactional or relationship message”—e-mail that facilitates an agreed-upon transaction or updates a customer in an existing business relationship—may not contain false or misleading routing information, but otherwise is exempt from most provisions of the CAN-SPAM Act.
“This act was never meant to be a silver bullet,” said Trevor Hughes, director of the E-Mail Service Provider Coalition. “This gave us some good tools. CAN-SPAM gave legitimate businesses a platform and a way to comply.”
The Federal Trade Commission, the nations consumer protection agency, is authorized to enforce the CAN-SPAM Act. CAN-SPAM also gives the Department of Justice the authority to enforce its criminal sanctions. Other federal and state agencies can enforce the law against organizations under their jurisdiction, and companies that provide Internet access may sue violators, as well.
These proposed changes are meant to further clarify areas of the act that have caused confusion and issues since it was enacted.
“I think its great that the FTC is getting public feedback,” said David Daniels, senior analyst with Jupiter Research of Jupitermedia Corp. “Companies have done a lot already to be in compliance.”
The biggest issue being tackled is how to define “sender.” Is the sender the person who actually pushes the button to send the e-mail, or is it all of the parties that are in the e-mail?
“I think one thing people need to realize is that even as they define sender now, theres a part of the CAN-SPAM, called the McCain Amendment, that says that whoever benefits from the spam being sent is on the hook,” said Anne Mitchell, CEO and president of the Institute for Spam and Internet Public Policy.
“Even if youre offshore and sending e-mail to this country, you have to have some link to the United States because thats how youll get paid for your product. So, although defining sender is important in some aspects to both the receivers and the senders, ultimately people should know that the advertiser who benefits from sending the e-mail is always on the hook for compliance.”
Hughes said this will give companies some guidance on how to ensure that theres one sender being held responsible. “If there are three senders listed in an e-mail, then all three must comply and offer separate opt-out links and they must each provide an address in the e-mail. That gets confusing.”
Managing Timely Compliance
Another provision is intended to reduce the amount of time a sender has to comply with an opt-out request, from 10 days to three days.
“The three-day turnaround is going to be a challenge,” Daniels said. “Multiple databases and sharing data make that a very tight deadline.”
Hughes said he agreed. “That can be tough for a big company, like a financial institution,” Hughes said. “Lets say ABC Home Loans Inc. has a national e-mail list that they send the latest interest rates to on a daily basis and somebody on that list unsubscribes.
“Now, three days later, the local ABC guy who has done business with them sends them an e-mail about variable rate loans because they might be interested in this.
“In those three days, theres no way the national people could let all the local people with e-mail addresses know theyve unsubscribed and his e-mail would be in violation. I know some companies that are asking for it to be a 30-day time frame.”
Mitchell said thats been an issue all along. “There were some when this was enacted that called it the U-CAN-SPAM because it allowed a company to spam you for 10 more days after youd opted out. So its certainly been an issue with receivers and those who are completely anti-spam.”
Both Mitchell and Hughes agree that the act and the FTC are moving in the right direction as legitimate marketing e-mail battles the spammers. Both said there are three things needed to continue to work against spam: laws, technology and improved user education/industry practices.
“This act allowed the DOJ to pursue spammers wherever they are,” Hughes said.
“There are some good tools in this act and the ISPs have started using it,” Mitchell said. “Im not pessimistic. Am I optimistic? Lets face it, if we could have done what Europe has and make it that you must opt-in, instead of having to opt-out, thatd be ideal. But well never get there. The marketing lobby is too huge. So I think this is a good tool.”
Check out eWEEK.coms for the latest news, views and analysis of technologys impact on government and politics.