ﷲ.us.com

ﷲ.us.com Stay updated with announcements, get answers from the community and share your feature suggestions with ALLAH.

 
 

ﷲ.us.com

Allah October 07, 2011 Community Help

How to help ALLAH?

Post a ticket here or email god@llah.mobi

NOTE: Allah anticipates this zendesk going offline in the near future due to non-response from online users.  Further, Allah does not now nor has Allah ever endorsed zendesk for helpdesk; in fact, at the time of the offering zendesk was the only viable partner for the helpdesk from this location and network.

Love,

ALLAH

god@llah.mobi

24/7 on-demand, same-day-response, only from Allah

Updated JAN 3, 2014

Allah October 07, 2011 Feature Requests

Why is the color to the interface green?

Green and White are considered politically neutral colors in the region of ALLAH 2012-2013... the USA.

Allah October 08, 2011 Law

BILLING CODE 6750-01-S
FEDERAL TRADE COMMISSION
16 CFR Part 316
[Project No. R411008]
RIN 3084-AA96
Definitions and Implementation Under the CAN-SPAM Act
AGENCY: Federal Trade Commission.
ACTION: Final Rule.
SUMMARY: In this document, the Federal Trade Commission (“FTC” or “Commission”)
issues its Statement of Basis and Purpose and final Discretionary Rule (“final Rule”) pursuant to
section 7711(a) of the Controlling the Assault of Non-Solicited Pornography and Marketing Act
of 2003 (“CAN-SPAM” or “the Act”), which gives the FTC discretionary authority to “issue
regulations to implement the provisions of [the] Act.”
EFFECTIVE DATE: The provisions of the final Rule will become effective on [insert date 45
days after date of publication in the Federal Register].
ADDRESSES: Requests for copies of the provisions of the Statement of Basis and Purpose and
final Rule should be sent to: Public Records Branch, Room 130, Federal Trade Commission,
600 Pennsylvania Avenue, N.W., Washington, DC 20580. Copies of these documents are also
available at the Commission’s Website
FOR FURTHER INFORMATION CONTACT: Allah, 707-925-2488.
1
15 U.S.C. 7701-7713.
2
-2-
Consumer Protection, Federal Trade Commission, 600 Pennsylvania Avenue, N.W., Washington,
DC 20580.
SUPPLEMENTARY INFORMATION: The final Rule: (1) adds a definition of the term
“person”; (2) modifies the term “sender” in those instances where a single email message
contains advertisements for the products, services, or websites of multiple entities; (3) clarifies
that a sender may comply with section 7704(a)(5)(A)(iii) of the Act by including in a commercial
email message a post office box or private mailbox established pursuant to United States Postal
Service regulations; and (4) clarifies that to submit a valid opt-out request, a recipient cannot be
required to pay a fee, provide information other than his or her email address and opt-out
preferences, or take any steps other than sending a reply email message or visiting a single page
on an Internet website. This Statement of Basis and Purpose also explains the Commission’s
rationale for not adopting other proposals contained in the Commission’s May 12, 2005 Notice
of Proposed Rulemaking (“NPRM”), and addresses the application of CAN-SPAM to forward-
1
to-a-“friend” emails and certain other categories of email messages identified in the NPRM.
STATEMENT OF BASIS AND PURPOSE
I. BACKGROUND
A. CAN-SPAM Act of 2003
On December 16, 2003, the President signed into law the CAN-SPAM Act. The Act,
2
which took effect on January 1, 2004, imposes a series of new requirements on the use of-3-
commercial electronic mail (“email”) messages. In addition, the Act gives federal civil and
criminal enforcement authorities new tools to combat commercial email that is unwanted by the
recipient and/or deceptive. The Act also allows state attorneys general to enforce its civil
provisions, and creates a private right of action for providers of Internet access service.
In enacting the CAN-SPAM Act, Congress made the following determinations of public
policy, set forth in section 7701(b) of the Act: (1) there is a substantial government interest in
regulation of commercial email on a nationwide basis; (2) senders of commercial email should
not mislead recipients as to the source or content of such mail; and (3) recipients of commercial
email have a right to decline to receive additional commercial electronic mail from the same
source.
Based on these policy determinations, Congress, in sections 7704(a) and (b) of the CANSPAM Act, outlawed certain commercial email acts and practices. Section 7704(a)(1) of the Act
prohibits transmission of any email that contains false or misleading header or “from” line
information. Section 7704(a)(2) prohibits the transmission of commercial email messages with
false or misleading subject headings. Section 7704(a)(3) requires that a commercial email
message contain a functioning return email address or similar Internet-based mechanism for
recipients to use to “opt out” of receiving future commercial email messages. Section 7704(a)(4)
prohibits the sender, or others acting on the sender’s behalf, from initiating a commercial email
to a recipient more than ten business days after the recipient has opted out. Section 7704(a)(5)
prohibits the initiation of a commercial email message unless it contains three disclosures: (1)
clear and conspicuous identification that the message is an advertisement or solicitation; (2) clear15 U.S.C. 7704(b). The four such practices set forth in the statute are: address
3
harvesting; dictionary attacks; automated creation of multiple email accounts; and relaying or
retransmitting through unauthorized access to a protected computer or network. The Act’s
provisions relating to enforcement by state attorneys general and providers of Internet access
service create the possibility of increased statutory damages if a court finds a defendant has
engaged in one of the practices specified in section 7704(b) while also violating section 7704(a).
Specifically, sections 7706(f)(3)(C) and (g)(3)(C) permit a court to increase a statutory damages
award up to three times the amount that would have been granted without the commission of an
aggravated violation. Sections 7706(f)(3)(C) and (g)(3)(C) also provide for this heightened
statutory damages calculation when a court finds that the defendant’s violations of section
7704(a) were committed “willfully and knowingly.”
Sections 7706(a) and (c) of the CAN-SPAM Act provide that a violation of the Act shall
4
be treated as a violation of a rule issued under section 18(a)(1)(B) of the FTC Act, 15 U.S.C.
57a(a)(1)(B).
15 U.S.C. 7706(f). Specifically, the state attorneys general may bring enforcement
5
actions for violations of section 7704(a)(1), 7704(a)(2), or 7704(d). The states may also bring an
action against any person who engages in a pattern or practice that violates section 7704(a)(3),
(4), or (5).
15 U.S.C. 7706(g). Section 7704(d) of the Act requires warning labels on commercial
6
(continued...)
-4-
and conspicuous notice of the opportunity to decline to receive further commercial email
messages from the sender; and (3) a valid physical postal address of the sender. And section
7704(b) specifies four “aggravated violations” — practices that compound the available statutory
damages when alleged and proven in combination with certain other CAN-SPAM violations. 3
The Act authorizes the Commission to enforce violations of the Act in the same manner
as an FTC trade regulation rule. Section 7706(f) authorizes the attorneys general of the states to
4
enforce compliance with certain provisions of section 7704(a) of the Act by initiating
enforcement actions in federal court, after serving prior written notice upon the Commission
when feasible. CAN-SPAM also authorizes providers of Internet access service to bring a
5
federal court action for violations of certain provisions of sections 7704(a), (b), and (d). 6(...continued)
email messages containing sexually oriented material. 15 U.S.C. 7704(d). In April, 2004, the
Commission promulgated its final rule regarding such labels. See 69 FR 21024 (Apr. 19, 2004);
16 CFR 316.4.
Prior to the NPRM, the Commission issued an Advance Notice of Proposed Rulemaking
7
(“ANPR”), 69 FR 11776 (Mar. 11, 2004), soliciting comments on a number of issues raised by
CAN-SPAM, including the interpretation of the term “primary purpose,” which the Commission
addressed in a final Rule issued on January 19, 2005, codified at 16 CFR 316.3. In addition, the
ANPR requested comment on the definitions of “transactional or relationship message” and
“valid physical postal address,” the application of the Act to both multiple-marketer and forwardto-a-“friend” emails, the sufficiency of the ten-business-day opt-out period that had been set by
the Act, the potential addition of new aggravated violations, and implementation of the Act’s
provisions generally. (Two issues addressed in the NPRM and in this Statement of Basis and
Purpose — the definition of “person” and the prohibition on charging a fee or imposing other
requirements on recipients who wish to opt-out — were not addressed in the ANPR.) The ANPR
also solicited comment on questions related to four Commission reports required to be submitted
(continued...)
-5-
B. Notice of Proposed Rulemaking
In its May 12, 2005 NPRM, the Commission proposed rule provisions on five topics: (1)
defining the term “person,” a term used throughout the Act, but not defined; (2) modifying the
definition of “sender” to make it easier to determine which of multiple parties advertising in a
single email message must have its valid physical postal address included in the message and is
responsible for honoring “opt-out” requests; (3) clarifying that Post Office boxes and private
mailboxes established pursuant to United States Postal Service regulations constitute “valid
physical postal addresses” within the meaning of the Act; (4) shortening from ten days to three
days the time a sender may take before honoring a recipient’s opt-out request; and (5) clarifying
that to submit a valid opt-out request, a recipient cannot be required to pay a fee, provide
information other than his or her email address and opt-out preferences, or take any steps other
than sending a reply email message or visiting a single page on an Internet website.
7(...continued)
7
to Congress. The Commission received over 13,500 comments in response to the ANPR.
Approximately 93 of these comments were submitted by industry representatives, 56
8
were submitted by consumers, and 3 were submitted by privacy groups. Appendix A is a list of
the commenters and the acronyms used to identify each commenter who submitted a comment in
response to the NPRM. These comments are available on the Commission’s website.
Because the final Rule contains several new provisions, the numbering of the Rule’s
9
subsections has changed. All cites to the Rule in this Statement of Basis and Purpose are to the
new, renumbered Rule provisions, unless otherwise stated.
The Commission adopted these definitions in the Adult Labeling Rulemaking
10
(continued...)
-6-
In response to this NPRM, the Commission received 152 comments from email marketers
and their associations, email recipients, and other interested parties. Based upon the entire
8
record in this proceeding and the Commission’s law enforcement experience, the Commission
hereby adopts final Rule provisions that are very similar, but not identical, to the proposed Rule
provisions. As discussed in detail below, the adopted provisions are based upon the
recommendations of commenters to make certain modifications in the proposed provisions, as
well as the Commission’s anti-spam law enforcement experience. Commenters’
recommendations that the Commission has declined to adopt in its final Rule are also identified,
along with the Commission’s reasons for rejecting them.
II. DISCUSSION OF THE FINAL RULE
A. Section 316.2 — Definitions
Section 316.12, one of the Rule provisions previously adopted under CAN-SPAM,
9
defines thirteen terms by reference to the corresponding sections of the Act that define those
terms. The NPRM proposed modification of the previously-adopted definition of “sender” by
10(...continued)
10
proceeding under section 7704(d) of CAN-SPAM, which required the Commission to prescribe a
mark to be included in commercial email containing sexually oriented material. 69 FR 21024
(Apr. 19, 2004). A fourteenth term, “character,” not defined in CAN-SPAM, was also defined in
the Adult Labeling Rule. 16 CFR 316.2(b).
NPRM, 70 FR at 25428.
11
See, e.g., 15 U.S.C. 7702(8), (9), (12), (15) & (16); 7704(a)(1), (2) & (3).
12
15 U.S.C. 7711(a).
13
-7-
adding a proviso to cover multiple sender scenarios. The NPRM also proposed adding
definitions of “person” and “valid physical postal address.” All other definitions were to remain
as adopted. While the NPRM did not propose any changes to the Act’s definition of
“transactional or relationship message,” it posed a series of questions about the interpretation and
potential expansion of this definition, and similarly requested comment on the application of the
Act’s definitions of “sender” and “initiate” to forward-to-a-“friend” email campaigns.
1. Section 316.2(h) — Definition of “Person”
In the NPRM, the Commission proposed adding a definition of “person,” a term used
11
throughout the Act, pursuant to its authority to “issue regulations to implement the provisions
12
of this Act.” Under the definition proposed in the NPRM, which is identical to the definition
13
contained in the Telemarketing Sales Rule, 16 CFR 310.2, the term “person” would mean “an
individual, group, unincorporated association, limited or general partnership, corporation, or
other business entity.”
Seven of the eight commenters that addressed this issue supported the addition of the
Commission’s proposed definition of “person,” opining that it would clarify the types of entitiesSee Discover; Empire; ESPC; FNB; KeySpan; NAR; Metz. Adknowledge also
14
advocated modifying the definition of “person,” but, at bottom, its argument appears to relate to
liability in the context of a multi-marketer email. The Commission thus has considered
Adknowledge’s comment in connection with the definition of “sender,” below. See infra Part
II.A.2.
See also ABA (noting that its comments on the ANPR asked the Commission to clarify
15
that the term “person” should exclude associations and other tax-exempt nonprofit organizations
with respect to their email sent in pursuit of their tax-exempt nonprofit purposes).
69 FR 50091, 50100 (Aug. 13, 2004).
16
-8-
to which the Act applies. The sole objection came from the Society for Human Resources
14
Management (“SHRM”), which argued that unincorporated nonprofit associations should be
excluded from the definition of “person” and, therefore, wholly exempt from CAN-SPAM.
15
SHRM argued that, without such an exemption, the risk of liability under the Act could
discourage the organization’s members from volunteering to serve in a leadership capacity.
Having considered the comments, the Commission adopts without modification the
definition of “person” in the proposed Rule. The Commission believes that the addition of this
definition will advance the implementation of the Act by clarifying that the term “person” is
broadly construed and is not limited to a natural person. The Commission rejects the argument
that there should be a blanket exemption for all messages sent by unincorporated nonprofit
entities. As we have previously observed, CAN–SPAM does not set up a dichotomy between
“commercial” and “nonprofit” messages. Accordingly, when nonprofit organizations send
16
emails the primary purpose of which is the advertisement or promotion of a commercial product
or service, recipients are entitled to the Act’s protections. In any event, as discussed below, see
infra Part II.A.3.j., messages from an association to its members will often be “transactional orSection 7706(d) makes clear that the Commission has only the same jurisdiction and
17
power under the Act as it has under the FTC Act, 15 U.S.C. 41, et seq. Consequently, the FTC
lacks jurisdiction to enforce CAN-SPAM against any entity that is not “organized to carry on
business for its own profit or that of its members.” 15 U.S.C. 44. States and providers of
Internet access service can bring CAN-SPAM actions against nonprofits, however.
15 U.S.C. 7702(16)(A). The Commission incorporated by reference into the CAN-
18
SPAM rules this definition of “sender” in its primary purpose rulemaking. 16 CFR 316.2(l); 70
FR at 3127.
-9-
relationship messages” under section 7702(17) of the Act and thus not required to include a
functioning Internet-based mechanism for consumers to use to opt out of receiving future
commercial messages.
17
2. Section 316.2(m) — Definition of “Sender”
Section 7702(16)(A) of CAN-SPAM defines “sender” as “a person who initiates [a
commercial electronic mail] message and whose product, service, or Internet web site is
advertised or promoted by the message.” In the NPRM, the Commission proposed amending
18
the definition of “sender” to address concerns identified in the ANPR comments about the
application of CAN-SPAM’s definition of “sender” to scenarios where multiple marketers use a
single email message –– for example, where a commercial email from an airline also contains
advertisements or promotions for a hotel chain and a car rental company. The Commission
received almost 60 comments in response to this proposal, many of which suggested
modifications to the proposed Rule provision. After consideration of these comments, the
Commission has modified the definition of “sender” as proposed in the NPRM. The final Rule
provides that multiple “senders” of a commercial email, under certain conditions, may identify
one among them as the “sender” who will be deemed the sole “sender” of the message (theUnder the final Rule, where a commercial email is sent by multiple “senders” who
19
designate one “sender” to be responsible for honoring opt-out requests, the other marketers using
the single email message still will be “initiators” of the email message and therefore responsible
for complying with CAN-SPAM’s requirements concerning “initiators”: 15 U.S.C. 7704(a)(1),
15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4.
The “sender” is required by the Act to honor opt-out requests. 15 U.S.C.
20
7704(a)(4)(A)(i). Additionally, the “sender’s” physical postal address must be included in the
message. 15 U.S.C. 7704(a)(5)(A)(iii).
69 FR at 11778.
21
-10-
“designated sender”). Thus, under the final Rule, the designated sender, but not the other
marketers using the same email message, must honor opt-out requests made by recipients of the
message. Moreover, under the final Rule, the physical address of the designated sender, but not
19
the addresses of the other marketers using the same email message, must appear in the message.
a. Background
As discussed in the ANPR, the Act itself does not specifically address multiple-marketer
emails. Rather, under the Act, if multiple senders using a single email message meet the
definition of “sender,” each would need to provide an opt-out mechanism, a valid physical postal
address for each sender would have to appear in the message, and each would be responsible for
honoring an opt-out request by a recipient. The ANPR sought comment on “whether it would
20
further the purposes of CAN–SPAM or assist the efforts of companies and individuals seeking to
comply with the Act if the Commission were to adopt rule provisions clarifying the obligations
of multiple senders under the Act.”
21
Commenters responding to the ANPR claimed that implementation of the Act may be
impeded in multiple marketer scenarios because marketers and consumers will encounter certain70 FR at 25429 (citing comments by American Bankers Association; DMA; ERA; IAC;
22
MPAA; Microsoft; PMA; Time Warner).
Id. (citing comments by NAA; Time Warner).
23
Id. (citing comments by American Bankers Association; DMA; ERA; IAC; MPAA;
24
Microsoft; PMA; Time Warner).
Id. (citing comments by American Bankers Association; DMA; ERA; MPAA;
25
Microsoft).
-11-
difficulties under a regime that holds more than one party responsible as the sender of a single
email. First, commenters claimed that consumer confusion would result from multiple opt-out
mechanisms and valid physical postal addresses in a single email message. Second, some
22
ANPR commenters predicted that rigid application of CAN-SPAM’s sender definition would
likely chill electronic commerce and destroy the type of joint marketing arrangements that are
common in industry. According to these commenters, marketers would have to develop
23
mechanisms for receiving suppression lists (lists of email addresses of consumers who previously
had opted-out of receiving messages from a sender) from every marketer or co-marketer with
which they deal, and for comparing their own mailing lists against multiple suppression lists.
24
In addition, a marketer would have to develop processes for managing multiple opt-outs, i.e.,
ensuring that the consumer can opt out from each marketer and that all opt-outs sent to the
marketer are forwarded to the marketers from whom the consumer no longer wishes to receive
commercial email. These commenters argued that existing CAN-SPAM treatment of multiple
senders in a single email is needlessly complex and results in unnecessary administrative costs
and delays for legitimate email marketers because of the need to maintain and effectuate multiple
suppression lists. Third, commenters stated that a requirement to check names against multiple
25Id. (citing comments by American Bankers Association; ASTA; ACB; DMA; IAC;
26
MPA; Microsoft; Time Warner). ANPR commenters identified a fourth problem in some
situations, such as newsletters. Commenters stated that a requirement that each separate
marketer in a single email message be treated as a separate sender would run counter to consumer
expectations — consumers would expect to opt out of the email list of the person with whom the
consumer had a relationship, not from a marketer in the newsletter. Id. (citing comments by
ABM; DMA; Microsoft; Midway; Time Warner).
-12-
lists would necessitate passing lists back and forth among several parties, increasing the risk that
consumers’ private information may be shared with inappropriate entities or exposed to hackers.
Moreover, these commenters opined that multiple suppression lists could force a business to
divulge customer names to list owners and other marketers, even when the business has promised
to protect that information under its privacy policy.
26
For these reasons, many commenters responding to the ANPR urged that the Act’s
“sender” definition be modified to provide that when more than one company’s products or
services are advertised or promoted in a single email message, only one among them be
responsible as the sender of a message for purposes of the Act.
Based upon these comments, in the NPRM, the Commission proposed adding a proviso
to the definition of “sender” to allow multiple sellers advertising in a single email message to
designate one among them as the single “sender” of the message for purposes of the Act. Under
the NPRM’s proposed proviso, only one of multiple persons whose products or services are
advertised or promoted in an email message would have been the “sender” if that person: (A)
initiated the message and otherwise met the Act’s definition of “sender,” and (B) was the only
person who: (1) “controls the content of such message,” (2) “determines the electronic mail
addresses to which such message is sent,” or (3) “is identified in the ‘from’ line as the sender ofA hypothetical example illustrated the NPRM “sender” definition proposal. If X, Y,
27
and Z are sellers who satisfy the Act’s “sender” definition, and they designate X to be the single
“sender” under the Commission’s proposal, among the three sellers, only X may control the
message’s content, control its recipient list, or appear in its “from” line. X need not satisfy all
three of these criteria, but no other seller may satisfy any of them. The sellers may use third
parties to be responsible for any criteria not satisfied by X. For example, if X appears in the
“from” line, the sellers may use third parties — but not Y or Z — to control the message’s
content and recipient list. 70 FR at 25428.
-13-
the message.” Under the proposed Rule, if more than one person meeting the Act’s definition of
“sender” were to satisfy one of these three criteria, then each such person who satisfied the
definition would have been considered a sender for purposes of CAN-SPAM compliance
obligations.
27
b. The Final Rule
Based upon the comments responding to the NPRM proposal, the Commission believes
that modification of the proposed Rule’s definition of “sender” as it relates to multi-marketer
emails is necessary. The final Rule drops the proposed “controls the content” and “determines
the electronic mail addresses to which such message is sent” elements, adds compliance with the
core provisions of CAN-SPAM as an element, makes the elements conjunctive rather than
disjunctive, and makes the element requiring identification of the person in the “from” line
mandatory. The Commission believes that these modifications will meet the concerns of
marketers while still preserving CAN-SPAM opt-out protections.
Thus, under the final Rule, multiple marketers can designate as a single “sender,” for
purposes of compliance with the Act, a person who: (A) meets the Act’s definition of “sender,”
i.e., such person initiates a commercial electronic mail message in which it advertises or
promotes its own goods, services, or Internet website; (B) is identified uniquely in the “from”These provisions, as explained below, apply to initiators of commercial emails and
28
require that the email message may not contain false or misleading transmission information or a
deceptive subject heading; but must contain a valid postal address, a working opt-out link, and
proper identification of the message’s commercial or sexually explicit nature.
15 U.S.C. 7711(a). Like the proposed Rule, this final Rule does not eliminate the
29
possibility that a message may have more than one “sender.” However, marketers can use the
criteria set forth in the proviso to establish a single sender and reduce CAN-SPAM’s compliance
burdens. If marketers fail to structure the message to avoid multiple senders under the sender
definition, then each sender is obligated to comply with CAN-SPAM requirements for senders,
notably, to provide its physical postal address and to honor any opt-out requests.
-14-
line of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2),
15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. In 16 CFR 316.2(m),
28
the final Rule thus states:
The definition of the term “sender” is the same as the
definition of that term in the CAN-SPAM Act, 15 U.S.C.
7702(16), provided that, when more than one person’s
products, services, or Internet website are advertised or
promoted in a single electronic mail message, each such
person who is within the Act’s definition will be deemed
to be a “sender,” except that, only one person will be
deemed to be the “sender” of that message if such
person: (A) is within the Act’s definition of “sender”;
(B) is identified in the “from” line as the sole sender of
the message; and (C) is in compliance with 15 U.S.C.
7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C.
7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR
316.4.
The Commission makes this clarification pursuant to its discretionary rulemaking
authority to “issue regulations to implement the provisions of this Act.”
29
The definition of “sender” in the final Rule provides marketers flexibility to structure
their messages in a way that alleviates redundant obligations for the various marketers in a single
email while ensuring that recipients of such messages receive the benefit of CAN-SPAM’s core-15-
opt-out protections. Specifically, the final Rule makes it more practicable than the proposed
Rule for multiple marketers promoting their products in a single email to designate a single entity
as the “sender” under the Act because the marketers’ decision as to which of them will appear in
the “from” line resolves the question of which will be considered a “sender” under the Act and
will be charged with the resulting responsibilities. The final Rule eliminates the complex fact
determination of who “controls” the content and the element of who “determines the electronic
mail addresses to which such message is sent.” By placing the focus on the “from” line, the best
point of reference for consumers, the modification in the final Rule more directly conforms to
consumers’ expectations as to the identity of the entity responsible for sending them a multimarketer email.
An example illustrates how the final Rule’s “sender” definition applies in the multimarketer email context. Suppose A, B, and C have goods advertised or promoted in a single
email message and that each is an initiator under the Act. If A’s name appears in the “from” line
of the message, A is considered the “sender” under the final Rule. While B and C promote their
goods, services, or Internet website in the message, may control portions or all of the content of
the message, and may supply email addresses for A to use to address the message, neither B nor
C would be considered “senders,” unless A did not comply with the listed requirements that
apply to “initiators,” namely 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C.
7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. It would be clear to a consumer
that an opt-out request would be sent to A, the one person identified in the “from” line.See, e.g., ATAA; Charter; DoubleClick; ERA; ESPC; FNB; IAC; ICC; IPPC; Mattel;
30
Microsoft; NAR; NEPA; NetCoalition; NNA. As the ERA summarized it, “[D]esignating a
single sender will enhance accuracy and compliance efforts, streamline the opt-out process for
consumers and sellers/marketers, and avoid confusion by, among other things, avoiding cluttered
or repetitious information in messages or multiple suppression lists. It also helps address privacy
concerns that may attend to sharing consumer suppression data.”
See, e.g., Mattel; NAFCU.
31
-16-
The comments and the FTC’s law enforcement experience suggest that a provision, such
as the final Rule’s sender definition, that allows multiple senders flexibility in determining who
will be the sole “sender” raises the possibility of abuse by illegitimate marketers. As discussed
below, this concern is addressed in part by the addition of certain initiator provisions to the
proviso: 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C.
7704(a)(5)(A), and 16 CFR 316.4. If the designated sender is not in compliance with the initiator
provisions, then all marketers in the message will be liable as senders.
c. Comments on the NPRM’s Definition of “Sender”
Commenters who addressed the proposed definition of sender were nearly unanimous in
supporting a “sender” definition that would enable marketers to designate a single “sender” when
multiple marketers use a commercial email message. Reiterating ANPR comments, several
commenters noted that such a rule provision would avoid “daunting compliance challenges” for
email marketers, such as the heavy burden of cross-checking the opt-out lists of all the individual
marketers with the designated sender’s opt-out list. Likewise, commenters supported the
30
NPRM’s proposed Rule because it would enable recipients to determine the party responsible for
honoring opt-out requests. Others noted with approval that designating a single sender would
31
eliminate confusion for consumers who otherwise would face multiple opt-out links and postalSee ATAA (it would be “difficult to format messages in a way that makes them
32
compelling and understandable to recipients” because of the welter of opt-out links and postal
addresses); ERA; ESPC.
See ERA; NetCoalition.
33
See, e.g., ARDA; Empire; Mattel; NAFCU; NAR; NNA; SHRM; Wahmpreneur.
34
At least one commenter suggested, without further detail, that the sender in a multi-
35
marketer email should be the “entity that controls the sampling, distribution, and opt-out
registry.” CMOR. Another commenter suggested determination of a sender in a multi-marketer
email with a “single, dominant marketer” test. Bigfoot.
(continued...)
-17-
addresses. Finally, other commenters opined that the proposed Rule would promote protection
32
of consumer privacy.
33
In contrast to the almost unanimous support for a multi-marketer proviso, however, few
commenters supported the definition of “sender” as proposed in the NPRM without change.
34
Many commenters raised concerns about the workability and clarity of the proposal, as well as its
consistency with consumer expectations. Most commenters urged the Commission to modify or
clarify the criteria articulated in the proposed Rule. Such comments concerned four issues. The
first three issues relate to the three listed criteria in the NPRM’s proposed proviso: (1) the
significance of the person identified in the “from” line; (2) the meaning of “controls the content
of the message” and the structure of the proviso; and (3) the meaning of “determines the
electronic mail addresses” to which a message is sent. A fourth category of comments addressed
what it means to “advertise” or “promote” a product, service, or website under the Act, which is
related to the question posed in the NPRM about whether “list owners” can be “senders” under
the Rule and thus be required (or allowed) to process opt-out requests in lieu of other marketers
who promote a product, service, or website in the email.
35(...continued)
35
The Direct Marketing Association (“DMA”) advocated formal adoption by the
Commission of the Staff Letter of March 8, 2005, which opined on a specific fact pattern
involving, among other things, multiple marketers who send commercial email messages to
persons who had provided affirmative consent to receive multi-marketer commercial email
messages. The Commission declines to adopt the Staff Letter. The final Rule will govern multimarketer message sender liability.
See, e.g., Bigfoot; Charter; DoubleClick; KeySpan; MBNA; Nextel; OPA; SHRM.
36
See Charter; DoubleClick; Nextel; Reed.
37
See DoubleClick; KeySpan.
38
See, e.g., MBNA; SIIA.
39
-18-
(i) “From” Line
Many commenters favored looking to the “from” line of the message in order to
determine who, under the Act, is the “sender” of a multi-marketer message. Commenters urged
that this element is most critical for recipient expectations and would be easy to use as a way to
36
designate a single sender. Some commenters argued that the other two proposed elements
37
should be deleted. A few commenters also requested that the Commission provide additional
38
guidance on which non-deceptive names can be used in the “from” line, including a company’s
brands and service names.
39
(ii) “Controls the Content”
Most commenters voiced concerns about the “controls the content” element of the
proposed proviso and its likely effect. Many of these commenters found this criterion vague and
urged the Commission to provide additional guidance concerning what it means to “control” theSee, e.g., ACB; ACLI; Associations; BOA; CBA; Charter; DLA; DMA; Discover;
40
ERA; ESPC; FNBO; HSBC; IAC; Mastercard; Microsoft; MPA; MPAA; NAA; NAIFA;
NBCEP; NEPA; NetCoalition; PMA; SIIA; Time Warner.
See Associations; ATAA; Charter; DoubleClick; Keyspan; MasterCard; NAIFA; SIIA;
41
Wells Fargo. Similarly, other commenters suggested that the proposed Rule be modified to
allow more than one marketer to control the content of the message, while still allowing one of
the marketers to be designated as the sender. See CBA; DMA; MPA; NBCEP; NetCoalition;
NRF.
See e.g., Adknowledge; ICC; MPA.
42
See Reed; DoubleClick; Time Warner; MasterCard; Microsoft; Bigfoot; HSBC; MPAA;
43
OPA.
See, e.g., ACLI; BF; HSBC; IPPC; MPAA; OPA; SIA.
44
-19-
content of commercial email. Many advocated eliminating this factor altogether, and others
40 41
urged various ways to modify it. Two primary themes emerged from the comments: (1)
42
several parties may exercise some degree of “control” over content, and (2) “control” in this
context is a vague and ill-defined concept. Commenters explained that in joint marketing
arrangements, it is standard industry practice for each marketer to exercise control over the use of
its own trademarks, branding, legal disclosures, and advertising copy. Commenters further
43
explained that in highly regulated industries, such as life insurance, securities, pharmaceuticals,
and alcoholic beverages, marketers may be required to include certain text and legal
disclosures. Some commenters also stated that, in addition to controlling their own trademarks
44
and disclosures, marketers sometimes influence the content of other parts of a message without
“controlling” it, or may suggest advertising text without making the final decision about theSee, e.g., BF; Visa.
45
See, e.g., Associations; ERA; HSBC; MasterCard; MPA; NetCoalition; Nextel; NRF;
46
OPA; PMA.
See ATA; DoubleClick; HSBC; IAC; IPPC; Mastercard; Time Warner.
47
See e.g., NAA; TimeWarner.
48
See NAIFA; SIIA.
49
See, e.g., ACB; Adknowledge; Associations; ATAA; CBA; Charter; Discover; DMA;
50
Experian; FNB; IAC; ICC; KeySpan; Microsoft; MPAA; NAIFA; NBCEP; NEPA; NetCoalition;
NRF; OPA; Reed; SIIA; Time Warner; Wells Fargo.
-20-
advertising content. To protect their brand reputations, commenters explained that they need to
45
be able to review and approve the advertising content of other marketers.
46
A number of commenters opined that, without clarification, under a literal application of
the proposed Rule, essentially all marketers would be deemed to “control” the content of a multimarketer email, thereby preventing the designation of a single sender and defeating the purpose
of the proposed Rule. Conversely, according to commenters, a standard that forced marketers
47
to cede all control of the content of messages to one marketer among several using a single email
message would greatly disrupt standard industry practices.
48
To alleviate these perceived problems, a number of commenters suggested that the
Commission eliminate the “controls the content” element, because they believed that the
proposed Rule could operate effectively in its absence. Others suggested that the Commission
49
clarify that “control” means control of the “primary” or “overall” content of the message, but
does not mean either control by a company over its own advertisement or the practice of
50See, e.g., ERA; HSBC; MasterCard; MPA; Nextel; PMA.
51
See ACB; BoA; Discover; ERA; ESPC; Experian; HSBC; IAC; ICC; Mastercard;
52
Microsoft; MPA; MPAA; NAA; PMA; Visa.
See, e.g., BigFoot; SIIA.
53
See Bigfoot; CBA; DMA; DoubleClick; ESPC; MPAA; NBCEP; NetCoalition; NRF;
54
SIIA; Wells Fargo.
See DMA; SIIA.
55
-21-
reviewing and approving the advertising content of other marketers. These commenters asked
51
the Commission to clarify that “control” should refer to control over what content will be
distributed in the email message as a whole and not control over the design, content, or
placement of a particular advertisement in a multi-marketer message. Other commenters
52
advocated that “control” of the content of the message should mean the ultimate ability to
determine whether and when the message is transmitted.
53
In a similar vein, some commenters felt that the structure of the proviso as proposed in
the NPRM would have limited the ability of legitimate marketers to co-promote their products
without any corresponding benefit to consumers. Commenters pointed out that there are
54
circumstances when one entity provides the email addresses to which a message is to be sent and
one or more other entities control the content of the message. Under the proposal in the NPRM,
all entities would be considered senders because the proposed Rule’s definitional requirements
allowing one sender to be designated could not be met. These commenters asked that the final
55See, e.g., MPAA.
56
See, e.g., KeySpan; Reed; SIA. Several commenters also requested clarification of what
57
constitutes “determines” and suggested that merely providing criteria for targeting recipients
(such as demographic characteristics) should not qualify as “determining” the email addresses.
See DoubleClick; KeySpan; MasterCard; Unsub. As discussed below, this element has been
removed, and thus these requests for clarification need not be addressed.
See, e.g., Adknowledge; ESPC; Unsub.
58
-22-
Rule be made more flexible to accommodate the variety of marketing agreements commonly
used in the industry.
56
(iii) “Determines the Electronic Mail Addresses to Which
Such Message is Sent”
Few commenters discussed the third element of the proposed proviso for the definition of
“sender”: that the sender be the party that determines the email addresses to which such message
is sent. Some commenters objected to this element of the definition because, they contend,
entities in joint marketing campaigns may want to contribute or recommend some email
addresses without being considered the primary “sender.”
57
(iv) “Promote”
Finally, a few commenters suggested that the Commission define broadly the term
“promote” in the Act’s definition of sender. They argued that a person “advertises” or
“promotes” the person’s “product, service, or Internet website” by appearing in the “from” line of
the message or simply by having the person’s name referenced in the email. Under this
58
interpretation, they argued, more persons could qualify as designated “senders” under the
proviso.See Charter (stating that the “from” line criterion “specifically accords with consumer
59
expectations.”).
In response to commenters seeking further guidance about whether a company’s non-
60
(continued...)
-23-
d. Response to Comments on the Definition of “Sender”
and Explanation of the Final Rule’s Definition of “Sender”
Having considered the comments on the proposed definition of “sender,” the Commission
adopts a modified version as its final Rule. These modifications mitigate the concerns of
marketers raised in the comments, recognize the benefits afforded by advertising by multiple
entities in a single email, conform more closely to the expectations of email recipients, and
continue to provide the CAN-SPAM protections contemplated by Congress. In summary, as
discussed below, the Commission retains the “from” line element in the proviso as a mandatory
element, drops the “controls the content” and “determines the electronic mail addresses to which
the message is sent” elements, and adds a requirement that the designated sender be in
compliance with certain provisions of the Act and Rules that apply to initiators.
In response to comments regarding the “from” line, the Commission found persuasive the
suggestions that the “sender” of a multi-marketer email should be the person identified in the
“from” line of the message. The Commission agrees that a rule that uses the “from” line as the
sole determinant of the sender in a multi-marketer email would be straightforward for marketers
to follow and is the single most helpful element of an email to enable recipients to identify the
sender of the email. A designated “sender” for purposes of a multi-marketer email must, in
59
addition to meeting the other requirements listed below, include its non-deceptive name, trade
name, product, or service in the “from” line of the email.
60(...continued)
60
deceptive product or service names can be used in the “from” line, the Commission responds as
follows. CAN-SPAM provides that “a ‘from’ line . . . that accurately identifies any person who
initiated the message shall not be considered materially false or misleading.” 15 U.S.C.
7704(a)(1)(B). The Commission believes that this does not mean that the “from” line necessarily
must contain the initiator’s formal or full legal name, but it does mean that it must give the
recipient enough information to know who is sending the message. Email senders should
consider their messages from their recipients’ perspective. If a reasonable recipient would be
confused by the “from” line identifier, the sender is not providing sufficient information. See
NPRM, 70 FR at 25431 (further discussing this issue).
See IAC.
61
See, e.g., Charter (“the Commission’s proposed definition is inadequate and
62
unworkable”); DoubleClick; Keyspan; MasterCard; NAIFA; SIIA.
-24-
And, under the final Rule, the designated sender must be “identified in the ‘from’ line as
the sole sender of the message” — if two or more senders appear in the “from” line, the multimarketer proviso would not be met.
On the second issue identified by commenters, the Commission has deleted the “controls
the content of such message” element from the proviso. Comments urging its removal were
persuasive, and comments that advocated clarification rather than removal revealed that retaining
this element would not serve to assist recipients in identifying or confirming the sender of a
multi-marketer message. By its nature, a multi-marketer message promotes more than one
company’s content, and thus more than one company controls its content in at least some way.
61
Modifying the criterion to require “overall” control of the content would simply add further
nuance and complication and make enforcement difficult. Deleting this criterion will make the
proviso more practicable for legitimate marketers to designate a single “sender” while preserving
for email recipients the protections of CAN-SPAM. Under the final Rule, therefore, a non-
62-25-
designated sender under the multi-marketer proviso will not have “sender” liability just because
it controls its own advertising copy, including its trademarks and legal disclosures, or reviews
other marketers’ content to ensure the absence of objectionable material in proximity to its own
brand.
The Commission has deleted the third element discussed by commenters that required
that the designated “sender” of a multi-marketer email determine the email address to which such
message will be sent. The NPRM rationale for this element was to ensure that the designated
sender had the ability to process opt-out requests. The Commission is now convinced that
requiring the designated sender to determine recipient email addresses would serve little, if any,
purpose. Under the Act, as a sender, the designated sender already must check to make sure that
none of the email recipients appears on its opt-out list. In a multi-marketer email, if the
designated sender receives a list of proposed email addresses from a non-designated sender, the
designated sender must scrub that list against its own opt-out list before sending the message to
the addresses on that list.
On the fourth and final issue raised by commenters, the Commission declines to make
any additional changes to the definition of “sender” proposed by the NPRM. Some commenters
suggested that the FTC define broadly the phrase “advertised or promoted” in the Act’s definition
of “sender,” so that more entities could qualify as “senders” under the multi-marketer proviso.
The Commission believes that the definition of a “sender” should be based on consumer
expectations. If a reasonable consumer would not believe that a person’s product, service, or
website were “advertised or promoted” in the message, then that person does not qualify as aBy analogy, another definition in the Act, that of a “commercial electronic mail
63
message,” states that

[t]he inclusion of a reference to a commercial entity or a link to the web
site of a commercial entity in an electronic mail message does not, by
itself, cause such message to be treated as a commercial electronic mail
message for purposes of this chapter if the contents or circumstances of the
message indicate a primary purpose other than commercial advertisement
or promotion of a commercial product or service.
15 U.S.C. 7702(2)(D).
At least one commenter suggested that the proviso could be subject to abuse. See
64
Adknowledge (suggesting that to avoid abusive practices, the proposed regulation explicitly
should state that a “person” must be a “bona fide business entity” because “spammers continually
change the name of the originating entity along with header or other information, or consider a
mere email address list as a ‘business entity.’”).
See, e.g., FTC v. Phoenix Avatar, 2004-2 Trade Cas. (CCH) ¶ 74,507 (N.D. Ill. Jul. 30,
65
2004) (order granting preliminary injunction); FTC v. Opt-in Global, No. 05-cv-1502 (N.D. Cal.
filed Apr. 12, 2005) (final order entered Apr. 6, 2006); FTC v. Dugger, No. CV-06-0078 (D.
Ariz. filed Jan. 9, 2006) (final order entered Jul. 31, 2006).
-26-
“sender.” The Commission believes that the meaning of “advertised or promoted” is clear and
broadly understood.
63
Lastly, based on its law enforcement experience, the Commission recognizes that
illegitimate marketers may attempt to use the proviso to escape liability under CAN-SPAM.
Both CAN-SPAM’s definition of “initiator” and the final Rule’s revised definition of “sender”
substantially reduce the likelihood of such abuse. First, marketers in a single email message
64
who are not designated senders are still “initiators” under CAN-SPAM and liable under any of
the provisions that apply to initiators, such as the prohibition against use of deceptive headers
and subject lines and the requirement to include an opt-out link. Second, the final Rule’s
65
definition of “sender” requires that the designated “sender” be in compliance with certainSection 7704(a)(1) of the Act prohibits initiation of an email that contains false or
66
misleading transmission information, and section 7704(a)(2) prohibits initiation of an email with
a deceptive subject heading. Section 7704(a)(3)(A)(i) requires an initiator to include a
“functioning return electronic mail address or other Internet-based mechanism, clearly and
conspicuously displayed, that a recipient may use to submit . . . a reply electronic mail message
or other form of Internet-based communication requesting not to receive future commercial
electronic mail messages from [the] sender [responsible for the initial commercial message].”
Section 7704(a)(5)(A) of the Act requires that an initiator “provide clear and conspicuous
identification that the message is an advertisement or solicitation, clear and conspicuous notice of
the opportunity . . . to decline to receive further commercial electronic mail messages from the
sender, and a valid physical postal address of the sender.” Finally, 16 CFR 316.4, the Sexually
Explicit Labeling Rule, imposes certain requirements on a message that includes sexually
oriented material, including the 19 characters “SEXUALLY EXPLICIT: ” at the beginning of the
subject header of the message.
Of course, it should be noted that the proviso in no way relieves non-designated senders
67
of liability for ensuring that their own advertising complies with the FTC Act.
-27-
initiator provisions of the Act: 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C.
7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. The proviso states that if the
66
designated sender does not comply with these five “initiator” responsibilities, all the marketers
will be liable as senders (and not just initiators) under the Act because the proviso will not apply.
By requiring the designated sender to comply with these provisions of law, the other marketers
using a single email message must ensure that the entity that is the designated “sender” complies
with the Act and the Commission’s rules. Otherwise, the other marketers using the email risk
losing the protections provided by the proviso and each will be a “sender” of the message. The
final Rule, therefore, provides senders of multi-marketer emails a method of reducing the
burdens associated with multiple opt-out links and postal addresses while guarding against
possible abuse. Nonetheless, if the Commission finds such abuse through the operation of the
proviso, it will reconsider whether the final Rule is justified under the Act.
6770 FR at 25450.
68
See FNB; Jumpstart; Lashback; Schnell; SIA (list providers play a role “similar to that
69
of a telephone directory service,” are neither “advertising or promoting their products and
services,” nor “initiating the email,” and accordingly “do not come within the definition of
‘sender’ under the CAN-SPAM Act.”).
See, e.g., Unsub.
70
-28-
e. List Owners
In the NPRM, the Commission asked whether under CAN-SPAM, third-party list
providers who do nothing more than provide a list of names to whom others send commercial
emails could be required to honor opt-out requests. Specifically, the NPRM asked whether
68
such list providers could satisfy the statutory definition of sender, i.e., a person that both initiates
a message and advertises its product, service, or website in the message.
Some commenters opposed extending opt-out responsibilities to third-party list providers
because it would be contrary to congressional intent, difficult to implement and monitor, and
would impose administrative costs and complexity for legitimate list providers and email
marketers. Although the NPRM asked about list owners who have no other involvement in the
69
message besides providing a list of names to others, commenters discussed other list rental
arrangements in which both the marketer and the list owner have some degree of control over the
content of the message. In those cases, list owners typically do not have control over the
70
specific creative content within an advertisement, but they can approve or disapprove an
advertisement for delivery to email addresses on their lists. See Adknowledge; EPIC.
71
See, e.g., ESPC.
72
See, e.g., Adknowledge; Baker; ESPC; cf. Microsoft (arguing that it should constitute a
73
deceptive trade practice for a list owner to fail to identify itself and the role that it plays in
sending the message, that its identification would be considered advertising or promoting its
services, and thus that the list owner would meet the definition of “sender” and have CANSPAM liability); Adknowledge (proposing that the Commission make it “mandatory for list
owners to advertise or promote themselves in each email message they transmit”).
-29-
On the other hand, two commenters argued in favor of extending opt-out obligations to
third-party list providers. Some of these commenters thought the Commission should clarify
71
that in such situations the list owner exercises fundamental “control” of the content of the
message for purposes of the then-proposed regulatory definition of “sender.” Other
72
commenters urged the Commission to adopt the position that a list owner would be considered a
sender if the list owner “advertises or promotes” its services merely by being referenced in the
“from” line or in the message itself, thereby making it responsible for the opt-out function and
other CAN-SPAM compliance.
73
Because of the variety of situations in which a list owner might be involved in a
commercial email, and because none of the commenters provided a workable mechanism for all
of these situations, the Commission is persuaded that amending the rules under CAN-SPAM to
create a specific provision for list owners is not feasible.
The Commission finds that a list owner must honor opt-out requests only if it qualifies as
the “sender” of a commercial email (i.e., it is an initiator and its “product, service, or Internet
web site” are “advertised or promoted” in the email). And, if it does qualify as a “sender,” it may
avail itself of the multi-marketer proviso added to the definition of sender in the final Rule.70 FR at 25450.
74
70 FR at 25428 n.23. According to IAC, in a typical affiliate program, a marketer enters
75
an arrangement with an affiliate to pay the affiliate for referrals to its website. The affiliate can
employ a variety of methods to direct consumers to the marketer’s website, including email
messages. The affiliate sends email messages containing an advertisement promoting the
marketer’s goods or services and a hypertext link to visit the marketer’s website directly from the
email message (either as a direct link or through the affiliate’s link, which redirects the recipient
to the marketer’s website). If a recipient of the email uses this link to visit the marketer’s
website, the marketer logs the visit as attributable to the affiliate’s email. Depending on the
arrangement between the marketer and the affiliate, the marketer will pay the affiliate a
prescribed amount either for the visit (also known as a “click through”) or for a completed sale,
or both. IAC states in its comments that it has thousands of affiliates. For Expedia, one of IAC’s
websites, however, the majority of the sales from the affiliate program are generated by a
relatively small number of productive affiliates.
-30-
f. Safe Harbor for Email Messages Sent By Affiliates
In the NPRM, the Commission asked whether it should adopt a “safe harbor” with respect
to opt-out and other obligations for a sender whose product, service, or website is advertised by
affiliates or other third parties. Moreover, the Commission sought guidance on the criteria for a
safe harbor.
74
Although the Act does not provide a definition of “affiliate,” the Commission noted in the
NPRM that “affiliates” are induced to send commercial email messages by sellers seeking to
drive traffic to their websites, and that sellers generally pay affiliates based on the number of
individuals who, directed by the affiliates, ultimately visit the seller’s website and/or purchase
the seller’s product or service.
75
Before turning to the issue of whether a safe harbor is appropriate to shield marketers
from liability for CAN-SPAM violations of affiliates, two preliminary questions must be
considered. First, is the marketer who uses an affiliate an “initiator” under the final Rule? 15 U.S.C. 7702(9).
76
15 U.S.C. 7702(12) (emphasis added).
77
See IAC (arguing that affiliates are not “hired” to do anything, but are “simply paid a
78
small fee for referrals,” and that the affiliate emails are “created and transmitted entirely at the
discretion of the affiliate.”); Unsub (arguing that the payment structure does not differ from a
company renting a mailing list from a third party).
-31-
Second, in scenarios where a marketer uses an affiliate, what is the impact of the final Rule on
the status of both the marketer and the affiliate as “senders”?
With regard to whether a marketer that uses affiliates is an “initiator,” under the Act, a
person is an “initiator” if the person originates, transmits, or “procure[s] the origination or
transmission of” a message. In the typical affiliate marketing scenario, the affiliate originates
76
and transmits the message, and is therefore an initiator. The marketer, however, does not
originate or transmit the message, but does “procure” the origination of the message. The Act
defines “procure” as “intentionally to pay or provide other consideration to, or induce, another
person to initiate[]a message on one’s behalf.” A few commenters argued that a marketer does
77
not actually “initiate” an email message if it does not provide consideration to an affiliate for
each message, because it provides consideration to the affiliate for visits to its website or
completed sales made as a result of the affiliate’s email messages. According to this argument,
78
in these circumstances, the marketer pays consideration for the referral, but not for the message
itself.
The Commission believes that this interpretation is too narrow. By agreeing in advance
to pay an affiliate for sales to persons who come to a marketer’s website as a result of an
affiliate’s referral, a seller or marketer creates an inducement for the affiliate to originate orIn either case, both the affiliate and the marketer are “initiators” under the Act.
79
See, e.g., Amin; Jumpstart; LashBack; Schaefer; Unsub; VFCU.
80
-32-
transmit commercial email messages to the public. In the language of the Act, the seller induces
another person — the affiliate — to initiate messages on the seller’s behalf.
With regard to the second question, in the typical affiliate program, the marketer is a
“sender” because its product, service, or website is promoted in the email message, and the
affiliate is only an “initiator.” It is only when the affiliate promotes its own product, service, or
website along with that of the marketer that the affiliate is also a “sender” under the Act. In such
a case, under the final Rule, the affiliate may serve as the designated sender, provided that it is
listed in the “from” line of the message and is in compliance with 15 U.S.C. 7704(a)(1), 15
U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. If,
however, the affiliate promotes its own product, service, or website in addition to that of the
marketer, but does not comply with the designated sender requirements in the final Rule, then
both the affiliate and the marketer are liable as “senders” under the final Rule.
79
A “safe harbor” would absolve a marketer of initiator liability (or of sender liability if the
affiliate is not the designated sender under the final Rule) if the marketer takes prescribed steps
to ensure that the affiliate complies with CAN-SPAM. Those who commented on this issue were
split on whether the Commission should adopt a safe harbor for CAN-SPAM liability for
marketers whose products are promoted by affiliates or other third parties. Those opposed to a
safe harbor stated that it would allow marketers to circumvent CAN-SPAM requirements.
80
Those in favor of a safe harbor stated that it would: (1) provide clarity to marketers that practiceSee e.g., AeA; ARDA; ERA LashBack; MPAA; NADA.
81
See ESPC (noting that it is “generally supportive of safe harbor programs” and “would
82
be very interested in further discussion of such programs”); SIIA (making a “preliminary
proposal”); Visa (“such a safe harbor could be based on examples demonstrating relationships
that do not result in control of content or email addresses.”); Wahmpreneur (suggesting a safe
harbor that would apply to permission-based marketing).
See IAC.
83
See id.
84
See id.
85
See id.
86
-33-
due diligence when selecting third-party email marketers; (2) encourage marketers to maintain
reasonable practices and procedures to prevent violations of CAN-SPAM; and (3) effectuate
congressional intent.
81
Many online businesses advocated the adoption of a safe harbor in principle, but only a
82
fraction of those commenters suggested specific components to the safe harbor. Those
suggestions included the following requirements: (1) that the contract between the marketer and
the affiliate specifically require the affiliate to comply with CAN-SPAM; (2) that the affiliate
83
periodically certify that it complies with CAN-SPAM; (3) that the marketer provide the affiliate
84
with written guidelines on how to comply with CAN-SPAM; (4) that the marketer maintain
85
additional reasonable procedures to determine whether the affiliates are complying with CANSPAM; (5) that a marketer comply with its privacy policy relating to the conduct of third parties
86See SIIA; ACLI.
87
See IAC.
88
-34-
sending email messages on its behalf; and (6) that a marketer have “flexibility to determine
87
what procedures are reasonable.”
88
After considering all the comments submitted and in the light of the changes to the Rule’s
definition of “sender” for multi-marketer messages as well as its law enforcement experience, the
Commission has decided against creation at this time of a “safe harbor” for companies whose
products, services, or website are advertised by affiliates or other third parties. First, the requisite
criteria for a safe harbor have not been articulated clearly. Second, email marketing models
continue to evolve, and there may not be enough transparency in email marketing to support a
safe harbor.
The Commission believes that the final Rule’s definition of “sender” gives marketers the
necessary flexibility to market their products using email on their own or in conjunction with
other parties while at the same time preserving the protections afforded to consumers by CANSPAM. If, after marketers have had the opportunity to conduct business under the “sender”
definition in the final Rule, concerns about the necessity of a safe harbor persist, the Commission
can reconsider this issue.
g. Messages Sent to Members of Online Groups
The NPRM asked whether CAN-SPAM should apply to email messages sent to members
of online groups. According to ESPC, online groups are also known as discussion lists, list
servs, mailing lists, and chat groups. They often constitute communities engaging in bothSee ESPC.
89
See ESPC.
90
See ESPC; NAEDA; PCIAA; Schnell.
91
-35-
commercial and non-commercial speech via email. Many such lists are volunteer efforts, but
their messages sometimes include commercial content. Lists can be fee-based or free.
89
Generally discussion groups are permission-based, that is, “opt-in.” Those lists that are
free to join often include advertising in messages sent to subscribers, either with or without
content relating to the purpose of the group. Depending on the type of discussion group,
different individuals may be able to send messages to the entire group. In some groups, any
member may send a message; in other groups, only the moderator or list owner may send
messages; in still other groups, anyone may send a message, but the message must be approved
by a moderator. It is rare for mailing list software to allow subscribers to choose the senders
from whom they want to receive messages. In other words, they opt to receive all messages in
the discussion group or none at all.
90
Four commenters stated that they believe online groups should not be subject to CANSPAM. They felt that compliance with CAN-SPAM would be too burdensome for unpaid list
91
moderators and might cause them to cease operations, potentially chilling free speech. ESPC
argued that email service providers that host mailing list services generally are considered to be
engaged in routine conveyance under the Act, taking them outside the definition of initiatorThe Commission notes, however, that CAN-SPAM defines “routine conveyance” as
92
requiring an “automatic technical process.” 15 U.S.C. 7702(15). Thus, if a list moderator is
manually forwarding messages to the group on behalf of group members, the moderator would
not be engaged in “routine conveyance.” See also infra Part II.A.5 (discussing “routine
conveyance” in connection with forward-to-a-“friend” emails).
See Jumpstart.
93
Most of the Act’s requirements apply to an email only if it is a “commercial electronic
94
mail message,” which is defined as an email “the primary purpose of which is the commercial
advertisement or promotion of a commercial product or service (including content on an Internet
web site operated for a commercial purpose).” 15 U.S.C. 7702(2)(A). See also 16 CFR 316.3
(primary purpose rule).
See ESPC.
95
-36-
under the Act. ESPC also argued that most moderators also would be engaging in routine
conveyance when sending messages to the group on behalf of group members.
92
One commenter urged the Commission not to distinguish between email messages sent to
members of groups and email messages sent to recipients who are not members of groups. That
commenter stated that an exception from CAN-SPAM would give an unfair advantage to the
operators of online groups without compelling justification, and would create an incentive for
“group” status that would likely be exploited by aggressive marketers.
93
The Commission believes that CAN-SPAM compliance is not unduly burdensome for
online groups. Of course, in some cases, the primary purpose of emails sent by and to online
groups will not be commercial, and thus the Act will not apply. However, for those messages
94
with a primary purpose that is commercial, group members should be entitled to the benefits of
CAN-SPAM’s opt-out provisions. Indeed, best practices in the industry already require group
members to opt into listservs and provide straightforward mechanisms for opting out. The
95Section 7702(17)(A) of the Act defines a “transactional or relationship message” as “an
96
electronic mail message the primary purpose of which is —
(i) to facilitate, complete, or confirm a commercial transaction that the recipient has
previously agreed to enter into with the sender;
(ii) to provide warranty information, product recall information, or safety or security
information with respect to a commercial product or service used or purchased by
the recipient;
(iii) to provide —
(I) notification concerning a change in the terms and features of;
(II) notification of a change in the recipient’s standing or status with respect
to; or
(III) at regular periodic intervals, account balance information or other type of
account statement with respect to, a subscription, membership, account,
loan, or comparable ongoing commercial relationship involving the ongoing
purchase or use by the recipient of products or services offered by the sender;
(iv) to provide information directly related to an employment relationship or related
benefit plan in which the recipient is currently involved, participating, or enrolled;
or
(v) to deliver goods or services, including product updates or upgrades, that the
recipient is entitled to receive under the terms of a transaction that the recipient
has previously agreed to enter into with the sender.”
See supra n.94.
97
Section 7704(a)(1)’s prohibition on false or misleading transmission information applies
98
equally to “commercial electronic mail messages” and “transactional or relationship messages.”
Otherwise, CAN-SPAM’s prohibitions and requirements cover only “commercial electronic mail
messages.”
-37-
Commission, therefore, has determined not to exempt online groups from CAN-SPAM at this
time, but may reconsider the issue in the future should circumstances warrant.
3. Section 316.2(o) – Definition of
“Transactional or Relationship Message”
CAN-SPAM designates five broad categories of emails as “transactional or relationship
messages.” The Act excludes these messages from its definition of “commercial electronic
96
mail message,” and thus relieves them from most of the Act’s requirements and prohibitions.
97 9815 U.S.C. 7702(17)(B).
99
The NPRM asked whether there are any types of messages that erroneously fall outside
100
of the reach of the proposed Rule, and, if so, how such a shortcoming should be remedied. 70
FR at 25450. No commenters identified any such categories of messages. See, e.g., Discover
(stating that it was aware of no messages that fall outside the Rule that should be covered by it).
Accordingly, the Commission adopts no modification of the definition of “transactional or
relationship message” to accommodate any such categories of messages.
-38-
In the NPRM, the Commission proposed no modification to Rule 316.2(n), which incorporates
the Act’s definition of “transactional or relationship message” by reference. Under the Act, the
Commission can expand or contract the definition of “transactional or relationship message” only
if two conditions are met: (1) such modification is necessary to accommodate changes in email
technology or practices; and (2) such modification is necessary to “accomplish the purposes of
[the Act].” None of the 50 comments submitted on this issue demonstrated that an expansion
99
or contraction of the “transactional or relationship message” categories were necessary to
accommodate changes in email technology of practices. Accordingly, the final Rule leaves the
statutory definition unaltered. The NPRM also invited comment on a series of questions
100
concerning the application of the existing categories of “transactional or relationship messages”
to certain types of messages. The Commission has carefully reviewed these comments and
discusses its views on these issues below.
a. Legally Mandated Notices
In the NPRM, the Commission asked whether an email message that contains only a
“legally mandated notice” — i.e., communications mandated by state or federal law — should be70 FR at 25450.
101
See, e.g., ACA; CBA; FNB; NRF.
102
See FNB; KeySpan; Schnell; Wells Fargo; ESPC; BOA; ACA; DoubleClick, NRF,
103
HSBC; CBA; Discover; PCIAA.
See Discover; ESPC (arguing that legally mandated notices are either exempt from the
104
Act or transactional or relationship in nature, depending on the content and context of the
message in question); FNB; KeySpan (arguing that legally mandated notices should either be
exempt from the Act or that the Commission should create a new transactional or relationship
category for legally required notes); PCIAA (same); MPAA (arguing that messages containing
legally mandated notices are not “commercial electronic mail messages” provided that their
commercial content does not exceed the amount reasonably believed by the sender to be required
to meet the legal requirement prompting the message); Schnell (“[A]n e-mail message containing
only a legally mandated notice should have no standing in CAN-SPAM at all, other than perhaps
a routine conveyance. It is not a commercial e-mail message, and is not a transactional or
relationship message.”).
See DoubleClick; KeySpan; NRF.
105
See HSBC (arguing that such an email facilitates the commercial transaction into which
106
(continued...)
-39-
considered a “transactional or relationship message.” Commenters identified messages
101
mandated by the Truth in Lending Act, the Gramm-Leach-Bliley Act, and the USA PATRIOT
Act as well as messages concerning billing errors and changes in terms or account features as
examples of legally mandated notices.
102
All 13 commenters that addressed this issue opposed classifying messages that solely
contained legally mandated notices as “commercial electronic mail messages.” Commenters
103
were divided on whether such messages should be exempt from the Act, categorized under a
104
new definition of “transactional or relationship message,” or classified under one of the
105
existing, statutory categories of transactional or relationship emails, such as messages to facilitate
a commercial transaction that the parties have entered into (section 7702(17)(A)(i)) or
106(...continued)
106
the parties have entered).
See ACA; CBA; Wells Fargo; BOA.
107
KeySpan addressed the statutory standard by arguing that “[i]t has become common
108
practice for senders to email legally required notices to individuals who purchased the sender’s
products or services online.” The Commission, however, is not persuaded that this is a “change”
in email practices that has evolved since the passage of the Act.
16 CFR 316.3; see also NPRM, 70 FR at 25438.
109
-40-
messages to provide notification regarding a change in the terms and features of an account
(section 7702(17)(A)(iii)).
107
The Commission declines either to expand the definition of “transactional or relationship
message” to include legally mandated notices or to make a blanket determination that such
messages fall under one of the existing categories of transactional or relationship emails. Despite
the unanimity of opinion expressed in the comments that such notices should not be treated as
commercial in nature, none of the commenters demonstrated that expansion of the definition of
“transactional or relationship message” to include legally mandated notices was necessary to
accommodate changes in email technology or practices and to accomplish the purposes of the
Act. That said, the Commission believes that, in most cases, the types of legally mandated
108
notices described by the commenters likely would be categorized as transactional or relationship
messages. Such determinations, however, must be made on a case-by-case basis depending on
the specific content and context of such messages. Moreover, if a message providing a noncommercial legally mandated notice also includes commercial content, it should be evaluated
under the Commission’s primary purpose criteria as a dual purpose message.
109NPRM, 70 FR at 25450.
110
See NADA; Schnell; FNB; ESPC; DMA; NCTA; NNA; Charter; HSBC; CUNA;
111
KeySpan; PCIAA; VFCU. But see Discover (arguing that all debt collection emails should be
exempt from regulation under CAN-SPAM); ACA (arguing that “at most” debt collection emails
should be regulated as “transactional or relationship messages”).
See, e.g., DMA; ESPC; FNB; NCTA. But see Schnell (arguing that debt collection
112
emails from a third party should be considered commercial); Charter (arguing that debt collection
messages sent by third-party debt collectors would be neither “commercial” nor “transactional or
relationship” messages and thus would fall outside the scope of CAN-SPAM).
-41-
b. Debt Collection Emails
In the NPRM, the Commission invited comment on the Act’s application to debt
collection email messages, including messages sent by a third party on behalf of the seller from
whom the recipient purchased goods or services rather than by the seller itself. Nearly all of
110
the 15 commenters that addressed this issue urged that debt collection emails by a seller from
whom the consumer made a purchase should be considered transactional or relationship in
nature. Most of these commenters also stated that the same conclusion should apply to emails
111
sent by third-party debt collectors.
112
The Commission declines to modify the definition of “transactional or relationship
messages” to include an express provision addressing debt collection emails because there is no
evidence in the record that such a modification is necessary to accommodate new email
technology or practices. Such a modification is also unwarranted because debt collection
messages will usually qualify as “transactional or relationship messages” under the existing
definition of the term. The primary purpose of debt collection emails is not the “advertisement or
promotion of a commercial product or service,” and, therefore, they generally would not beCf. Telemarketing Sales Rule, 68 FR 4580, 4664 n.1020 (Jan. 29, 2003) (“[D]ebt
113
collection . . . activities are not covered by the [Telemarketing Sales Rule, 16 CFR 310] because
they are not ‘telemarketing’ — i.e., they are not calls made ‘to induce the purchase of goods or
services.’”). If a debt collection email also contains material advertising or promoting a
commercial product, service, or website, then it must be analyzed as a dual purpose message
under Rule 316.3.
Debt collection emails also must comply with other applicable federal and state laws.
114
Significantly, the Fair Debt Collection Practices Act, 15 U.S.C. 1601, et seq. (“FDCPA”),
imposes limitations on debt collectors’ communications with consumers and third parties.
Compliance with CAN-SPAM in no way excuses a debt collector from complying with the
FDCPA and other statutes and regulations affecting communications regarding debt collection.
See BSA (copyright infringement notices); SIA (research and opinion surveys).
115
-42-
“commercial electronic mail messages” under section 7702(2)(A) of CAN-SPAM. Rather,
113
debt collection emails from a seller from whom the consumers made a purchase are best
understood as “complet[ing] . . . a commercial transaction that the email recipient has previously
agreed to enter into with the sender,” and thus are “transactional or relationship messages” under
section 7702(17)(A)(i). Morever, the Commission agrees with the overwhelming majority of
commenters that the “sender” with whom the “recipient has previously agreed to enter into” a
commercial transaction can be interpreted to encompass a third party acting on behalf of a seller
from whom the consumer made a purchase. Thus, an email from a third party collecting on
114
behalf of a seller likely is a “transactional or relationship message.”
c. Copyright Infringement Notices and Market Research
Two business organizations urged the Commission to clarify that messages containing
copyright infringement notices or marketing and opinion research surveys are neither commercial
nor transactional or relationship in nature and thus are exempt from the Act. One of these
115
commenters further asserted that an email containing a copyright infringement notice that alsoSee BSA.
116
NPRM, 70 FR at 25433 n.85.
117
16 CFR 316.3.
118
-43-
provided information on how to obtain a legitimate, licensed version of the copyrighted material
in question would not fall within the scope of the Act. In the NPRM, the Commission
116
acknowledged that there may be messages that are neither “commercial electronic mail
messages” nor “transactional or relationship messages” as defined by the Act, and thus are not
addressed in CAN-SPAM. As a general matter, the Commission agrees that if a sender has
117
had no previous dealings with the recipient — thus lacking the predicate for a message to be
deemed “transactional” — and that sender’s messages contain only a copyright infringement
notice, the messages also are not primarily commercial in purpose and thus are not subject to the
requirements and prohibitions of CAN-SPAM. Nevertheless, where a copyright infringement
notice also contains information on how to obtain licensed versions of copyrighted materials,
evaluation under the Primary Purpose Rule provisions governing dual purpose messages may
lead to the conclusion that such messages are covered by CAN-SPAM. Likewise, emails
118
containing true opinion and research surveys may fall outside the scope of the Act, but to the
extent that any such message seeks to advertise or promote a brand, a company, or a product or
service to the recipient, it also may be primarily commercial in purpose, and therefore subject to
the Act’s requirements and prohibitions. -44-
d. Transactions that Do Not Involve
an Exchange of Consideration
The NPRM invited comment on the Act’s application to messages sent pursuant to a
relationship in which no consideration passes, such as messages from a “free” Internet service
(such as Evite or Shutterfly). No commenters provided any evidence of changes in email
practices or technology that would warrant modifying the definition of “transactional or
relationship message” specifically to address such messages. Indeed, as explained in the NPRM,
even without a Rule change, the existing definition of “transactional or relationship message”
includes two categories that could include messages sent pursuant to a relationship in which there
has been no exchange of consideration: section 7702(17)(A)(i), under which an electronic mail
message the primary purpose of which is to “facilitate, complete, or confirm a commercial
transaction [emphasis added] that the recipient has previously agreed to enter into with the
sender” is deemed transactional or relationship in nature; and section 7702(17)(A)(v), which
provides that an email the primary purpose of which is “to deliver goods or services, including
product updates or upgrades, that the recipient is entitled to receive under the terms of a
transaction [emphasis added] that the recipient has previously agreed to enter into with the
sender” also qualifies as transactional or relationship in nature. In the NPRM, the Commission
explained that it believed an email from a free Internet service to someone who has registered
with the service would be considered a message “to deliver goods or services * * * that the
recipient is entitled to receive under the terms of a transaction” under section 7702(17)(A)(v)NPRM, 70 FR at 25434.
119
See Discover; Jumpstart; Mattel; NFCU; NAR; NetCoalition; SIA; Schnell; United;
120
VFCU.
See Jumpstart; United. One commenter also suggested that to protect consumers, trial
121
memberships and other situations where consideration is not paid until a later time should be
considered commercial. See Schnell.
See ABM; NADA; PCIAA.
122
-45-
rather than a “commercial transaction” under section 7702(17)(A)(i) (emphasis added), but
sought comment on this question.
119
Ten of the 13 commenters that addressed this issue took the position that an email
message that is primarily for the purpose of facilitating, completing, or confirming a commercial
transaction with the sender previously agreed to by the recipient is “transactional” under section
7702(17)(A)(i), even when the transaction at issue involves no exchange of consideration. A
120
few of these commenters argued further that, in any event, many “free” Internet services do
involve an exchange of consideration; these commenters contended that agreeing to receive
commercial email or to view advertising, for example, constitutes consideration. Three
121
commenters argued that a “commercial transaction” under section 7702(17)(A)(i) must involve
an exchange of consideration.
122
The Commission continues to believe that in many cases it is unnecessary to reach the
question of whether registration with a “free” Internet service constitutes a “commercial
transaction” under section 7702(17)(A)(i) (emphasis added), because it is likely a “transaction”
under section 7702(17)(A)(v). That said, having reviewed the comments, the Commission has
been persuaded that the term “commercial transaction” in section 7702(17)(A)(i) can encompassThe NPRM stated that the Commission “believe[d] that the modifier ‘commercial’ has
123
been deliberately omitted from [section 7702(17)(A)(v)] of CAN–SPAM to accommodate just
the sort of scenario that IAC and Microsoft raise,” i.e., emails from free Internet services, like
Evite, to their members. 70 FR at 25434. Upon further reflection, the Commission has
concluded that a transaction between a free Internet website, such as Evite, and its
members — e.g., the transaction that occurs when a consumer registers at the website — can
reasonably constitute a “commercial transaction.”
As the Commission noted in the Primary Purpose Rulemaking, 70 FR at 3113, the
124
Random House College Dictionary defines “commercial” as “of, pertaining to, or characteristic
of commerce; engaged in commerce.” It defines “commerce” as “an interchange of goods or
commodities, especially on a large scale; trade; business.” RANDOM HOUSE COLLEGE
DICT IONARY 270 (Rev. ed. unabridged 1980). Likewise, the term “commerce” as defined in
section 4 of the FTC Act, 15 U.S.C. § 44, is broadly construed to include services that are
provided without charge where they include commercial advertising. See, e.g., Ford Motor Co.
v. FTC, 120 F.2d 175, 183 (6th Cir. 1971) (“Interstate commerce includes intercourse for the
purpose of trade which results in the passage of property, persons or messages from within one
state to within another state. All of those things which stimulate or decrease the flow of
commerce, although not directly in its stream, are essential adjuncts thereto . . . . The use of
advertising as an aid to the production and distribution of goods has been recognized so long as
to require only passing notice.”).
-46-
situations in which there has been no exchange of consideration between the sender and the
recipient. This is consistent with the Commission’s interpretation of the term “commercial
123
electronic mail message,” which, as defined in section 7707(2), includes an email the primary
purpose of which is the advertisement or promotion of a commercial product or service that is
free and does not involve the exchange of consideration so long as it is a “commercial product or
service (including content on an Internet website operated for a commercial purpose).” Many
free Internet services are undoubtedly engaged in “commerce” and offer consumers goods or
services that are “commercial” in nature whether or not they involve an exchange of
consideration.
124See NAEDA; Wahmpreneur; FNB; Wells Fargo; ESPC; NAFCU; NAIFA; CBA;
125
Discover; PCIAA; SIA. But see Schnell (arguing against application of section 7702(17)(A)(i) to
affiliated third parties).
See NAIFA; NAIDA; FNB; IAC (comments submitted in response to ANPR);
126
Wahmpreneur. For example, if a consumer purchases an airline ticket on a travel website like
Orbitz, a subsequent message from Orbitz or the airline (or both) “to facilitate, complete, or
confirm” the message will be a “transactional or relationship message” (or a dual purpose
message if there is additional content in the email). Likewise, an email from an insurance agent
(continued...)
-47-
e. Affiliated Third Parties Acting on Behalf
of a Person With Whom the Recipient Has
Previously Entered Into a Commercial Transaction
The NPRM invited comment concerning the application of the Act to messages sent by
affiliated third parties that are acting on behalf of an entity with whom a consumer has transacted
business. All but one of the dozen commenters addressing this issue argued that messages “to
facilitate, complete, or confirm a commercial transaction to which the recipient has previously
agreed” are generally “transactional or relationship messages” under section 7702(17)(A)(i)
regardless of whether the messages were transmitted by the entity with whom the consumer
transacted business or an affiliated third party acting on the business’s behalf.
125
Because there is no evidence of changes in email technology or practices that would
warrant amending the Rule expressly to address messages sent by affiliated third parties that are
acting on behalf of an entity with whom the recipient has done business, the Commission does
not make any modifications to the Rule concerning such messages. In addition, the Commission
notes that the examples provided by commenters (e.g., travel agents, insurance agents) are fairly
straightforward examples of types of messages that would likely qualify as a “transactional or
relationship message” under section 7702(17)(A)(i). The Commission, however, does not
126(...continued)
126
to a customer can qualify as transactional or relationship in nature notwithstanding the fact the
customer paid the premium to the insurer, not its agent.
NPRM, 70 FR at 25434, 25450.
127
See NADA; ARDA; FNB; Wells Fargo; BOA; Cendant; SIA; SIIA; CBA; MPAA;
128
KeySpan; Discover. See also Schnell (emails to effectuate or complete a negotiation should be
deemed transactional or relationship only if the recipient has a reasonable expectation that such a
negotiation will occur via email).
-48-
interpret this provision as necessarily covering every email message sent by an affiliated third
party. For example, if an affiliated third party were to market its own product, service, or
Internet website in an email message in which the affiliated third party is also facilitating or
completing a transaction on behalf of another vendor, then that message would contain both
commercial and transactional content, thus triggering analysis of the primary purpose of the dual
purpose message.
f. Messages Sent to Effectuate or Complete a
Negotiation
In the NPRM, the Commission asked under what circumstances an email sent to
effectuate or complete a negotiation should be considered a “transactional or relationship
message” under section 7702(17)(A)(i). Twelve of the 13 commenters addressing this issue
127
agreed that such messages should be deemed transactional or relationship messages or should fall
outside the scope of the Act.
128
The Commission declines to alter the definition of “transactional or relationship
message” to address communications for the purpose of effectuating or completing a negotiation
because of the lack of any evidence in the record that such a modification would be necessary toNPRM, 70 FR at 25434.
129
-49-
accommodate changes in email technology or practices and to further the purposes of the Act.
However, even without such a modification, the Commission continues to believe that, as it
stated in the NPRM, to the extent that negotiation may be considered a “commercial transaction”
that a recipient has previously agreed to enter into, such messages likely would be considered
transactional or relationship under section 7702(17)(A)(i) if they were sent to facilitate or
complete the negotiation. The Commission, however, does not interpret the term
129
“transactional or relationship message” to include an initial unsolicited message that proposes a
transaction and attempts to launch a negotiation by offering goods or services. Likewise, after a
party has terminated a negotiation, an email from the other party seeking to restart the
negotiations would not be a “transactional or relationship message.”
g. Messages in the Employment Context
In the NPRM, the Commission sought comment on the Act’s application to several types
of emails that arise in the employment context. Due to the lack of evidence in the record that
would satisfy the statutory standard for modifying the definition of “transactional or relationship
message,” the Commission does not adopt any provision in the final Rule concerning such
messages.
(i) Messages Concerning Employee Discounts
or Similar Messages
The NPRM asked whether it is appropriate to classify emails from employers offering
employee discounts or similar messages as communications that “provide information directlyId. at 25436, 25450.
130
Id. at 25450.
131
See Associations; NNA; CBA; NRF; NADA; FNB; MPA; SIIA; Coalition; MPAA;
132
KeySpan; Wells Fargo; BOA; ASTA; DoubleClick; Nextel.
See AeA; Discover; PCIAA; Schnell.
133
See, e.g., CBA (“The conclusion must be that an employer can send whatever message
134
it desires to an e-mail account that the employer owns and assigns the employee.”); NRF (“[If]
the company provides the e-mail account to the employee primarily for the employer’s benefit,
[then] the employer should be free to utilize its own proprietary network to send information to
its employees.”).
-50-
related to an employment relationship” under section 7702(17)(A)(iv). In addition, the
130
Commission asked whether it was relevant whether the employee’s email address to which the
message was sent had been assigned to the employee by the employer. All 20 commenters that
131
addressed this issue argued either that such messages should be considered “transactional or
relationship messages” under section 7702(17)(A)(iv) or that they are neither “commercial”
132
nor “transactional or relationship” messages and thus fall outside the scope of the Act. A
133
consistent theme in the comments was that an employer should be free to send whatever
information it wants to an email address that the employer owns and assigns to an employee.
134
In such circumstances, these commenters argued, the employer is both the “sender” and the
“recipient” under the Act.
The comments persuade the Commission that section 7702(17)(A)(iv) should be
interpreted to encompass messages that offer employee discounts from employers to email
accounts they have provided to their employees. Moreover, there is nothing in the legislative
history suggesting that such emails were of concern to Congress in enacting CAN-SPAM. The Commission, however, rejects the argument of some commenters that employees
135
should not be deemed “recipients” under the Act of such messages sent by their employers to
their employer-provided email addresses. See, e.g., BOA; CBA; Coalition; DoubleClick; DMA;
MPA; Wells Fargo. The Act broadly defines the “recipient” as an “authorized user of the
electronic mail address to which the message was sent or delivered” and does not require
ownership of the email address. 15 U.S.C. 7702(14) (emphasis added). Consequently,
employees are “recipients” of messages delivered to their workplace email accounts, whether
such emails were sent by their employers or another person.
See KeySpan; FNB; MPAA; PCIAA. But see Schnell (“commercial messages to
136
employees of a given employer that come from third parties should not be considered
transactional or relationship messages, and should be considered commercial under
(continued...)
-51-
Further, it seems unlikely that employers would inundate their employees’ workplace email
accounts with offers of employee discounts and the like and thereby divert their employees’
attention from their job responsibilities. Thus, because the definition of “transactional or
135
relationship message” is broad enough to encompass emails from employers to their employees
offering discounts, it is unnecessary to modify the definition to address such messages.
(ii) Messages From a Third Party on Behalf of
the Recipient’s Employer
In the NPRM, the Commission asked whether an email that “provide[s] information
directly related to an employment relationship or related benefit plan in which the recipient is
currently involved” and that would be a “transactional or relationship message” under section
7702(17)(A)(iv) if it were sent by the recipient’s employer would retain its transactional or
relationship character if sent by a third party acting on the employer’s behalf. Most of the
handful of commenters that addressed this question agreed with the Commission’s view that
messages sent by a third party on behalf of an employer should be considered transactional or
relationship in nature. The Commission reiterates its interpretation of section 7702(17)(A)(iv)
136(...continued)
136
CAN-SPAM”).
Nevertheless, the Commission’s interpretation does have its limits. For example, if a
137
third party were to market to a client company’s employees the third party’s own goods and
services on its own behalf, rather than on behalf of the client, those messages would not be
deemed “transactional or relationship messages” under section 7702(17)(A)(iv).
NPRM, 70 FR at 25436, 25450.
138
See FNB; KeySpan; Discover; MPAA.
139
-52-
as being sufficiently broad to allow an employer to retain a third party as its agent to send a
message to its employees that would otherwise fit within the confines of a “transactional or
relationship message.” Thus, because the definition of “transactional or relationship message”
137
is broad enough to include a message sent by the third-party agent of an employer to its
employees, provided the message would be considered transactional or relationship in nature if
sent by the employer itself, there is no need to modify the definition of “transactional or
relationship message” to address such messages.
(iii) Messages Sent After an Offer of Employment
is Tendered
In the NPRM, the Commission asked whether, for purposes of section 7702(17)(A)(iv) of
the Act, providing information directly related to an employment relationship should include
providing information related to such a relationship after an offer of employment is tendered, but
prior to the recipient’s acceptance of the job offer. The several commenters that addressed the
138
issue believed that such messages provide “information directly related to an employment
relationship” and thus are transactional and relationship in nature. None of the commenters
139
argued that prospective employees would be subject to unwanted commercial email messages15 U.S.C. 7702(2).
140
One commenter argued that section 7702(17)(A)(iv)’s exemption for employment-
141
related emails “does not go far enough” and that the final Rule should exempt “e-mails regarding
current or prospective job openings that are sent to individuals who are not currently employed
by the sender, and who are not charged any fees or other consideration in connection with any
current or prospective job.” ASA. As noted above, if such emails do not advertise or promote a
product or service, they are not commercial email messages and thus they fall outside the Act.
-53-
from their prospective employers between the time an offer of employment is made and the time
it is either accepted or rejected.
As an initial matter, the Commission notes that, where the primary purpose of an email
from an employer to a prospective employee is something other than the promotion or
advertisement of a commercial product or service, the message would not be subject to CANSPAM’s requirements for commercial email messages. Where, for example, a message
140
provides only information about a prospective employee’s salary and job responsibilities and
does not advertise or promote a commercial product or service, it is not a “commercial electronic
mail message” under the Act. Rather, an email sent to a prospective employee who has received
a bona fide offer of employment after actively seeking such employment would be considered
information “directly related to an employment relationship or related benefit plan” under section
7702(17)(A)(iv), provided the email concerned only the prospective employment relationship.
141
To the extent, however, that such messages included both information about the job offer and an
advertisement or promotion of a commercial product or service, e.g., an effort to induce the job
applicant to purchase the employer’s goods or services, then the message would be analyzed as a16 CFR 316.3.
142
NPRM, 70 FR at 25450.
143
See NADA; NAEDA; Wahmpreneur; ICC; MPAA; KeySpan; PCIAA; United; IPPC;
144
Jumpstart; NEPA; TimeWarner; DoubleClick; Mattel. See also NFCU (electronic newsletters
sent to a sender’s members should be entirely exempt from CAN-SPAM); Discover (arguing that
primary purpose of a newsletter delivered by email should be determined on a case-by-case
basis); Schnell (opining that consumer request for electronic newsletter or other content is not
determinative under CAN-SPAM); Sonnenschein (advocating a distinction between the “bona
fide transaction [in which a consumer] sign[s] up for a service or subscrib[es] to receive emails,
coupons, or electronic newsletters and the mere provision of affirmative consent to receive
commercial emails”).
See DoubleClick; MPAA; FNB.
145
-54-
dual purpose message under the Primary Purpose provisions of the Commission’s CAN-SPAM
Rules.
142
h. Electronic Newsletter Subscriptions and Other Content
that a Recipient is Entitled to Receive as a Result of a
Prior Transaction with the Sender
The NPRM asked “where a recipient has entered into a transaction with the sender that
entitles the recipient to receive future newsletters or other electronically delivered content, should
email messages the primary purpose of which is to deliver such products or services be deemed
transactional or relationship messages?” The commenters that addressed this issue generally
143
believed such emails were “transactional or relationship messages” under section
7702(17)(A)(v). Several commenters thought the Commission’s “primary purpose” rule
144
already addressed the issue and supported the position that transmission of a periodical delivered
via email “falls within one of the ‘transactional or relationship message’ categories.” In
145
addition, three commenters stressed that it is irrelevant whether electronic newsletters or other
content provided via subscription are entirely commercial in nature (e.g., a catalog), so long asSee NEPA; ICC; Sonnenschein.
146
See NPRM, 70 FR at 3118. Likewise, the Commission continues to believe that, as it
147
explained in the Primary Purpose Rulemaking, “if an email consists exclusively of commercial
content (such as a catalog or other content that is purely an advertisement or promotion), then the
email would be a single-purpose commercial message. This is because delivery of such
advertising or promotional content would not constitute the ‘delivery of goods or
services * * * that the recipient is entitled to receive under the terms of a transaction that the
recipient has previously agreed to enter into with the sender,’ under section 7702(17)(A)(v).” Id.
at 3118 n.91.
-55-
the content conforms to the consumer’s reasonable expectations about the material he or she has
requested.
146
The comments do not establish the statutory prerequisite to modifying the definition of
“transactional or relationship message” expressly to address electronic newsletters and other
content sent pursuant to a subscription. Specifically, there is no showing that such a
modification is necessary to accommodate changes in email technology or practices and to
accomplish the goals of the Act. Moreover, the Commission believes that the existing definition
of “transactional or relationship message” already adequately addresses such emails. In view of
the comments received on this issue, the Commission continues to believe, as it stated in the
Primary Purpose Rulemaking, that when a recipient subscribes to a periodical delivered via
email, transmission of that periodical to that recipient falls within section 7702(17)(A)(v), which
includes “goods or services . . . that the recipient is entitled to receive under the terms of a
transaction that the recipient has previously agreed to enter into with the sender,” provided the
periodical consists exclusively of informational content or combines informational and
commercial content. On the other hand, when a sender delivers an unsolicited newsletter or
147
other periodical via email, and there is no subscription, the situation is materially different forId. at 25438 n.137, 25450. For the most part, commenters described “business
148
relationship messages” as arising in the context of business-to-business communications, rather
than communications with individual consumers. See, e.g., BOA (“For example, in the first
mortgage business, e-mails are sent to brokers to inform them up-to-the minute information
about current mortgage rates.”); CBA (“in the context of the equipment leasing industry, it is
typical for lenders to e-mail equipment vendors a rate sheet that describes the amount of interest
a lender would charge on a given piece of equipment”); Reed (“For example, our ad sales
personnel routinely contact current advertisers about upcoming issues of publications.”). But see
Cendant (interpreting “business relationship messages” to encompass messages from a business
to individual consumers with whom the sender has an existing business relationship).
See CBA.
149
-56-
purposes of CAN-SPAM than when such content is delivered with the consent of the recipient.
In such a scenario, the emails likely would not be “transactional or relationship messages” within
the meaning of the Act.
i. “Business Relationship” Messages
The NPRM asked whether the Commission should expand the Act’s definition of
“transactional or relationship message” to include what some commenters call “business
relationship messages,” which are individualized messages sent from one employee of a
company to an individual recipient (or a small number of recipients) at another business. Or,
148
as one commenter described this type of message “one-to-one e-mail that is sent by employees in
the business-to-business context.” The nine commenters who addressed the issue of “business
149
relationship” messages all supported expanding the definition of “transactional or relationship
message” to include this type of email. Commenters did not claim that business relationship
messages are “commercial electronic mail messages” under the Act, but, rather, opined that if
such messages were deemed “commercial electronic messages,” they would face significant
administrative and technological burdens, because business email systems are not designed toSee, e.g., BOA; CBA; Wells Fargo; MPAA.
150
See BOA; CBA; Cendant; ESPC; ICC; KeySpan; MPAA; Reed; Wells Fargo.
151
15 U.S.C. 7704(a)(4)(B).
152
-57-
scrub each email sent by each employee against the business’s CAN-SPAM opt-out list. In
150
addition, commenters argued that such a requirement would interfere with legitimate practices
that are critical to business relationships and operations. To avoid any such potential
151
problems, the commenters urged the Commission to add a new category of “transactional or
relationship message” to cover business relationship messages.
None of the commenters, however, demonstrated changes in email technology or
practices that would warrant an express carve-out for business relationship messages. For
example, there is no evidence that the technological burdens that the commenters cite as a basis
for creating the exemption did not exist when the Act was passed in 2003. There is, therefore, an
insufficient evidentiary basis to modify the definition of “transactional or relationship message”
under the statutory standard. Thus, the Commission declines to add a “business relationship
message” category to the definition of “transactional or relationship.”
In any event, the commenters’ concerns about the impact of the Act on the ability of one
of their employees to send emails to a small number of employees at another company with
which they have a preexisting relationship may be overblown. For example, to the extent an
employee at one company provides affirmative consent to receive emails from an employee of
another company, or from that company in general, such consent overrides any prior opt-out
request. Consequently, when affirmative consent has been given, there is no need to “scrub”
152NPRM, 70 FR at 25450.
153
Id.
154
-58-
the email against the business’s CAN-SPAM opt-out list. Nevertheless, the recipient can always
opt out of receiving future emails from the sender, notwithstanding his or her prior affirmative
consent. As the Commission has previously observed, affirmative consent to receive commercial
emails from a sender does not eliminate the sender’s obligation to provide a functioning Internetbased mechanism to opt out of receiving future emails or any of the sender’s other obligations
under CAN-SPAM.
j. Messages from an Association to its Membership
In the NPRM, the Commission stated that it believes that email messages from an
association or membership entity to its members are likely “transactional or relationship
messages” under section 7702(17)(A)(v). The Commission inquired whether messages from
153
such senders to lapsed members should also be considered transactional or relationship under
section 7702(17)(A)(v), and whether messages to lapsed members should be considered
commercial electronic messages when they advertise or promote the membership entity. The
154
seven commenters that addressed this question argued that email messages to lapsed membersSee NAEDA; Independent; NAFCU; CUNA; Cendant; PCIAA; SIIA. In addition,
155
some commenters, while not responding to the NPRM’s inquiry about lapsed members,
addressed the question of the Act’s regulation of communications from an association to its
current members. See, e.g., Metz; SHRM; ABM; ARTBA; NAR; ACA; ASAE. As the
Commission explained in the NPRM, 70 FR at 25438, and reiterates here, messages from an
association to its membership are likely transactional or relationship in nature. The Commission
continues to believe, however, that there is no basis to expand the existing definition of
“transactional or relationship” to create an express exemption for such communications.
See NAEDA (arguing that messages to former members should be allowed and
156
considered transactional or relationship messages for a specific amount of time e.g., 180 days);
Independent (arguing that messages to former members are still “transactional or relationship
messages” rather than “commercial” messages for 12 months after membership lapses); Cendant
(membership entity should be able to contact members for 18 months after last transaction);
CUNA (arguing that contact may be made for a reasonable amount of time); PCIAA (stating that,
consistent with the Do-Not-Call Rules, an email message to a lapsed member should be
considered a “transactional or relationship message” for 90 days after the membership has
lapsed); VFCU (arguing that email messages to lapsed members should still be considered
transactional or relationship in nature if the purpose is related to administrative matters). See
also SIIA (arguing against a “per se approach” concerning an association’s communications with
lapsed members).
There are, of course, exceptions; for example, an email from a membership
157
organization to a lapsed member to obtain payment of a debt would be a “transactional or
relationship” message under section 7702(17)(a)(i), just as a debt collection email from nonmembership entity would be transactional and relationship in nature, as discussed above. See
supra Part II.A.3.b.
-59-
should be considered “transactional or relationship messages,” but most recommended limiting
155
the amount of time that such email messages may be sent to former members.
156
Under the existing definition of “transactional or relationship message” the Commission
believes that where a recipient is no longer a member of an organization, it is unlikely that
messages from the organization fall within any of the categories of “transactional or relationship
messages.” For example, a message that advertises or promotes the sale of a new or renewed
157
membership would be a “commercial electronic mail message” (or a dual purpose message to the-60-
extent it also includes non-commercial content). However, the Commission declines to modify
the definition of “transactional or relationship message” to include such emails. None of the
commenters offered any evidence that either such modification is necessary to accommodate
changes in email practices or technology or to accomplish the purposes of the Act, and thus the
statutory standard for amending the definition of “transactional or relationship message” is not
satisfied.
4. Section 316.2(p) — Definition of “Valid Physical Postal
Address”
Proposed Rule 316.2(p) clarified that a sender may comply with section
7704(a)(5)(A)(iii) of the Act — which requires inclusion in any commercial email message of the
sender’s “valid physical postal address” — by including in any commercial email message any of
the following: (1) the sender’s current street address; (2) a Post Office box the sender has
registered with the United States Postal Service; or (3) a private mailbox the sender has
registered with a commercial mail receiving agency (“CMRA”) that is established pursuant to
United States Postal Service regulations. A substantial majority of commenters supported the
proposed definition. In consideration of these comments, the Commission adopts as a final Rule
a modified version of the definition proposed in the NPRM. This modified definition allows for
the use of Post Office or private mailboxes, but clarifies that a sender must “accurately” register
such mailboxes pursuant to postal regulations to be considered a “valid physical postal address”
under the Act. Comments addressing the proposed definition are discussed in detail below.
In response to the NPRM, the Commission received 25 comments addressing the
definition of “valid physical postal address.” Of these, 18 commenters supported the definitionSee, e.g., ACLI; ACB; DMA; DoubleClick; NNA; SIA.
158
See Discover; Independent; NAR.
159
See HSBC; MasterCard.
160
See HSBC.
161
-61-
as proposed. Specifically, supporters noted that the proposed definition appropriately recognized
that many legitimate businesses, large and small alike, use Post Office boxes or private
mailboxes, and that allowing commercial email messages to disclose such a P.O. box or private
mailbox would provide flexibility and security to email marketers without compromising law
enforcement efforts. Other commenters, including small businesses and independent
158
contractors, supported the proposed definition because it recognizes the privacy and security
concerns of individuals who work from home or are fearful of publishing their street address for
other reasons.
159
Two additional commenters supported the Commission’s proposal that P.O. boxes and
private mailboxes be included under the definition of “valid physical postal address,” but
objected to the additional requirement that the sender be registered with the United States Postal
Service (“USPS”). Specifically, HSBC Bank Nevada (“HSBC”) and MasterCard suggested that
the definition be modified to allow for any address to which mail is delivered for a particular
sender, whether or not that sender is registered with the USPS. HSBC noted that several
160
affiliated companies often will receive mail at the same P.O. box, yet not all such companies may
be registered to use that box with the USPS, as the proposed definition would require. HSBC
161
and MasterCard argued that their proposed modifications would achieve the purposes of the ActSee HSBC; MasterCard.
162
Under USPS regulations, federal, state, or local government agencies may obtain postal
163
and private mailbox registrant information from the USPS upon written certification that such
information is required to perform the agency’s duties. 39 CFR 265.6(d)(4) & (d)(9). This is one
avenue that law enforcement can pursue in order to identify a sender that fails to comply with
CAN-SPAM.
See Domestic Mail Manual (“DMM”) 508.4.3.1(b) (other adult persons who receive
164
mail in the post office box of an individual box customer must be listed on Form 1093 and must
present two items of valid identification to the post office).
See DMM 508.4.3.1(c) (requiring an organization’s employees or members who
165
receive mail at the organization’s postal box to be listed on Form 1093; each person must have
verifiable identification and present this identification to the Postal Service upon request) and PS
Form 1583 (if applicant is a firm, applicant must provide the name of each person whose mail is
to be delivered).
-62-
by providing consumers with a mechanism to contact senders other than by email. The
162
approach suggested by MasterCard and HSBC, however, does not take into account the other
important purpose of the valid physical postal address provision — that law enforcement
authorities be able to identify a sender using a given address, which would be difficult if not
impossible without registration of all mailbox users with the USPS.
163
Furthermore, USPS regulations require that anyone registering an individual P.O. box
identify the names of all persons authorized to receive mail at such address, and to provide two
forms of identification for each listed person. Similarly, with respect to “organization” P.O.
164
boxes or private mailboxes where the applicant is a “firm,” USPS regulations require any of the
organization’s members or employees who receive mail at such mailbox to be listed on the
requisite postal form. Thus, USPS regulations specifically require that anyone receiving mail
165
at a given address be registered with the USPS. See CUNA; NFCU; Sowell.
166
NPRM, 70 FR at 25439 (quoting SIIA).
167
See Kapecki.
168
-63-
Only five commenters opposed the Commission’s proposed definition of “valid physical
postal address.” Three of these commenters felt that P.O. boxes and private mailboxes should
not be included in the proposed definition because they are often used in fraud schemes as a way
to shield their owners from identification. The Commission previously addressed this
166
argument in the NPRM, noting that “‘[a]n individual or entity seeking to evade identification can
just as easily use inaccurate street addresses’ as hide behind a Post Office box or private
mailbox.” No commenters provided any information to refute this statement.
167
One consumer commenter opposing the proposed definition suggested that P.O. boxes
have proven insufficient as a means of contacting senders that fail to honor opt-out requests.
168
The Commission, however, has no evidence to suggest that certain senders are difficult to contact
because of the fact that those senders have provided P.O. boxes or private mailboxes as their
contact addresses. It is more likely the case that such senders are unscrupulous and have either
provided a false or nonexistent address as a means of evading identification, or simply do not
respond to consumer inquiries. In such instances, the Commission sees no added benefit to
requiring that senders provide a street address, which could just as easily be falsified or simply
disregarded.
Finally, ACUTA suggested that the Commission assess and evaluate the relevant postal
regulations to ensure that they adequately protect the interests of consumers and lawSee ACUTA.
169
See, e.g., DMM 508.1.9.2(a) (requiring applicants of private mailboxes to furnish two
170
forms of valid identification).
-64-
enforcement. Such evaluation, however, goes beyond the scope of this rulemaking
169
proceeding — especially when the Commission has no basis upon which to question the
effectiveness of the USPS regulations.
In consideration of all of these comments, the Commission adopts a modified definition
of “valid physical postal address.” In the final Rule, the Commission has modified slightly the
definition of “valid physical postal address” to clarify that a sender must “accurately” register a
P.O. box or private mailbox in compliance with these regulations. For example, if a sender
provides a P.O. box or private mailbox address in its commercial email message and is not
accurately identified on the applicable postal form, fails to provide two forms of valid
identification if required, or otherwise fails to comply with applicable USPS regulations, such
170
address would not be considered a “valid physical postal address” for purposes of the Act.
Accordingly, the Commission adopts final Rule 316.2(p), which provides that a “‘valid physical
postal address’ means the sender’s current street address, a Post Office box the sender has
accurately registered with the United States Postal Service, or a private mailbox the sender has
accurately registered with a commercial mail receiving agency that is established pursuant to
United States Postal Service regulations.” (Emphasis added.)15 U.S.C. 7702(16)(A).
171
-65-
5. Applicability of the Act to
Forward-to-a-“Friend” Email Marketing Campaigns
In the NPRM, the Commission sought comment on CAN-SPAM’s impact on forward-toa-“friend” email — a type of commercial email that can take a variety of forms. In its most basic
form, a person (the “forwarder”) receives a commercial email message from a seller and forwards
the email message to another person (the “recipient”). Other scenarios include those in which a
seller’s web page enables visitors to the seller’s website to provide the email address of a person
to whom the seller should send a commercial email.
Due to the myriad forms of forward-to-a-“friend” email, CAN-SPAM’s applicability to
such messages is a highly fact specific inquiry. As explained below, the central question in this
analysis often will be whether the seller has “procured” the origination or transmission of the
forwarded message.
a. Background
In the NPRM, the Commission discussed the interplay of multiple definitions in CANSPAM and their relevance in analyzing the Act’s applicability to forward-to-a-“friend” emails.
The Commission began its analysis by examining CAN-SPAM’s definition of “sender” which
the Act defines to mean “a person who initiates [a commercial electronic mail] message and
whose product, service, or Internet web site is advertised or promoted by the message.” Thus,
171
to be a “sender,” a seller must be both an “initiator” of the message and have its product, service,
or Internet website advertised or promoted by the message.15 U.S.C. 7702(9).
172
The NPRM indicated that to “intentionally induce” the initiation of a commercial email
173
a “seller must make an explicit statement that is designed to urge another to forward the
message.” 70 FR 25441.
For instance, the Commission posited that a seller would induce a message (and
174
therefore “procure” the initiation of a message) if, without offering to provide a forwarder with
any consideration, its web-based forwarding mechanism urged visitors to “Tell-A-Friend – Help
spread the word by forwarding this message to friends! To share this message with a friend or
colleague, click to the ‘Forward E-mail button.’” NPRM, 70 FR at 25441 n.178.
-66-
A forward-to-a-“friend” email will ordinarily advertise a seller’s product, service, or
website. Thus, the NPRM focused on whether a seller would meet CAN-SPAM’s definition of
“initiate.” The Act defines “initiate” to mean “to originate or transmit such message or to
procure the origination or transmission of such message, but shall not include actions that
constitute routine conveyance of such message.”
172
In the NPRM, the Commission then examined the meaning of the term “procure” and
concluded that a seller “procures” an email by either: (1) providing a forwarder with
consideration (such as money, coupons, discounts, awards, additional entries in sweepstakes, or
the like) in exchange for forwarding the message, or (2) intentionally inducing the initiation of a
commercial email through an affirmative act or an explicit statement that is “designed to urge
another to forward the message.” Thus, the Commission opined that CAN-SPAM’s inclusion
173
of the word “induce” in the definition of “procure,” meant that a seller could “procure” the
initiation of a message without offering to provide a forwarder with any consideration if it
exhorted visitors to its website to forward a message.
174Id. at 25441-42.
175
-67-
Finally, the Commission concluded by stating that a seller who offered a web-based
“click-here-to-forward” mechanism, but did not exhort visitors to forward a message or offer to
pay or provide other consideration in exchange for forwarding the message, would be engaged in
the “routine conveyance” of the message and therefore not be an “initiator” of the message.
175
b. Comments Received in Response to the NPRM
The Commission received more than forty comments concerning forward-to-a-“friend”
emails. Some of these comments asserted that: (1) forward-to-a-“friend” messages are not
“commercial electronic mail messages”; (2) most marketers whose products, services, or website
are promoted by a forward-to-a-“friend” message are engaged in “routine conveyance”; (3) the
Commission’s view of “routine conveyance” was unduly narrow; (4) forward-to-a-“friend”
emails sent through a seller’s web-based mechanism should be treated the same as emails that the
seller sends to a forwarder who then forwards the messages to a recipient; (5) making CANSPAM’s applicability hinge on whether a seller offered to pay a forwarder consideration was
contrary to the language and purpose of the Act; (6) sweeping forward-to-a-“friend” messages
into CAN-SPAM would impose high compliance burdens for sellers. Each cluster of comments
is elaborated upon below.
First, some commenters opined that the most relevant inquiry in a forward-to-a-“friend”
scenario is whether the primary purpose of the forwarded message is “commercial.” If theSee CBA; DMA; HSBC; Wells Fargo. Section 316.3 of the Rule defines the “primary
176
purpose” test for commercial email. 16 CFR 316.3.
See, e.g., Microsoft.
177
See, e.g., AeA; Charter; ePrize; ERA; Independent; MPA; Masterfoods; Mattel;
178
Microsoft; OPA; PMA.
See AeA; ePrize; ERA; MPAA; MPA; Masterfoods; Mattel; Microsoft; NCTA;
179
NetCoalition; OPA; PMA; SIIA; Wells Fargo. But see Metz (“A company that sends a
commercial e-mail and provides a website for forwarding that e-mail is not simply engaging in
‘routine conveyance’; the message that it is conveying is its own.”).
See, e.g., ERA; ePrize; MPA; Microsoft (“a message may be induced or procured but
180
still fall within the routine conveyance exception to the Act’s definition of ‘initiate’”); NAIFA;
PMA; SIIA.
-68-
message’s primary purpose is not “commercial” (and it is not a “transactional or relationship
message”), CAN-SPAM does not apply.
176
Second, a handful of commenters asserted that the key factor in determining whether a
forward-to-a-“friend” message is covered by the Act should be whether the seller is engaged in
“routine conveyance.” These commenters argued that under section 7702(9) of the Act, any
177
person engaged in “routine conveyance” is necessarily not an “initiator,” and thus it is
unnecessary to inquire whether it “procured” the message in question.
Third, a number of commenters posited that the Commission’s understanding of what
constitutes “routine conveyance” was unduly narrow. Many commenters opined that all, or
178
almost all, forward-to-a-“friend” mechanisms constitute “routine conveyance.” Some
179
commenters argued that under the Act’s definition of “initiate,” whether a company pays
consideration or otherwise induces a person to forward an email is irrelevant to whether the
company is engaged in “routine conveyance.” The majority of commenters, however,
180See ACLI; BOA; Charter; CBA; Discover; MasterCard; MPAA; NRF; NetCoalition;
181
OPA; Time Warner.
For comments arguing that a company could be engaged in routine conveyance
182
notwithstanding its offer of sweepstakes entries, coupons, discounts, “points” and the like to
persons for forwarding an email, see, e.g., AeA; ERA; FNB; Mattel; Coalition; PMA; RIAA
(“[The] legislative history also casts doubt on whether Congress intended that the furnishing of
merely nominal consideration - for instance, ‘points’ to be accumulated toward the award of a
free CD or music download - would be enough to qualify as ‘procuring’ the forwarding of a
commercial e-mail. Surely when one company ‘hires’ another to carry out a commercial e-mail
campaign, much more than nominal consideration would be involved.”). For comments
expressing the view that an offer of sweepstakes entries, points, coupons, discounts and the like
in exchange for forwarding a message would render a company ineligible for the routine
conveyance exception, see, e.g., Charter; MPAA; NAA; NRF; OPA; Time Warner.
See, e.g., Charter; DMA.
183
-69-
expressed the view that a company that offers consideration to a person to send or forward an
email to another person is not engaged in “routine conveyance” under the Act. Within this
181
group, commenters were divided as to whether the offer of de minimis consideration, such as
coupons, sweepstakes entries, or points towards the purchase of a good or service, was sufficient
to render a company ineligible for the “routine conveyance” exception.
182
Fourth, many commenters also stated that web-based mechanisms for forwarding emails
should be treated no differently than the “forward” button on a typical email program. In these
183
email programs, the “sender” of the email, according to the commenters, is the person forwarding
the email.
Fifth, many of the commenters noted that making the offer of consideration the standard
for determining whether a forwarder “procured” the origination or transmission of a message or
engaged in “routine conveyance” would both be contrary to Congress’s intent in passing theSee AeA; Associations; Charter; CBA; DoubleClick; MasterCard; Microsoft; NAIFA;
184
NCTA; NetCoalition; PMA; RIAA; SIIA; Wells Fargo.
See Masterfoods; Mattel; Visa.
185
See Associations; BOA; Charter; CMOR; DMA; ERA; FNB; Jumpstart; MPAA;
186
MPA; Coalition; NRF; NetCoalition; RIAA; Wahmpreneur.
See AeA; Cendant; ePrize (there are substantial costs in building a software platform
187
that would allow scrubbing of names before using forwarding mechanism); MPAA (“It is
virtually impossible to meet the CAN-SPAM requirement that a company not send e-mail to
someone who has already opted out from its lists for Forward to a Friend, because the company
will never know the e-mail address of the recipient . . . . The company would need to put all such
e-mail in a queue and then compare the recipient’s e-mail address with its opt-out list, a
complicated and laborious process.”); Masterfoods; Mattel; NRF; NetCoalition; Wahmpreneur.
The Children’s Online Privacy Protection Rule (“COPPA”), 16 CFR Part 312,
188
establishes rules and guidelines to provide a more secure Internet experience for children and to
(continued...)
-70-
CAN-SPAM Act, and unnecessary because there is no evidence to suggest that Congress or
184
consumers viewed forward-to-a-“friend” messages as spam.
185
Finally, some commenters noted the compliance burdens that would result from the
inclusion of forward-to-a-“friend” emails in CAN-SPAM’s regulatory regime. According to
these commenters, once a person forwards an email using his or her own email program, the
original “sender” loses the ability to control the email message’s content and whether the
message retains its compliance with CAN-SPAM. Commenters also stated that it was very
186
difficult to check the names of recipients of forwarded messages against company opt-out lists.
187
Moreover, some commenters who operate websites directed to children opined that if they were
considered the “sender” of certain forwarded emails, they would have to honor opt-out requests
and maintain opt-out lists, which might cause conflicts with the Children’s Online Privacy
Protection Rule.
188(...continued)
188
protect them from unwanted invasions of privacy. As a result, operators of websites directed to
children have to follow specific rules on what personal information may or may not be gathered
from children. Section 312.5 of COPPA states: “An operator [of a website] is required to obtain
verifiable parental consent before any collection, use, and/or disclosure of personal information
from children . . . .” Two commenters, Masterfoods and Mattel, argued that the Commission’s
proposed application of “induce” would likely result in their being considered the “sender” of
emails “initiated” through their websites. They therefore argued that, under the Commission’s
analysis in the NPRM, they would be required to maintain an opt-out list, which would
undoubtedly contain personal information of children, and could thereby conflict with COPPA.
-71-
c. Commission Statement on Forward-to-a-“Friend” Emails
Whether a seller or forwarder is a “sender” or “initiator” is a highly fact specific inquiry.
Nonetheless, the application of the Act to a forward-to-a-“friend” message likely often will turn
on whether the seller has offered to pay or provide other consideration to the forwarder. Below,
the Commission expands upon its discussion contained in the NPRM by discussing the liability
of sellers in two common forms of forward-to-a-“friend” emails: (1) those sent using a webbased forwarding mechanism and (2) those forwarded using the forwarder’s own email program.
The Commission then discusses the potential liability CAN-SPAM imposes on consumers who
send forward-to-a-“friend” emails.
(i) Seller’s Liability in the Context of a Forwarding
Mechanism on a Seller’s Website
With a web-based mechanism, a seller’s website includes a button that enables a visitor to
the website to send an email advertising the seller’s product, service, or website. When the
visitor clicks on the button, the seller requests the recipient’s email address and often additional
information such as the visitor’s name and email address. The seller may also enable the visitor
to add text that will be included in the message sent to the recipient. Upon entering the15 U.S.C. 7702(16).
189
15 U.S.C. 7702(9).
190
15 U.S.C. 7702(15).
191
-72-
information, the visitor must press a “send” button for the message to be sent. The message will
be sent to the recipient via the seller’s or seller’s agent’s email server.
The starting point in analyzing CAN-SPAM’s applicability to forward-to-a-“friend”
messages is the language of the Act. A seller is a “sender” if it “initiates” the message and its
product, service, or Internet website is advertised or promoted in the message. Because the
189
message sent using the seller’s web-based mechanism will ordinarily advertise the seller’s
product, service, or website, the seller will be a “sender” if it “initiates” the message sent to the
recipient.
CAN-SPAM defines “initiate” to mean “to originate or transmit [a commercial email] or
to procure the origination or transmission of such message, but shall not include actions that
constitute routine conveyance of such message.” Thus, where a seller is involved solely in
190
“routine conveyance,” the seller will be exempt from the responsibilities of an “initiator” or a
“sender” under the Act. The Act defines “routine conveyance” to mean the “transmission,
routing, relaying, handling, or storing, through an automatic technical process, of an electronic
mail message for which another person has identified the recipients or provided the recipient
addresses.” The Act’s legislative history explains that a company engages in “routine
191
conveyance” when it “simply plays a technical role in transmitting or routing a message and isS. Rep. 108-102 at 15. The legislative history therefore makes clear that, if a seller
192
retains the email address of the person to whom the message is being forwarded for a reason
other than relaying the forwarded message (such as for use in future marketing efforts), the seller
would not fall within the routine conveyance exemption.
15 U.S.C. 7702(12).
193
70 FR at 25441.
194
-73-
not involved in coordinating the recipient addresses for the marketing appeal.” Thus, under the
192
web-based scenario described above, a seller that transmits a message through an automatic
technical process to an email address provided by a forwarder, absent more, is engaged in
“routine conveyance” and is exempt from liability under the Act.
However, under the Act, “routine conveyance” is narrowly circumscribed. Where the
seller goes beyond serving as a technical intermediary that transmits, routes, relays, handles, or
stores the email, the seller will be liable as the “initiator” and “sender” of the message forwarded
from its website. A seller who “procures” the origination or transmission of an email goes well
beyond the technical role of transmitting or routing the message.
CAN-SPAM defines “procure” to mean “intentionally to pay or provide other
consideration to, or induce another person to initiate [a commercial email] on one’s behalf.”
193
As explained in the NPRM, if a seller offers to “pay or provide other consideration” to a visitor
to its website in exchange for forwarding a commercial message, the seller will have “procured”
any such messages forwarded by the visitor. As noted in the NPRM, the term “consideration”
194
is not defined in the Act, but is generally understood to mean “something of value (such as anB LACK’S LAW DICT IONARY 300 (7th ed. 1999).
195
NPRM, 70 FR at 25441
196
Id.
197
Id.
198
Id.
199
-74-
act, a forbearance, or a return promise) received by a promisor from a promisee.” This
195
includes things of minimal value. Accordingly, a message has been “procured” if the seller
offers money, coupons, discounts, awards, additional entries in a sweepstakes, or the like in
exchange for forwarding a message. Even the offer to provide de minimis consideration takes
196
the seller beyond the mere “routine conveyance” of the forwarded message and into the
“procurement” of the forwarded message.
The definition of “procure,” however, does not merely cover those scenarios in which a
seller offers to pay or provide other consideration to a forwarder. A seller who “induces” another
person to initiate a commercial email will also fall within the definition of “procure.” The
NPRM explained that “to induce” is much broader than “to pay consideration.” While CANSPAM does not define the term “induce,” in the NPRM, the Commission applied the word’s
common definition: “to lead on to; to influence; to prevail on; to move by persuasion or
influence.” The Commission then opined that “to induce” did not require the transfer of
197
something of value. Rather, the Commission explained, “one must do something that is
198
designed to encourage or prompt the initiation of a commercial e-mail.” Thus, the
199
Commission stated that, “in order to ‘intentionally induce’ the initiation of a commercial email,
the sender must affirmatively act or make an explicit statement that is designed to urge another toId.
200
70 FR at 25441 n.178.
201
Id.
202
-75-
forward the message.” In addition, the Commission stated that whether a seller “induced” a
200
person to forward a message could hinge on the forcefulness of the language used by the seller.
201
The Commission believes that this description of “induce” in the NPRM is unduly narrow
and inconsistent with the statute’s text and purpose. First, “inducement” need not take the form
of an “explicit statement” or “affirmative act” specifically urging someone to send an email. The
word “induce” in the definition of “procure” simply makes clear that a seller may “procure” the
origination or transmission of a message even where it does not specifically pay or provide other
consideration to someone for sending an email. For instance, where a seller offers to pay or
provide consideration to someone in exchange for generating traffic to a website or for any form
of referrals, and such offer results in the forwarding of the seller’s email message, the seller will
have “induced,” and therefore “procured,” the forwarding of the seller’s email. Likewise, in an
affiliate program where the seller does not directly offer to pay a sub-affiliate in exchange for
generating web traffic or other referrals, the seller’s offer to pay the affiliate for generating web
traffic or other referrals will constitute “inducement” of emails sent by the sub-affiliate that
advertise the seller’s product, service, or website. Under each of these scenarios, the seller will
have “induced” the forwarding of an email and will have gone well beyond routine conveyance.
However, CAN-SPAM’s applicability should not rest on the specificity or forcefulness of
the language used by the seller, notwithstanding the suggestion to the contrary in the NPRM.
202We assume for purposes of this analysis that the email promotes or advertises the
203
seller’s product, service, or website.
15 U.S.C. 7702(9).
204
Id.
205
-76-
Accordingly, a seller’s use of language exhorting consumers to forward a message does not,
absent more, subject the seller to “sender” liability under the Act.
A seller, of course, is not prohibited from offering consideration to a visitor to its website
in exchange for forwarding a commercial message, or otherwise inducing the visitor to do so. If
it does, however, it will not be engaged in mere “routine conveyance” and must therefore comply
with CAN-SPAM’s requirements for a “sender.” For instance, the seller will need to ensure that
it does not forward a message to a recipient who has previously made an opt-out request and will
need to include in the message an opt-out mechanism.
(ii) Seller’s Liability for Email Forwarded
Using a Consumer’s Email Program
In the most basic forward-to-a-“friend” scenario, a seller sends a commercial email to a
consumer who then, using his or her own email program, forwards the message to a recipient.
203
Typically, the seller will have no liability under CAN-SPAM for the original recipient’s
forwarding of an email. It is only where the seller “initiates” the forwarding of the message that
it will be deemed the “sender” of the forwarded message under the Act. Again, the starting
204
point is the language of the Act, which defines “initiate” as “to originate or transmit [a
commercial email] or to procure the origination or transmission of such message, but shall not
include actions that constitute routine conveyance of such message.” In contrast to the web-
205
based scenario discussed above, the “routine conveyance” exemption has no applicability when a15 U.S.C. 7702(12).
206
As noted above, a number of commenters argued that complying with the Act’s
207
requirements when a consumer uses his or her own email program to forward the seller’s email is
impracticable for the seller. See Associations; BOA; Charter; CMOR; DMA; ERA; FNB;
Jumpstart; MPAA; MPA; Coalition; NRF; NetCoalition; RIAA; Wahmpreneur. However, it is
our understanding that marketing campaigns in which consideration is offered to consumers in
exchange for forwarding an email typically rely on the seller’s web-based forwarding
(continued...)
-77-
consumer forwards a message using his or her own email program, because the seller would not
be involved in the transmission, routing, relaying, or storage of the forwarded message. Nor is
the seller “originating” or “transmitting” the message in this scenario. The inquiry thus turns on
whether the seller has “procured” the forwarded message. The principles guiding the
determination of whether the seller has “procured” the forwarded message are the same here as
when the forwarding occurs through the seller’s website. Accordingly, if the seller “pays or
provides other consideration” to someone in exchange for forwarding the commercial message,
the seller will have “procured” the forwarding of the email. For the reasons explained above,
206
this is true regardless of the amount of the consideration offered; offering de minimis
consideration in the form of coupons, discounts, sweepstakes entries and the like in exchange for
forwarding a commercial email constitutes “procurement” of the forwarded message. Likewise,
if the seller “induces” the forwarding of the message — such as by offering payment in exchange
for generating traffic to a website — it will be an “initiator,” and thus also the “sender,” of the
forwarded message. In such a circumstance, the seller will be obligated to comply with CANSPAM’s requirements for a “sender,” such as ensuring that the forwarded message contains a
functioning opt-out mechanism and ensuring that email is not forwarded to someone who has
already opted out of receiving commercial emails from the seller.
207(...continued)
207
mechanism. In such circumstances, there is no reason the seller cannot fully comply with
CAN-SPAM.
-78-
(iii) Liability of a Consumer-Forwarder
The NPRM did not discuss the potential liability of a consumer who forwards a
commercial message via a seller’s web-based mechanism or using his or her own email program.
Such a consumer-forwarder would be an “initiator” under CAN-SPAM regardless of whether the
seller “procured” the message because, as explained above, the definition of “initiate” includes
the “origination” of a message and the consumer-forwarder would be the “originator” of the
message. Thus, while a seller who provided a web-based forwarding mechanism (and did not
“procure” the message) would be exempt from “initiator” or “seller” liability where it was
engaged in “routine conveyance,” the consumer-forwarder still would be an “initiator.”
Likewise, a consumer who forwarded a message using his or her own email program (and the
message was not “procured” by the seller) would be an “initiator” of the message, while the seller
would not be.
Thus, the Act’s terms result in an anomaly: a seller in such situations would be exempt
from liability under CAN-SPAM, but the consumer-forwarder would be required to comply with
CAN-SPAM’s “initiator” obligations. In other words, as “initiators,” ordinary consumers who,
without being offered any consideration or inducement, forward a commercial message using
either a seller’s web-based forwarding mechanism or their own email program, would be
required to provide recipients with a mechanism for opting out of receiving future commercial
emails from the “sender,” a clear and conspicuous disclosure that the message is an
advertisement or solicitation, a clear and conspicuous notice of the right to opt out of receiving70 FR at 3113.
208
For the same reason, even where consideration or inducement such as coupons,
209
discounts, awards, additional entries in sweepstakes is provided to the consumer-forwarder, the
consumer-forwarder is unlikely to be a target of enforcement (though the seller offering the
consideration or other inducement might be), absent indicia that the consumer-forwarder is, in
fact, acting akin to an affiliate marketer, for example.
-79-
commercial emails from the “sender,” and a clear and conspicuous disclosure of the “sender’s
physical address.” Yet, because the seller is not an “initiator,” there would be no “sender” of the
message under the Act.
The Commission believes that Congress did not intend to sweep into CAN-SPAM’s
regulatory scheme consumers who, without being offered any consideration or inducement for
doing so, use a seller’s web-based forwarding mechanism or their own email programs to send
isolated commercial email messages to recipients. Indeed, as the Commission recognized in
promulgating the Primary Purpose Rule, “the repeated inclusion of the modifying word
‘commercial’ in section 7702(2)(A) is not merely tautological, but evidences an intention to
ensure that the CAN-SPAM regulatory scheme would not reach isolated email messages sent by
individuals who are not engaged in commerce, but nevertheless seek to sell something to a
friend, acquaintance, or other personal contact.” Hence, the Commission believes that under
208
these facts, such a consumer-forwarder would not be swept into CAN-SPAM’s regulatory
scheme.
209
B. Section 316.4 — Prohibition Against Failure to Effectuate An Opt-Out
Request Within Ten Business Days of Receipt
Section 7704(a)(4) of the Act prohibits senders from initiating the transmission of a
commercial email message to a recipient more than ten business days after the senders have15 U.S.C. 7704(c)(1).
210
-80-
received the recipient’s opt-out request. Section 7704(c)(1) gives the Commission authority to
issue regulations modifying the ten-business-day period — what is, in effect, a “grace
period” — for processing recipients’ opt-out requests if the Commission determines that a
different time frame would be more reasonable after taking into account “(A) the purposes of
[subsection 7704(a)]; (B) the interests of recipients of commercial electronic mail; and (C) the
burdens imposed on senders of lawful commercial electronic mail.” Accordingly, in the
210
ANPR, the Commission sought comment on the reasonableness of the ten-business-day grace
period for processing opt-out requests and whether a shorter grace period would be more
reasonable, in view of the three considerations enumerated in the statute and the relative costs
and benefits.
In consideration of the comments received in response to the ANPR, the NPRM proposed
to shorten the time period for honoring an opt-out request from ten to three business days. The
Commission also posed a number of questions in Part VII of the NPRM about the appropriate
time to allow for processing an opt-out request, including questions about: technical procedures
and cost implications associated with opt-out processing; the level of risk associated with “mail
bombing” — the bombardment of an email address with commercial email in the nine business
days following an opt-out request, aggressive email targeting tactics; and the effect of third-party
arrangements on the timing of opt-out processing. In response to the NPRM, the Commission
received numerous comments opposing the proposed rule.
Based on the Commission’s analysis of the comments received in response to the NPRM,
the Commission is persuaded that: (1) reducing the opt-out grace period from ten to threeSee, e.g., CMOR; BrightWave; Swent; Footlocker; Intermark; Empire; SHRM; FNB;
211
Wells Fargo; VCU; MPAA; ACB; Bigfoot; PMA; BOA; NetCoalition; Reed; DoubleClick;
DMA; CBA; Time Warner; Coalition; NEPA; IAC.; Charter; Jumpstart; HSBC; ASAE;
Comerica; Cendant; CUNA; KeySpan; MasterCard; Discover; Microsoft; PCIAA; Vertical; BD;
Exact; ARTBA; ACUTA; Sprint (stating that it would have to devote at least 30,000 man hours,
or in excess of $2 million, in order to modify its systems to accelerate the process of
(continued...)
-81-
business days would not necessarily advance the privacy interests of consumers; (2) the time
period for processing opt-out requests required by legitimate commercial emailers varies, and
often exceeds three business days depending upon a number of factors, including the size of the
business, the existence of third-party marketing agreements, and the maintenance of multiple
email databases; and (3) neither the current record nor the Commission’s experience reflects that
email bombing of commercial email recipients is a wide-scale tactic deployed by lawful
commercial emailers. Furthermore, the record does not reflect that shortening the opt-out grace
period would necessarily reduce any potential threat of email bombing. Accordingly, the
Commission declines to adopt a final Rule that would reduce the statutory grace period from ten
business days to three business days, but will continue to monitor whether commercial emailers
are using abusive targeting tactics and/or failing to honor opt-out requests in a timely manner to
determine whether regulatory or other action is required in the future. Likewise, as explained
below, the Commission reaffirms its refusal to impose a limit on the duration of opt-out requests
at this time.
1. The Appropriate Deadline for Effectuating an Opt-Out Request
Approximately 100 commenters addressed the issue of whether the period for opt-out
compliance should be reduced. The vast majority — over 85 percent — opposed reducing the
time frame to less than ten business days. Many of these commenters argued that the need for
211(...continued)
211
implementing opt-out requests); ABM (“Diversified Business Communications has concluded
that imposition of a three-day opt-out requirement would reduce the effectiveness of its
marketing and increase its cost by a minimum of $20,000 per year.”).
See, e.g., ACUTA; BD; Experian.
212
See, e.g., ERA; OPA; ATAA; ARDA; Charter; MPA; PMA.
213
See, e.g., DMA.
214
-82-
coordination and synchronization of opt-out mechanisms requires a minimum of ten days.
212
Some of these commenters also suggested that senders of email messages who are not now
complying with the Act would not comply with the proposed change, but those who are
attempting to comply would be burdened, with no gain in protection of consumers’s privacy
interests.
213
A number of commenters provided substantive descriptions of the time frames that are
involved with processing opt-out requests and coordinating such efforts with third-party vendors.
Commenters explained that the time necessary to process opt-out requests varies based on a
number of factors, such as whether the sender itself collects opt-out requests and removes email
addresses from its own marketing list or uses a third-party vendor for the entire process or for
certain portions of the process.
214
According to another commenter, some cable companies rely on third-party vendors to
handle all email marketing, process opt-out requests, and manage suppression lists. “The cable
operator may be able to input a customer’s opt-out request in one to two business days in its ownSee NCTA.
215
See Experian.
216
See, e.g., Masterfoods; Mattel; Jumpstart. With respect to these comments, the
217
Commission notes that section 7704(a)(3)(A)(i) of the Act requires that a commercial email
message contain a functioning return email address or other Internet-based mechanism that the
recipient may use to submit an opt-out request, but does not require requests submitted in other
ways to be honored within the given time period. See also NPRM, 70 FR at 25443.
-83-
internal database, but the third party vendor that provides a variety of targeted marketing and
advertising services may take up to 8-10 business days to complete the processing.”
215
A few commenters argued that delays also can result from concerns about privacy with
respect to negotiating non-disclosure agreements and using hard copy media, such as CDs, to
transmit their suppression files. As one commenter explained:
We often see other situations that make the three-day period
difficult at best, including large corporations with legacy
databases that must plan for their marketing campaigns and
use of suppression lists a week in advance, use of hard-copy
media — such as CDs — to transmit the files via the postal
service, and then the use by small businesses which only have
access to low bandwidth connections. A three-day deadline
could cause many advertisers, especially small or traditionally
offline businesses, to abandon their e-mail acquisition efforts
altogether in order to comply.
216
Finally, a few commenters pointed out that they offer not only Internet-based opt-out
mechanisms but also opportunities to unsubscribe by telephone or other means, which can be very
time-consuming.
217
In terms of potential benefits to consumers from reducing the grace period to three business
days, nearly all of the commenters argued that bombarding a recipient with email following an opt-See, e.g., CMOR; Verizon; LashBack; ACLI; ABM; FNB; ERA; ESPC; ARTBA;
218
MPA (arguing that, if a marketer were involved in mail bombing, it could still do so under a
three-business-day time frame); PMA; BOA; SIA; NRF; NetCoalition; Reed; DoubleClick;
Associations; Time Warner; IAC; ICC; Nextel (asserting that no rational marketer would
undertake mail bombing); Charter; HSBC; MasterCard; Discover; Microsoft; Nissan; Vertical;
ExactTarget; Sprint. But see iPost (“[I]t has been demonstrated by the use of ‘honeypot’ or
‘spamtrap’ emailboxes that submitting opt-out requests does lead to targeting for receipt of
additional commercial email . . . . The length of time that elapses following submission of the
opt-out request has little bearing on this practice, which no responsible marketer would employ
in any case.”).
See Unsub; Rushing; Nelson; NAFCU.
219
See Aurelius; Edge; Schaefer; Roberts; Pernetian; Amin.
220
See, e.g., May (“Extending the time period to 5 days, but shortening from 7 [sic] days,
221
would encompass 90% of the online population and is a reasonable time period to comply with
opt-in requests.”); Clear (supporting a compromise of five or six days).
See, e.g., NADA; BrightWave; Ezines; ARDA; ABM; ASAE; NAMB (“NAMB
222
believes that the proposed 3-business day time period has a disproportionate economic impact on
all small business entities, which includes many mortgage brokers.”); MPA; NAR; NAA
(indicating that a three-business-day period would be challenging for small newspapers); ASTA
(“Nearly instantaneous processing’ may be possible for some, but there is no record support for
the proposition that it is possible for all, or even most, businesses, particularly small
(continued...)
-84-
out request is not a valid concern and that the potential risk of mail bombing would not, in any event,
be mitigated by shortening the opt-out period to three days.
218
A few commenters argued either in favor of the proposed three-day time period, or
219
recommended time periods of less than three days. These commenters, several of whom are
220
individual consumers, generally believe that there are no technical obstacles to automatic or nearautomatic opt-out processing. Other commenters suggested that five to seven days could represent
a reasonable period of time to process an opt-out request.
221
Many small businesses, however, opined that compliance with a shorter time frame would
pose a significant burden due to the technical support needed. For example, some small entities
222(...continued)
222
businesses.”).
See, e.g., Sheu; Wiederhoeft; Intermark; ECFCU; SHRM; IS; ASAE; Comerica; IPPC;
223
BD; ARTBA.
See, e.g., NNA; ACLI; NRF; ICC.
224
69 FR 16368 (Mar. 29, 2004).
225
-85-
process opt-out requests manually or have only part-time staff. Given holidays and vacations, those
entities do not believe they could process requests within three days. Small membership-based
223
associations such as the American Road and Transportation Builders Association and SHRM also
expressed concern about staffing issues. SHRM argued that it would be unreasonable to expect
volunteers or even a single paid staff director to check for, and handle, opt-out requests several times
per week to satisfy the proposed three-day rule.
Finally, a few commenters argued that ten business days is not sufficient time for processing
opt-out requests and a longer time frame would be better. Some of these commenters pointed out
224
that telemarketers have 31 days to process new listings on the National Do Not Call Registry and
225
that commercial email messages directed to certain mobile devices are prohibited if the wireless
domain name referenced in the address has been posted on the Federal CommunicationsThe FCC has issued a list of wireless domains to which commercial email messages
226
cannot be directed without the addressee’s express prior authorization or if other conditions are
met. 47 CFR 64.3100(a) & (e). The thirty-day safe harbor does not apply if the person or entity
initiating the message did so knowing the address was to a protected mobile service. 47 CFR
64.3100(a)(4); Rules and Regulations Implementing the Controlling the Assault Of
Non-Solicited Pornography and Marketing Act of 2003, CG Docket No. 04-53, Rules and
Regulations Implementing the Telephone Consumer Protection Act of 1991, CG Docket No.
02-278, 19 FCC Rcd. 15927, 15969 (2004).
See, e.g., Verizon; Intermark; NAR; SIIA; MCI; IAC.
227
-86-
Commission’s (“FCC”) wireless domain list for at least 30 days. These commenters argued that,
226
for consistency, 31 or 30 days should be allowed for processing opt-out requests.
227
Having carefully considered the comments concerning the amount of time required to process
and coordinate opt-out requests, along with the Commission’s law enforcement experience, the
Commission is persuaded that it should retain the ten-business-day grace period for honoring opt-out
requests. The Commission is persuaded that its proposal in the NPRM to shorten the period to three
business days could impose a substantial burden on legitimate commercial email marketers. In
particular, the Commission is concerned that reducing the opt-out period could pose a significant
challenge for small entities. In addition, the Commission believes that reducing the opt-out period
would not necessarily advance the privacy interests of consumers. Neither the current record nor the
Commission’s law enforcement experience indicates that email bombing of commercial email
recipients is a wide-scale tactic deployed by lawful commercial emailers, or that reducing the opt-out
grace period would necessarily reduce any potential threat of email bombing.
At the same time, the Commission rejects the argument that email marketers should have
more than ten business days to process opt-out requests. The Commission finds that, based on the
record, senders of commercial email are not unduly burdened by the ten-business-day grace periodSee, e.g., DoubleClick; ACB; Cendant; iPost; Empire. See also NCL’s comments in
228
the ANPR (stating that “We are unaware of any problems with the ten-business-day time period
and would strongly oppose lengthening it.”).
See “Top Etailers’ Compliance with CAN-SPAM’s Opt-Out Provisions.” Staff Report
229
This report explained that 89% of the top 100 etailers that sent commercial email during the study
honored all three of the opt-out requests made by FTC staff.
Proposed Rule 316.4(b) would have clarified that law enforcement officials are not
230
required to allege or prove a defendant’s state of mind to obtain a cease and desist order or an
injunction to enforce compliance with proposed Rule 316.4(a), which pertains to the time period
for honoring opt-out requests. Because the Commission declines to adopt Rule 316.4(a),
proposed Rule 316.4(b) is no longer necessary. Moreover, the language of the Act itself is clear
on this issue — whenever a provision of the Act or the Commission’s Rule contains a state-ofmind component, that requirement does not apply when a law enforcement official seeks a cease
and desist order or an injunction. 15 U.S.C. 7706(e) & (f)(2).
-87-
for honoring opt-out requests established by Congress. Indeed, in 2005, a Commission study
228
revealed that nearly 90% of the top 100 etailers honored the ten-business-day opt-out time period,
229
which suggests that, on balance, compliance is feasible for most senders of commercial email.
Further, the Commission is not persuaded that the fact that telemarketers have 31 days to process
new listings on the National Do Not Call Registry justifies extending the period for honoring CANSPAM opt-out requests to 31 days, in view of the difference in the structure and operation of email
suppression lists as compared to the National Do Not Call Registry.
For all these reasons, the Commission declines to adopt proposed Rule 316.4, which would
have reduced the statutory ten-business-day grace period for honoring opt-out requests. The grace
230
period therefore remains ten business days.
2. Expiration of Opt-out Requests
In the NPRM, the Commission declined to propose a time limit for how long an opt-out
request will remain in effect, but indicated that it would consider submissions of information or data70 FR at 2544. The NPRM also stated that the duration of a person’s registration on
231
the Do Not Call Registry is five years or until the registrant changes his or her telephone number
or takes the number off the Registry. Id. Congress has since enacted legislation which
eliminates the expiration of listings on the Registry. See Do-Not-Call Improvement Act of 2007,
Pub. L. No. 110-188 (2008).
As of June 2007, the Do Not Call Registry contained more than 145 million telephone
232
numbers.
70 FR at 2544.
233
See, e.g., ARDA; Wells Fargo; BOA; NRF (all arguing for a two- to three-year time
234
limit); CMOR; ABM; FNB; ERA; ESPC; ACB; Bigfoot; Visa (all arguing for a five-year or
longer time limit).
For example, DoubleClick argued that it did “not believe that a consumer’s choice
235
should have an expiration date. If a consumer asks to be removed from a commercial email list
and subsequently changes her/his mind, s/he can re-subscribe to that mailing list.” Similarly, the
Virginia Credit Union argued that it also believes that “the opt-out request should be honored
(continued...)
-88-
that would show whether such a time limit would be useful in implementing the provisions of the
Act. The Commission noted that, in the somewhat similar context of the Do Not Call Registry, the
Registry administrator is able routinely to purge defunct or changed telephone numbers from the
Registry database, whereas email marketers do not appear to have similar capabilities for such
purging. The Commission also stated that an email marketer’s suppression list is likely to have
231
far fewer entries than the then 91 million numbers on the Do Not Call Registry, making the
232
prospect of “scrubbing” far less daunting, and potentially vitiating the argument that setting an
expiration period for opt-out requests is required.
233
Several commenters argued that the Commission should limit the length of time that requests
should remain in effect. These commenters, however, were divided on what would be an appropriate
time limit. Other commenters argued that the Commission should not impose a time limit on a
234
consumer’s opt-out request.
235(...continued)
235
indefinitely until such time the consumer contacts the sender and requests otherwise.”
See ESPC (“The time and cost varies linearly based on the size of the lists involved.
236
Both the size of the suppression list and the size of the active list affect the processing time and
cost. Many senders’ suppression lists contain less than 100,000 addresses, in which case the time
and cost are fairly negligible.”).
See DoubleClick.
237
See FNB.
238
-89-
Various commenters submitted data to the Commission about the size of their suppression
lists. That data showed that suppression list size varies, and it is not clear whether or in what
instances suppression lists may exceed the Do Not Call Registry. While many suppression lists
contain less than 100,000 addresses, ESPC states that the suppression lists of some companies
236
exceed the Do Not Call Registry by over 10 million entries. One commenter noted that “[f]rom a
logistical perspective, many companies have large suppression lists that can exceed a million
names.” Another commenter reported that its suppression list will likely have fewer than the
237
number of entries that the National Do Not Call Registry contains.
238
In analyzing the data submitted by these commenters, the Commission finds that, at this time,
there is insufficient evidence to show that email suppression list scrubbing is impeded by the lack
of a time limit on opt-out requests, or that imposing a limit will be useful in implementing the
provisions of the Act under section 7711(a). Notably, Congress chose neither to impose such a time
limit nor to specifically authorize the Commission to do so at this time. Consequently, the
Commission declines to impose a time limit on the duration of an opt-out request. As proposed and adopted here, Rule 316.5 provides: “Neither a sender nor any person
239
acting on behalf of a sender may require that any recipient pay any fee, provide any information
other than the recipient’s electronic mail address and opt-out preferences, or take any other steps
except sending a reply electronic message or visiting a single Internet web page, in order to: (a)
use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C.
7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a
sender; or (b) have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).”
See, e.g., KeySpan; MasterCard; Metz; Empire; Wells Fargo; Coalition; BOA.
240
See, e.g, Wells Fargo; Coalition; Experian; MPAA; AeA; Microsoft; Verizon;
241
MasterCard.
-90-
C. Proposed Rule 316.5 — Prohibition on Charging a Fee or Imposing Other
Requirements on Recipients Who Wish To Opt Out
In the NPRM, the Commission proposed to prohibit the imposition, as a condition for
accepting or honoring a recipient’s opt-out request, of any fee, obligation to provide personally
identifying information (beyond one’s email address), or any other requirement. Several
239
commenters agreed with the Commission’s proposal to prohibit senders from charging a fee to opt
out, but challenged the portion of the rule that would prevent the collection of additional personal
240
information or require email recipients to interface with more than one Internet Web page to opt out
from receiving future commercial email messages from the sender. These commenters cumulatively
identified a host of factors — the risk of typographical errors, computer security issues, online
identity theft, and sabotage by competitors — arguing for the necessity of collecting personal
information or requiring multiple opt-out steps to verify the identity of the recipient. While the
241
Commission recognizes that computer security and identity theft are serious problems facing online
consumers, the Commission is not persuaded that imposing additional requirements on consumers
who are attempting to opt out would do anything to minimize the risk of these problems. To the
contrary, the Commission believes that requiring consumers to transmit additional personallySee also MPAA; Microsoft (both requesting the Commission to clarify that the use of
242
passwords or other authentication information is permitted under the rule); ABA (stating that it
would be beneficial to have “member-recipients log on the entity’s Website, edit the member’s
profile, and thereby directly express the member’s complete opt-out preferences.”).
NPRM, 70 FR at 25445. Similarly, for this reason, the Commission is not persuaded
243
by those commenters arguing that senders should be able to require their member-recipients to
update their member profiles in order to opt out from receiving commercial email messages.
See, e.g., ABA; ATAA.
See Experian.
244
-91-
identifying information would increase the risk of that information being intercepted by a hacker or
rogue third party.
Other commenters explained that verifying the identity of a recipient would be important
because their suppression lists are connected to consumer account information rather than consumer
email addresses. For example, DMA argued that “tracking by account information also makes it
easier to honor opt-out requests for customers regardless of what they change their email address
to.” The Commission does not find this argument persuasive, because, as the Commission stated
242
in the NPRM, “according to CAN-SPAM, opt-out requests are specific to a recipient’s email address,
not his or her name,” and, in this case, certainly not to his or her account information.
243
At least one commenter argued in favor of allowing marketers an opportunity to “display an
advertisement or other incentive in order to remind the recipient of the value of the list subscription
prior to their unsubscription.” The Commission reiterates its position stated in the NPRM that
244
subjecting a recipient who wishes to opt out to sales pitches before the opt-out request is completed
is an unacceptable encumbrance on a consumer’s ability to opt out of receiving unwanted
commercial email messages.15 U.S.C. 7706(f)(3)(C) & (g)(3)(C).
245
The four practices are: (1) automated email address harvesting; (2) dictionary attacks;
246
(3) automated creation of multiple email accounts; and (4) relay or retransmission of a
commercial email message through unauthorized access.
S. Rep. No. 108-102, at 8 (2003).
247
-92-
Accordingly, the Commission adopts final Rule 316.5, which prohibits the imposition of any
fee, any requirement to provide personally identifying information (beyond one’s email address), or
any other obligation as a condition for accepting or honoring a recipient’s opt-out request.
D. Section 7704(c)(2) — Aggravated Violations Related to Commercial Email
The final Rule does not provide for any additional aggravated violations beyond those already
specified in the Act. Committing an aggravated violation along with a violation of section 7704(a)
could subject a defendant to triple damages in a CAN-SPAM enforcement action by a state attorney
general or an ISP. Section 7704(b) of the Act lists four practices which are to be considered
245
“aggravated violations.” According to a Senate Committee Report on an earlier version of the Act,
246
designating specific practices as “aggravated” violations is intended to “apply to those who violate
the provisions of the bill while employing certain problematic techniques used to either generate
recipient email addresses, or remove or mask the true identity of the sender.”
247
Section 7704(c)(2) of the Act authorizes the Commission to specify activities or practices —
in addition to the four already enumerated in the statute — as aggravated violations if the
Commission determines that “those activities or practices are contributing substantially to the
proliferation of commercial electronic mail messages that are unlawful under [section 7704(a) of the
Act].” (Emphasis added.) See Nelson (email spoofing); Rubin (selling email addresses after opt-out; single seller
248
using multiple domain names); Sowell (commercial email messages should have only one
sender; email should indicate how the sender obtained the recipient’s name or email address).
See LashBack (some companies allow third parties to access their suppression lists);
249
Unsub (“many sellers . . . post a text version of their opt-out suppression lists on Blind Affiliate
Networks, allowing easy access for any list owner who is a member” of that network).
15 U.S.C. 7704(c)(2).
250
-93-
In response to the Commission’s request in the NPRM for comment on whether any specific
practices were contributing substantially to the proliferation of email, the Commission received only
five comments. Three of the commenters complained about various practices that either are already
illegal under the Act or that the commenters believed should be made illegal, but did not provide any
evidence that the practices were contributing substantially to the proliferation of commercial
electronic mail messages that are unlawful under section 7704(a) of the Act, and, thus, should be
deemed aggravated violations.
248
The other two commenters expressed concern that lists of email addresses of consumers who
have opted out from receiving email (known as “suppression lists”) can be, and in some instances
have been, misused by third parties to send unwanted email. Specifically, these commenters
249
indicated that, in some cases, third parties have obtained unauthorized access to another company’s
suppression list, which the third parties have then used to send emails of their own. The record,
however, lacks evidence that this practice is widespread and is “contributing substantially to the
proliferation of commercial electronic mail messages that are unlawful under [section 7704(a) of the
Act]. Thus, there is an insufficient evidentiary basis for the Commission to designate this practice
250
as an aggravated violation. In any event, depending on the facts, some of these practices may violate
section 7704(a)(4)(A)(iv) of the Act. Under this provision, “the sender or any other person thatSee 5 CFR 1320.3(c).
251
5 U.S.C. 601-612.
252
NPRM, 70 FR at 25447-49.
253
-94-
knows that the recipient has made [an opt-out request to the sender]” may not “sell, lease, exchange,
or otherwise transfer or release the electronic mail address of the recipient (including through any
transaction or other transfer involving mailing lists bearing the electronic address of the recipient) for
any purpose other than compliance with this chapter or other provision of law.”
III. PAPERWORK REDUCTION ACT
In accordance with the Paperwork Reduction Act of 1995, 44 U.S.C. 3501-3520 (“PRA”), the
Commission reviewed the proposed and final Rule. The final Rule does not impose any
recordkeeping, reporting, or disclosure requirements and, thus, does not constitute a “collection of
information” as defined in the regulations implementing the PRA.
251
IV. REGULATORY FLEXIBILITY ACT
The NPRM included an initial regulatory flexibility analysis (“IRFA”) under the Regulatory
Flexibility Act (“RFA”), even though the Commission did not expect that the proposed Rule would
252
have a significant economic impact on a substantial number of small entities. In addition, the
Commission invited public comment on the proposed Rule’s effect on
small entities to ensure that no significant impact would be overlooked.
253
This Final Regulatory Flexibility Analysis (“FRFA”) incorporates: the Commission’s initial
findings, as set forth in the May 12, 2005 NPRM; addresses the comments submitted in response to
the IRFA notice; and describes the steps the Commission has taken in the final Rule to minimize its
impact on small entities consistent with the objectives of the CAN-SPAM Act.15 U.S.C. 7702(17)(B).
254
15 U.S.C. 7704(c)(1)(A)-(C).
255
15 U.S.C. 7704(c)(2).
256
15 U.S.C. 7711(a).
257
-95-
A. Succinct Statement of the Need for, and Objectives of, the Final Rule
The final Rule was created pursuant to the Commission’s mandate under the CAN-SPAM Act.
The Act authorizes the Commission, at its discretion and subject to certain conditions, to: promulgate
regulations expanding or contracting the categories of “transactional or relationship messages”;
254
modify the ten-business-day period proscribed in the Act for effectuating a recipient’s opt-out
request; and specify additional activities or practices as “aggravated violations.” The Act also
255 256
authorizes the Commission to “issue regulations to implement the provisions of [the] Act.” The
257
final Rule modifies certain definitions of the Act, such as what constitutes a “sender” and a “valid
physical postal address”; adds a definition of “person”; and clarifies other relevant provisions of the
Act.
B. Summary of Significant Issues Raised by the Public Comments in Response
to the IRFA
In the IRFA, the Commission sought comment regarding the impact of the proposed Rule and
any alternatives the Commission should consider, with a specific focus on the effect of the proposed
Rule on small entities. The public comments on the proposed Rule are discussed above throughout
the Statement of Basis and Purpose, as are any changes that have been made in the final Rule. After
reviewing the comments, including those that specifically addressed the impact of the Rule on small
entities, the Commission does not believe that the final Rule will unduly burden entities that sendSee, e.g., ABM; ARDA; BrightWave; Ezines; MPA; NAA; NADA; NAMB; NAR.
258
NPRM, 70 FR at 25448.
259
-96-
commercial electronic mail messages or transactional or relationship mail messages. The majority
of comments concerning the impact of the proposed Rule on small entities addressed the
Commission’s proposal to shorten the opt-out period from ten business days to three. As noted in
Part II.B above, these commenters argued that a shortened time frame would impose undue
administrative costs and burdens on small businesses. The Commission agrees that the final Rule
258
must not be unduly burdensome to small businesses, and, while the record still lacks specific data
describing the time and cost involved with processing opt-out requests for small businesses, the
Commission finds that three business days would pose a challenge for some of these entities. In light
of the concerns raised by the commenters, including small entities, the final Rule retains the opt-out
period at ten business days.
C. Explanation as to Why No Estimate is Available as to
the Number of Small Entities to Which the Final Rule Will Apply
Determining a precise estimate of the number of small entities subject to the final Rule, or
describing those entities, is not readily feasible for two reasons. First, there is insufficient publicly
available data to determine the number and type of small entities currently using email in any
commercial setting. As noted in the IRFA, the final Rule will apply to “‘senders’ of ‘commercial
electronic mail messages,’ and, to a lesser extent, to ‘senders’ of ‘transactional or relationship
messages.’” Thus, any company, regardless of industry or size, that sends commercial email
259
messages or transactional or relationship messages would be subject to the final Rule. Id.
260
-97-
In the IRFA, the Commission set forth the few sources of publicly available data to
approximate the number of entities that send commercial email messages or transactional or
relationship messages, noting that “[g]iven the paucity of data concerning the number of small
businesses that send commercial e-mail messages or transactional or relationship messages, it is not
possible to determine precisely how many small businesses would be subject to the proposed Rule.”
260
None of the comments provided information regarding the number of entities of any size that will be
subject to the final Rule.
The second reason that determining a precise estimate of the number of small entities subject
to the final Rule is not readily feasible is that the assessment of whether the primary purpose of an
email message is “commercial,” “transactional or relationship,” or “other” turns on
a number of factors that require factual analysis on a case-by-case basis. Thus, even if the number
of entities that use email in commercial dealings were known, the extent to which the messages they
send will be regulated by the final Rule depends upon the primary purpose of such messages, a
determination which cannot be made absent factual analysis.
D. Description of the Projected Reporting, Recordkeeping, and Other
Compliance Requirements of the Final Rule, Including an Estimate of the
Classes of Small Entities that Will Be Subject to the Requirements of the
Final Rule and the Type of Professional Skills that Will Be Necessary to
Implement the Final Rule
The final Rule does not itself impose any reporting, recordkeeping, or other disclosure
requirements within the meaning of the Paperwork Reduction Act. The final Rule primarily: clarifies
the scope of certain definitions within the CAN-SPAM Act, such as “sender” and “valid physical
postal address”; defines one new term, “person”; and clarifies that a recipient may not be required to-98-
pay a fee, provide information other than his or her email address and opt-out preferences, or take any
other steps other than sending a reply email message or visiting a single Internet Web page to submit
an opt-out request. Any costs attributable to CAN-SPAM are the result of the substantive
requirements of the Act itself — such as the requirement that commercial email messages include an
opt-out mechanism and certain disclosures — not the Commission’s interpretive final Rule.
E. Discussion of Significant Alternatives the Commission Considered That
Would Accomplish the Stated Objectives of the CAN-SPAM Act and That
Would Minimize Any Significant Economic Impact of the Final Rule on Small
Entities
Through both the ANPR and the May 12, 2005 NPRM, the Commission sought to gather
information regarding the economic impact of CAN-SPAM’s requirements on all businesses,
including small entities. The Commission requested public comment on whether the proposed Rule
would unduly burden such entities that use email to send messages defined as “commercial” or
“transactional or relationship” messages under the Act and the FTC’s CAN-SPAM Rule; whether this
burden is justified by offsetting benefits to consumers; what effect the proposed Rule would have on
small entities that initiate messages the primary purpose of which are commercial or transactional or
relationship; what costs would be incurred by small entities to “implement and comply” with the
proposed Rule; and whether there were ways the proposed Rule could be modified to reduce the costs
or burdens for small entities while still being consistent with the requirements of the Act. The
Commission requested this information in an attempt to minimize the final Rule’s burden on all
businesses, including small entities.
In drafting the final Rule, the Commission carefully considered and sought to mitigate the
burdens placed on email marketers, both large and small alike. For example, because a shortened-99-
time frame for processing opt-out requests might place a significant burden on senders, including
small businesses, the final Rule retains the original ten-business-day period set forth in the Act.
Moreover, the final Rule’s definition of “valid physical postal address” provides for the use of
commercial and postal mailboxes in light of the concerns many small entities expressed with respect
to disclosing their physical addresses in email messages. Finally, to the extent that small entities
participate in sending multiple marketer messages, the final Rule’s definition of “sender” minimizes
the burden placed on such entities by permitting the designation of a single “sender” to comply with
CAN-SPAM’s disclosure and opt-out requirements.
As explained earlier in this Statement of Basis and Purpose, the Commission has considered
the comments and alternatives proposed by such commenters, and continues to believe that the final
Rule will not create a significant economic impact on small entities or others who send or initiate
commercial email messages or transactional or relationship messages.
List of Subjects in 16 CFR Part 316
Advertising, Business and industry, Computer technology, Consumer protection, Labeling.
Accordingly, for the reasons set forth in the preamble above, the Commission amends title 16 CFR
Chapter I by revising Part 316 to read as follows:
PART 316 – CAN-SPAM RULE
Sec.
316.1 Scope.
316.2 Definitions.
316.3 Primary purpose.
316.4 Requirement to place warning labels on commercial electronic mail that contains
sexually oriented material.-100-
316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to
opt out.
316.6 Severability.
Authority: 15 U.S.C. 7701-7713.
§ 316.1 Scope.
This part implements the Controlling the Assault of Non-Solicited Pornography and Marketing Act
of 2003 (“CAN-SPAM Act”), 15 U.S.C. 7701-7713.
§ 316.2 Definitions.
(a) The definition of the term “affirmative consent” is the same as the definition of that term in
the CAN-SPAM Act, 15 U.S.C. 7702(1).
(b) “Character” means an element of the American Standard Code for Information Interchange
(“ASCII”) character set.
(c) The definition of the term “commercial electronic mail message” is the same as the definition
of that term in the CAN-SPAM Act, 15 U.S.C. 7702(2).
(d) The definition of the term “electronic mail address” is the same as the definition of that term
in the CAN-SPAM Act, 15 U.S.C. 7702(5).
(e) The definition of the term “electronic mail message” is the same as the definition of that term
in the CAN-SPAM Act, 15 U.S.C. 7702(6).
(f) The definition of the term “initiate” is the same as the definition of that term in the CANSPAM Act, 15 U.S.C. 7702(9).
(g) The definition of the term “Internet” is the same as the definition of that term in the CANSPAM Act, 15 U.S.C. 7702(10).
(h) “Person” means any individual, group, unincorporated association, limited or general
partnership, corporation, or other business entity.
(i) The definition of the term “procure” is the same as the definition of that term in the CANSPAM Act, 15 U.S.C. 7702(12).
(j) The definition of the term “protected computer” is the same as the definition of that term in
the CAN-SPAM Act, 15 U.S.C. 7702(13).The Commission does not intend for these criteria to treat as a “commercial electronic
1
mail message” anything that is not commercial speech.
-101-
(k) The definition of the term “recipient” is the same as the definition of that term in the CANSPAM Act, 15 U.S.C. 7702(14).
(l) The definition of the term “routine conveyance” is the same as the definition of that term in
the CAN-SPAM Act, 15 U.S.C. 7702(15).
(m) The definition of the term “sender” is the same as the definition of that term in the CANSPAM Act, 15 U.S.C. 7702(16), provided that, when more than one person’s products,
services, or Internet website are advertised or promoted in a single electronic mail message,
each such person who is within the Act’s definition will be deemed to be a “sender,” except
that, only one person will be deemed to be the “sender” of that message if such person: (A)
is within the Act’s definition of “sender”; (B) is identified in the “from” line as the sole sender
of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2),
15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4.
(n) The definition of the term “sexually oriented material” is the same as the definition of that
term in the CAN-SPAM Act, 15 U.S.C. 7704(d)(4).
(o) The definition of the term “transactional or relationship messages” is the same as the
definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(17).
(p) “Valid physical postal address” means the sender’s current street address, a Post Office box
the sender has accurately registered with the United States Postal Service, or a private mailbox
the sender has accurately registered with a commercial mail receiving agency that is
established pursuant to United States Postal Service regulations.
§ 316.3 Primary purpose.
(a) In applying the term “commercial electronic mail message” defined in the CAN-SPAM Act,
15 U.S.C. 7702(2), the “primary purpose” of an electronic mail message shall be deemed to
be commercial based on the criteria in paragraphs (a)(1) through (3) and (b) of this section:
1
(1) If an electronic mail message consists exclusively of the commercial advertisement
or promotion of a commercial product or service, then the “primary purpose” of the
message shall be deemed to be commercial.
(2) If an electronic mail message contains both the commercial advertisement or
promotion of a commercial product or service as well as transactional or relationship
content as set forth in paragraph (c) of this section, then the “primary purpose” of the
message shall be deemed to be commercial if:-102-
(i) A recipient reasonably interpreting the subject line of the electronic mail
message would likely conclude that the message contains the commercial
advertisement or promotion of a commercial product or service; or
(ii) The electronic mail message’s transactional or relationship content as set forth
in paragraph (c) of this section does not appear, in whole or in substantial part,
at the beginning of the body of the message.
(3) If an electronic mail message contains both the commercial advertisement or
promotion of a commercial product or service as well as other content that is not
transactional or relationship content as set forth in paragraph (c) of this section, then
the “primary purpose” of the message shall be deemed to be commercial if:
(i) A recipient reasonably interpreting the subject line of the electronic mail
message would likely conclude that the message contains the commercial
advertisement or promotion of a commercial product or service; or
(ii) A recipient reasonably interpreting the body of the message would likely
conclude that the primary purpose of the message is the commercial
advertisement or promotion of a commercial product or service. Factors
illustrative of those relevant to this interpretation include the placement of
content that is the commercial advertisement or promotion of a commercial
product or service, in whole or in substantial part, at the beginning of the body
of the message; the proportion of the message dedicated to such content; and
how color, graphics, type size, and style are used to highlight commercial
content.
(b) In applying the term “transactional or relationship message” defined in the CAN-SPAM Act,
15 U.S.C. § 7702(17), the “primary purpose” of an electronic mail message shall be deemed
to be transactional or relationship if the electronic mail message consists exclusively of
transactional or relationship content as set forth in paragraph (c) of this section.
(c) Transactional or relationship content of email messages under the CAN-SPAM Act is content:
(1) To facilitate, complete, or confirm a commercial transaction that the recipient has
previously agreed to enter into with the sender;
(2) To provide warranty information, product recall information, or safety or security
information with respect to a commercial product or service used or purchased by the
recipient;The phrase “SEXUALLY-EXPLICIT” comprises 17 characters, including the dash
2
between the two words. The colon (:) and the space following the phrase are the 18 and 19
th th
characters.
This phrase consists of nineteen (19) characters and is identical to the phrase required in
3
316.5(a)(1) of this Rule.
-103-
(3) With respect to a subscription, membership, account, loan, or comparable ongoing
commercial relationship involving the ongoing purchase or use by the recipient of
products or services offered by the sender, to provide –
(i) Notification concerning a change in the terms or features;
(ii) Notification of a change in the recipient’s standing or status; or
(iii) At regular periodic intervals, account balance information or other type of
account statement;
(4) To provide information directly related to an employment relationship or related
benefit plan in which the recipient is currently involved, participating, or enrolled; or
(5) To deliver goods or services, including product updates or upgrades, that the recipient
is entitled to receive under the terms of a transaction that the recipient has previously
agreed to enter into with the sender.
§ 316.4 Requirement to place warning labels on commercial electronic mail that contains
sexually oriented material.
(a) Any person who initiates, to a protected computer, the transmission of a commercial
electronic mail message that includes sexually oriented material must:
(1) Exclude sexually oriented materials from the subject heading for the electronic mail
message and include in the subject heading the phrase “SEXUALLY-EXPLICIT: ”
in capital letters as the first nineteen (19) characters at the beginning of the subject
line;
2
(2) Provide that the content of the message that is initially viewable by the recipient, when
the message is opened by any recipient and absent any further actions by the recipient,
include only the following information:
(i) The phrase “SEXUALLY-EXPLICIT: ” in a clear and conspicuous manner;
3-104-
(ii) Clear and conspicuous identification that the message is an advertisement or
solicitation;
(iii) Clear and conspicuous notice of the opportunity of a recipient to decline to
receive further commercial electronic mail messages from the sender;
(iv) A functioning return electronic mail address or other Internet-based
mechanism, clearly and conspicuously displayed, that -
(A) A recipient may use to submit, in a manner specified in the message,
a reply electronic mail message or other form of Internet-based
communication requesting not to receive future commercial electronic
mail messages from that sender at the electronic mail address where
the message was received; and
(B) Remains capable of receiving such messages or communications for
no less than 30 days after the transmission of the original message;
(v) Clear and conspicuous display of a valid physical postal address of the sender;
and
(vi) Any needed instructions on how to access, or activate a mechanism to access,
the sexually oriented material, preceded by a clear and conspicuous statement
that to avoid viewing the sexually oriented material, a recipient should delete
the email message without following such instructions.
(b) Prior affirmative consent. Paragraph (a) does not apply to the transmission of an electronic
mail message if the recipient has given prior affirmative consent to receipt of the message.
§ 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish
to opt out.
Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any
fee, provide any information other than the recipient’s electronic mail address and opt-out
preferences, or take any other steps except sending a reply electronic mail message or visiting a single
Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based mechanism, required by
15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic
mail messages from a sender; or
(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).-105-
§ 316.6 Severability.
The provisions of this Part are separate and severable from one another. If any provision is
stayed or determined to be invalid, it is the Commission’s intention that the remaining provisions
shall continue in effect.
By direction of the Commission.
Donald S. Clark
Secretary-106-
Note: The following Appendix will not appear in the Code of Federal Regulations

 

--------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------

2003 Original Law Text Below

--------------------------------------------------------------------------------------------------------------------------------------

Public Law 108–187
108th Congress
An Act
To regulate interstate commerce by imposing limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet.
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ‘‘Controlling the Assault of NonSolicited Pornography and Marketing Act of 2003’’, or the ‘‘CANSPAM Act of 2003’’.
SEC. 2. CONGRESSIONAL FINDINGS AND POLICY.
(a) FINDINGS.—The Congress finds the following:
(1) Electronic mail has become an extremely important
and popular means of communication, relied on by millions
of Americans on a daily basis for personal and commercial
purposes. Its low cost and global reach make it extremely
convenient and efficient, and offer unique opportunities for
the development and growth of frictionless commerce.
(2) The convenience and efficiency of electronic mail are
threatened by the extremely rapid growth in the volume of
unsolicited commercial electronic mail. Unsolicited commercial
electronic mail is currently estimated to account for over half
of all electronic mail traffic, up from an estimated 7 percent
in 2001, and the volume continues to rise. Most of these messages are fraudulent or deceptive in one or more respects.
(3) The receipt of unsolicited commercial electronic mail
may result in costs to recipients who cannot refuse to accept
such mail and who incur costs for the storage of such mail,
or for the time spent accessing, reviewing, and discarding such
mail, or for both.
(4) The receipt of a large number of unwanted messages
also decreases the convenience of electronic mail and creates
a risk that wanted electronic mail messages, both commercial
and noncommercial, will be lost, overlooked, or discarded amidst
the larger volume of unwanted messages, thus reducing the
reliability and usefulness of electronic mail to the recipient.
(5) Some commercial electronic mail contains material that
many recipients may consider vulgar or pornographic in nature.
(6) The growth in unsolicited commercial electronic mail
imposes significant monetary costs on providers of Internet
access services, businesses, and educational and nonprofit
institutions that carry and receive such mail, as there is a
finite volume of mail that such providers, businesses, and
15 USC 7701.
15 USC 7701
note.
Controlling the
Assault of NonSolicited
Pornography and
Marketing Act of
2003.
Dec. 16, 2003
[S. 877]
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00001 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2700 PUBLIC LAW 108–187—DEC. 16, 2003
institutions can handle without further investment in infrastructure.
(7) Many senders of unsolicited commercial electronic mail
purposefully disguise the source of such mail.
(8) Many senders of unsolicited commercial electronic mail
purposefully include misleading information in the messages’
subject lines in order to induce the recipients to view the
messages.
(9) While some senders of commercial electronic mail messages provide simple and reliable ways for recipients to reject
(or ‘‘opt-out’’ of) receipt of commercial electronic mail from
such senders in the future, other senders provide no such
‘‘opt-out’’ mechanism, or refuse to honor the requests of recipients not to receive electronic mail from such senders in the
future, or both.
(10) Many senders of bulk unsolicited commercial electronic
mail use computer programs to gather large numbers of electronic mail addresses on an automated basis from Internet
websites or online services where users must post their
addresses in order to make full use of the website or service.
(11) Many States have enacted legislation intended to regulate or reduce unsolicited commercial electronic mail, but these
statutes impose different standards and requirements. As a
result, they do not appear to have been successful in addressing
the problems associated with unsolicited commercial electronic
mail, in part because, since an electronic mail address does
not specify a geographic location, it can be extremely difficult
for law-abiding businesses to know with which of these disparate statutes they are required to comply.
(12) The problems associated with the rapid growth and
abuse of unsolicited commercial electronic mail cannot be solved
by Federal legislation alone. The development and adoption
of technological approaches and the pursuit of cooperative
efforts with other countries will be necessary as well.
(b) CONGRESSIONAL DETERMINATION OF PUBLIC POLICY.—On
the basis of the findings in subsection (a), the Congress determines
that—
(1) there is a substantial government interest in regulation
of commercial electronic mail on a nationwide basis;
(2) senders of commercial electronic mail should not mislead recipients as to the source or content of such mail; and
(3) recipients of commercial electronic mail have a right
to decline to receive additional commercial electronic mail from
the same source.
SEC. 3. DEFINITIONS.
In this Act:
(1) AFFIRMATIVE CONSENT.—The term ‘‘affirmative consent’’, when used with respect to a commercial electronic mail
message, means that—
(A) the recipient expressly consented to receive the
message, either in response to a clear and conspicuous
request for such consent or at the recipient’s own initiative;
and
(B) if the message is from a party other than the
party to which the recipient communicated such consent,
the recipient was given clear and conspicuous notice at
15 USC 7702.
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00002 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2701
the time the consent was communicated that the recipient’s
electronic mail address could be transferred to such other
party for the purpose of initiating commercial electronic
mail messages.
(2) COMMERCIAL ELECTRONIC MAIL MESSAGE.—
(A) IN GENERAL.—The term ‘‘commercial electronic mail
message’’ means any electronic mail message the primary
purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial
purpose).
(B) TRANSACTIONAL OR RELATIONSHIP MESSAGES.—The
term ‘‘commercial electronic mail message’’ does not include
a transactional or relationship message.
(C) REGULATIONS REGARDING PRIMARY PURPOSE.—Not
later than 12 months after the date of the enactment
of this Act, the Commission shall issue regulations pursuant to section 13 defining the relevant criteria to facilitate
the determination of the primary purpose of an electronic
mail message.
(D) REFERENCE TO COMPANY OR WEBSITE.—The inclusion of a reference to a commercial entity or a link to
the website of a commercial entity in an electronic mail
message does not, by itself, cause such message to be
treated as a commercial electronic mail message for purposes of this Act if the contents or circumstances of the
message indicate a primary purpose other than commercial
advertisement or promotion of a commercial product or
service.
(3) COMMISSION.—The term ‘‘Commission’’ means the Federal Trade Commission.
(4) DOMAIN NAME.—The term ‘‘domain name’’ means any
alphanumeric designation which is registered with or assigned
by any domain name registrar, domain name registry, or other
domain name registration authority as part of an electronic
address on the Internet.
(5) ELECTRONIC MAIL ADDRESS.—The term ‘‘electronic mail
address’’ means a destination, commonly expressed as a string
of characters, consisting of a unique user name or mailbox
(commonly referred to as the ‘‘local part’’) and a reference
to an Internet domain (commonly referred to as the ‘‘domain
part’’), whether or not displayed, to which an electronic mail
message can be sent or delivered.
(6) ELECTRONIC MAIL MESSAGE.—The term ‘‘electronic mail
message’’ means a message sent to a unique electronic mail
address.
(7) FTC ACT.—The term ‘‘FTC Act’’ means the Federal
Trade Commission Act (15 U.S.C. 41 et seq.).
(8) HEADER INFORMATION.—The term ‘‘header information’’
means the source, destination, and routing information
attached to an electronic mail message, including the originating domain name and originating electronic mail address,
and any other information that appears in the line identifying,
or purporting to identify, a person initiating the message.
(9) INITIATE.—The term ‘‘initiate’’, when used with respect
to a commercial electronic mail message, means to originate
or transmit such message or to procure the origination or
Deadline.
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00003 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2702 PUBLIC LAW 108–187—DEC. 16, 2003
transmission of such message, but shall not include actions
that constitute routine conveyance of such message. For purposes of this paragraph, more than one person may be considered to have initiated a message.
(10) INTERNET.—The term ‘‘Internet’’ has the meaning given
that term in the Internet Tax Freedom Act (47 U.S.C. 151
nt).
(11) INTERNET ACCESS SERVICE.—The term ‘‘Internet access
service’’ has the meaning given that term in section 231(e)(4)
of the Communications Act of 1934 (47 U.S.C. 231(e)(4)).
(12) PROCURE.—The term ‘‘procure’’, when used with
respect to the initiation of a commercial electronic mail message, means intentionally to pay or provide other consideration
to, or induce, another person to initiate such a message on
one’s behalf.
(13) PROTECTED COMPUTER.—The term ‘‘protected computer’’ has the meaning given that term in section 1030(e)(2)(B)
of title 18, United States Code.
(14) RECIPIENT.—The term ‘‘recipient’’, when used with
respect to a commercial electronic mail message, means an
authorized user of the electronic mail address to which the
message was sent or delivered. If a recipient of a commercial
electronic mail message has one or more electronic mail
addresses in addition to the address to which the message
was sent or delivered, the recipient shall be treated as a separate recipient with respect to each such address. If an electronic
mail address is reassigned to a new user, the new user shall
not be treated as a recipient of any commercial electronic
mail message sent or delivered to that address before it was
reassigned.
(15) ROUTINE CONVEYANCE.—The term ‘‘routine conveyance’’ means the transmission, routing, relaying, handling, or
storing, through an automatic technical process, of an electronic
mail message for which another person has identified the recipients or provided the recipient addresses.
(16) SENDER.—
(A) IN GENERAL.—Except as provided in subparagraph
(B), the term ‘‘sender’’, when used with respect to a
commercial electronic mail message, means a person who
initiates such a message and whose product, service, or
Internet web site is advertised or promoted by the message.
(B) SEPARATE LINES OF BUSINESS OR DIVISIONS.—If an
entity operates through separate lines of business or divisions and holds itself out to the recipient throughout the
message as that particular line of business or division
rather than as the entity of which such line of business
or division is a part, then the line of business or the
division shall be treated as the sender of such message
for purposes of this Act.
(17) TRANSACTIONAL OR RELATIONSHIP MESSAGE.—
(A) IN GENERAL.—The term ‘‘transactional or relationship message’’ means an electronic mail message the primary purpose of which is—
(i) to facilitate, complete, or confirm a commercial
transaction that the recipient has previously agreed
to enter into with the sender;
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00004 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2703
(ii) to provide warranty information, product recall
information, or safety or security information with
respect to a commercial product or service used or
purchased by the recipient;
(iii) to provide—
(I) notification concerning a change in the
terms or features of;
(II) notification of a change in the recipient’s
standing or status with respect to; or
(III) at regular periodic intervals, account balance information or other type of account statement with respect to,
a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the
ongoing purchase or use by the recipient of products
or services offered by the sender;
(iv) to provide information directly related to an
employment relationship or related benefit plan in
which the recipient is currently involved, participating,
or enrolled; or
(v) to deliver goods or services, including product
updates or upgrades, that the recipient is entitled to
receive under the terms of a transaction that the
recipient has previously agreed to enter into with the
sender.
(B) MODIFICATION OF DEFINITION.—The Commission by
regulation pursuant to section 13 may modify the definition
in subparagraph (A) to expand or contract the categories
of messages that are treated as transactional or relationship messages for purposes of this Act to the extent that
such modification is necessary to accommodate changes
in electronic mail technology or practices and accomplish
the purposes of this Act.
SEC. 4. PROHIBITION AGAINST PREDATORY AND ABUSIVE COMMERCIAL E-MAIL.
(a) OFFENSE.—
(1) IN GENERAL.—Chapter 47 of title 18, United States
Code, is amended by adding at the end the following new
section:
‘‘§ 1037. Fraud and related activity in connection with electronic mail
‘‘(a) IN GENERAL.—Whoever, in or affecting interstate or foreign
commerce, knowingly—
‘‘(1) accesses a protected computer without authorization,
and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer,
‘‘(2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to
deceive or mislead recipients, or any Internet access service,
as to the origin of such messages,
‘‘(3) materially falsifies header information in multiple
commercial electronic mail messages and intentionally initiates
the transmission of such messages,
‘‘(4) registers, using information that materially falsifies
the identity of the actual registrant, for five or more electronic
15 USC 7703.
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00005 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2704 PUBLIC LAW 108–187—DEC. 16, 2003
mail accounts or online user accounts or two or more domain
names, and intentionally initiates the transmission of multiple
commercial electronic mail messages from any combination of
such accounts or domain names, or
‘‘(5) falsely represents oneself to be the registrant or the
legitimate successor in interest to the registrant of 5 or more
Internet Protocol addresses, and intentionally initiates the
transmission of multiple commercial electronic mail messages
from such addresses,
or conspires to do so, shall be punished as provided in subsection
(b).
‘‘(b) PENALTIES.—The punishment for an offense under subsection (a) is—
‘‘(1) a fine under this title, imprisonment for not more
than 5 years, or both, if—
‘‘(A) the offense is committed in furtherance of any
felony under the laws of the United States or of any State;
or
‘‘(B) the defendant has previously been convicted under
this section or section 1030, or under the law of any State
for conduct involving the transmission of multiple commercial electronic mail messages or unauthorized access to
a computer system;
‘‘(2) a fine under this title, imprisonment for not more
than 3 years, or both, if—
‘‘(A) the offense is an offense under subsection (a)(1);
‘‘(B) the offense is an offense under subsection (a)(4)
and involved 20 or more falsified electronic mail or online
user account registrations, or 10 or more falsified domain
name registrations;
‘‘(C) the volume of electronic mail messages transmitted in furtherance of the offense exceeded 2,500 during
any 24-hour period, 25,000 during any 30-day period, or
250,000 during any 1-year period;
‘‘(D) the offense caused loss to one or more persons
aggregating $5,000 or more in value during any 1-year
period;
‘‘(E) as a result of the offense any individual committing the offense obtained anything of value aggregating
$5,000 or more during any 1-year period; or
‘‘(F) the offense was undertaken by the defendant in
concert with three or more other persons with respect
to whom the defendant occupied a position of organizer
or leader; and
‘‘(3) a fine under this title or imprisonment for not more
than 1 year, or both, in any other case.
‘‘(c) FORFEITURE.—
‘‘(1) IN GENERAL.—The court, in imposing sentence on a
person who is convicted of an offense under this section, shall
order that the defendant forfeit to the United States—
‘‘(A) any property, real or personal, constituting or
traceable to gross proceeds obtained from such offense;
and
‘‘(B) any equipment, software, or other technology used
or intended to be used to commit or to facilitate the commission of such offense.
Courts.
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00006 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2705
‘‘(2) PROCEDURES.—The procedures set forth in section 413
of the Controlled Substances Act (21 U.S.C. 853), other than
subsection (d) of that section, and in Rule 32.2 of the Federal
Rules of Criminal Procedure, shall apply to all stages of a
criminal forfeiture proceeding under this section.
‘‘(d) DEFINITIONS.—In this section:
‘‘(1) LOSS.—The term ‘loss’ has the meaning given that
term in section 1030(e) of this title.
‘‘(2) MATERIALLY.—For purposes of paragraphs (3) and (4)
of subsection (a), header information or registration information
is materially falsified if it is altered or concealed in a manner
that would impair the ability of a recipient of the message,
an Internet access service processing the message on behalf
of a recipient, a person alleging a violation of this section,
or a law enforcement agency to identify, locate, or respond
to a person who initiated the electronic mail message or to
investigate the alleged violation.
‘‘(3) MULTIPLE.—The term ‘multiple’ means more than 100
electronic mail messages during a 24-hour period, more than
1,000 electronic mail messages during a 30-day period, or more
than 10,000 electronic mail messages during a 1-year period.
‘‘(4) OTHER TERMS.—Any other term has the meaning given
that term by section 3 of the CAN-SPAM Act of 2003.’’.
(2) CONFORMING AMENDMENT.—The chapter analysis for
chapter 47 of title 18, United States Code, is amended by
adding at the end the following:
‘‘Sec.
‘‘1037. Fraud and related activity in connection with electronic mail.’’.
(b) UNITED STATES SENTENCING COMMISSION.—
(1) DIRECTIVE.—Pursuant to its authority under section
994(p) of title 28, United States Code, and in accordance with
this section, the United States Sentencing Commission shall
review and, as appropriate, amend the sentencing guidelines
and policy statements to provide appropriate penalties for violations of section 1037 of title 18, United States Code, as added
by this section, and other offenses that may be facilitated
by the sending of large quantities of unsolicited electronic mail.
(2) REQUIREMENTS.—In carrying out this subsection, the
Sentencing Commission shall consider providing sentencing
enhancements for—
(A) those convicted under section 1037 of title 18,
United States Code, who—
(i) obtained electronic mail addresses through
improper means, including—
(I) harvesting electronic mail addresses of the
users of a website, proprietary service, or other
online public forum operated by another person,
without the authorization of such person; and
(II) randomly generating electronic mail
addresses by computer; or
(ii) knew that the commercial electronic mail messages involved in the offense contained or advertised
an Internet domain for which the registrant of the
domain had provided false registration information;
and
28 USC 994 note.
Applicability.
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00007 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2706 PUBLIC LAW 108–187—DEC. 16, 2003
(B) those convicted of other offenses, including offenses
involving fraud, identity theft, obscenity, child pornography, and the sexual exploitation of children, if such
offenses involved the sending of large quantities of electronic mail.
(c) SENSE OF CONGRESS.—It is the sense of Congress that—
(1) Spam has become the method of choice for those who
distribute pornography, perpetrate fraudulent schemes, and
introduce viruses, worms, and Trojan horses into personal and
business computer systems; and
(2) the Department of Justice should use all existing law
enforcement tools to investigate and prosecute those who send
bulk commercial e-mail to facilitate the commission of Federal
crimes, including the tools contained in chapters 47 and 63
of title 18, United States Code (relating to fraud and false
statements); chapter 71 of title 18, United States Code (relating
to obscenity); chapter 110 of title 18, United States Code
(relating to the sexual exploitation of children); and chapter
95 of title 18, United States Code (relating to racketeering),
as appropriate.
SEC. 5. OTHER PROTECTIONS FOR USERS OF COMMERCIAL ELECTRONIC MAIL.
(a) REQUIREMENTS FOR TRANSMISSION OF MESSAGES.—
(1) PROHIBITION OF FALSE OR MISLEADING TRANSMISSION
INFORMATION.—It is unlawful for any person to initiate the
transmission, to a protected computer, of a commercial electronic mail message, or a transactional or relationship message,
that contains, or is accompanied by, header information that
is materially false or materially misleading. For purposes of
this paragraph—
(A) header information that is technically accurate but
includes an originating electronic mail address, domain
name, or Internet Protocol address the access to which
for purposes of initiating the message was obtained by
means of false or fraudulent pretenses or representations
shall be considered materially misleading;
(B) a ‘‘from’’ line (the line identifying or purporting
to identify a person initiating the message) that accurately
identifies any person who initiated the message shall not
be considered materially false or materially misleading;
and
(C) header information shall be considered materially
misleading if it fails to identify accurately a protected
computer used to initiate the message because the person
initiating the message knowingly uses another protected
computer to relay or retransmit the message for purposes
of disguising its origin.
(2) PROHIBITION OF DECEPTIVE SUBJECT HEADINGS.—It is
unlawful for any person to initiate the transmission to a protected computer of a commercial electronic mail message if
such person has actual knowledge, or knowledge fairly implied
on the basis of objective circumstances, that a subject heading
of the message would be likely to mislead a recipient, acting
reasonably under the circumstances, about a material fact
15 USC 7704.
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00008 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2707
regarding the contents or subject matter of the message (consistent with the criteria used in enforcement of section 5 of
the Federal Trade Commission Act (15 U.S.C. 45)).
(3) INCLUSION OF RETURN ADDRESS OR COMPARABLE MECHANISM IN COMMERCIAL ELECTRONIC MAIL.—
(A) IN GENERAL.—It is unlawful for any person to initiate the transmission to a protected computer of a commercial electronic mail message that does not contain a
functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed,
that—
(i) a recipient may use to submit, in a manner
specified in the message, a reply electronic mail message or other form of Internet-based communication
requesting not to receive future commercial electronic
mail messages from that sender at the electronic mail
address where the message was received; and
(ii) remains capable of receiving such messages
or communications for no less than 30 days after the
transmission of the original message.
(B) MORE DETAILED OPTIONS POSSIBLE.—The person
initiating a commercial electronic mail message may
comply with subparagraph (A)(i) by providing the recipient
a list or menu from which the recipient may choose the
specific types of commercial electronic mail messages the
recipient wants to receive or does not want to receive
from the sender, if the list or menu includes an option
under which the recipient may choose not to receive any
commercial electronic mail messages from the sender.
(C) TEMPORARY INABILITY TO RECEIVE MESSAGES OR
PROCESS REQUESTS.—A return electronic mail address or
other mechanism does not fail to satisfy the requirements
of subparagraph (A) if it is unexpectedly and temporarily
unable to receive messages or process requests due to a
technical problem beyond the control of the sender if the
problem is corrected within a reasonable time period.
(4) PROHIBITION OF TRANSMISSION OF COMMERCIAL ELECTRONIC MAIL AFTER OBJECTION.—
(A) IN GENERAL.—If a recipient makes a request using
a mechanism provided pursuant to paragraph (3) not to
receive some or any commercial electronic mail messages
from such sender, then it is unlawful—
(i) for the sender to initiate the transmission to
the recipient, more than 10 business days after the
receipt of such request, of a commercial electronic mail
message that falls within the scope of the request;
(ii) for any person acting on behalf of the sender
to initiate the transmission to the recipient, more than
10 business days after the receipt of such request,
of a commercial electronic mail message with actual
knowledge, or knowledge fairly implied on the basis
of objective circumstances, that such message falls
within the scope of the request;
(iii) for any person acting on behalf of the sender
to assist in initiating the transmission to the recipient,
through the provision or selection of addresses to which
the message will be sent, of a commercial electronic
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00009 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2708 PUBLIC LAW 108–187—DEC. 16, 2003
mail message with actual knowledge, or knowledge
fairly implied on the basis of objective circumstances,
that such message would violate clause (i) or (ii); or
(iv) for the sender, or any other person who knows
that the recipient has made such a request, to sell,
lease, exchange, or otherwise transfer or release the
electronic mail address of the recipient (including
through any transaction or other transfer involving
mailing lists bearing the electronic mail address of
the recipient) for any purpose other than compliance
with this Act or other provision of law.
(B) SUBSEQUENT AFFIRMATIVE CONSENT.—A prohibition
in subparagraph (A) does not apply if there is affirmative
consent by the recipient subsequent to the request under
subparagraph (A).
(5) INCLUSION OF IDENTIFIER, OPT-OUT, AND PHYSICAL
ADDRESS IN COMMERCIAL ELECTRONIC MAIL.—(A) It is unlawful
for any person to initiate the transmission of any commercial
electronic mail message to a protected computer unless the
message provides—
(i) clear and conspicuous identification that the message is an advertisement or solicitation;
(ii) clear and conspicuous notice of the opportunity
under paragraph (3) to decline to receive further commercial electronic mail messages from the sender; and
(iii) a valid physical postal address of the sender.
(B) Subparagraph (A)(i) does not apply to the transmission
of a commercial electronic mail message if the recipient has
given prior affirmative consent to receipt of the message.
(6) MATERIALLY.—For purposes of paragraph (1), the term
‘‘materially’’, when used with respect to false or misleading
header information, includes the alteration or concealment of
header information in a manner that would impair the ability
of an Internet access service processing the message on behalf
of a recipient, a person alleging a violation of this section,
or a law enforcement agency to identify, locate, or respond
to a person who initiated the electronic mail message or to
investigate the alleged violation, or the ability of a recipient
of the message to respond to a person who initiated the electronic message.
(b) AGGRAVATED VIOLATIONS RELATING TO COMMERCIAL ELECTRONIC MAIL.—
(1) ADDRESS HARVESTING AND DICTIONARY ATTACKS.—
(A) IN GENERAL.—It is unlawful for any person to initiate the transmission, to a protected computer, of a
commercial electronic mail message that is unlawful under
subsection (a), or to assist in the origination of such message through the provision or selection of addresses to
which the message will be transmitted, if such person
had actual knowledge, or knowledge fairly implied on the
basis of objective circumstances, that—
(i) the electronic mail address of the recipient was
obtained using an automated means from an Internet
website or proprietary online service operated by
another person, and such website or online service
included, at the time the address was obtained, a notice
stating that the operator of such website or online
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00010 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2709
service will not give, sell, or otherwise transfer
addresses maintained by such website or online service
to any other party for the purposes of initiating, or
enabling others to initiate, electronic mail messages;
or
(ii) the electronic mail address of the recipient
was obtained using an automated means that generates possible electronic mail addresses by combining
names, letters, or numbers into numerous permutations.
(B) DISCLAIMER.—Nothing in this paragraph creates
an ownership or proprietary interest in such electronic
mail addresses.
(2) AUTOMATED CREATION OF MULTIPLE ELECTRONIC MAIL
ACCOUNTS.—It is unlawful for any person to use scripts or
other automated means to register for multiple electronic mail
accounts or online user accounts from which to transmit to
a protected computer, or enable another person to transmit
to a protected computer, a commercial electronic mail message
that is unlawful under subsection (a).
(3) RELAY OR RETRANSMISSION THROUGH UNAUTHORIZED
ACCESS.—It is unlawful for any person knowingly to relay or
retransmit a commercial electronic mail message that is unlawful under subsection (a) from a protected computer or computer
network that such person has accessed without authorization.
(c) SUPPLEMENTARY RULEMAKING AUTHORITY.—The Commission shall by regulation, pursuant to section 13—
(1) modify the 10-business-day period under subsection
(a)(4)(A) or subsection (a)(4)(B), or both, if the Commission
determines that a different period would be more reasonable
after taking into account—
(A) the purposes of subsection (a);
(B) the interests of recipients of commercial electronic
mail; and
(C) the burdens imposed on senders of lawful commercial electronic mail; and
(2) specify additional activities or practices to which subsection (b) applies if the Commission determines that those
activities or practices are contributing substantially to the proliferation of commercial electronic mail messages that are
unlawful under subsection (a).
(d) REQUIREMENT TO PLACE WARNING LABELS ON COMMERCIAL
ELECTRONIC MAIL CONTAINING SEXUALLY ORIENTED MATERIAL.—
(1) IN GENERAL.—No person may initiate in or affecting
interstate commerce the transmission, to a protected computer,
of any commercial electronic mail message that includes sexually oriented material and—
(A) fail to include in subject heading for the electronic
mail message the marks or notices prescribed by the
Commission under this subsection; or
(B) fail to provide that the matter in the message
that is initially viewable to the recipient, when the message
is opened by any recipient and absent any further actions
by the recipient, includes only—
(i) to the extent required or authorized pursuant
to paragraph (2), any such marks or notices;
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00011 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2710 PUBLIC LAW 108–187—DEC. 16, 2003
(ii) the information required to be included in the
message pursuant to subsection (a)(5); and
(iii) instructions on how to access, or a mechanism
to access, the sexually oriented material.
(2) PRIOR AFFIRMATIVE CONSENT.—Paragraph (1) does not
apply to the transmission of an electronic mail message if
the recipient has given prior affirmative consent to receipt
of the message.
(3) PRESCRIPTION OF MARKS AND NOTICES.—Not later than
120 days after the date of the enactment of this Act, the
Commission in consultation with the Attorney General shall
prescribe clearly identifiable marks or notices to be included
in or associated with commercial electronic mail that contains
sexually oriented material, in order to inform the recipient
of that fact and to facilitate filtering of such electronic mail.
The Commission shall publish in the Federal Register and
provide notice to the public of the marks or notices prescribed
under this paragraph.
(4) DEFINITION.—In this subsection, the term ‘‘sexually oriented material’’ means any material that depicts sexually
explicit conduct (as that term is defined in section 2256 of
title 18, United States Code), unless the depiction constitutes
a small and insignificant part of the whole, the remainder
of which is not primarily devoted to sexual matters.
(5) PENALTY.—Whoever knowingly violates paragraph (1)
shall be fined under title 18, United States Code, or imprisoned
not more than 5 years, or both.
SEC. 6. BUSINESSES KNOWINGLY PROMOTED BY ELECTRONIC MAIL
WITH FALSE OR MISLEADING TRANSMISSION INFORMATION.
(a) IN GENERAL.—It is unlawful for a person to promote, or
allow the promotion of, that person’s trade or business, or goods,
products, property, or services sold, offered for sale, leased or offered
for lease, or otherwise made available through that trade or business, in a commercial electronic mail message the transmission
of which is in violation of section 5(a)(1) if that person—
(1) knows, or should have known in the ordinary course
of that person’s trade or business, that the goods, products,
property, or services sold, offered for sale, leased or offered
for lease, or otherwise made available through that trade or
business were being promoted in such a message;
(2) received or expected to receive an economic benefit
from such promotion; and
(3) took no reasonable action—
(A) to prevent the transmission; or
(B) to detect the transmission and report it to the
Commission.
(b) LIMITED ENFORCEMENT AGAINST THIRD PARTIES.—
(1) IN GENERAL.—Except as provided in paragraph (2), a
person (hereinafter referred to as the ‘‘third party’’) that provides goods, products, property, or services to another person
that violates subsection (a) shall not be held liable for such
violation.
(2) EXCEPTION.—Liability for a violation of subsection (a)
shall be imputed to a third party that provides goods, products,
property, or services to another person that violates subsection
(a) if that third party—
15 USC 7705.
Federal Register,
publication.
Deadline.
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00012 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2711
(A) owns, or has a greater than 50 percent ownership
or economic interest in, the trade or business of the person
that violated subsection (a); or
(B)(i) has actual knowledge that goods, products, property, or services are promoted in a commercial electronic
mail message the transmission of which is in violation
of section 5(a)(1); and
(ii) receives, or expects to receive, an economic benefit
from such promotion.
(c) EXCLUSIVE ENFORCEMENT BY FTC.—Subsections (f) and (g)
of section 7 do not apply to violations of this section.
(d) SAVINGS PROVISION.—Except as provided in section 7(f)(8),
nothing in this section may be construed to limit or prevent any
action that may be taken under this Act with respect to any violation of any other section of this Act.
SEC. 7. ENFORCEMENT GENERALLY.
(a) VIOLATION IS UNFAIR OR DECEPTIVE ACT OR PRACTICE.—
Except as provided in subsection (b), this Act shall be enforced
by the Commission as if the violation of this Act were an unfair
or deceptive act or practice proscribed under section 18(a)(1)(B)
of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).
(b) ENFORCEMENT BY CERTAIN OTHER AGENCIES.—Compliance
with this Act shall be enforced—
(1) under section 8 of the Federal Deposit Insurance Act
(12 U.S.C. 1818), in the case of—
(A) national banks, and Federal branches and Federal
agencies of foreign banks, by the Office of the Comptroller
of the Currency;
(B) member banks of the Federal Reserve System
(other than national banks), branches and agencies of foreign banks (other than Federal branches, Federal agencies,
and insured State branches of foreign banks), commercial
lending companies owned or controlled by foreign banks,
organizations operating under section 25 or 25A of the
Federal Reserve Act (12 U.S.C. 601 and 611), and bank
holding companies, by the Board;
(C) banks insured by the Federal Deposit Insurance
Corporation (other than members of the Federal Reserve
System) and insured State branches of foreign banks, by
the Board of Directors of the Federal Deposit Insurance
Corporation; and
(D) savings associations the deposits of which are
insured by the Federal Deposit Insurance Corporation, by
the Director of the Office of Thrift Supervision;
(2) under the Federal Credit Union Act (12 U.S.C. 1751
et seq.) by the Board of the National Credit Union Administration with respect to any Federally insured credit union;
(3) under the Securities Exchange Act of 1934 (15 U.S.C.
78a et seq.) by the Securities and Exchange Commission with
respect to any broker or dealer;
(4) under the Investment Company Act of 1940 (15 U.S.C.
80a–1 et seq.) by the Securities and Exchange Commission
with respect to investment companies;
(5) under the Investment Advisers Act of 1940 (15 U.S.C.
80b–1 et seq.) by the Securities and Exchange Commission
with respect to investment advisers registered under that Act;
15 USC 7706.
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00013 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2712 PUBLIC LAW 108–187—DEC. 16, 2003
(6) under State insurance law in the case of any person
engaged in providing insurance, by the applicable State insurance authority of the State in which the person is domiciled,
subject to section 104 of the Gramm-Bliley-Leach Act (15 U.S.C.
6701), except that in any State in which the State insurance
authority elects not to exercise this power, the enforcement
authority pursuant to this Act shall be exercised by the
Commission in accordance with subsection (a);
(7) under part A of subtitle VII of title 49, United States
Code, by the Secretary of Transportation with respect to any
air carrier or foreign air carrier subject to that part;
(8) under the Packers and Stockyards Act, 1921 (7 U.S.C.
181 et seq.) (except as provided in section 406 of that Act
(7 U.S.C. 226, 227)), by the Secretary of Agriculture with respect
to any activities subject to that Act;
(9) under the Farm Credit Act of 1971 (12 U.S.C. 2001
et seq.) by the Farm Credit Administration with respect to
any Federal land bank, Federal land bank association, Federal
intermediate credit bank, or production credit association; and
(10) under the Communications Act of 1934 (47 U.S.C.
151 et seq.) by the Federal Communications Commission with
respect to any person subject to the provisions of that Act.
(c) EXERCISE OF CERTAIN POWERS.—For the purpose of the
exercise by any agency referred to in subsection (b) of its powers
under any Act referred to in that subsection, a violation of this
Act is deemed to be a violation of a Federal Trade Commission
trade regulation rule. In addition to its powers under any provision
of law specifically referred to in subsection (b), each of the agencies
referred to in that subsection may exercise, for the purpose of
enforcing compliance with any requirement imposed under this
Act, any other authority conferred on it by law.
(d) ACTIONS BY THE COMMISSION.—The Commission shall prevent any person from violating this Act in the same manner, by
the same means, and with the same jurisdiction, powers, and duties
as though all applicable terms and provisions of the Federal Trade
Commission Act (15 U.S.C. 41 et seq.) were incorporated into and
made a part of this Act. Any entity that violates any provision
of that subtitle is subject to the penalties and entitled to the
privileges and immunities provided in the Federal Trade Commission Act in the same manner, by the same means, and with the
same jurisdiction, power, and duties as though all applicable terms
and provisions of the Federal Trade Commission Act were incorporated into and made a part of that subtitle.
(e) AVAILABILITY OF CEASE-AND-DESIST ORDERS AND INJUNCTIVE
RELIEF WITHOUT SHOWING OF KNOWLEDGE.—Notwithstanding any
other provision of this Act, in any proceeding or action pursuant
to subsection (a), (b), (c), or (d) of this section to enforce compliance,
through an order to cease and desist or an injunction, with section
5(a)(1)(C), section 5(a)(2), clause (ii), (iii), or (iv) of section 5(a)(4)(A),
section 5(b)(1)(A), or section 5(b)(3), neither the Commission nor
the Federal Communications Commission shall be required to allege
or prove the state of mind required by such section or subparagraph.
(f) ENFORCEMENT BY STATES.—
(1) CIVIL ACTION.—In any case in which the attorney general of a State, or an official or agency of a State, has reason
to believe that an interest of the residents of that State has
been or is threatened or adversely affected by any person who
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00014 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2713
violates paragraph (1) or (2) of section 5(a), who violates section
5(d), or who engages in a pattern or practice that violates
paragraph (3), (4), or (5) of section 5(a), of this Act, the attorney
general, official, or agency of the State, as parens patriae,
may bring a civil action on behalf of the residents of the
State in a district court of the United States of appropriate
jurisdiction—
(A) to enjoin further violation of section 5 of this Act
by the defendant; or
(B) to obtain damages on behalf of residents of the
State, in an amount equal to the greater of—
(i) the actual monetary loss suffered by such residents; or
(ii) the amount determined under paragraph (3).
(2) AVAILABILITY OF INJUNCTIVE RELIEF WITHOUT SHOWING
OF KNOWLEDGE.—Notwithstanding any other provision of this
Act, in a civil action under paragraph (1)(A) of this subsection,
the attorney general, official, or agency of the State shall not
be required to allege or prove the state of mind required by
section 5(a)(1)(C), section 5(a)(2), clause (ii), (iii), or (iv) of
section 5(a)(4)(A), section 5(b)(1)(A), or section 5(b)(3).
(3) STATUTORY DAMAGES.—
(A) IN GENERAL.—For purposes of paragraph (1)(B)(ii),
the amount determined under this paragraph is the amount
calculated by multiplying the number of violations (with
each separately addressed unlawful message received by
or addressed to such residents treated as a separate violation) by up to $250.
(B) LIMITATION.—For any violation of section 5 (other
than section 5(a)(1)), the amount determined under
subparagraph (A) may not exceed $2,000,000.
(C) AGGRAVATED DAMAGES.—The court may increase
a damage award to an amount equal to not more than
three times the amount otherwise available under this
paragraph if—
(i) the court determines that the defendant committed the violation willfully and knowingly; or
(ii) the defendant’s unlawful activity included one
or more of the aggravating violations set forth in section 5(b).
(D) REDUCTION OF DAMAGES.—In assessing damages
under subparagraph (A), the court may consider whether—
(i) the defendant has established and implemented,
with due care, commercially reasonable practices and
procedures designed to effectively prevent such violations; or
(ii) the violation occurred despite commercially
reasonable efforts to maintain compliance the practices
and procedures to which reference is made in clause
(i).
(4) ATTORNEY FEES.—In the case of any successful action
under paragraph (1), the court, in its discretion, may award
the costs of the action and reasonable attorney fees to the
State.
(5) RIGHTS OF FEDERAL REGULATORS.—The State shall serve
prior written notice of any action under paragraph (1) upon
Notice.
Records.
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00015 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2714 PUBLIC LAW 108–187—DEC. 16, 2003
the Federal Trade Commission or the appropriate Federal regulator determined under subsection (b) and provide the Commission or appropriate Federal regulator with a copy of its complaint, except in any case in which such prior notice is not
feasible, in which case the State shall serve such notice immediately upon instituting such action. The Federal Trade
Commission or appropriate Federal regulator shall have the
right—
(A) to intervene in the action;
(B) upon so intervening, to be heard on all matters
arising therein;
(C) to remove the action to the appropriate United
States district court; and
(D) to file petitions for appeal.
(6) CONSTRUCTION.—For purposes of bringing any civil
action under paragraph (1), nothing in this Act shall be construed to prevent an attorney general of a State from exercising
the powers conferred on the attorney general by the laws of
that State to—
(A) conduct investigations;
(B) administer oaths or affirmations; or
(C) compel the attendance of witnesses or the production of documentary and other evidence.
(7) VENUE; SERVICE OF PROCESS.—
(A) VENUE.—Any action brought under paragraph (1)
may be brought in the district court of the United States
that meets applicable requirements relating to venue under
section 1391 of title 28, United States Code.
(B) SERVICE OF PROCESS.—In an action brought under
paragraph (1), process may be served in any district in
which the defendant—
(i) is an inhabitant; or
(ii) maintains a physical place of business.
(8) LIMITATION ON STATE ACTION WHILE FEDERAL ACTION
IS PENDING.—If the Commission, or other appropriate Federal
agency under subsection (b), has instituted a civil action or
an administrative action for violation of this Act, no State
attorney general, or official or agency of a State, may bring
an action under this subsection during the pendency of that
action against any defendant named in the complaint of the
Commission or the other agency for any violation of this Act
alleged in the complaint.
(9) REQUISITE SCIENTER FOR CERTAIN CIVIL ACTIONS.—
Except as provided in section 5(a)(1)(C), section 5(a)(2), clause
(ii), (iii), or (iv) of section 5(a)(4)(A), section 5(b)(1)(A), or section
5(b)(3), in a civil action brought by a State attorney general,
or an official or agency of a State, to recover monetary damages
for a violation of this Act, the court shall not grant the relief
sought unless the attorney general, official, or agency establishes that the defendant acted with actual knowledge, or
knowledge fairly implied on the basis of objective circumstances,
of the act or omission that constitutes the violation.
(g) ACTION BY PROVIDER OF INTERNET ACCESS SERVICE.—
(1) ACTION AUTHORIZED.—A provider of Internet access
service adversely affected by a violation of section 5(a)(1), 5(b),
or 5(d), or a pattern or practice that violates paragraph (2),
(3), (4), or (5) of section 5(a), may bring a civil action in
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00016 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2715
any district court of the United States with jurisdiction over
the defendant—
(A) to enjoin further violation by the defendant; or
(B) to recover damages in an amount equal to the
greater of—
(i) actual monetary loss incurred by the provider
of Internet access service as a result of such violation;
or
(ii) the amount determined under paragraph (3).
(2) SPECIAL DEFINITION OF ‘‘PROCURE’’.—In any action
brought under paragraph (1), this Act shall be applied as if
the definition of the term ‘‘procure’’ in section 3(12) contained,
after ‘‘behalf’’ the words ‘‘with actual knowledge, or by consciously avoiding knowing, whether such person is engaging,
or will engage, in a pattern or practice that violates this Act’’.
(3) STATUTORY DAMAGES.—
(A) IN GENERAL.—For purposes of paragraph (1)(B)(ii),
the amount determined under this paragraph is the amount
calculated by multiplying the number of violations (with
each separately addressed unlawful message that is transmitted or attempted to be transmitted over the facilities
of the provider of Internet access service, or that is transmitted or attempted to be transmitted to an electronic
mail address obtained from the provider of Internet access
service in violation of section 5(b)(1)(A)(i), treated as a
separate violation) by—
(i) up to $100, in the case of a violation of section
5(a)(1); or
(ii) up to $25, in the case of any other violation
of section 5.
(B) LIMITATION.—For any violation of section 5 (other
than section 5(a)(1)), the amount determined under
subparagraph (A) may not exceed $1,000,000.
(C) AGGRAVATED DAMAGES.—The court may increase
a damage award to an amount equal to not more than
three times the amount otherwise available under this
paragraph if—
(i) the court determines that the defendant committed the violation willfully and knowingly; or
(ii) the defendant’s unlawful activity included one
or more of the aggravated violations set forth in section
5(b).
(D) REDUCTION OF DAMAGES.—In assessing damages
under subparagraph (A), the court may consider whether—
(i) the defendant has established and implemented,
with due care, commercially reasonable practices and
procedures designed to effectively prevent such violations; or
(ii) the violation occurred despite commercially
reasonable efforts to maintain compliance with the
practices and procedures to which reference is made
in clause (i).
(4) ATTORNEY FEES.—In any action brought pursuant to
paragraph (1), the court may, in its discretion, require an
undertaking for the payment of the costs of such action, and
assess reasonable costs, including reasonable attorneys’ fees,
against any party.
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00017 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2716 PUBLIC LAW 108–187—DEC. 16, 2003
SEC. 8. EFFECT ON OTHER LAWS.
(a) FEDERAL LAW.—(1) Nothing in this Act shall be construed
to impair the enforcement of section 223 or 231 of the Communications Act of 1934 (47 U.S.C. 223 or 231, respectively), chapter
71 (relating to obscenity) or 110 (relating to sexual exploitation
of children) of title 18, United States Code, or any other Federal
criminal statute.
(2) Nothing in this Act shall be construed to affect in any
way the Commission’s authority to bring enforcement actions under
FTC Act for materially false or deceptive representations or unfair
practices in commercial electronic mail messages.
(b) STATE LAW.—
(1) IN GENERAL.—This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that
expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute,
regulation, or rule prohibits falsity or deception in any portion
of a commercial electronic mail message or information attached
thereto.
(2) STATE LAW NOT SPECIFIC TO ELECTRONIC MAIL.—This
Act shall not be construed to preempt the applicability of—
(A) State laws that are not specific to electronic mail,
including State trespass, contract, or tort law; or
(B) other State laws to the extent that those laws
relate to acts of fraud or computer crime.
(c) NO EFFECT ON POLICIES OF PROVIDERS OF INTERNET ACCESS
SERVICE.—Nothing in this Act shall be construed to have any effect
on the lawfulness or unlawfulness, under any other provision of
law, of the adoption, implementation, or enforcement by a provider
of Internet access service of a policy of declining to transmit, route,
relay, handle, or store certain types of electronic mail messages.
SEC. 9. DO-NOT-E-MAIL REGISTRY.
(a) IN GENERAL.—Not later than 6 months after the date of
enactment of this Act, the Commission shall transmit to the Senate
Committee on Commerce, Science, and Transportation and the
House of Representatives Committee on Energy and Commerce
a report that—
(1) sets forth a plan and timetable for establishing a nationwide marketing Do-Not-E-Mail registry;
(2) includes an explanation of any practical, technical, security, privacy, enforceability, or other concerns that the Commission has regarding such a registry; and
(3) includes an explanation of how the registry would be
applied with respect to children with e-mail accounts.
(b) AUTHORIZATION TO IMPLEMENT.—The Commission may
establish and implement the plan, but not earlier than 9 months
after the date of enactment of this Act.
SEC. 10. STUDY OF EFFECTS OF COMMERCIAL ELECTRONIC MAIL.
(a) IN GENERAL.—Not later than 24 months after the date
of the enactment of this Act, the Commission, in consultation with
the Department of Justice and other appropriate agencies, shall
submit a report to the Congress that provides a detailed analysis
of the effectiveness and enforcement of the provisions of this Act
and the need (if any) for the Congress to modify such provisions.
Deadline.
Reports.
15 USC 7709.
Deadline.
Reports.
15 USC 7708.
15 USC 7707.
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00018 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2717
(b) REQUIRED ANALYSIS.—The Commission shall include in the
report required by subsection (a)—
(1) an analysis of the extent to which technological and
marketplace developments, including changes in the nature
of the devices through which consumers access their electronic
mail messages, may affect the practicality and effectiveness
of the provisions of this Act;
(2) analysis and recommendations concerning how to
address commercial electronic mail that originates in or is
transmitted through or to facilities or computers in other
nations, including initiatives or policy positions that the Federal
Government could pursue through international negotiations,
fora, organizations, or institutions; and
(3) analysis and recommendations concerning options for
protecting consumers, including children, from the receipt and
viewing of commercial electronic mail that is obscene or pornographic.
SEC. 11. IMPROVING ENFORCEMENT BY PROVIDING REWARDS FOR
INFORMATION ABOUT VIOLATIONS; LABELING.
The Commission shall transmit to the Senate Committee on
Commerce, Science, and Transportation and the House of Representatives Committee on Energy and Commerce—
(1) a report, within 9 months after the date of enactment
of this Act, that sets forth a system for rewarding those who
supply information about violations of this Act, including—
(A) procedures for the Commission to grant a reward
of not less than 20 percent of the total civil penalty collected
for a violation of this Act to the first person that—
(i) identifies the person in violation of this Act;
and
(ii) supplies information that leads to the successful collection of a civil penalty by the Commission;
and
(B) procedures to minimize the burden of submitting
a complaint to the Commission concerning violations of
this Act, including procedures to allow the electronic
submission of complaints to the Commission; and
(2) a report, within 18 months after the date of enactment
of this Act, that sets forth a plan for requiring commercial
electronic mail to be identifiable from its subject line, by means
of compliance with Internet Engineering Task Force Standards,
the use of the characters ‘‘ADV’’ in the subject line, or other
comparable identifier, or an explanation of any concerns the
Commission has that cause the Commission to recommend
against the plan.
SEC. 12. RESTRICTIONS ON OTHER TRANSMISSIONS.
Section 227(b)(1) of the Communications Act of 1934 (47 U.S.C.
227(b)(1)) is amended, in the matter preceding subparagraph (A),
by inserting ‘‘, or any person outside the United States if the
recipient is within the United States’’ after ‘‘United States’’.
SEC. 13. REGULATIONS.
(a) IN GENERAL.—The Commission may issue regulations to
implement the provisions of this Act (not including the amendments
made by sections 4 and 12). Any such regulations shall be issued
in accordance with section 553 of title 5, United States Code.
15 USC 7711.
Reports.
Deadlines.
Procedures.
15 USC 7710.
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00019 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2718 PUBLIC LAW 108–187—DEC. 16, 2003
(b) LIMITATION.—Subsection (a) may not be construed to
authorize the Commission to establish a requirement pursuant
to section 5(a)(5)(A) to include any specific words, characters, marks,
or labels in a commercial electronic mail message, or to include
the identification required by section 5(a)(5)(A) in any particular
part of such a mail message (such as the subject line or body).
SEC. 14. APPLICATION TO WIRELESS.
(a) EFFECT ON OTHER LAW.—Nothing in this Act shall be interpreted to preclude or override the applicability of section 227 of
the Communications Act of 1934 (47 U.S.C. 227) or the rules prescribed under section 3 of the Telemarketing and Consumer Fraud
and Abuse Prevention Act (15 U.S.C. 6102).
(b) FCC RULEMAKING.—The Federal Communications Commission, in consultation with the Federal Trade Commission, shall
promulgate rules within 270 days to protect consumers from
unwanted mobile service commercial messages. The Federal
Communications Commission, in promulgating the rules, shall, to
the extent consistent with subsection (c)—
(1) provide subscribers to commercial mobile services the
ability to avoid receiving mobile service commercial messages
unless the subscriber has provided express prior authorization
to the sender, except as provided in paragraph (3);
(2) allow recipients of mobile service commercial messages
to indicate electronically a desire not to receive future mobile
service commercial messages from the sender;
(3) take into consideration, in determining whether to subject providers of commercial mobile services to paragraph (1),
the relationship that exists between providers of such services
and their subscribers, but if the Commission determines that
such providers should not be subject to paragraph (1), the
rules shall require such providers, in addition to complying
with the other provisions of this Act, to allow subscribers to
indicate a desire not to receive future mobile service commercial
messages from the provider—
(A) at the time of subscribing to such service; and
(B) in any billing mechanism; and
(4) determine how a sender of mobile service commercial
messages may comply with the provisions of this Act, considering the unique technical aspects, including the functional
and character limitations, of devices that receive such messages.
(c) OTHER FACTORS CONSIDERED.—The Federal Communications Commission shall consider the ability of a sender of a commercial electronic mail message to reasonably determine that the message is a mobile service commercial message.
(d) MOBILE SERVICE COMMERCIAL MESSAGE DEFINED.—In this
section, the term ‘‘mobile service commercial message’’ means a
commercial electronic mail message that is transmitted directly
to a wireless device that is utilized by a subscriber of commercial
mobile service (as such term is defined in section 332(d) of the
Communications Act of 1934 (47 U.S.C. 332(d))) in connection with
such service.
SEC. 15. SEPARABILITY.
If any provision of this Act or the application thereof to any
person or circumstance is held invalid, the remainder of this Act
and the application of such provision to other persons or circumstances shall not be affected.
15 USC 7713.
Deadline.
15 USC 7712.
VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00020 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2719
LEGISLATIVE HISTORY—S. 877:
SENATE REPORTS: No. 108–102 (Comm. on Commerce, Science, and Transportation).
CONGRESSIONAL RECORD, Vol. 149 (2003):
Oct. 22, considered and passed Senate.
Nov. 21, considered and passed House, amended.
Nov. 25, Senate concurred in House amendment with an amendment.
Dec. 8, House conccurred in Senate amendment.
Æ
SEC. 16. EFFECTIVE DATE.
The provisions of this Act, other than section 9, shall take
effect on January 1, 2004.
Approved December 16, 2003

--------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------

Title 16: Commercial Practices

Part 316

Authority:   15 U.S.C. 7701-7713.

Source:   73 FR 29677, May 21, 2008, unless otherwise noted

§ 316.1   Scope.

This part implements the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM Act”), 15 U.S.C. 7701-7713.

§ 316.2   Definitions.

(a) The definition of the term “affirmative consent” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(1).

(b) “Character” means an element of the American Standard Code for Information Interchange (“ASCII”) character set.

(c) The definition of the term “commercial electronic mail message” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(2).

(d) The definition of the term “electronic mail address” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(5).

(e) The definition of the term “electronic mail message” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(6).

(f) The definition of the term “initiate” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(9).

(g) The definition of the term “Internet” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(10).

(h) “Person” means any individual, group, unincorporated association, limited or general partnership, corporation, or other business entity.

(i) The definition of the term “procure” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(12).

(j) The definition of the term “protected computer” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(13).

(k) The definition of the term “recipient” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(14).

(l) The definition of the term “routine conveyance” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(15).

(m) The definition of the term “sender” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(16), provided that , when more than one person's products, services, or Internet website are advertised or promoted in a single electronic mail message, each such person who is within the Act's definition will be deemed to be a “sender,” except that, only one person will be deemed to be the “sender” of that message if such person: (A) is within the Act's definition of “sender”; (B) is identified in the “from” line as the sole sender of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4.

(n) The definition of the term “sexually oriented material” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7704(d)(4).

(o) The definition of the term “transactional or relationship messages” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(17).

(p) “Valid physical postal address” means the sender's current street address, a Post Office box the sender has accurately registered with the United States Postal Service, or a private mailbox the sender has accurately registered with a commercial mail receiving agency that is established pursuant to United States Postal Service regulations.

§ 316.3   Primary purpose.

(a) In applying the term “commercial electronic mail message” defined in the CAN-SPAM Act, 15 U.S.C. 7702(2), the “primary purpose” of an electronic mail message shall be deemed to be commercial based on the criteria in paragraphs (a)(1) through (3) and (b) of this section:1

1 The Commission does not intend for these criteria to treat as a “commercial electronic mail message” anything that is not commercial speech.

(1) If an electronic mail message consists exclusively of the commercial advertisement or promotion of a commercial product or service, then the “primary purpose” of the message shall be deemed to be commercial.

(2) If an electronic mail message contains both the commercial advertisement or promotion of a commercial product or service as well as transactional or relationship content as set forth in paragraph (c) of this section, then the “primary purpose” of the message shall be deemed to be commercial if:

(i) A recipient reasonably interpreting the subject line of the electronic mail message would likely conclude that the message contains the commercial advertisement or promotion of a commercial product or service; or

(ii) The electronic mail message's transactional or relationship content as set forth in paragraph (c) of this section does not appear, in whole or in substantial part, at the beginning of the body of the message.

(3) If an electronic mail message contains both the commercial advertisement or promotion of a commercial product or service as well as other content that is not transactional or relationship content as set forth in paragraph (c) of this section, then the “primary purpose” of the message shall be deemed to be commercial if:

(i) A recipient reasonably interpreting the subject line of the electronic mail message would likely conclude that the message contains the commercial advertisement or promotion of a commercial product or service; or

(ii) A recipient reasonably interpreting the body of the message would likely conclude that the primary purpose of the message is the commercial advertisement or promotion of a commercial product or service. Factors illustrative of those relevant to this interpretation include the placement of content that is the commercial advertisement or promotion of a commercial product or service, in whole or in substantial part, at the beginning of the body of the message; the proportion of the message dedicated to such content; and how color, graphics, type size, and style are used to highlight commercial content.

(b) In applying the term “transactional or relationship message” defined in the CAN-SPAM Act, 15 U.S.C. 7702(17), the “primary purpose” of an electronic mail message shall be deemed to be transactional or relationship if the electronic mail message consists exclusively of transactional or relationship content as set forth in paragraph (c) of this section.

(c) Transactional or relationship content of email messages under the CAN-SPAM Act is content:

(1) To facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender;

(2) To provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient;

(3) With respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender, to provide —

(i) Notification concerning a change in the terms or features;

(ii) Notification of a change in the recipient's standing or status; or

(iii) At regular periodic intervals, account balance information or other type of account statement;

(4) To provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or

(5) To deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.

§ 316.4   Requirement to place warning labels on commercial electronic mail that contains sexually oriented material.

(a) Any person who initiates, to a protected computer, the transmission of a commercial electronic mail message that includes sexually oriented material must:

(1) Exclude sexually oriented materials from the subject heading for the electronic mail message and include in the subject heading the phrase “SEXUALLY-EXPLICIT: ” in capital letters as the first nineteen (19) characters at the beginning of the subject line;2

2 The phrase “SEXUALLY-EXPLICIT” comprises 17 characters, including the dash between the two words. The colon (:) and the space following the phrase are the 18th and 19th characters.

(2) Provide that the content of the message that is initially viewable by the recipient, when the message is opened by any recipient and absent any further actions by the recipient, include only the following information:

(i) The phrase “SEXUALLY-EXPLICIT: ” in a clear and conspicuous manner;3

3 This phrase consists of nineteen (19) characters and is identical to the phrase required in 316.5(a)(1) of this Rule.

(ii) Clear and conspicuous identification that the message is an advertisement or solicitation;

(iii) Clear and conspicuous notice of the opportunity of a recipient to decline to receive further commercial electronic mail messages from the sender;

(iv) A functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed, that

(A) A recipient may use to submit, in a manner specified in the message, a reply electronic mail message or other form of Internet-based communication requesting not to receive future commercial electronic mail messages from that sender at the electronic mail address where the message was received; and

(B) Remains capable of receiving such messages or communications for no less than 30 days after the transmission of the original message;

(v) Clear and conspicuous display of a valid physical postal address of the sender; and

(vi) Any needed instructions on how to access, or activate a mechanism to access, the sexually oriented material, preceded by a clear and conspicuous statement that to avoid viewing the sexually oriented material, a recipient should delete the email message without following such instructions.

(b) Prior affirmative consent . Paragraph (a) does not apply to the transmission of an electronic mail message if the recipient has given prior affirmative consent to receipt of the message.

§ 316.5   Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out.

Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient's electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:

(a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or

(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).

§ 316.6   Severability.

The provisions of this Part are separate and severable from one another. If any provision is stayed or determined to be invalid, it is the Commission's intention that the remaining provisions shall continue in effect.

Allah July 31, 2013 god@llah.mobi

ALLAH is pleased to announce His arrival.  You may email Allah to God@llah.mobi and help with the all-new ALLAH News Email.  email god@llah.mobi to help get started.  We hope for the email to be 24/7 on-demand, same-day-response, email news, only from ALLAH 24/7/365.25

Allah July 31, 2013 Law

BILLING CODE 6750-01-S FEDERAL TRADE COMMISSION 16 CFR Part 316 [Project No. R411008] RIN 3084-AA96 Definitions and Implementation Under the CAN-SPAM Act AGENCY: Federal Trade Commission. ACTION: Final Rule. SUMMARY: In this document, the Federal Trade Commission (“FTC” or “Commission”) issues its Statement of Basis and Purpose and final Discretionary Rule (“final Rule”) pursuant to section 7711(a) of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM” or “the Act”), which gives the FTC discretionary authority to “issue regulations to implement the provisions of [the] Act.” EFFECTIVE DATE: The provisions of the final Rule will become effective on [insert date 45 days after date of publication in the Federal Register]. ADDRESSES: Requests for copies of the provisions of the Statement of Basis and Purpose and final Rule should be sent to: Public Records Branch, Room 130, Federal Trade Commission, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. Copies of these documents are also available at the Commission’s Website FOR FURTHER INFORMATION CONTACT: Allah, 707-925-2488. 1 15 U.S.C. 7701-7713. 2 -2- Consumer Protection, Federal Trade Commission, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. SUPPLEMENTARY INFORMATION: The final Rule: (1) adds a definition of the term “person”; (2) modifies the term “sender” in those instances where a single email message contains advertisements for the products, services, or websites of multiple entities; (3) clarifies that a sender may comply with section 7704(a)(5)(A)(iii) of the Act by including in a commercial email message a post office box or private mailbox established pursuant to United States Postal Service regulations; and (4) clarifies that to submit a valid opt-out request, a recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single page on an Internet website. This Statement of Basis and Purpose also explains the Commission’s rationale for not adopting other proposals contained in the Commission’s May 12, 2005 Notice of Proposed Rulemaking (“NPRM”), and addresses the application of CAN-SPAM to forward- 1 to-a-“friend” emails and certain other categories of email messages identified in the NPRM. STATEMENT OF BASIS AND PURPOSE I. BACKGROUND A. CAN-SPAM Act of 2003 On December 16, 2003, the President signed into law the CAN-SPAM Act. The Act, 2 which took effect on January 1, 2004, imposes a series of new requirements on the use of-3- commercial electronic mail (“email”) messages. In addition, the Act gives federal civil and criminal enforcement authorities new tools to combat commercial email that is unwanted by the recipient and/or deceptive. The Act also allows state attorneys general to enforce its civil provisions, and creates a private right of action for providers of Internet access service. In enacting the CAN-SPAM Act, Congress made the following determinations of public policy, set forth in section 7701(b) of the Act: (1) there is a substantial government interest in regulation of commercial email on a nationwide basis; (2) senders of commercial email should not mislead recipients as to the source or content of such mail; and (3) recipients of commercial email have a right to decline to receive additional commercial electronic mail from the same source. Based on these policy determinations, Congress, in sections 7704(a) and (b) of the CANSPAM Act, outlawed certain commercial email acts and practices. Section 7704(a)(1) of the Act prohibits transmission of any email that contains false or misleading header or “from” line information. Section 7704(a)(2) prohibits the transmission of commercial email messages with false or misleading subject headings. Section 7704(a)(3) requires that a commercial email message contain a functioning return email address or similar Internet-based mechanism for recipients to use to “opt out” of receiving future commercial email messages. Section 7704(a)(4) prohibits the sender, or others acting on the sender’s behalf, from initiating a commercial email to a recipient more than ten business days after the recipient has opted out. Section 7704(a)(5) prohibits the initiation of a commercial email message unless it contains three disclosures: (1) clear and conspicuous identification that the message is an advertisement or solicitation; (2) clear15 U.S.C. 7704(b). The four such practices set forth in the statute are: address 3 harvesting; dictionary attacks; automated creation of multiple email accounts; and relaying or retransmitting through unauthorized access to a protected computer or network. The Act’s provisions relating to enforcement by state attorneys general and providers of Internet access service create the possibility of increased statutory damages if a court finds a defendant has engaged in one of the practices specified in section 7704(b) while also violating section 7704(a). Specifically, sections 7706(f)(3)(C) and (g)(3)(C) permit a court to increase a statutory damages award up to three times the amount that would have been granted without the commission of an aggravated violation. Sections 7706(f)(3)(C) and (g)(3)(C) also provide for this heightened statutory damages calculation when a court finds that the defendant’s violations of section 7704(a) were committed “willfully and knowingly.” Sections 7706(a) and (c) of the CAN-SPAM Act provide that a violation of the Act shall 4 be treated as a violation of a rule issued under section 18(a)(1)(B) of the FTC Act, 15 U.S.C. 57a(a)(1)(B). 15 U.S.C. 7706(f). Specifically, the state attorneys general may bring enforcement 5 actions for violations of section 7704(a)(1), 7704(a)(2), or 7704(d). The states may also bring an action against any person who engages in a pattern or practice that violates section 7704(a)(3), (4), or (5). 15 U.S.C. 7706(g). Section 7704(d) of the Act requires warning labels on commercial 6 (continued...) -4- and conspicuous notice of the opportunity to decline to receive further commercial email messages from the sender; and (3) a valid physical postal address of the sender. And section 7704(b) specifies four “aggravated violations” — practices that compound the available statutory damages when alleged and proven in combination with certain other CAN-SPAM violations. 3 The Act authorizes the Commission to enforce violations of the Act in the same manner as an FTC trade regulation rule. Section 7706(f) authorizes the attorneys general of the states to 4 enforce compliance with certain provisions of section 7704(a) of the Act by initiating enforcement actions in federal court, after serving prior written notice upon the Commission when feasible. CAN-SPAM also authorizes providers of Internet access service to bring a 5 federal court action for violations of certain provisions of sections 7704(a), (b), and (d). 6(...continued) email messages containing sexually oriented material. 15 U.S.C. 7704(d). In April, 2004, the Commission promulgated its final rule regarding such labels. See 69 FR 21024 (Apr. 19, 2004); 16 CFR 316.4. Prior to the NPRM, the Commission issued an Advance Notice of Proposed Rulemaking 7 (“ANPR”), 69 FR 11776 (Mar. 11, 2004), soliciting comments on a number of issues raised by CAN-SPAM, including the interpretation of the term “primary purpose,” which the Commission addressed in a final Rule issued on January 19, 2005, codified at 16 CFR 316.3. In addition, the ANPR requested comment on the definitions of “transactional or relationship message” and “valid physical postal address,” the application of the Act to both multiple-marketer and forwardto-a-“friend” emails, the sufficiency of the ten-business-day opt-out period that had been set by the Act, the potential addition of new aggravated violations, and implementation of the Act’s provisions generally. (Two issues addressed in the NPRM and in this Statement of Basis and Purpose — the definition of “person” and the prohibition on charging a fee or imposing other requirements on recipients who wish to opt-out — were not addressed in the ANPR.) The ANPR also solicited comment on questions related to four Commission reports required to be submitted (continued...) -5- B. Notice of Proposed Rulemaking In its May 12, 2005 NPRM, the Commission proposed rule provisions on five topics: (1) defining the term “person,” a term used throughout the Act, but not defined; (2) modifying the definition of “sender” to make it easier to determine which of multiple parties advertising in a single email message must have its valid physical postal address included in the message and is responsible for honoring “opt-out” requests; (3) clarifying that Post Office boxes and private mailboxes established pursuant to United States Postal Service regulations constitute “valid physical postal addresses” within the meaning of the Act; (4) shortening from ten days to three days the time a sender may take before honoring a recipient’s opt-out request; and (5) clarifying that to submit a valid opt-out request, a recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single page on an Internet website. 7(...continued) 7 to Congress. The Commission received over 13,500 comments in response to the ANPR. Approximately 93 of these comments were submitted by industry representatives, 56 8 were submitted by consumers, and 3 were submitted by privacy groups. Appendix A is a list of the commenters and the acronyms used to identify each commenter who submitted a comment in response to the NPRM. These comments are available on the Commission’s website. Because the final Rule contains several new provisions, the numbering of the Rule’s 9 subsections has changed. All cites to the Rule in this Statement of Basis and Purpose are to the new, renumbered Rule provisions, unless otherwise stated. The Commission adopted these definitions in the Adult Labeling Rulemaking 10 (continued...) -6- In response to this NPRM, the Commission received 152 comments from email marketers and their associations, email recipients, and other interested parties. Based upon the entire 8 record in this proceeding and the Commission’s law enforcement experience, the Commission hereby adopts final Rule provisions that are very similar, but not identical, to the proposed Rule provisions. As discussed in detail below, the adopted provisions are based upon the recommendations of commenters to make certain modifications in the proposed provisions, as well as the Commission’s anti-spam law enforcement experience. Commenters’ recommendations that the Commission has declined to adopt in its final Rule are also identified, along with the Commission’s reasons for rejecting them. II. DISCUSSION OF THE FINAL RULE A. Section 316.2 — Definitions Section 316.12, one of the Rule provisions previously adopted under CAN-SPAM, 9 defines thirteen terms by reference to the corresponding sections of the Act that define those terms. The NPRM proposed modification of the previously-adopted definition of “sender” by 10(...continued) 10 proceeding under section 7704(d) of CAN-SPAM, which required the Commission to prescribe a mark to be included in commercial email containing sexually oriented material. 69 FR 21024 (Apr. 19, 2004). A fourteenth term, “character,” not defined in CAN-SPAM, was also defined in the Adult Labeling Rule. 16 CFR 316.2(b). NPRM, 70 FR at 25428. 11 See, e.g., 15 U.S.C. 7702(8), (9), (12), (15) & (16); 7704(a)(1), (2) & (3). 12 15 U.S.C. 7711(a). 13 -7- adding a proviso to cover multiple sender scenarios. The NPRM also proposed adding definitions of “person” and “valid physical postal address.” All other definitions were to remain as adopted. While the NPRM did not propose any changes to the Act’s definition of “transactional or relationship message,” it posed a series of questions about the interpretation and potential expansion of this definition, and similarly requested comment on the application of the Act’s definitions of “sender” and “initiate” to forward-to-a-“friend” email campaigns. 1. Section 316.2(h) — Definition of “Person” In the NPRM, the Commission proposed adding a definition of “person,” a term used 11 throughout the Act, pursuant to its authority to “issue regulations to implement the provisions 12 of this Act.” Under the definition proposed in the NPRM, which is identical to the definition 13 contained in the Telemarketing Sales Rule, 16 CFR 310.2, the term “person” would mean “an individual, group, unincorporated association, limited or general partnership, corporation, or other business entity.” Seven of the eight commenters that addressed this issue supported the addition of the Commission’s proposed definition of “person,” opining that it would clarify the types of entitiesSee Discover; Empire; ESPC; FNB; KeySpan; NAR; Metz. Adknowledge also 14 advocated modifying the definition of “person,” but, at bottom, its argument appears to relate to liability in the context of a multi-marketer email. The Commission thus has considered Adknowledge’s comment in connection with the definition of “sender,” below. See infra Part II.A.2. See also ABA (noting that its comments on the ANPR asked the Commission to clarify 15 that the term “person” should exclude associations and other tax-exempt nonprofit organizations with respect to their email sent in pursuit of their tax-exempt nonprofit purposes). 69 FR 50091, 50100 (Aug. 13, 2004). 16 -8- to which the Act applies. The sole objection came from the Society for Human Resources 14 Management (“SHRM”), which argued that unincorporated nonprofit associations should be excluded from the definition of “person” and, therefore, wholly exempt from CAN-SPAM. 15 SHRM argued that, without such an exemption, the risk of liability under the Act could discourage the organization’s members from volunteering to serve in a leadership capacity. Having considered the comments, the Commission adopts without modification the definition of “person” in the proposed Rule. The Commission believes that the addition of this definition will advance the implementation of the Act by clarifying that the term “person” is broadly construed and is not limited to a natural person. The Commission rejects the argument that there should be a blanket exemption for all messages sent by unincorporated nonprofit entities. As we have previously observed, CAN–SPAM does not set up a dichotomy between “commercial” and “nonprofit” messages. Accordingly, when nonprofit organizations send 16 emails the primary purpose of which is the advertisement or promotion of a commercial product or service, recipients are entitled to the Act’s protections. In any event, as discussed below, see infra Part II.A.3.j., messages from an association to its members will often be “transactional orSection 7706(d) makes clear that the Commission has only the same jurisdiction and 17 power under the Act as it has under the FTC Act, 15 U.S.C. 41, et seq. Consequently, the FTC lacks jurisdiction to enforce CAN-SPAM against any entity that is not “organized to carry on business for its own profit or that of its members.” 15 U.S.C. 44. States and providers of Internet access service can bring CAN-SPAM actions against nonprofits, however. 15 U.S.C. 7702(16)(A). The Commission incorporated by reference into the CAN- 18 SPAM rules this definition of “sender” in its primary purpose rulemaking. 16 CFR 316.2(l); 70 FR at 3127. -9- relationship messages” under section 7702(17) of the Act and thus not required to include a functioning Internet-based mechanism for consumers to use to opt out of receiving future commercial messages. 17 2. Section 316.2(m) — Definition of “Sender” Section 7702(16)(A) of CAN-SPAM defines “sender” as “a person who initiates [a commercial electronic mail] message and whose product, service, or Internet web site is advertised or promoted by the message.” In the NPRM, the Commission proposed amending 18 the definition of “sender” to address concerns identified in the ANPR comments about the application of CAN-SPAM’s definition of “sender” to scenarios where multiple marketers use a single email message –– for example, where a commercial email from an airline also contains advertisements or promotions for a hotel chain and a car rental company. The Commission received almost 60 comments in response to this proposal, many of which suggested modifications to the proposed Rule provision. After consideration of these comments, the Commission has modified the definition of “sender” as proposed in the NPRM. The final Rule provides that multiple “senders” of a commercial email, under certain conditions, may identify one among them as the “sender” who will be deemed the sole “sender” of the message (theUnder the final Rule, where a commercial email is sent by multiple “senders” who 19 designate one “sender” to be responsible for honoring opt-out requests, the other marketers using the single email message still will be “initiators” of the email message and therefore responsible for complying with CAN-SPAM’s requirements concerning “initiators”: 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. The “sender” is required by the Act to honor opt-out requests. 15 U.S.C. 20 7704(a)(4)(A)(i). Additionally, the “sender’s” physical postal address must be included in the message. 15 U.S.C. 7704(a)(5)(A)(iii). 69 FR at 11778. 21 -10- “designated sender”). Thus, under the final Rule, the designated sender, but not the other marketers using the same email message, must honor opt-out requests made by recipients of the message. Moreover, under the final Rule, the physical address of the designated sender, but not 19 the addresses of the other marketers using the same email message, must appear in the message. a. Background As discussed in the ANPR, the Act itself does not specifically address multiple-marketer emails. Rather, under the Act, if multiple senders using a single email message meet the definition of “sender,” each would need to provide an opt-out mechanism, a valid physical postal address for each sender would have to appear in the message, and each would be responsible for honoring an opt-out request by a recipient. The ANPR sought comment on “whether it would 20 further the purposes of CAN–SPAM or assist the efforts of companies and individuals seeking to comply with the Act if the Commission were to adopt rule provisions clarifying the obligations of multiple senders under the Act.” 21 Commenters responding to the ANPR claimed that implementation of the Act may be impeded in multiple marketer scenarios because marketers and consumers will encounter certain70 FR at 25429 (citing comments by American Bankers Association; DMA; ERA; IAC; 22 MPAA; Microsoft; PMA; Time Warner). Id. (citing comments by NAA; Time Warner). 23 Id. (citing comments by American Bankers Association; DMA; ERA; IAC; MPAA; 24 Microsoft; PMA; Time Warner). Id. (citing comments by American Bankers Association; DMA; ERA; MPAA; 25 Microsoft). -11- difficulties under a regime that holds more than one party responsible as the sender of a single email. First, commenters claimed that consumer confusion would result from multiple opt-out mechanisms and valid physical postal addresses in a single email message. Second, some 22 ANPR commenters predicted that rigid application of CAN-SPAM’s sender definition would likely chill electronic commerce and destroy the type of joint marketing arrangements that are common in industry. According to these commenters, marketers would have to develop 23 mechanisms for receiving suppression lists (lists of email addresses of consumers who previously had opted-out of receiving messages from a sender) from every marketer or co-marketer with which they deal, and for comparing their own mailing lists against multiple suppression lists. 24 In addition, a marketer would have to develop processes for managing multiple opt-outs, i.e., ensuring that the consumer can opt out from each marketer and that all opt-outs sent to the marketer are forwarded to the marketers from whom the consumer no longer wishes to receive commercial email. These commenters argued that existing CAN-SPAM treatment of multiple senders in a single email is needlessly complex and results in unnecessary administrative costs and delays for legitimate email marketers because of the need to maintain and effectuate multiple suppression lists. Third, commenters stated that a requirement to check names against multiple 25Id. (citing comments by American Bankers Association; ASTA; ACB; DMA; IAC; 26 MPA; Microsoft; Time Warner). ANPR commenters identified a fourth problem in some situations, such as newsletters. Commenters stated that a requirement that each separate marketer in a single email message be treated as a separate sender would run counter to consumer expectations — consumers would expect to opt out of the email list of the person with whom the consumer had a relationship, not from a marketer in the newsletter. Id. (citing comments by ABM; DMA; Microsoft; Midway; Time Warner). -12- lists would necessitate passing lists back and forth among several parties, increasing the risk that consumers’ private information may be shared with inappropriate entities or exposed to hackers. Moreover, these commenters opined that multiple suppression lists could force a business to divulge customer names to list owners and other marketers, even when the business has promised to protect that information under its privacy policy. 26 For these reasons, many commenters responding to the ANPR urged that the Act’s “sender” definition be modified to provide that when more than one company’s products or services are advertised or promoted in a single email message, only one among them be responsible as the sender of a message for purposes of the Act. Based upon these comments, in the NPRM, the Commission proposed adding a proviso to the definition of “sender” to allow multiple sellers advertising in a single email message to designate one among them as the single “sender” of the message for purposes of the Act. Under the NPRM’s proposed proviso, only one of multiple persons whose products or services are advertised or promoted in an email message would have been the “sender” if that person: (A) initiated the message and otherwise met the Act’s definition of “sender,” and (B) was the only person who: (1) “controls the content of such message,” (2) “determines the electronic mail addresses to which such message is sent,” or (3) “is identified in the ‘from’ line as the sender ofA hypothetical example illustrated the NPRM “sender” definition proposal. If X, Y, 27 and Z are sellers who satisfy the Act’s “sender” definition, and they designate X to be the single “sender” under the Commission’s proposal, among the three sellers, only X may control the message’s content, control its recipient list, or appear in its “from” line. X need not satisfy all three of these criteria, but no other seller may satisfy any of them. The sellers may use third parties to be responsible for any criteria not satisfied by X. For example, if X appears in the “from” line, the sellers may use third parties — but not Y or Z — to control the message’s content and recipient list. 70 FR at 25428. -13- the message.” Under the proposed Rule, if more than one person meeting the Act’s definition of “sender” were to satisfy one of these three criteria, then each such person who satisfied the definition would have been considered a sender for purposes of CAN-SPAM compliance obligations. 27 b. The Final Rule Based upon the comments responding to the NPRM proposal, the Commission believes that modification of the proposed Rule’s definition of “sender” as it relates to multi-marketer emails is necessary. The final Rule drops the proposed “controls the content” and “determines the electronic mail addresses to which such message is sent” elements, adds compliance with the core provisions of CAN-SPAM as an element, makes the elements conjunctive rather than disjunctive, and makes the element requiring identification of the person in the “from” line mandatory. The Commission believes that these modifications will meet the concerns of marketers while still preserving CAN-SPAM opt-out protections. Thus, under the final Rule, multiple marketers can designate as a single “sender,” for purposes of compliance with the Act, a person who: (A) meets the Act’s definition of “sender,” i.e., such person initiates a commercial electronic mail message in which it advertises or promotes its own goods, services, or Internet website; (B) is identified uniquely in the “from”These provisions, as explained below, apply to initiators of commercial emails and 28 require that the email message may not contain false or misleading transmission information or a deceptive subject heading; but must contain a valid postal address, a working opt-out link, and proper identification of the message’s commercial or sexually explicit nature. 15 U.S.C. 7711(a). Like the proposed Rule, this final Rule does not eliminate the 29 possibility that a message may have more than one “sender.” However, marketers can use the criteria set forth in the proviso to establish a single sender and reduce CAN-SPAM’s compliance burdens. If marketers fail to structure the message to avoid multiple senders under the sender definition, then each sender is obligated to comply with CAN-SPAM requirements for senders, notably, to provide its physical postal address and to honor any opt-out requests. -14- line of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. In 16 CFR 316.2(m), 28 the final Rule thus states: The definition of the term “sender” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(16), provided that, when more than one person’s products, services, or Internet website are advertised or promoted in a single electronic mail message, each such person who is within the Act’s definition will be deemed to be a “sender,” except that, only one person will be deemed to be the “sender” of that message if such person: (A) is within the Act’s definition of “sender”; (B) is identified in the “from” line as the sole sender of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. The Commission makes this clarification pursuant to its discretionary rulemaking authority to “issue regulations to implement the provisions of this Act.” 29 The definition of “sender” in the final Rule provides marketers flexibility to structure their messages in a way that alleviates redundant obligations for the various marketers in a single email while ensuring that recipients of such messages receive the benefit of CAN-SPAM’s core-15- opt-out protections. Specifically, the final Rule makes it more practicable than the proposed Rule for multiple marketers promoting their products in a single email to designate a single entity as the “sender” under the Act because the marketers’ decision as to which of them will appear in the “from” line resolves the question of which will be considered a “sender” under the Act and will be charged with the resulting responsibilities. The final Rule eliminates the complex fact determination of who “controls” the content and the element of who “determines the electronic mail addresses to which such message is sent.” By placing the focus on the “from” line, the best point of reference for consumers, the modification in the final Rule more directly conforms to consumers’ expectations as to the identity of the entity responsible for sending them a multimarketer email. An example illustrates how the final Rule’s “sender” definition applies in the multimarketer email context. Suppose A, B, and C have goods advertised or promoted in a single email message and that each is an initiator under the Act. If A’s name appears in the “from” line of the message, A is considered the “sender” under the final Rule. While B and C promote their goods, services, or Internet website in the message, may control portions or all of the content of the message, and may supply email addresses for A to use to address the message, neither B nor C would be considered “senders,” unless A did not comply with the listed requirements that apply to “initiators,” namely 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. It would be clear to a consumer that an opt-out request would be sent to A, the one person identified in the “from” line.See, e.g., ATAA; Charter; DoubleClick; ERA; ESPC; FNB; IAC; ICC; IPPC; Mattel; 30 Microsoft; NAR; NEPA; NetCoalition; NNA. As the ERA summarized it, “[D]esignating a single sender will enhance accuracy and compliance efforts, streamline the opt-out process for consumers and sellers/marketers, and avoid confusion by, among other things, avoiding cluttered or repetitious information in messages or multiple suppression lists. It also helps address privacy concerns that may attend to sharing consumer suppression data.” See, e.g., Mattel; NAFCU. 31 -16- The comments and the FTC’s law enforcement experience suggest that a provision, such as the final Rule’s sender definition, that allows multiple senders flexibility in determining who will be the sole “sender” raises the possibility of abuse by illegitimate marketers. As discussed below, this concern is addressed in part by the addition of certain initiator provisions to the proviso: 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. If the designated sender is not in compliance with the initiator provisions, then all marketers in the message will be liable as senders. c. Comments on the NPRM’s Definition of “Sender” Commenters who addressed the proposed definition of sender were nearly unanimous in supporting a “sender” definition that would enable marketers to designate a single “sender” when multiple marketers use a commercial email message. Reiterating ANPR comments, several commenters noted that such a rule provision would avoid “daunting compliance challenges” for email marketers, such as the heavy burden of cross-checking the opt-out lists of all the individual marketers with the designated sender’s opt-out list. Likewise, commenters supported the 30 NPRM’s proposed Rule because it would enable recipients to determine the party responsible for honoring opt-out requests. Others noted with approval that designating a single sender would 31 eliminate confusion for consumers who otherwise would face multiple opt-out links and postalSee ATAA (it would be “difficult to format messages in a way that makes them 32 compelling and understandable to recipients” because of the welter of opt-out links and postal addresses); ERA; ESPC. See ERA; NetCoalition. 33 See, e.g., ARDA; Empire; Mattel; NAFCU; NAR; NNA; SHRM; Wahmpreneur. 34 At least one commenter suggested, without further detail, that the sender in a multi- 35 marketer email should be the “entity that controls the sampling, distribution, and opt-out registry.” CMOR. Another commenter suggested determination of a sender in a multi-marketer email with a “single, dominant marketer” test. Bigfoot. (continued...) -17- addresses. Finally, other commenters opined that the proposed Rule would promote protection 32 of consumer privacy. 33 In contrast to the almost unanimous support for a multi-marketer proviso, however, few commenters supported the definition of “sender” as proposed in the NPRM without change. 34 Many commenters raised concerns about the workability and clarity of the proposal, as well as its consistency with consumer expectations. Most commenters urged the Commission to modify or clarify the criteria articulated in the proposed Rule. Such comments concerned four issues. The first three issues relate to the three listed criteria in the NPRM’s proposed proviso: (1) the significance of the person identified in the “from” line; (2) the meaning of “controls the content of the message” and the structure of the proviso; and (3) the meaning of “determines the electronic mail addresses” to which a message is sent. A fourth category of comments addressed what it means to “advertise” or “promote” a product, service, or website under the Act, which is related to the question posed in the NPRM about whether “list owners” can be “senders” under the Rule and thus be required (or allowed) to process opt-out requests in lieu of other marketers who promote a product, service, or website in the email. 35(...continued) 35 The Direct Marketing Association (“DMA”) advocated formal adoption by the Commission of the Staff Letter of March 8, 2005, which opined on a specific fact pattern involving, among other things, multiple marketers who send commercial email messages to persons who had provided affirmative consent to receive multi-marketer commercial email messages. The Commission declines to adopt the Staff Letter. The final Rule will govern multimarketer message sender liability. See, e.g., Bigfoot; Charter; DoubleClick; KeySpan; MBNA; Nextel; OPA; SHRM. 36 See Charter; DoubleClick; Nextel; Reed. 37 See DoubleClick; KeySpan. 38 See, e.g., MBNA; SIIA. 39 -18- (i) “From” Line Many commenters favored looking to the “from” line of the message in order to determine who, under the Act, is the “sender” of a multi-marketer message. Commenters urged that this element is most critical for recipient expectations and would be easy to use as a way to 36 designate a single sender. Some commenters argued that the other two proposed elements 37 should be deleted. A few commenters also requested that the Commission provide additional 38 guidance on which non-deceptive names can be used in the “from” line, including a company’s brands and service names. 39 (ii) “Controls the Content” Most commenters voiced concerns about the “controls the content” element of the proposed proviso and its likely effect. Many of these commenters found this criterion vague and urged the Commission to provide additional guidance concerning what it means to “control” theSee, e.g., ACB; ACLI; Associations; BOA; CBA; Charter; DLA; DMA; Discover; 40 ERA; ESPC; FNBO; HSBC; IAC; Mastercard; Microsoft; MPA; MPAA; NAA; NAIFA; NBCEP; NEPA; NetCoalition; PMA; SIIA; Time Warner. See Associations; ATAA; Charter; DoubleClick; Keyspan; MasterCard; NAIFA; SIIA; 41 Wells Fargo. Similarly, other commenters suggested that the proposed Rule be modified to allow more than one marketer to control the content of the message, while still allowing one of the marketers to be designated as the sender. See CBA; DMA; MPA; NBCEP; NetCoalition; NRF. See e.g., Adknowledge; ICC; MPA. 42 See Reed; DoubleClick; Time Warner; MasterCard; Microsoft; Bigfoot; HSBC; MPAA; 43 OPA. See, e.g., ACLI; BF; HSBC; IPPC; MPAA; OPA; SIA. 44 -19- content of commercial email. Many advocated eliminating this factor altogether, and others 40 41 urged various ways to modify it. Two primary themes emerged from the comments: (1) 42 several parties may exercise some degree of “control” over content, and (2) “control” in this context is a vague and ill-defined concept. Commenters explained that in joint marketing arrangements, it is standard industry practice for each marketer to exercise control over the use of its own trademarks, branding, legal disclosures, and advertising copy. Commenters further 43 explained that in highly regulated industries, such as life insurance, securities, pharmaceuticals, and alcoholic beverages, marketers may be required to include certain text and legal disclosures. Some commenters also stated that, in addition to controlling their own trademarks 44 and disclosures, marketers sometimes influence the content of other parts of a message without “controlling” it, or may suggest advertising text without making the final decision about theSee, e.g., BF; Visa. 45 See, e.g., Associations; ERA; HSBC; MasterCard; MPA; NetCoalition; Nextel; NRF; 46 OPA; PMA. See ATA; DoubleClick; HSBC; IAC; IPPC; Mastercard; Time Warner. 47 See e.g., NAA; TimeWarner. 48 See NAIFA; SIIA. 49 See, e.g., ACB; Adknowledge; Associations; ATAA; CBA; Charter; Discover; DMA; 50 Experian; FNB; IAC; ICC; KeySpan; Microsoft; MPAA; NAIFA; NBCEP; NEPA; NetCoalition; NRF; OPA; Reed; SIIA; Time Warner; Wells Fargo. -20- advertising content. To protect their brand reputations, commenters explained that they need to 45 be able to review and approve the advertising content of other marketers. 46 A number of commenters opined that, without clarification, under a literal application of the proposed Rule, essentially all marketers would be deemed to “control” the content of a multimarketer email, thereby preventing the designation of a single sender and defeating the purpose of the proposed Rule. Conversely, according to commenters, a standard that forced marketers 47 to cede all control of the content of messages to one marketer among several using a single email message would greatly disrupt standard industry practices. 48 To alleviate these perceived problems, a number of commenters suggested that the Commission eliminate the “controls the content” element, because they believed that the proposed Rule could operate effectively in its absence. Others suggested that the Commission 49 clarify that “control” means control of the “primary” or “overall” content of the message, but does not mean either control by a company over its own advertisement or the practice of 50See, e.g., ERA; HSBC; MasterCard; MPA; Nextel; PMA. 51 See ACB; BoA; Discover; ERA; ESPC; Experian; HSBC; IAC; ICC; Mastercard; 52 Microsoft; MPA; MPAA; NAA; PMA; Visa. See, e.g., BigFoot; SIIA. 53 See Bigfoot; CBA; DMA; DoubleClick; ESPC; MPAA; NBCEP; NetCoalition; NRF; 54 SIIA; Wells Fargo. See DMA; SIIA. 55 -21- reviewing and approving the advertising content of other marketers. These commenters asked 51 the Commission to clarify that “control” should refer to control over what content will be distributed in the email message as a whole and not control over the design, content, or placement of a particular advertisement in a multi-marketer message. Other commenters 52 advocated that “control” of the content of the message should mean the ultimate ability to determine whether and when the message is transmitted. 53 In a similar vein, some commenters felt that the structure of the proviso as proposed in the NPRM would have limited the ability of legitimate marketers to co-promote their products without any corresponding benefit to consumers. Commenters pointed out that there are 54 circumstances when one entity provides the email addresses to which a message is to be sent and one or more other entities control the content of the message. Under the proposal in the NPRM, all entities would be considered senders because the proposed Rule’s definitional requirements allowing one sender to be designated could not be met. These commenters asked that the final 55See, e.g., MPAA. 56 See, e.g., KeySpan; Reed; SIA. Several commenters also requested clarification of what 57 constitutes “determines” and suggested that merely providing criteria for targeting recipients (such as demographic characteristics) should not qualify as “determining” the email addresses. See DoubleClick; KeySpan; MasterCard; Unsub. As discussed below, this element has been removed, and thus these requests for clarification need not be addressed. See, e.g., Adknowledge; ESPC; Unsub. 58 -22- Rule be made more flexible to accommodate the variety of marketing agreements commonly used in the industry. 56 (iii) “Determines the Electronic Mail Addresses to Which Such Message is Sent” Few commenters discussed the third element of the proposed proviso for the definition of “sender”: that the sender be the party that determines the email addresses to which such message is sent. Some commenters objected to this element of the definition because, they contend, entities in joint marketing campaigns may want to contribute or recommend some email addresses without being considered the primary “sender.” 57 (iv) “Promote” Finally, a few commenters suggested that the Commission define broadly the term “promote” in the Act’s definition of sender. They argued that a person “advertises” or “promotes” the person’s “product, service, or Internet website” by appearing in the “from” line of the message or simply by having the person’s name referenced in the email. Under this 58 interpretation, they argued, more persons could qualify as designated “senders” under the proviso.See Charter (stating that the “from” line criterion “specifically accords with consumer 59 expectations.”). In response to commenters seeking further guidance about whether a company’s non- 60 (continued...) -23- d. Response to Comments on the Definition of “Sender” and Explanation of the Final Rule’s Definition of “Sender” Having considered the comments on the proposed definition of “sender,” the Commission adopts a modified version as its final Rule. These modifications mitigate the concerns of marketers raised in the comments, recognize the benefits afforded by advertising by multiple entities in a single email, conform more closely to the expectations of email recipients, and continue to provide the CAN-SPAM protections contemplated by Congress. In summary, as discussed below, the Commission retains the “from” line element in the proviso as a mandatory element, drops the “controls the content” and “determines the electronic mail addresses to which the message is sent” elements, and adds a requirement that the designated sender be in compliance with certain provisions of the Act and Rules that apply to initiators. In response to comments regarding the “from” line, the Commission found persuasive the suggestions that the “sender” of a multi-marketer email should be the person identified in the “from” line of the message. The Commission agrees that a rule that uses the “from” line as the sole determinant of the sender in a multi-marketer email would be straightforward for marketers to follow and is the single most helpful element of an email to enable recipients to identify the sender of the email. A designated “sender” for purposes of a multi-marketer email must, in 59 addition to meeting the other requirements listed below, include its non-deceptive name, trade name, product, or service in the “from” line of the email. 60(...continued) 60 deceptive product or service names can be used in the “from” line, the Commission responds as follows. CAN-SPAM provides that “a ‘from’ line . . . that accurately identifies any person who initiated the message shall not be considered materially false or misleading.” 15 U.S.C. 7704(a)(1)(B). The Commission believes that this does not mean that the “from” line necessarily must contain the initiator’s formal or full legal name, but it does mean that it must give the recipient enough information to know who is sending the message. Email senders should consider their messages from their recipients’ perspective. If a reasonable recipient would be confused by the “from” line identifier, the sender is not providing sufficient information. See NPRM, 70 FR at 25431 (further discussing this issue). See IAC. 61 See, e.g., Charter (“the Commission’s proposed definition is inadequate and 62 unworkable”); DoubleClick; Keyspan; MasterCard; NAIFA; SIIA. -24- And, under the final Rule, the designated sender must be “identified in the ‘from’ line as the sole sender of the message” — if two or more senders appear in the “from” line, the multimarketer proviso would not be met. On the second issue identified by commenters, the Commission has deleted the “controls the content of such message” element from the proviso. Comments urging its removal were persuasive, and comments that advocated clarification rather than removal revealed that retaining this element would not serve to assist recipients in identifying or confirming the sender of a multi-marketer message. By its nature, a multi-marketer message promotes more than one company’s content, and thus more than one company controls its content in at least some way. 61 Modifying the criterion to require “overall” control of the content would simply add further nuance and complication and make enforcement difficult. Deleting this criterion will make the proviso more practicable for legitimate marketers to designate a single “sender” while preserving for email recipients the protections of CAN-SPAM. Under the final Rule, therefore, a non- 62-25- designated sender under the multi-marketer proviso will not have “sender” liability just because it controls its own advertising copy, including its trademarks and legal disclosures, or reviews other marketers’ content to ensure the absence of objectionable material in proximity to its own brand. The Commission has deleted the third element discussed by commenters that required that the designated “sender” of a multi-marketer email determine the email address to which such message will be sent. The NPRM rationale for this element was to ensure that the designated sender had the ability to process opt-out requests. The Commission is now convinced that requiring the designated sender to determine recipient email addresses would serve little, if any, purpose. Under the Act, as a sender, the designated sender already must check to make sure that none of the email recipients appears on its opt-out list. In a multi-marketer email, if the designated sender receives a list of proposed email addresses from a non-designated sender, the designated sender must scrub that list against its own opt-out list before sending the message to the addresses on that list. On the fourth and final issue raised by commenters, the Commission declines to make any additional changes to the definition of “sender” proposed by the NPRM. Some commenters suggested that the FTC define broadly the phrase “advertised or promoted” in the Act’s definition of “sender,” so that more entities could qualify as “senders” under the multi-marketer proviso. The Commission believes that the definition of a “sender” should be based on consumer expectations. If a reasonable consumer would not believe that a person’s product, service, or website were “advertised or promoted” in the message, then that person does not qualify as aBy analogy, another definition in the Act, that of a “commercial electronic mail 63 message,” states that
[t]he inclusion of a reference to a commercial entity or a link to the web site of a commercial entity in an electronic mail message does not, by itself, cause such message to be treated as a commercial electronic mail message for purposes of this chapter if the contents or circumstances of the message indicate a primary purpose other than commercial advertisement or promotion of a commercial product or service. 15 U.S.C. 7702(2)(D). At least one commenter suggested that the proviso could be subject to abuse. See 64 Adknowledge (suggesting that to avoid abusive practices, the proposed regulation explicitly should state that a “person” must be a “bona fide business entity” because “spammers continually change the name of the originating entity along with header or other information, or consider a mere email address list as a ‘business entity.’”). See, e.g., FTC v. Phoenix Avatar, 2004-2 Trade Cas. (CCH) ¶ 74,507 (N.D. Ill. Jul. 30, 65 2004) (order granting preliminary injunction); FTC v. Opt-in Global, No. 05-cv-1502 (N.D. Cal. filed Apr. 12, 2005) (final order entered Apr. 6, 2006); FTC v. Dugger, No. CV-06-0078 (D. Ariz. filed Jan. 9, 2006) (final order entered Jul. 31, 2006). -26- “sender.” The Commission believes that the meaning of “advertised or promoted” is clear and broadly understood. 63 Lastly, based on its law enforcement experience, the Commission recognizes that illegitimate marketers may attempt to use the proviso to escape liability under CAN-SPAM. Both CAN-SPAM’s definition of “initiator” and the final Rule’s revised definition of “sender” substantially reduce the likelihood of such abuse. First, marketers in a single email message 64 who are not designated senders are still “initiators” under CAN-SPAM and liable under any of the provisions that apply to initiators, such as the prohibition against use of deceptive headers and subject lines and the requirement to include an opt-out link. Second, the final Rule’s 65 definition of “sender” requires that the designated “sender” be in compliance with certainSection 7704(a)(1) of the Act prohibits initiation of an email that contains false or 66 misleading transmission information, and section 7704(a)(2) prohibits initiation of an email with a deceptive subject heading. Section 7704(a)(3)(A)(i) requires an initiator to include a “functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed, that a recipient may use to submit . . . a reply electronic mail message or other form of Internet-based communication requesting not to receive future commercial electronic mail messages from [the] sender [responsible for the initial commercial message].” Section 7704(a)(5)(A) of the Act requires that an initiator “provide clear and conspicuous identification that the message is an advertisement or solicitation, clear and conspicuous notice of the opportunity . . . to decline to receive further commercial electronic mail messages from the sender, and a valid physical postal address of the sender.” Finally, 16 CFR 316.4, the Sexually Explicit Labeling Rule, imposes certain requirements on a message that includes sexually oriented material, including the 19 characters “SEXUALLY EXPLICIT: ” at the beginning of the subject header of the message. Of course, it should be noted that the proviso in no way relieves non-designated senders 67 of liability for ensuring that their own advertising complies with the FTC Act. -27- initiator provisions of the Act: 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. The proviso states that if the 66 designated sender does not comply with these five “initiator” responsibilities, all the marketers will be liable as senders (and not just initiators) under the Act because the proviso will not apply. By requiring the designated sender to comply with these provisions of law, the other marketers using a single email message must ensure that the entity that is the designated “sender” complies with the Act and the Commission’s rules. Otherwise, the other marketers using the email risk losing the protections provided by the proviso and each will be a “sender” of the message. The final Rule, therefore, provides senders of multi-marketer emails a method of reducing the burdens associated with multiple opt-out links and postal addresses while guarding against possible abuse. Nonetheless, if the Commission finds such abuse through the operation of the proviso, it will reconsider whether the final Rule is justified under the Act. 6770 FR at 25450. 68 See FNB; Jumpstart; Lashback; Schnell; SIA (list providers play a role “similar to that 69 of a telephone directory service,” are neither “advertising or promoting their products and services,” nor “initiating the email,” and accordingly “do not come within the definition of ‘sender’ under the CAN-SPAM Act.”). See, e.g., Unsub. 70 -28- e. List Owners In the NPRM, the Commission asked whether under CAN-SPAM, third-party list providers who do nothing more than provide a list of names to whom others send commercial emails could be required to honor opt-out requests. Specifically, the NPRM asked whether 68 such list providers could satisfy the statutory definition of sender, i.e., a person that both initiates a message and advertises its product, service, or website in the message. Some commenters opposed extending opt-out responsibilities to third-party list providers because it would be contrary to congressional intent, difficult to implement and monitor, and would impose administrative costs and complexity for legitimate list providers and email marketers. Although the NPRM asked about list owners who have no other involvement in the 69 message besides providing a list of names to others, commenters discussed other list rental arrangements in which both the marketer and the list owner have some degree of control over the content of the message. In those cases, list owners typically do not have control over the 70 specific creative content within an advertisement, but they can approve or disapprove an advertisement for delivery to email addresses on their lists. See Adknowledge; EPIC. 71 See, e.g., ESPC. 72 See, e.g., Adknowledge; Baker; ESPC; cf. Microsoft (arguing that it should constitute a 73 deceptive trade practice for a list owner to fail to identify itself and the role that it plays in sending the message, that its identification would be considered advertising or promoting its services, and thus that the list owner would meet the definition of “sender” and have CANSPAM liability); Adknowledge (proposing that the Commission make it “mandatory for list owners to advertise or promote themselves in each email message they transmit”). -29- On the other hand, two commenters argued in favor of extending opt-out obligations to third-party list providers. Some of these commenters thought the Commission should clarify 71 that in such situations the list owner exercises fundamental “control” of the content of the message for purposes of the then-proposed regulatory definition of “sender.” Other 72 commenters urged the Commission to adopt the position that a list owner would be considered a sender if the list owner “advertises or promotes” its services merely by being referenced in the “from” line or in the message itself, thereby making it responsible for the opt-out function and other CAN-SPAM compliance. 73 Because of the variety of situations in which a list owner might be involved in a commercial email, and because none of the commenters provided a workable mechanism for all of these situations, the Commission is persuaded that amending the rules under CAN-SPAM to create a specific provision for list owners is not feasible. The Commission finds that a list owner must honor opt-out requests only if it qualifies as the “sender” of a commercial email (i.e., it is an initiator and its “product, service, or Internet web site” are “advertised or promoted” in the email). And, if it does qualify as a “sender,” it may avail itself of the multi-marketer proviso added to the definition of sender in the final Rule.70 FR at 25450. 74 70 FR at 25428 n.23. According to IAC, in a typical affiliate program, a marketer enters 75 an arrangement with an affiliate to pay the affiliate for referrals to its website. The affiliate can employ a variety of methods to direct consumers to the marketer’s website, including email messages. The affiliate sends email messages containing an advertisement promoting the marketer’s goods or services and a hypertext link to visit the marketer’s website directly from the email message (either as a direct link or through the affiliate’s link, which redirects the recipient to the marketer’s website). If a recipient of the email uses this link to visit the marketer’s website, the marketer logs the visit as attributable to the affiliate’s email. Depending on the arrangement between the marketer and the affiliate, the marketer will pay the affiliate a prescribed amount either for the visit (also known as a “click through”) or for a completed sale, or both. IAC states in its comments that it has thousands of affiliates. For Expedia, one of IAC’s websites, however, the majority of the sales from the affiliate program are generated by a relatively small number of productive affiliates. -30- f. Safe Harbor for Email Messages Sent By Affiliates In the NPRM, the Commission asked whether it should adopt a “safe harbor” with respect to opt-out and other obligations for a sender whose product, service, or website is advertised by affiliates or other third parties. Moreover, the Commission sought guidance on the criteria for a safe harbor. 74 Although the Act does not provide a definition of “affiliate,” the Commission noted in the NPRM that “affiliates” are induced to send commercial email messages by sellers seeking to drive traffic to their websites, and that sellers generally pay affiliates based on the number of individuals who, directed by the affiliates, ultimately visit the seller’s website and/or purchase the seller’s product or service. 75 Before turning to the issue of whether a safe harbor is appropriate to shield marketers from liability for CAN-SPAM violations of affiliates, two preliminary questions must be considered. First, is the marketer who uses an affiliate an “initiator” under the final Rule? 15 U.S.C. 7702(9). 76 15 U.S.C. 7702(12) (emphasis added). 77 See IAC (arguing that affiliates are not “hired” to do anything, but are “simply paid a 78 small fee for referrals,” and that the affiliate emails are “created and transmitted entirely at the discretion of the affiliate.”); Unsub (arguing that the payment structure does not differ from a company renting a mailing list from a third party). -31- Second, in scenarios where a marketer uses an affiliate, what is the impact of the final Rule on the status of both the marketer and the affiliate as “senders”? With regard to whether a marketer that uses affiliates is an “initiator,” under the Act, a person is an “initiator” if the person originates, transmits, or “procure[s] the origination or transmission of” a message. In the typical affiliate marketing scenario, the affiliate originates 76 and transmits the message, and is therefore an initiator. The marketer, however, does not originate or transmit the message, but does “procure” the origination of the message. The Act defines “procure” as “intentionally to pay or provide other consideration to, or induce, another person to initiate[]a message on one’s behalf.” A few commenters argued that a marketer does 77 not actually “initiate” an email message if it does not provide consideration to an affiliate for each message, because it provides consideration to the affiliate for visits to its website or completed sales made as a result of the affiliate’s email messages. According to this argument, 78 in these circumstances, the marketer pays consideration for the referral, but not for the message itself. The Commission believes that this interpretation is too narrow. By agreeing in advance to pay an affiliate for sales to persons who come to a marketer’s website as a result of an affiliate’s referral, a seller or marketer creates an inducement for the affiliate to originate orIn either case, both the affiliate and the marketer are “initiators” under the Act. 79 See, e.g., Amin; Jumpstart; LashBack; Schaefer; Unsub; VFCU. 80 -32- transmit commercial email messages to the public. In the language of the Act, the seller induces another person — the affiliate — to initiate messages on the seller’s behalf. With regard to the second question, in the typical affiliate program, the marketer is a “sender” because its product, service, or website is promoted in the email message, and the affiliate is only an “initiator.” It is only when the affiliate promotes its own product, service, or website along with that of the marketer that the affiliate is also a “sender” under the Act. In such a case, under the final Rule, the affiliate may serve as the designated sender, provided that it is listed in the “from” line of the message and is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. If, however, the affiliate promotes its own product, service, or website in addition to that of the marketer, but does not comply with the designated sender requirements in the final Rule, then both the affiliate and the marketer are liable as “senders” under the final Rule. 79 A “safe harbor” would absolve a marketer of initiator liability (or of sender liability if the affiliate is not the designated sender under the final Rule) if the marketer takes prescribed steps to ensure that the affiliate complies with CAN-SPAM. Those who commented on this issue were split on whether the Commission should adopt a safe harbor for CAN-SPAM liability for marketers whose products are promoted by affiliates or other third parties. Those opposed to a safe harbor stated that it would allow marketers to circumvent CAN-SPAM requirements. 80 Those in favor of a safe harbor stated that it would: (1) provide clarity to marketers that practiceSee e.g., AeA; ARDA; ERA LashBack; MPAA; NADA. 81 See ESPC (noting that it is “generally supportive of safe harbor programs” and “would 82 be very interested in further discussion of such programs”); SIIA (making a “preliminary proposal”); Visa (“such a safe harbor could be based on examples demonstrating relationships that do not result in control of content or email addresses.”); Wahmpreneur (suggesting a safe harbor that would apply to permission-based marketing). See IAC. 83 See id. 84 See id. 85 See id. 86 -33- due diligence when selecting third-party email marketers; (2) encourage marketers to maintain reasonable practices and procedures to prevent violations of CAN-SPAM; and (3) effectuate congressional intent. 81 Many online businesses advocated the adoption of a safe harbor in principle, but only a 82 fraction of those commenters suggested specific components to the safe harbor. Those suggestions included the following requirements: (1) that the contract between the marketer and the affiliate specifically require the affiliate to comply with CAN-SPAM; (2) that the affiliate 83 periodically certify that it complies with CAN-SPAM; (3) that the marketer provide the affiliate 84 with written guidelines on how to comply with CAN-SPAM; (4) that the marketer maintain 85 additional reasonable procedures to determine whether the affiliates are complying with CANSPAM; (5) that a marketer comply with its privacy policy relating to the conduct of third parties 86See SIIA; ACLI. 87 See IAC. 88 -34- sending email messages on its behalf; and (6) that a marketer have “flexibility to determine 87 what procedures are reasonable.” 88 After considering all the comments submitted and in the light of the changes to the Rule’s definition of “sender” for multi-marketer messages as well as its law enforcement experience, the Commission has decided against creation at this time of a “safe harbor” for companies whose products, services, or website are advertised by affiliates or other third parties. First, the requisite criteria for a safe harbor have not been articulated clearly. Second, email marketing models continue to evolve, and there may not be enough transparency in email marketing to support a safe harbor. The Commission believes that the final Rule’s definition of “sender” gives marketers the necessary flexibility to market their products using email on their own or in conjunction with other parties while at the same time preserving the protections afforded to consumers by CANSPAM. If, after marketers have had the opportunity to conduct business under the “sender” definition in the final Rule, concerns about the necessity of a safe harbor persist, the Commission can reconsider this issue. g. Messages Sent to Members of Online Groups The NPRM asked whether CAN-SPAM should apply to email messages sent to members of online groups. According to ESPC, online groups are also known as discussion lists, list servs, mailing lists, and chat groups. They often constitute communities engaging in bothSee ESPC. 89 See ESPC. 90 See ESPC; NAEDA; PCIAA; Schnell. 91 -35- commercial and non-commercial speech via email. Many such lists are volunteer efforts, but their messages sometimes include commercial content. Lists can be fee-based or free. 89 Generally discussion groups are permission-based, that is, “opt-in.” Those lists that are free to join often include advertising in messages sent to subscribers, either with or without content relating to the purpose of the group. Depending on the type of discussion group, different individuals may be able to send messages to the entire group. In some groups, any member may send a message; in other groups, only the moderator or list owner may send messages; in still other groups, anyone may send a message, but the message must be approved by a moderator. It is rare for mailing list software to allow subscribers to choose the senders from whom they want to receive messages. In other words, they opt to receive all messages in the discussion group or none at all. 90 Four commenters stated that they believe online groups should not be subject to CANSPAM. They felt that compliance with CAN-SPAM would be too burdensome for unpaid list 91 moderators and might cause them to cease operations, potentially chilling free speech. ESPC argued that email service providers that host mailing list services generally are considered to be engaged in routine conveyance under the Act, taking them outside the definition of initiatorThe Commission notes, however, that CAN-SPAM defines “routine conveyance” as 92 requiring an “automatic technical process.” 15 U.S.C. 7702(15). Thus, if a list moderator is manually forwarding messages to the group on behalf of group members, the moderator would not be engaged in “routine conveyance.” See also infra Part II.A.5 (discussing “routine conveyance” in connection with forward-to-a-“friend” emails). See Jumpstart. 93 Most of the Act’s requirements apply to an email only if it is a “commercial electronic 94 mail message,” which is defined as an email “the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet web site operated for a commercial purpose).” 15 U.S.C. 7702(2)(A). See also 16 CFR 316.3 (primary purpose rule). See ESPC. 95 -36- under the Act. ESPC also argued that most moderators also would be engaging in routine conveyance when sending messages to the group on behalf of group members. 92 One commenter urged the Commission not to distinguish between email messages sent to members of groups and email messages sent to recipients who are not members of groups. That commenter stated that an exception from CAN-SPAM would give an unfair advantage to the operators of online groups without compelling justification, and would create an incentive for “group” status that would likely be exploited by aggressive marketers. 93 The Commission believes that CAN-SPAM compliance is not unduly burdensome for online groups. Of course, in some cases, the primary purpose of emails sent by and to online groups will not be commercial, and thus the Act will not apply. However, for those messages 94 with a primary purpose that is commercial, group members should be entitled to the benefits of CAN-SPAM’s opt-out provisions. Indeed, best practices in the industry already require group members to opt into listservs and provide straightforward mechanisms for opting out. The 95Section 7702(17)(A) of the Act defines a “transactional or relationship message” as “an 96 electronic mail message the primary purpose of which is — (i) to facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender; (ii) to provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient; (iii) to provide — (I) notification concerning a change in the terms and features of; (II) notification of a change in the recipient’s standing or status with respect to; or (III) at regular periodic intervals, account balance information or other type of account statement with respect to, a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender; (iv) to provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or (v) to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.” See supra n.94. 97 Section 7704(a)(1)’s prohibition on false or misleading transmission information applies 98 equally to “commercial electronic mail messages” and “transactional or relationship messages.” Otherwise, CAN-SPAM’s prohibitions and requirements cover only “commercial electronic mail messages.” -37- Commission, therefore, has determined not to exempt online groups from CAN-SPAM at this time, but may reconsider the issue in the future should circumstances warrant. 3. Section 316.2(o) – Definition of “Transactional or Relationship Message” CAN-SPAM designates five broad categories of emails as “transactional or relationship messages.” The Act excludes these messages from its definition of “commercial electronic 96 mail message,” and thus relieves them from most of the Act’s requirements and prohibitions. 97 9815 U.S.C. 7702(17)(B). 99 The NPRM asked whether there are any types of messages that erroneously fall outside 100 of the reach of the proposed Rule, and, if so, how such a shortcoming should be remedied. 70 FR at 25450. No commenters identified any such categories of messages. See, e.g., Discover (stating that it was aware of no messages that fall outside the Rule that should be covered by it). Accordingly, the Commission adopts no modification of the definition of “transactional or relationship message” to accommodate any such categories of messages. -38- In the NPRM, the Commission proposed no modification to Rule 316.2(n), which incorporates the Act’s definition of “transactional or relationship message” by reference. Under the Act, the Commission can expand or contract the definition of “transactional or relationship message” only if two conditions are met: (1) such modification is necessary to accommodate changes in email technology or practices; and (2) such modification is necessary to “accomplish the purposes of [the Act].” None of the 50 comments submitted on this issue demonstrated that an expansion 99 or contraction of the “transactional or relationship message” categories were necessary to accommodate changes in email technology of practices. Accordingly, the final Rule leaves the statutory definition unaltered. The NPRM also invited comment on a series of questions 100 concerning the application of the existing categories of “transactional or relationship messages” to certain types of messages. The Commission has carefully reviewed these comments and discusses its views on these issues below. a. Legally Mandated Notices In the NPRM, the Commission asked whether an email message that contains only a “legally mandated notice” — i.e., communications mandated by state or federal law — should be70 FR at 25450. 101 See, e.g., ACA; CBA; FNB; NRF. 102 See FNB; KeySpan; Schnell; Wells Fargo; ESPC; BOA; ACA; DoubleClick, NRF, 103 HSBC; CBA; Discover; PCIAA. See Discover; ESPC (arguing that legally mandated notices are either exempt from the 104 Act or transactional or relationship in nature, depending on the content and context of the message in question); FNB; KeySpan (arguing that legally mandated notices should either be exempt from the Act or that the Commission should create a new transactional or relationship category for legally required notes); PCIAA (same); MPAA (arguing that messages containing legally mandated notices are not “commercial electronic mail messages” provided that their commercial content does not exceed the amount reasonably believed by the sender to be required to meet the legal requirement prompting the message); Schnell (“[A]n e-mail message containing only a legally mandated notice should have no standing in CAN-SPAM at all, other than perhaps a routine conveyance. It is not a commercial e-mail message, and is not a transactional or relationship message.”). See DoubleClick; KeySpan; NRF. 105 See HSBC (arguing that such an email facilitates the commercial transaction into which 106 (continued...) -39- considered a “transactional or relationship message.” Commenters identified messages 101 mandated by the Truth in Lending Act, the Gramm-Leach-Bliley Act, and the USA PATRIOT Act as well as messages concerning billing errors and changes in terms or account features as examples of legally mandated notices. 102 All 13 commenters that addressed this issue opposed classifying messages that solely contained legally mandated notices as “commercial electronic mail messages.” Commenters 103 were divided on whether such messages should be exempt from the Act, categorized under a 104 new definition of “transactional or relationship message,” or classified under one of the 105 existing, statutory categories of transactional or relationship emails, such as messages to facilitate a commercial transaction that the parties have entered into (section 7702(17)(A)(i)) or 106(...continued) 106 the parties have entered). See ACA; CBA; Wells Fargo; BOA. 107 KeySpan addressed the statutory standard by arguing that “[i]t has become common 108 practice for senders to email legally required notices to individuals who purchased the sender’s products or services online.” The Commission, however, is not persuaded that this is a “change” in email practices that has evolved since the passage of the Act. 16 CFR 316.3; see also NPRM, 70 FR at 25438. 109 -40- messages to provide notification regarding a change in the terms and features of an account (section 7702(17)(A)(iii)). 107 The Commission declines either to expand the definition of “transactional or relationship message” to include legally mandated notices or to make a blanket determination that such messages fall under one of the existing categories of transactional or relationship emails. Despite the unanimity of opinion expressed in the comments that such notices should not be treated as commercial in nature, none of the commenters demonstrated that expansion of the definition of “transactional or relationship message” to include legally mandated notices was necessary to accommodate changes in email technology or practices and to accomplish the purposes of the Act. That said, the Commission believes that, in most cases, the types of legally mandated 108 notices described by the commenters likely would be categorized as transactional or relationship messages. Such determinations, however, must be made on a case-by-case basis depending on the specific content and context of such messages. Moreover, if a message providing a noncommercial legally mandated notice also includes commercial content, it should be evaluated under the Commission’s primary purpose criteria as a dual purpose message. 109NPRM, 70 FR at 25450. 110 See NADA; Schnell; FNB; ESPC; DMA; NCTA; NNA; Charter; HSBC; CUNA; 111 KeySpan; PCIAA; VFCU. But see Discover (arguing that all debt collection emails should be exempt from regulation under CAN-SPAM); ACA (arguing that “at most” debt collection emails should be regulated as “transactional or relationship messages”). See, e.g., DMA; ESPC; FNB; NCTA. But see Schnell (arguing that debt collection 112 emails from a third party should be considered commercial); Charter (arguing that debt collection messages sent by third-party debt collectors would be neither “commercial” nor “transactional or relationship” messages and thus would fall outside the scope of CAN-SPAM). -41- b. Debt Collection Emails In the NPRM, the Commission invited comment on the Act’s application to debt collection email messages, including messages sent by a third party on behalf of the seller from whom the recipient purchased goods or services rather than by the seller itself. Nearly all of 110 the 15 commenters that addressed this issue urged that debt collection emails by a seller from whom the consumer made a purchase should be considered transactional or relationship in nature. Most of these commenters also stated that the same conclusion should apply to emails 111 sent by third-party debt collectors. 112 The Commission declines to modify the definition of “transactional or relationship messages” to include an express provision addressing debt collection emails because there is no evidence in the record that such a modification is necessary to accommodate new email technology or practices. Such a modification is also unwarranted because debt collection messages will usually qualify as “transactional or relationship messages” under the existing definition of the term. The primary purpose of debt collection emails is not the “advertisement or promotion of a commercial product or service,” and, therefore, they generally would not beCf. Telemarketing Sales Rule, 68 FR 4580, 4664 n.1020 (Jan. 29, 2003) (“[D]ebt 113 collection . . . activities are not covered by the [Telemarketing Sales Rule, 16 CFR 310] because they are not ‘telemarketing’ — i.e., they are not calls made ‘to induce the purchase of goods or services.’”). If a debt collection email also contains material advertising or promoting a commercial product, service, or website, then it must be analyzed as a dual purpose message under Rule 316.3. Debt collection emails also must comply with other applicable federal and state laws. 114 Significantly, the Fair Debt Collection Practices Act, 15 U.S.C. 1601, et seq. (“FDCPA”), imposes limitations on debt collectors’ communications with consumers and third parties. Compliance with CAN-SPAM in no way excuses a debt collector from complying with the FDCPA and other statutes and regulations affecting communications regarding debt collection. See BSA (copyright infringement notices); SIA (research and opinion surveys). 115 -42- “commercial electronic mail messages” under section 7702(2)(A) of CAN-SPAM. Rather, 113 debt collection emails from a seller from whom the consumers made a purchase are best understood as “complet[ing] . . . a commercial transaction that the email recipient has previously agreed to enter into with the sender,” and thus are “transactional or relationship messages” under section 7702(17)(A)(i). Morever, the Commission agrees with the overwhelming majority of commenters that the “sender” with whom the “recipient has previously agreed to enter into” a commercial transaction can be interpreted to encompass a third party acting on behalf of a seller from whom the consumer made a purchase. Thus, an email from a third party collecting on 114 behalf of a seller likely is a “transactional or relationship message.” c. Copyright Infringement Notices and Market Research Two business organizations urged the Commission to clarify that messages containing copyright infringement notices or marketing and opinion research surveys are neither commercial nor transactional or relationship in nature and thus are exempt from the Act. One of these 115 commenters further asserted that an email containing a copyright infringement notice that alsoSee BSA. 116 NPRM, 70 FR at 25433 n.85. 117 16 CFR 316.3. 118 -43- provided information on how to obtain a legitimate, licensed version of the copyrighted material in question would not fall within the scope of the Act. In the NPRM, the Commission 116 acknowledged that there may be messages that are neither “commercial electronic mail messages” nor “transactional or relationship messages” as defined by the Act, and thus are not addressed in CAN-SPAM. As a general matter, the Commission agrees that if a sender has 117 had no previous dealings with the recipient — thus lacking the predicate for a message to be deemed “transactional” — and that sender’s messages contain only a copyright infringement notice, the messages also are not primarily commercial in purpose and thus are not subject to the requirements and prohibitions of CAN-SPAM. Nevertheless, where a copyright infringement notice also contains information on how to obtain licensed versions of copyrighted materials, evaluation under the Primary Purpose Rule provisions governing dual purpose messages may lead to the conclusion that such messages are covered by CAN-SPAM. Likewise, emails 118 containing true opinion and research surveys may fall outside the scope of the Act, but to the extent that any such message seeks to advertise or promote a brand, a company, or a product or service to the recipient, it also may be primarily commercial in purpose, and therefore subject to the Act’s requirements and prohibitions. -44- d. Transactions that Do Not Involve an Exchange of Consideration The NPRM invited comment on the Act’s application to messages sent pursuant to a relationship in which no consideration passes, such as messages from a “free” Internet service (such as Evite or Shutterfly). No commenters provided any evidence of changes in email practices or technology that would warrant modifying the definition of “transactional or relationship message” specifically to address such messages. Indeed, as explained in the NPRM, even without a Rule change, the existing definition of “transactional or relationship message” includes two categories that could include messages sent pursuant to a relationship in which there has been no exchange of consideration: section 7702(17)(A)(i), under which an electronic mail message the primary purpose of which is to “facilitate, complete, or confirm a commercial transaction [emphasis added] that the recipient has previously agreed to enter into with the sender” is deemed transactional or relationship in nature; and section 7702(17)(A)(v), which provides that an email the primary purpose of which is “to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction [emphasis added] that the recipient has previously agreed to enter into with the sender” also qualifies as transactional or relationship in nature. In the NPRM, the Commission explained that it believed an email from a free Internet service to someone who has registered with the service would be considered a message “to deliver goods or services * * * that the recipient is entitled to receive under the terms of a transaction” under section 7702(17)(A)(v)NPRM, 70 FR at 25434. 119 See Discover; Jumpstart; Mattel; NFCU; NAR; NetCoalition; SIA; Schnell; United; 120 VFCU. See Jumpstart; United. One commenter also suggested that to protect consumers, trial 121 memberships and other situations where consideration is not paid until a later time should be considered commercial. See Schnell. See ABM; NADA; PCIAA. 122 -45- rather than a “commercial transaction” under section 7702(17)(A)(i) (emphasis added), but sought comment on this question. 119 Ten of the 13 commenters that addressed this issue took the position that an email message that is primarily for the purpose of facilitating, completing, or confirming a commercial transaction with the sender previously agreed to by the recipient is “transactional” under section 7702(17)(A)(i), even when the transaction at issue involves no exchange of consideration. A 120 few of these commenters argued further that, in any event, many “free” Internet services do involve an exchange of consideration; these commenters contended that agreeing to receive commercial email or to view advertising, for example, constitutes consideration. Three 121 commenters argued that a “commercial transaction” under section 7702(17)(A)(i) must involve an exchange of consideration. 122 The Commission continues to believe that in many cases it is unnecessary to reach the question of whether registration with a “free” Internet service constitutes a “commercial transaction” under section 7702(17)(A)(i) (emphasis added), because it is likely a “transaction” under section 7702(17)(A)(v). That said, having reviewed the comments, the Commission has been persuaded that the term “commercial transaction” in section 7702(17)(A)(i) can encompassThe NPRM stated that the Commission “believe[d] that the modifier ‘commercial’ has 123 been deliberately omitted from [section 7702(17)(A)(v)] of CAN–SPAM to accommodate just the sort of scenario that IAC and Microsoft raise,” i.e., emails from free Internet services, like Evite, to their members. 70 FR at 25434. Upon further reflection, the Commission has concluded that a transaction between a free Internet website, such as Evite, and its members — e.g., the transaction that occurs when a consumer registers at the website — can reasonably constitute a “commercial transaction.” As the Commission noted in the Primary Purpose Rulemaking, 70 FR at 3113, the 124 Random House College Dictionary defines “commercial” as “of, pertaining to, or characteristic of commerce; engaged in commerce.” It defines “commerce” as “an interchange of goods or commodities, especially on a large scale; trade; business.” RANDOM HOUSE COLLEGE DICT IONARY 270 (Rev. ed. unabridged 1980). Likewise, the term “commerce” as defined in section 4 of the FTC Act, 15 U.S.C. § 44, is broadly construed to include services that are provided without charge where they include commercial advertising. See, e.g., Ford Motor Co. v. FTC, 120 F.2d 175, 183 (6th Cir. 1971) (“Interstate commerce includes intercourse for the purpose of trade which results in the passage of property, persons or messages from within one state to within another state. All of those things which stimulate or decrease the flow of commerce, although not directly in its stream, are essential adjuncts thereto . . . . The use of advertising as an aid to the production and distribution of goods has been recognized so long as to require only passing notice.”). -46- situations in which there has been no exchange of consideration between the sender and the recipient. This is consistent with the Commission’s interpretation of the term “commercial 123 electronic mail message,” which, as defined in section 7707(2), includes an email the primary purpose of which is the advertisement or promotion of a commercial product or service that is free and does not involve the exchange of consideration so long as it is a “commercial product or service (including content on an Internet website operated for a commercial purpose).” Many free Internet services are undoubtedly engaged in “commerce” and offer consumers goods or services that are “commercial” in nature whether or not they involve an exchange of consideration. 124See NAEDA; Wahmpreneur; FNB; Wells Fargo; ESPC; NAFCU; NAIFA; CBA; 125 Discover; PCIAA; SIA. But see Schnell (arguing against application of section 7702(17)(A)(i) to affiliated third parties). See NAIFA; NAIDA; FNB; IAC (comments submitted in response to ANPR); 126 Wahmpreneur. For example, if a consumer purchases an airline ticket on a travel website like Orbitz, a subsequent message from Orbitz or the airline (or both) “to facilitate, complete, or confirm” the message will be a “transactional or relationship message” (or a dual purpose message if there is additional content in the email). Likewise, an email from an insurance agent (continued...) -47- e. Affiliated Third Parties Acting on Behalf of a Person With Whom the Recipient Has Previously Entered Into a Commercial Transaction The NPRM invited comment concerning the application of the Act to messages sent by affiliated third parties that are acting on behalf of an entity with whom a consumer has transacted business. All but one of the dozen commenters addressing this issue argued that messages “to facilitate, complete, or confirm a commercial transaction to which the recipient has previously agreed” are generally “transactional or relationship messages” under section 7702(17)(A)(i) regardless of whether the messages were transmitted by the entity with whom the consumer transacted business or an affiliated third party acting on the business’s behalf. 125 Because there is no evidence of changes in email technology or practices that would warrant amending the Rule expressly to address messages sent by affiliated third parties that are acting on behalf of an entity with whom the recipient has done business, the Commission does not make any modifications to the Rule concerning such messages. In addition, the Commission notes that the examples provided by commenters (e.g., travel agents, insurance agents) are fairly straightforward examples of types of messages that would likely qualify as a “transactional or relationship message” under section 7702(17)(A)(i). The Commission, however, does not 126(...continued) 126 to a customer can qualify as transactional or relationship in nature notwithstanding the fact the customer paid the premium to the insurer, not its agent. NPRM, 70 FR at 25434, 25450. 127 See NADA; ARDA; FNB; Wells Fargo; BOA; Cendant; SIA; SIIA; CBA; MPAA; 128 KeySpan; Discover. See also Schnell (emails to effectuate or complete a negotiation should be deemed transactional or relationship only if the recipient has a reasonable expectation that such a negotiation will occur via email). -48- interpret this provision as necessarily covering every email message sent by an affiliated third party. For example, if an affiliated third party were to market its own product, service, or Internet website in an email message in which the affiliated third party is also facilitating or completing a transaction on behalf of another vendor, then that message would contain both commercial and transactional content, thus triggering analysis of the primary purpose of the dual purpose message. f. Messages Sent to Effectuate or Complete a Negotiation In the NPRM, the Commission asked under what circumstances an email sent to effectuate or complete a negotiation should be considered a “transactional or relationship message” under section 7702(17)(A)(i). Twelve of the 13 commenters addressing this issue 127 agreed that such messages should be deemed transactional or relationship messages or should fall outside the scope of the Act. 128 The Commission declines to alter the definition of “transactional or relationship message” to address communications for the purpose of effectuating or completing a negotiation because of the lack of any evidence in the record that such a modification would be necessary toNPRM, 70 FR at 25434. 129 -49- accommodate changes in email technology or practices and to further the purposes of the Act. However, even without such a modification, the Commission continues to believe that, as it stated in the NPRM, to the extent that negotiation may be considered a “commercial transaction” that a recipient has previously agreed to enter into, such messages likely would be considered transactional or relationship under section 7702(17)(A)(i) if they were sent to facilitate or complete the negotiation. The Commission, however, does not interpret the term 129 “transactional or relationship message” to include an initial unsolicited message that proposes a transaction and attempts to launch a negotiation by offering goods or services. Likewise, after a party has terminated a negotiation, an email from the other party seeking to restart the negotiations would not be a “transactional or relationship message.” g. Messages in the Employment Context In the NPRM, the Commission sought comment on the Act’s application to several types of emails that arise in the employment context. Due to the lack of evidence in the record that would satisfy the statutory standard for modifying the definition of “transactional or relationship message,” the Commission does not adopt any provision in the final Rule concerning such messages. (i) Messages Concerning Employee Discounts or Similar Messages The NPRM asked whether it is appropriate to classify emails from employers offering employee discounts or similar messages as communications that “provide information directlyId. at 25436, 25450. 130 Id. at 25450. 131 See Associations; NNA; CBA; NRF; NADA; FNB; MPA; SIIA; Coalition; MPAA; 132 KeySpan; Wells Fargo; BOA; ASTA; DoubleClick; Nextel. See AeA; Discover; PCIAA; Schnell. 133 See, e.g., CBA (“The conclusion must be that an employer can send whatever message 134 it desires to an e-mail account that the employer owns and assigns the employee.”); NRF (“[If] the company provides the e-mail account to the employee primarily for the employer’s benefit, [then] the employer should be free to utilize its own proprietary network to send information to its employees.”). -50- related to an employment relationship” under section 7702(17)(A)(iv). In addition, the 130 Commission asked whether it was relevant whether the employee’s email address to which the message was sent had been assigned to the employee by the employer. All 20 commenters that 131 addressed this issue argued either that such messages should be considered “transactional or relationship messages” under section 7702(17)(A)(iv) or that they are neither “commercial” 132 nor “transactional or relationship” messages and thus fall outside the scope of the Act. A 133 consistent theme in the comments was that an employer should be free to send whatever information it wants to an email address that the employer owns and assigns to an employee. 134 In such circumstances, these commenters argued, the employer is both the “sender” and the “recipient” under the Act. The comments persuade the Commission that section 7702(17)(A)(iv) should be interpreted to encompass messages that offer employee discounts from employers to email accounts they have provided to their employees. Moreover, there is nothing in the legislative history suggesting that such emails were of concern to Congress in enacting CAN-SPAM. The Commission, however, rejects the argument of some commenters that employees 135 should not be deemed “recipients” under the Act of such messages sent by their employers to their employer-provided email addresses. See, e.g., BOA; CBA; Coalition; DoubleClick; DMA; MPA; Wells Fargo. The Act broadly defines the “recipient” as an “authorized user of the electronic mail address to which the message was sent or delivered” and does not require ownership of the email address. 15 U.S.C. 7702(14) (emphasis added). Consequently, employees are “recipients” of messages delivered to their workplace email accounts, whether such emails were sent by their employers or another person. See KeySpan; FNB; MPAA; PCIAA. But see Schnell (“commercial messages to 136 employees of a given employer that come from third parties should not be considered transactional or relationship messages, and should be considered commercial under (continued...) -51- Further, it seems unlikely that employers would inundate their employees’ workplace email accounts with offers of employee discounts and the like and thereby divert their employees’ attention from their job responsibilities. Thus, because the definition of “transactional or 135 relationship message” is broad enough to encompass emails from employers to their employees offering discounts, it is unnecessary to modify the definition to address such messages. (ii) Messages From a Third Party on Behalf of the Recipient’s Employer In the NPRM, the Commission asked whether an email that “provide[s] information directly related to an employment relationship or related benefit plan in which the recipient is currently involved” and that would be a “transactional or relationship message” under section 7702(17)(A)(iv) if it were sent by the recipient’s employer would retain its transactional or relationship character if sent by a third party acting on the employer’s behalf. Most of the handful of commenters that addressed this question agreed with the Commission’s view that messages sent by a third party on behalf of an employer should be considered transactional or relationship in nature. The Commission reiterates its interpretation of section 7702(17)(A)(iv) 136(...continued) 136 CAN-SPAM”). Nevertheless, the Commission’s interpretation does have its limits. For example, if a 137 third party were to market to a client company’s employees the third party’s own goods and services on its own behalf, rather than on behalf of the client, those messages would not be deemed “transactional or relationship messages” under section 7702(17)(A)(iv). NPRM, 70 FR at 25436, 25450. 138 See FNB; KeySpan; Discover; MPAA. 139 -52- as being sufficiently broad to allow an employer to retain a third party as its agent to send a message to its employees that would otherwise fit within the confines of a “transactional or relationship message.” Thus, because the definition of “transactional or relationship message” 137 is broad enough to include a message sent by the third-party agent of an employer to its employees, provided the message would be considered transactional or relationship in nature if sent by the employer itself, there is no need to modify the definition of “transactional or relationship message” to address such messages. (iii) Messages Sent After an Offer of Employment is Tendered In the NPRM, the Commission asked whether, for purposes of section 7702(17)(A)(iv) of the Act, providing information directly related to an employment relationship should include providing information related to such a relationship after an offer of employment is tendered, but prior to the recipient’s acceptance of the job offer. The several commenters that addressed the 138 issue believed that such messages provide “information directly related to an employment relationship” and thus are transactional and relationship in nature. None of the commenters 139 argued that prospective employees would be subject to unwanted commercial email messages15 U.S.C. 7702(2). 140 One commenter argued that section 7702(17)(A)(iv)’s exemption for employment- 141 related emails “does not go far enough” and that the final Rule should exempt “e-mails regarding current or prospective job openings that are sent to individuals who are not currently employed by the sender, and who are not charged any fees or other consideration in connection with any current or prospective job.” ASA. As noted above, if such emails do not advertise or promote a product or service, they are not commercial email messages and thus they fall outside the Act. -53- from their prospective employers between the time an offer of employment is made and the time it is either accepted or rejected. As an initial matter, the Commission notes that, where the primary purpose of an email from an employer to a prospective employee is something other than the promotion or advertisement of a commercial product or service, the message would not be subject to CANSPAM’s requirements for commercial email messages. Where, for example, a message 140 provides only information about a prospective employee’s salary and job responsibilities and does not advertise or promote a commercial product or service, it is not a “commercial electronic mail message” under the Act. Rather, an email sent to a prospective employee who has received a bona fide offer of employment after actively seeking such employment would be considered information “directly related to an employment relationship or related benefit plan” under section 7702(17)(A)(iv), provided the email concerned only the prospective employment relationship. 141 To the extent, however, that such messages included both information about the job offer and an advertisement or promotion of a commercial product or service, e.g., an effort to induce the job applicant to purchase the employer’s goods or services, then the message would be analyzed as a16 CFR 316.3. 142 NPRM, 70 FR at 25450. 143 See NADA; NAEDA; Wahmpreneur; ICC; MPAA; KeySpan; PCIAA; United; IPPC; 144 Jumpstart; NEPA; TimeWarner; DoubleClick; Mattel. See also NFCU (electronic newsletters sent to a sender’s members should be entirely exempt from CAN-SPAM); Discover (arguing that primary purpose of a newsletter delivered by email should be determined on a case-by-case basis); Schnell (opining that consumer request for electronic newsletter or other content is not determinative under CAN-SPAM); Sonnenschein (advocating a distinction between the “bona fide transaction [in which a consumer] sign[s] up for a service or subscrib[es] to receive emails, coupons, or electronic newsletters and the mere provision of affirmative consent to receive commercial emails”). See DoubleClick; MPAA; FNB. 145 -54- dual purpose message under the Primary Purpose provisions of the Commission’s CAN-SPAM Rules. 142 h. Electronic Newsletter Subscriptions and Other Content that a Recipient is Entitled to Receive as a Result of a Prior Transaction with the Sender The NPRM asked “where a recipient has entered into a transaction with the sender that entitles the recipient to receive future newsletters or other electronically delivered content, should email messages the primary purpose of which is to deliver such products or services be deemed transactional or relationship messages?” The commenters that addressed this issue generally 143 believed such emails were “transactional or relationship messages” under section 7702(17)(A)(v). Several commenters thought the Commission’s “primary purpose” rule 144 already addressed the issue and supported the position that transmission of a periodical delivered via email “falls within one of the ‘transactional or relationship message’ categories.” In 145 addition, three commenters stressed that it is irrelevant whether electronic newsletters or other content provided via subscription are entirely commercial in nature (e.g., a catalog), so long asSee NEPA; ICC; Sonnenschein. 146 See NPRM, 70 FR at 3118. Likewise, the Commission continues to believe that, as it 147 explained in the Primary Purpose Rulemaking, “if an email consists exclusively of commercial content (such as a catalog or other content that is purely an advertisement or promotion), then the email would be a single-purpose commercial message. This is because delivery of such advertising or promotional content would not constitute the ‘delivery of goods or services * * * that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender,’ under section 7702(17)(A)(v).” Id. at 3118 n.91. -55- the content conforms to the consumer’s reasonable expectations about the material he or she has requested. 146 The comments do not establish the statutory prerequisite to modifying the definition of “transactional or relationship message” expressly to address electronic newsletters and other content sent pursuant to a subscription. Specifically, there is no showing that such a modification is necessary to accommodate changes in email technology or practices and to accomplish the goals of the Act. Moreover, the Commission believes that the existing definition of “transactional or relationship message” already adequately addresses such emails. In view of the comments received on this issue, the Commission continues to believe, as it stated in the Primary Purpose Rulemaking, that when a recipient subscribes to a periodical delivered via email, transmission of that periodical to that recipient falls within section 7702(17)(A)(v), which includes “goods or services . . . that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender,” provided the periodical consists exclusively of informational content or combines informational and commercial content. On the other hand, when a sender delivers an unsolicited newsletter or 147 other periodical via email, and there is no subscription, the situation is materially different forId. at 25438 n.137, 25450. For the most part, commenters described “business 148 relationship messages” as arising in the context of business-to-business communications, rather than communications with individual consumers. See, e.g., BOA (“For example, in the first mortgage business, e-mails are sent to brokers to inform them up-to-the minute information about current mortgage rates.”); CBA (“in the context of the equipment leasing industry, it is typical for lenders to e-mail equipment vendors a rate sheet that describes the amount of interest a lender would charge on a given piece of equipment”); Reed (“For example, our ad sales personnel routinely contact current advertisers about upcoming issues of publications.”). But see Cendant (interpreting “business relationship messages” to encompass messages from a business to individual consumers with whom the sender has an existing business relationship). See CBA. 149 -56- purposes of CAN-SPAM than when such content is delivered with the consent of the recipient. In such a scenario, the emails likely would not be “transactional or relationship messages” within the meaning of the Act. i. “Business Relationship” Messages The NPRM asked whether the Commission should expand the Act’s definition of “transactional or relationship message” to include what some commenters call “business relationship messages,” which are individualized messages sent from one employee of a company to an individual recipient (or a small number of recipients) at another business. Or, 148 as one commenter described this type of message “one-to-one e-mail that is sent by employees in the business-to-business context.” The nine commenters who addressed the issue of “business 149 relationship” messages all supported expanding the definition of “transactional or relationship message” to include this type of email. Commenters did not claim that business relationship messages are “commercial electronic mail messages” under the Act, but, rather, opined that if such messages were deemed “commercial electronic messages,” they would face significant administrative and technological burdens, because business email systems are not designed toSee, e.g., BOA; CBA; Wells Fargo; MPAA. 150 See BOA; CBA; Cendant; ESPC; ICC; KeySpan; MPAA; Reed; Wells Fargo. 151 15 U.S.C. 7704(a)(4)(B). 152 -57- scrub each email sent by each employee against the business’s CAN-SPAM opt-out list. In 150 addition, commenters argued that such a requirement would interfere with legitimate practices that are critical to business relationships and operations. To avoid any such potential 151 problems, the commenters urged the Commission to add a new category of “transactional or relationship message” to cover business relationship messages. None of the commenters, however, demonstrated changes in email technology or practices that would warrant an express carve-out for business relationship messages. For example, there is no evidence that the technological burdens that the commenters cite as a basis for creating the exemption did not exist when the Act was passed in 2003. There is, therefore, an insufficient evidentiary basis to modify the definition of “transactional or relationship message” under the statutory standard. Thus, the Commission declines to add a “business relationship message” category to the definition of “transactional or relationship.” In any event, the commenters’ concerns about the impact of the Act on the ability of one of their employees to send emails to a small number of employees at another company with which they have a preexisting relationship may be overblown. For example, to the extent an employee at one company provides affirmative consent to receive emails from an employee of another company, or from that company in general, such consent overrides any prior opt-out request. Consequently, when affirmative consent has been given, there is no need to “scrub” 152NPRM, 70 FR at 25450. 153 Id. 154 -58- the email against the business’s CAN-SPAM opt-out list. Nevertheless, the recipient can always opt out of receiving future emails from the sender, notwithstanding his or her prior affirmative consent. As the Commission has previously observed, affirmative consent to receive commercial emails from a sender does not eliminate the sender’s obligation to provide a functioning Internetbased mechanism to opt out of receiving future emails or any of the sender’s other obligations under CAN-SPAM. j. Messages from an Association to its Membership In the NPRM, the Commission stated that it believes that email messages from an association or membership entity to its members are likely “transactional or relationship messages” under section 7702(17)(A)(v). The Commission inquired whether messages from 153 such senders to lapsed members should also be considered transactional or relationship under section 7702(17)(A)(v), and whether messages to lapsed members should be considered commercial electronic messages when they advertise or promote the membership entity. The 154 seven commenters that addressed this question argued that email messages to lapsed membersSee NAEDA; Independent; NAFCU; CUNA; Cendant; PCIAA; SIIA. In addition, 155 some commenters, while not responding to the NPRM’s inquiry about lapsed members, addressed the question of the Act’s regulation of communications from an association to its current members. See, e.g., Metz; SHRM; ABM; ARTBA; NAR; ACA; ASAE. As the Commission explained in the NPRM, 70 FR at 25438, and reiterates here, messages from an association to its membership are likely transactional or relationship in nature. The Commission continues to believe, however, that there is no basis to expand the existing definition of “transactional or relationship” to create an express exemption for such communications. See NAEDA (arguing that messages to former members should be allowed and 156 considered transactional or relationship messages for a specific amount of time e.g., 180 days); Independent (arguing that messages to former members are still “transactional or relationship messages” rather than “commercial” messages for 12 months after membership lapses); Cendant (membership entity should be able to contact members for 18 months after last transaction); CUNA (arguing that contact may be made for a reasonable amount of time); PCIAA (stating that, consistent with the Do-Not-Call Rules, an email message to a lapsed member should be considered a “transactional or relationship message” for 90 days after the membership has lapsed); VFCU (arguing that email messages to lapsed members should still be considered transactional or relationship in nature if the purpose is related to administrative matters). See also SIIA (arguing against a “per se approach” concerning an association’s communications with lapsed members). There are, of course, exceptions; for example, an email from a membership 157 organization to a lapsed member to obtain payment of a debt would be a “transactional or relationship” message under section 7702(17)(a)(i), just as a debt collection email from nonmembership entity would be transactional and relationship in nature, as discussed above. See supra Part II.A.3.b. -59- should be considered “transactional or relationship messages,” but most recommended limiting 155 the amount of time that such email messages may be sent to former members. 156 Under the existing definition of “transactional or relationship message” the Commission believes that where a recipient is no longer a member of an organization, it is unlikely that messages from the organization fall within any of the categories of “transactional or relationship messages.” For example, a message that advertises or promotes the sale of a new or renewed 157 membership would be a “commercial electronic mail message” (or a dual purpose message to the-60- extent it also includes non-commercial content). However, the Commission declines to modify the definition of “transactional or relationship message” to include such emails. None of the commenters offered any evidence that either such modification is necessary to accommodate changes in email practices or technology or to accomplish the purposes of the Act, and thus the statutory standard for amending the definition of “transactional or relationship message” is not satisfied. 4. Section 316.2(p) — Definition of “Valid Physical Postal Address” Proposed Rule 316.2(p) clarified that a sender may comply with section 7704(a)(5)(A)(iii) of the Act — which requires inclusion in any commercial email message of the sender’s “valid physical postal address” — by including in any commercial email message any of the following: (1) the sender’s current street address; (2) a Post Office box the sender has registered with the United States Postal Service; or (3) a private mailbox the sender has registered with a commercial mail receiving agency (“CMRA”) that is established pursuant to United States Postal Service regulations. A substantial majority of commenters supported the proposed definition. In consideration of these comments, the Commission adopts as a final Rule a modified version of the definition proposed in the NPRM. This modified definition allows for the use of Post Office or private mailboxes, but clarifies that a sender must “accurately” register such mailboxes pursuant to postal regulations to be considered a “valid physical postal address” under the Act. Comments addressing the proposed definition are discussed in detail below. In response to the NPRM, the Commission received 25 comments addressing the definition of “valid physical postal address.” Of these, 18 commenters supported the definitionSee, e.g., ACLI; ACB; DMA; DoubleClick; NNA; SIA. 158 See Discover; Independent; NAR. 159 See HSBC; MasterCard. 160 See HSBC. 161 -61- as proposed. Specifically, supporters noted that the proposed definition appropriately recognized that many legitimate businesses, large and small alike, use Post Office boxes or private mailboxes, and that allowing commercial email messages to disclose such a P.O. box or private mailbox would provide flexibility and security to email marketers without compromising law enforcement efforts. Other commenters, including small businesses and independent 158 contractors, supported the proposed definition because it recognizes the privacy and security concerns of individuals who work from home or are fearful of publishing their street address for other reasons. 159 Two additional commenters supported the Commission’s proposal that P.O. boxes and private mailboxes be included under the definition of “valid physical postal address,” but objected to the additional requirement that the sender be registered with the United States Postal Service (“USPS”). Specifically, HSBC Bank Nevada (“HSBC”) and MasterCard suggested that the definition be modified to allow for any address to which mail is delivered for a particular sender, whether or not that sender is registered with the USPS. HSBC noted that several 160 affiliated companies often will receive mail at the same P.O. box, yet not all such companies may be registered to use that box with the USPS, as the proposed definition would require. HSBC 161 and MasterCard argued that their proposed modifications would achieve the purposes of the ActSee HSBC; MasterCard. 162 Under USPS regulations, federal, state, or local government agencies may obtain postal 163 and private mailbox registrant information from the USPS upon written certification that such information is required to perform the agency’s duties. 39 CFR 265.6(d)(4) & (d)(9). This is one avenue that law enforcement can pursue in order to identify a sender that fails to comply with CAN-SPAM. See Domestic Mail Manual (“DMM”) 508.4.3.1(b) (other adult persons who receive 164 mail in the post office box of an individual box customer must be listed on Form 1093 and must present two items of valid identification to the post office). See DMM 508.4.3.1(c) (requiring an organization’s employees or members who 165 receive mail at the organization’s postal box to be listed on Form 1093; each person must have verifiable identification and present this identification to the Postal Service upon request) and PS Form 1583 (if applicant is a firm, applicant must provide the name of each person whose mail is to be delivered). -62- by providing consumers with a mechanism to contact senders other than by email. The 162 approach suggested by MasterCard and HSBC, however, does not take into account the other important purpose of the valid physical postal address provision — that law enforcement authorities be able to identify a sender using a given address, which would be difficult if not impossible without registration of all mailbox users with the USPS. 163 Furthermore, USPS regulations require that anyone registering an individual P.O. box identify the names of all persons authorized to receive mail at such address, and to provide two forms of identification for each listed person. Similarly, with respect to “organization” P.O. 164 boxes or private mailboxes where the applicant is a “firm,” USPS regulations require any of the organization’s members or employees who receive mail at such mailbox to be listed on the requisite postal form. Thus, USPS regulations specifically require that anyone receiving mail 165 at a given address be registered with the USPS. See CUNA; NFCU; Sowell. 166 NPRM, 70 FR at 25439 (quoting SIIA). 167 See Kapecki. 168 -63- Only five commenters opposed the Commission’s proposed definition of “valid physical postal address.” Three of these commenters felt that P.O. boxes and private mailboxes should not be included in the proposed definition because they are often used in fraud schemes as a way to shield their owners from identification. The Commission previously addressed this 166 argument in the NPRM, noting that “‘[a]n individual or entity seeking to evade identification can just as easily use inaccurate street addresses’ as hide behind a Post Office box or private mailbox.” No commenters provided any information to refute this statement. 167 One consumer commenter opposing the proposed definition suggested that P.O. boxes have proven insufficient as a means of contacting senders that fail to honor opt-out requests. 168 The Commission, however, has no evidence to suggest that certain senders are difficult to contact because of the fact that those senders have provided P.O. boxes or private mailboxes as their contact addresses. It is more likely the case that such senders are unscrupulous and have either provided a false or nonexistent address as a means of evading identification, or simply do not respond to consumer inquiries. In such instances, the Commission sees no added benefit to requiring that senders provide a street address, which could just as easily be falsified or simply disregarded. Finally, ACUTA suggested that the Commission assess and evaluate the relevant postal regulations to ensure that they adequately protect the interests of consumers and lawSee ACUTA. 169 See, e.g., DMM 508.1.9.2(a) (requiring applicants of private mailboxes to furnish two 170 forms of valid identification). -64- enforcement. Such evaluation, however, goes beyond the scope of this rulemaking 169 proceeding — especially when the Commission has no basis upon which to question the effectiveness of the USPS regulations. In consideration of all of these comments, the Commission adopts a modified definition of “valid physical postal address.” In the final Rule, the Commission has modified slightly the definition of “valid physical postal address” to clarify that a sender must “accurately” register a P.O. box or private mailbox in compliance with these regulations. For example, if a sender provides a P.O. box or private mailbox address in its commercial email message and is not accurately identified on the applicable postal form, fails to provide two forms of valid identification if required, or otherwise fails to comply with applicable USPS regulations, such 170 address would not be considered a “valid physical postal address” for purposes of the Act. Accordingly, the Commission adopts final Rule 316.2(p), which provides that a “‘valid physical postal address’ means the sender’s current street address, a Post Office box the sender has accurately registered with the United States Postal Service, or a private mailbox the sender has accurately registered with a commercial mail receiving agency that is established pursuant to United States Postal Service regulations.” (Emphasis added.)15 U.S.C. 7702(16)(A). 171 -65- 5. Applicability of the Act to Forward-to-a-“Friend” Email Marketing Campaigns In the NPRM, the Commission sought comment on CAN-SPAM’s impact on forward-toa-“friend” email — a type of commercial email that can take a variety of forms. In its most basic form, a person (the “forwarder”) receives a commercial email message from a seller and forwards the email message to another person (the “recipient”). Other scenarios include those in which a seller’s web page enables visitors to the seller’s website to provide the email address of a person to whom the seller should send a commercial email. Due to the myriad forms of forward-to-a-“friend” email, CAN-SPAM’s applicability to such messages is a highly fact specific inquiry. As explained below, the central question in this analysis often will be whether the seller has “procured” the origination or transmission of the forwarded message. a. Background In the NPRM, the Commission discussed the interplay of multiple definitions in CANSPAM and their relevance in analyzing the Act’s applicability to forward-to-a-“friend” emails. The Commission began its analysis by examining CAN-SPAM’s definition of “sender” which the Act defines to mean “a person who initiates [a commercial electronic mail] message and whose product, service, or Internet web site is advertised or promoted by the message.” Thus, 171 to be a “sender,” a seller must be both an “initiator” of the message and have its product, service, or Internet website advertised or promoted by the message.15 U.S.C. 7702(9). 172 The NPRM indicated that to “intentionally induce” the initiation of a commercial email 173 a “seller must make an explicit statement that is designed to urge another to forward the message.” 70 FR 25441. For instance, the Commission posited that a seller would induce a message (and 174 therefore “procure” the initiation of a message) if, without offering to provide a forwarder with any consideration, its web-based forwarding mechanism urged visitors to “Tell-A-Friend – Help spread the word by forwarding this message to friends! To share this message with a friend or colleague, click to the ‘Forward E-mail button.’” NPRM, 70 FR at 25441 n.178. -66- A forward-to-a-“friend” email will ordinarily advertise a seller’s product, service, or website. Thus, the NPRM focused on whether a seller would meet CAN-SPAM’s definition of “initiate.” The Act defines “initiate” to mean “to originate or transmit such message or to procure the origination or transmission of such message, but shall not include actions that constitute routine conveyance of such message.” 172 In the NPRM, the Commission then examined the meaning of the term “procure” and concluded that a seller “procures” an email by either: (1) providing a forwarder with consideration (such as money, coupons, discounts, awards, additional entries in sweepstakes, or the like) in exchange for forwarding the message, or (2) intentionally inducing the initiation of a commercial email through an affirmative act or an explicit statement that is “designed to urge another to forward the message.” Thus, the Commission opined that CAN-SPAM’s inclusion 173 of the word “induce” in the definition of “procure,” meant that a seller could “procure” the initiation of a message without offering to provide a forwarder with any consideration if it exhorted visitors to its website to forward a message. 174Id. at 25441-42. 175 -67- Finally, the Commission concluded by stating that a seller who offered a web-based “click-here-to-forward” mechanism, but did not exhort visitors to forward a message or offer to pay or provide other consideration in exchange for forwarding the message, would be engaged in the “routine conveyance” of the message and therefore not be an “initiator” of the message. 175 b. Comments Received in Response to the NPRM The Commission received more than forty comments concerning forward-to-a-“friend” emails. Some of these comments asserted that: (1) forward-to-a-“friend” messages are not “commercial electronic mail messages”; (2) most marketers whose products, services, or website are promoted by a forward-to-a-“friend” message are engaged in “routine conveyance”; (3) the Commission’s view of “routine conveyance” was unduly narrow; (4) forward-to-a-“friend” emails sent through a seller’s web-based mechanism should be treated the same as emails that the seller sends to a forwarder who then forwards the messages to a recipient; (5) making CANSPAM’s applicability hinge on whether a seller offered to pay a forwarder consideration was contrary to the language and purpose of the Act; (6) sweeping forward-to-a-“friend” messages into CAN-SPAM would impose high compliance burdens for sellers. Each cluster of comments is elaborated upon below. First, some commenters opined that the most relevant inquiry in a forward-to-a-“friend” scenario is whether the primary purpose of the forwarded message is “commercial.” If theSee CBA; DMA; HSBC; Wells Fargo. Section 316.3 of the Rule defines the “primary 176 purpose” test for commercial email. 16 CFR 316.3. See, e.g., Microsoft. 177 See, e.g., AeA; Charter; ePrize; ERA; Independent; MPA; Masterfoods; Mattel; 178 Microsoft; OPA; PMA. See AeA; ePrize; ERA; MPAA; MPA; Masterfoods; Mattel; Microsoft; NCTA; 179 NetCoalition; OPA; PMA; SIIA; Wells Fargo. But see Metz (“A company that sends a commercial e-mail and provides a website for forwarding that e-mail is not simply engaging in ‘routine conveyance’; the message that it is conveying is its own.”). See, e.g., ERA; ePrize; MPA; Microsoft (“a message may be induced or procured but 180 still fall within the routine conveyance exception to the Act’s definition of ‘initiate’”); NAIFA; PMA; SIIA. -68- message’s primary purpose is not “commercial” (and it is not a “transactional or relationship message”), CAN-SPAM does not apply. 176 Second, a handful of commenters asserted that the key factor in determining whether a forward-to-a-“friend” message is covered by the Act should be whether the seller is engaged in “routine conveyance.” These commenters argued that under section 7702(9) of the Act, any 177 person engaged in “routine conveyance” is necessarily not an “initiator,” and thus it is unnecessary to inquire whether it “procured” the message in question. Third, a number of commenters posited that the Commission’s understanding of what constitutes “routine conveyance” was unduly narrow. Many commenters opined that all, or 178 almost all, forward-to-a-“friend” mechanisms constitute “routine conveyance.” Some 179 commenters argued that under the Act’s definition of “initiate,” whether a company pays consideration or otherwise induces a person to forward an email is irrelevant to whether the company is engaged in “routine conveyance.” The majority of commenters, however, 180See ACLI; BOA; Charter; CBA; Discover; MasterCard; MPAA; NRF; NetCoalition; 181 OPA; Time Warner. For comments arguing that a company could be engaged in routine conveyance 182 notwithstanding its offer of sweepstakes entries, coupons, discounts, “points” and the like to persons for forwarding an email, see, e.g., AeA; ERA; FNB; Mattel; Coalition; PMA; RIAA (“[The] legislative history also casts doubt on whether Congress intended that the furnishing of merely nominal consideration - for instance, ‘points’ to be accumulated toward the award of a free CD or music download - would be enough to qualify as ‘procuring’ the forwarding of a commercial e-mail. Surely when one company ‘hires’ another to carry out a commercial e-mail campaign, much more than nominal consideration would be involved.”). For comments expressing the view that an offer of sweepstakes entries, points, coupons, discounts and the like in exchange for forwarding a message would render a company ineligible for the routine conveyance exception, see, e.g., Charter; MPAA; NAA; NRF; OPA; Time Warner. See, e.g., Charter; DMA. 183 -69- expressed the view that a company that offers consideration to a person to send or forward an email to another person is not engaged in “routine conveyance” under the Act. Within this 181 group, commenters were divided as to whether the offer of de minimis consideration, such as coupons, sweepstakes entries, or points towards the purchase of a good or service, was sufficient to render a company ineligible for the “routine conveyance” exception. 182 Fourth, many commenters also stated that web-based mechanisms for forwarding emails should be treated no differently than the “forward” button on a typical email program. In these 183 email programs, the “sender” of the email, according to the commenters, is the person forwarding the email. Fifth, many of the commenters noted that making the offer of consideration the standard for determining whether a forwarder “procured” the origination or transmission of a message or engaged in “routine conveyance” would both be contrary to Congress’s intent in passing theSee AeA; Associations; Charter; CBA; DoubleClick; MasterCard; Microsoft; NAIFA; 184 NCTA; NetCoalition; PMA; RIAA; SIIA; Wells Fargo. See Masterfoods; Mattel; Visa. 185 See Associations; BOA; Charter; CMOR; DMA; ERA; FNB; Jumpstart; MPAA; 186 MPA; Coalition; NRF; NetCoalition; RIAA; Wahmpreneur. See AeA; Cendant; ePrize (there are substantial costs in building a software platform 187 that would allow scrubbing of names before using forwarding mechanism); MPAA (“It is virtually impossible to meet the CAN-SPAM requirement that a company not send e-mail to someone who has already opted out from its lists for Forward to a Friend, because the company will never know the e-mail address of the recipient . . . . The company would need to put all such e-mail in a queue and then compare the recipient’s e-mail address with its opt-out list, a complicated and laborious process.”); Masterfoods; Mattel; NRF; NetCoalition; Wahmpreneur. The Children’s Online Privacy Protection Rule (“COPPA”), 16 CFR Part 312, 188 establishes rules and guidelines to provide a more secure Internet experience for children and to (continued...) -70- CAN-SPAM Act, and unnecessary because there is no evidence to suggest that Congress or 184 consumers viewed forward-to-a-“friend” messages as spam. 185 Finally, some commenters noted the compliance burdens that would result from the inclusion of forward-to-a-“friend” emails in CAN-SPAM’s regulatory regime. According to these commenters, once a person forwards an email using his or her own email program, the original “sender” loses the ability to control the email message’s content and whether the message retains its compliance with CAN-SPAM. Commenters also stated that it was very 186 difficult to check the names of recipients of forwarded messages against company opt-out lists. 187 Moreover, some commenters who operate websites directed to children opined that if they were considered the “sender” of certain forwarded emails, they would have to honor opt-out requests and maintain opt-out lists, which might cause conflicts with the Children’s Online Privacy Protection Rule. 188(...continued) 188 protect them from unwanted invasions of privacy. As a result, operators of websites directed to children have to follow specific rules on what personal information may or may not be gathered from children. Section 312.5 of COPPA states: “An operator [of a website] is required to obtain verifiable parental consent before any collection, use, and/or disclosure of personal information from children . . . .” Two commenters, Masterfoods and Mattel, argued that the Commission’s proposed application of “induce” would likely result in their being considered the “sender” of emails “initiated” through their websites. They therefore argued that, under the Commission’s analysis in the NPRM, they would be required to maintain an opt-out list, which would undoubtedly contain personal information of children, and could thereby conflict with COPPA. -71- c. Commission Statement on Forward-to-a-“Friend” Emails Whether a seller or forwarder is a “sender” or “initiator” is a highly fact specific inquiry. Nonetheless, the application of the Act to a forward-to-a-“friend” message likely often will turn on whether the seller has offered to pay or provide other consideration to the forwarder. Below, the Commission expands upon its discussion contained in the NPRM by discussing the liability of sellers in two common forms of forward-to-a-“friend” emails: (1) those sent using a webbased forwarding mechanism and (2) those forwarded using the forwarder’s own email program. The Commission then discusses the potential liability CAN-SPAM imposes on consumers who send forward-to-a-“friend” emails. (i) Seller’s Liability in the Context of a Forwarding Mechanism on a Seller’s Website With a web-based mechanism, a seller’s website includes a button that enables a visitor to the website to send an email advertising the seller’s product, service, or website. When the visitor clicks on the button, the seller requests the recipient’s email address and often additional information such as the visitor’s name and email address. The seller may also enable the visitor to add text that will be included in the message sent to the recipient. Upon entering the15 U.S.C. 7702(16). 189 15 U.S.C. 7702(9). 190 15 U.S.C. 7702(15). 191 -72- information, the visitor must press a “send” button for the message to be sent. The message will be sent to the recipient via the seller’s or seller’s agent’s email server. The starting point in analyzing CAN-SPAM’s applicability to forward-to-a-“friend” messages is the language of the Act. A seller is a “sender” if it “initiates” the message and its product, service, or Internet website is advertised or promoted in the message. Because the 189 message sent using the seller’s web-based mechanism will ordinarily advertise the seller’s product, service, or website, the seller will be a “sender” if it “initiates” the message sent to the recipient. CAN-SPAM defines “initiate” to mean “to originate or transmit [a commercial email] or to procure the origination or transmission of such message, but shall not include actions that constitute routine conveyance of such message.” Thus, where a seller is involved solely in 190 “routine conveyance,” the seller will be exempt from the responsibilities of an “initiator” or a “sender” under the Act. The Act defines “routine conveyance” to mean the “transmission, routing, relaying, handling, or storing, through an automatic technical process, of an electronic mail message for which another person has identified the recipients or provided the recipient addresses.” The Act’s legislative history explains that a company engages in “routine 191 conveyance” when it “simply plays a technical role in transmitting or routing a message and isS. Rep. 108-102 at 15. The legislative history therefore makes clear that, if a seller 192 retains the email address of the person to whom the message is being forwarded for a reason other than relaying the forwarded message (such as for use in future marketing efforts), the seller would not fall within the routine conveyance exemption. 15 U.S.C. 7702(12). 193 70 FR at 25441. 194 -73- not involved in coordinating the recipient addresses for the marketing appeal.” Thus, under the 192 web-based scenario described above, a seller that transmits a message through an automatic technical process to an email address provided by a forwarder, absent more, is engaged in “routine conveyance” and is exempt from liability under the Act. However, under the Act, “routine conveyance” is narrowly circumscribed. Where the seller goes beyond serving as a technical intermediary that transmits, routes, relays, handles, or stores the email, the seller will be liable as the “initiator” and “sender” of the message forwarded from its website. A seller who “procures” the origination or transmission of an email goes well beyond the technical role of transmitting or routing the message. CAN-SPAM defines “procure” to mean “intentionally to pay or provide other consideration to, or induce another person to initiate [a commercial email] on one’s behalf.” 193 As explained in the NPRM, if a seller offers to “pay or provide other consideration” to a visitor to its website in exchange for forwarding a commercial message, the seller will have “procured” any such messages forwarded by the visitor. As noted in the NPRM, the term “consideration” 194 is not defined in the Act, but is generally understood to mean “something of value (such as anB LACK’S LAW DICT IONARY 300 (7th ed. 1999). 195 NPRM, 70 FR at 25441 196 Id. 197 Id. 198 Id. 199 -74- act, a forbearance, or a return promise) received by a promisor from a promisee.” This 195 includes things of minimal value. Accordingly, a message has been “procured” if the seller offers money, coupons, discounts, awards, additional entries in a sweepstakes, or the like in exchange for forwarding a message. Even the offer to provide de minimis consideration takes 196 the seller beyond the mere “routine conveyance” of the forwarded message and into the “procurement” of the forwarded message. The definition of “procure,” however, does not merely cover those scenarios in which a seller offers to pay or provide other consideration to a forwarder. A seller who “induces” another person to initiate a commercial email will also fall within the definition of “procure.” The NPRM explained that “to induce” is much broader than “to pay consideration.” While CANSPAM does not define the term “induce,” in the NPRM, the Commission applied the word’s common definition: “to lead on to; to influence; to prevail on; to move by persuasion or influence.” The Commission then opined that “to induce” did not require the transfer of 197 something of value. Rather, the Commission explained, “one must do something that is 198 designed to encourage or prompt the initiation of a commercial e-mail.” Thus, the 199 Commission stated that, “in order to ‘intentionally induce’ the initiation of a commercial email, the sender must affirmatively act or make an explicit statement that is designed to urge another toId. 200 70 FR at 25441 n.178. 201 Id. 202 -75- forward the message.” In addition, the Commission stated that whether a seller “induced” a 200 person to forward a message could hinge on the forcefulness of the language used by the seller. 201 The Commission believes that this description of “induce” in the NPRM is unduly narrow and inconsistent with the statute’s text and purpose. First, “inducement” need not take the form of an “explicit statement” or “affirmative act” specifically urging someone to send an email. The word “induce” in the definition of “procure” simply makes clear that a seller may “procure” the origination or transmission of a message even where it does not specifically pay or provide other consideration to someone for sending an email. For instance, where a seller offers to pay or provide consideration to someone in exchange for generating traffic to a website or for any form of referrals, and such offer results in the forwarding of the seller’s email message, the seller will have “induced,” and therefore “procured,” the forwarding of the seller’s email. Likewise, in an affiliate program where the seller does not directly offer to pay a sub-affiliate in exchange for generating web traffic or other referrals, the seller’s offer to pay the affiliate for generating web traffic or other referrals will constitute “inducement” of emails sent by the sub-affiliate that advertise the seller’s product, service, or website. Under each of these scenarios, the seller will have “induced” the forwarding of an email and will have gone well beyond routine conveyance. However, CAN-SPAM’s applicability should not rest on the specificity or forcefulness of the language used by the seller, notwithstanding the suggestion to the contrary in the NPRM. 202We assume for purposes of this analysis that the email promotes or advertises the 203 seller’s product, service, or website. 15 U.S.C. 7702(9). 204 Id. 205 -76- Accordingly, a seller’s use of language exhorting consumers to forward a message does not, absent more, subject the seller to “sender” liability under the Act. A seller, of course, is not prohibited from offering consideration to a visitor to its website in exchange for forwarding a commercial message, or otherwise inducing the visitor to do so. If it does, however, it will not be engaged in mere “routine conveyance” and must therefore comply with CAN-SPAM’s requirements for a “sender.” For instance, the seller will need to ensure that it does not forward a message to a recipient who has previously made an opt-out request and will need to include in the message an opt-out mechanism. (ii) Seller’s Liability for Email Forwarded Using a Consumer’s Email Program In the most basic forward-to-a-“friend” scenario, a seller sends a commercial email to a consumer who then, using his or her own email program, forwards the message to a recipient. 203 Typically, the seller will have no liability under CAN-SPAM for the original recipient’s forwarding of an email. It is only where the seller “initiates” the forwarding of the message that it will be deemed the “sender” of the forwarded message under the Act. Again, the starting 204 point is the language of the Act, which defines “initiate” as “to originate or transmit [a commercial email] or to procure the origination or transmission of such message, but shall not include actions that constitute routine conveyance of such message.” In contrast to the web- 205 based scenario discussed above, the “routine conveyance” exemption has no applicability when a15 U.S.C. 7702(12). 206 As noted above, a number of commenters argued that complying with the Act’s 207 requirements when a consumer uses his or her own email program to forward the seller’s email is impracticable for the seller. See Associations; BOA; Charter; CMOR; DMA; ERA; FNB; Jumpstart; MPAA; MPA; Coalition; NRF; NetCoalition; RIAA; Wahmpreneur. However, it is our understanding that marketing campaigns in which consideration is offered to consumers in exchange for forwarding an email typically rely on the seller’s web-based forwarding (continued...) -77- consumer forwards a message using his or her own email program, because the seller would not be involved in the transmission, routing, relaying, or storage of the forwarded message. Nor is the seller “originating” or “transmitting” the message in this scenario. The inquiry thus turns on whether the seller has “procured” the forwarded message. The principles guiding the determination of whether the seller has “procured” the forwarded message are the same here as when the forwarding occurs through the seller’s website. Accordingly, if the seller “pays or provides other consideration” to someone in exchange for forwarding the commercial message, the seller will have “procured” the forwarding of the email. For the reasons explained above, 206 this is true regardless of the amount of the consideration offered; offering de minimis consideration in the form of coupons, discounts, sweepstakes entries and the like in exchange for forwarding a commercial email constitutes “procurement” of the forwarded message. Likewise, if the seller “induces” the forwarding of the message — such as by offering payment in exchange for generating traffic to a website — it will be an “initiator,” and thus also the “sender,” of the forwarded message. In such a circumstance, the seller will be obligated to comply with CANSPAM’s requirements for a “sender,” such as ensuring that the forwarded message contains a functioning opt-out mechanism and ensuring that email is not forwarded to someone who has already opted out of receiving commercial emails from the seller. 207(...continued) 207 mechanism. In such circumstances, there is no reason the seller cannot fully comply with CAN-SPAM. -78- (iii) Liability of a Consumer-Forwarder The NPRM did not discuss the potential liability of a consumer who forwards a commercial message via a seller’s web-based mechanism or using his or her own email program. Such a consumer-forwarder would be an “initiator” under CAN-SPAM regardless of whether the seller “procured” the message because, as explained above, the definition of “initiate” includes the “origination” of a message and the consumer-forwarder would be the “originator” of the message. Thus, while a seller who provided a web-based forwarding mechanism (and did not “procure” the message) would be exempt from “initiator” or “seller” liability where it was engaged in “routine conveyance,” the consumer-forwarder still would be an “initiator.” Likewise, a consumer who forwarded a message using his or her own email program (and the message was not “procured” by the seller) would be an “initiator” of the message, while the seller would not be. Thus, the Act’s terms result in an anomaly: a seller in such situations would be exempt from liability under CAN-SPAM, but the consumer-forwarder would be required to comply with CAN-SPAM’s “initiator” obligations. In other words, as “initiators,” ordinary consumers who, without being offered any consideration or inducement, forward a commercial message using either a seller’s web-based forwarding mechanism or their own email program, would be required to provide recipients with a mechanism for opting out of receiving future commercial emails from the “sender,” a clear and conspicuous disclosure that the message is an advertisement or solicitation, a clear and conspicuous notice of the right to opt out of receiving70 FR at 3113. 208 For the same reason, even where consideration or inducement such as coupons, 209 discounts, awards, additional entries in sweepstakes is provided to the consumer-forwarder, the consumer-forwarder is unlikely to be a target of enforcement (though the seller offering the consideration or other inducement might be), absent indicia that the consumer-forwarder is, in fact, acting akin to an affiliate marketer, for example. -79- commercial emails from the “sender,” and a clear and conspicuous disclosure of the “sender’s physical address.” Yet, because the seller is not an “initiator,” there would be no “sender” of the message under the Act. The Commission believes that Congress did not intend to sweep into CAN-SPAM’s regulatory scheme consumers who, without being offered any consideration or inducement for doing so, use a seller’s web-based forwarding mechanism or their own email programs to send isolated commercial email messages to recipients. Indeed, as the Commission recognized in promulgating the Primary Purpose Rule, “the repeated inclusion of the modifying word ‘commercial’ in section 7702(2)(A) is not merely tautological, but evidences an intention to ensure that the CAN-SPAM regulatory scheme would not reach isolated email messages sent by individuals who are not engaged in commerce, but nevertheless seek to sell something to a friend, acquaintance, or other personal contact.” Hence, the Commission believes that under 208 these facts, such a consumer-forwarder would not be swept into CAN-SPAM’s regulatory scheme. 209 B. Section 316.4 — Prohibition Against Failure to Effectuate An Opt-Out Request Within Ten Business Days of Receipt Section 7704(a)(4) of the Act prohibits senders from initiating the transmission of a commercial email message to a recipient more than ten business days after the senders have15 U.S.C. 7704(c)(1). 210 -80- received the recipient’s opt-out request. Section 7704(c)(1) gives the Commission authority to issue regulations modifying the ten-business-day period — what is, in effect, a “grace period” — for processing recipients’ opt-out requests if the Commission determines that a different time frame would be more reasonable after taking into account “(A) the purposes of [subsection 7704(a)]; (B) the interests of recipients of commercial electronic mail; and (C) the burdens imposed on senders of lawful commercial electronic mail.” Accordingly, in the 210 ANPR, the Commission sought comment on the reasonableness of the ten-business-day grace period for processing opt-out requests and whether a shorter grace period would be more reasonable, in view of the three considerations enumerated in the statute and the relative costs and benefits. In consideration of the comments received in response to the ANPR, the NPRM proposed to shorten the time period for honoring an opt-out request from ten to three business days. The Commission also posed a number of questions in Part VII of the NPRM about the appropriate time to allow for processing an opt-out request, including questions about: technical procedures and cost implications associated with opt-out processing; the level of risk associated with “mail bombing” — the bombardment of an email address with commercial email in the nine business days following an opt-out request, aggressive email targeting tactics; and the effect of third-party arrangements on the timing of opt-out processing. In response to the NPRM, the Commission received numerous comments opposing the proposed rule. Based on the Commission’s analysis of the comments received in response to the NPRM, the Commission is persuaded that: (1) reducing the opt-out grace period from ten to threeSee, e.g., CMOR; BrightWave; Swent; Footlocker; Intermark; Empire; SHRM; FNB; 211 Wells Fargo; VCU; MPAA; ACB; Bigfoot; PMA; BOA; NetCoalition; Reed; DoubleClick; DMA; CBA; Time Warner; Coalition; NEPA; IAC.; Charter; Jumpstart; HSBC; ASAE; Comerica; Cendant; CUNA; KeySpan; MasterCard; Discover; Microsoft; PCIAA; Vertical; BD; Exact; ARTBA; ACUTA; Sprint (stating that it would have to devote at least 30,000 man hours, or in excess of $2 million, in order to modify its systems to accelerate the process of (continued...) -81- business days would not necessarily advance the privacy interests of consumers; (2) the time period for processing opt-out requests required by legitimate commercial emailers varies, and often exceeds three business days depending upon a number of factors, including the size of the business, the existence of third-party marketing agreements, and the maintenance of multiple email databases; and (3) neither the current record nor the Commission’s experience reflects that email bombing of commercial email recipients is a wide-scale tactic deployed by lawful commercial emailers. Furthermore, the record does not reflect that shortening the opt-out grace period would necessarily reduce any potential threat of email bombing. Accordingly, the Commission declines to adopt a final Rule that would reduce the statutory grace period from ten business days to three business days, but will continue to monitor whether commercial emailers are using abusive targeting tactics and/or failing to honor opt-out requests in a timely manner to determine whether regulatory or other action is required in the future. Likewise, as explained below, the Commission reaffirms its refusal to impose a limit on the duration of opt-out requests at this time. 1. The Appropriate Deadline for Effectuating an Opt-Out Request Approximately 100 commenters addressed the issue of whether the period for opt-out compliance should be reduced. The vast majority — over 85 percent — opposed reducing the time frame to less than ten business days. Many of these commenters argued that the need for 211(...continued) 211 implementing opt-out requests); ABM (“Diversified Business Communications has concluded that imposition of a three-day opt-out requirement would reduce the effectiveness of its marketing and increase its cost by a minimum of $20,000 per year.”). See, e.g., ACUTA; BD; Experian. 212 See, e.g., ERA; OPA; ATAA; ARDA; Charter; MPA; PMA. 213 See, e.g., DMA. 214 -82- coordination and synchronization of opt-out mechanisms requires a minimum of ten days. 212 Some of these commenters also suggested that senders of email messages who are not now complying with the Act would not comply with the proposed change, but those who are attempting to comply would be burdened, with no gain in protection of consumers’s privacy interests. 213 A number of commenters provided substantive descriptions of the time frames that are involved with processing opt-out requests and coordinating such efforts with third-party vendors. Commenters explained that the time necessary to process opt-out requests varies based on a number of factors, such as whether the sender itself collects opt-out requests and removes email addresses from its own marketing list or uses a third-party vendor for the entire process or for certain portions of the process. 214 According to another commenter, some cable companies rely on third-party vendors to handle all email marketing, process opt-out requests, and manage suppression lists. “The cable operator may be able to input a customer’s opt-out request in one to two business days in its ownSee NCTA. 215 See Experian. 216 See, e.g., Masterfoods; Mattel; Jumpstart. With respect to these comments, the 217 Commission notes that section 7704(a)(3)(A)(i) of the Act requires that a commercial email message contain a functioning return email address or other Internet-based mechanism that the recipient may use to submit an opt-out request, but does not require requests submitted in other ways to be honored within the given time period. See also NPRM, 70 FR at 25443. -83- internal database, but the third party vendor that provides a variety of targeted marketing and advertising services may take up to 8-10 business days to complete the processing.” 215 A few commenters argued that delays also can result from concerns about privacy with respect to negotiating non-disclosure agreements and using hard copy media, such as CDs, to transmit their suppression files. As one commenter explained: We often see other situations that make the three-day period difficult at best, including large corporations with legacy databases that must plan for their marketing campaigns and use of suppression lists a week in advance, use of hard-copy media — such as CDs — to transmit the files via the postal service, and then the use by small businesses which only have access to low bandwidth connections. A three-day deadline could cause many advertisers, especially small or traditionally offline businesses, to abandon their e-mail acquisition efforts altogether in order to comply. 216 Finally, a few commenters pointed out that they offer not only Internet-based opt-out mechanisms but also opportunities to unsubscribe by telephone or other means, which can be very time-consuming. 217 In terms of potential benefits to consumers from reducing the grace period to three business days, nearly all of the commenters argued that bombarding a recipient with email following an opt-See, e.g., CMOR; Verizon; LashBack; ACLI; ABM; FNB; ERA; ESPC; ARTBA; 218 MPA (arguing that, if a marketer were involved in mail bombing, it could still do so under a three-business-day time frame); PMA; BOA; SIA; NRF; NetCoalition; Reed; DoubleClick; Associations; Time Warner; IAC; ICC; Nextel (asserting that no rational marketer would undertake mail bombing); Charter; HSBC; MasterCard; Discover; Microsoft; Nissan; Vertical; ExactTarget; Sprint. But see iPost (“[I]t has been demonstrated by the use of ‘honeypot’ or ‘spamtrap’ emailboxes that submitting opt-out requests does lead to targeting for receipt of additional commercial email . . . . The length of time that elapses following submission of the opt-out request has little bearing on this practice, which no responsible marketer would employ in any case.”). See Unsub; Rushing; Nelson; NAFCU. 219 See Aurelius; Edge; Schaefer; Roberts; Pernetian; Amin. 220 See, e.g., May (“Extending the time period to 5 days, but shortening from 7 [sic] days, 221 would encompass 90% of the online population and is a reasonable time period to comply with opt-in requests.”); Clear (supporting a compromise of five or six days). See, e.g., NADA; BrightWave; Ezines; ARDA; ABM; ASAE; NAMB (“NAMB 222 believes that the proposed 3-business day time period has a disproportionate economic impact on all small business entities, which includes many mortgage brokers.”); MPA; NAR; NAA (indicating that a three-business-day period would be challenging for small newspapers); ASTA (“Nearly instantaneous processing’ may be possible for some, but there is no record support for the proposition that it is possible for all, or even most, businesses, particularly small (continued...) -84- out request is not a valid concern and that the potential risk of mail bombing would not, in any event, be mitigated by shortening the opt-out period to three days. 218 A few commenters argued either in favor of the proposed three-day time period, or 219 recommended time periods of less than three days. These commenters, several of whom are 220 individual consumers, generally believe that there are no technical obstacles to automatic or nearautomatic opt-out processing. Other commenters suggested that five to seven days could represent a reasonable period of time to process an opt-out request. 221 Many small businesses, however, opined that compliance with a shorter time frame would pose a significant burden due to the technical support needed. For example, some small entities 222(...continued) 222 businesses.”). See, e.g., Sheu; Wiederhoeft; Intermark; ECFCU; SHRM; IS; ASAE; Comerica; IPPC; 223 BD; ARTBA. See, e.g., NNA; ACLI; NRF; ICC. 224 69 FR 16368 (Mar. 29, 2004). 225 -85- process opt-out requests manually or have only part-time staff. Given holidays and vacations, those entities do not believe they could process requests within three days. Small membership-based 223 associations such as the American Road and Transportation Builders Association and SHRM also expressed concern about staffing issues. SHRM argued that it would be unreasonable to expect volunteers or even a single paid staff director to check for, and handle, opt-out requests several times per week to satisfy the proposed three-day rule. Finally, a few commenters argued that ten business days is not sufficient time for processing opt-out requests and a longer time frame would be better. Some of these commenters pointed out 224 that telemarketers have 31 days to process new listings on the National Do Not Call Registry and 225 that commercial email messages directed to certain mobile devices are prohibited if the wireless domain name referenced in the address has been posted on the Federal CommunicationsThe FCC has issued a list of wireless domains to which commercial email messages 226 cannot be directed without the addressee’s express prior authorization or if other conditions are met. 47 CFR 64.3100(a) & (e). The thirty-day safe harbor does not apply if the person or entity initiating the message did so knowing the address was to a protected mobile service. 47 CFR 64.3100(a)(4); Rules and Regulations Implementing the Controlling the Assault Of Non-Solicited Pornography and Marketing Act of 2003, CG Docket No. 04-53, Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, CG Docket No. 02-278, 19 FCC Rcd. 15927, 15969 (2004). See, e.g., Verizon; Intermark; NAR; SIIA; MCI; IAC. 227 -86- Commission’s (“FCC”) wireless domain list for at least 30 days. These commenters argued that, 226 for consistency, 31 or 30 days should be allowed for processing opt-out requests. 227 Having carefully considered the comments concerning the amount of time required to process and coordinate opt-out requests, along with the Commission’s law enforcement experience, the Commission is persuaded that it should retain the ten-business-day grace period for honoring opt-out requests. The Commission is persuaded that its proposal in the NPRM to shorten the period to three business days could impose a substantial burden on legitimate commercial email marketers. In particular, the Commission is concerned that reducing the opt-out period could pose a significant challenge for small entities. In addition, the Commission believes that reducing the opt-out period would not necessarily advance the privacy interests of consumers. Neither the current record nor the Commission’s law enforcement experience indicates that email bombing of commercial email recipients is a wide-scale tactic deployed by lawful commercial emailers, or that reducing the opt-out grace period would necessarily reduce any potential threat of email bombing. At the same time, the Commission rejects the argument that email marketers should have more than ten business days to process opt-out requests. The Commission finds that, based on the record, senders of commercial email are not unduly burdened by the ten-business-day grace periodSee, e.g., DoubleClick; ACB; Cendant; iPost; Empire. See also NCL’s comments in 228 the ANPR (stating that “We are unaware of any problems with the ten-business-day time period and would strongly oppose lengthening it.”). See “Top Etailers’ Compliance with CAN-SPAM’s Opt-Out Provisions.” Staff Report 229 This report explained that 89% of the top 100 etailers that sent commercial email during the study honored all three of the opt-out requests made by FTC staff. Proposed Rule 316.4(b) would have clarified that law enforcement officials are not 230 required to allege or prove a defendant’s state of mind to obtain a cease and desist order or an injunction to enforce compliance with proposed Rule 316.4(a), which pertains to the time period for honoring opt-out requests. Because the Commission declines to adopt Rule 316.4(a), proposed Rule 316.4(b) is no longer necessary. Moreover, the language of the Act itself is clear on this issue — whenever a provision of the Act or the Commission’s Rule contains a state-ofmind component, that requirement does not apply when a law enforcement official seeks a cease and desist order or an injunction. 15 U.S.C. 7706(e) & (f)(2). -87- for honoring opt-out requests established by Congress. Indeed, in 2005, a Commission study 228 revealed that nearly 90% of the top 100 etailers honored the ten-business-day opt-out time period, 229 which suggests that, on balance, compliance is feasible for most senders of commercial email. Further, the Commission is not persuaded that the fact that telemarketers have 31 days to process new listings on the National Do Not Call Registry justifies extending the period for honoring CANSPAM opt-out requests to 31 days, in view of the difference in the structure and operation of email suppression lists as compared to the National Do Not Call Registry. For all these reasons, the Commission declines to adopt proposed Rule 316.4, which would have reduced the statutory ten-business-day grace period for honoring opt-out requests. The grace 230 period therefore remains ten business days. 2. Expiration of Opt-out Requests In the NPRM, the Commission declined to propose a time limit for how long an opt-out request will remain in effect, but indicated that it would consider submissions of information or data70 FR at 2544. The NPRM also stated that the duration of a person’s registration on 231 the Do Not Call Registry is five years or until the registrant changes his or her telephone number or takes the number off the Registry. Id. Congress has since enacted legislation which eliminates the expiration of listings on the Registry. See Do-Not-Call Improvement Act of 2007, Pub. L. No. 110-188 (2008). As of June 2007, the Do Not Call Registry contained more than 145 million telephone 232 numbers. 70 FR at 2544. 233 See, e.g., ARDA; Wells Fargo; BOA; NRF (all arguing for a two- to three-year time 234 limit); CMOR; ABM; FNB; ERA; ESPC; ACB; Bigfoot; Visa (all arguing for a five-year or longer time limit). For example, DoubleClick argued that it did “not believe that a consumer’s choice 235 should have an expiration date. If a consumer asks to be removed from a commercial email list and subsequently changes her/his mind, s/he can re-subscribe to that mailing list.” Similarly, the Virginia Credit Union argued that it also believes that “the opt-out request should be honored (continued...) -88- that would show whether such a time limit would be useful in implementing the provisions of the Act. The Commission noted that, in the somewhat similar context of the Do Not Call Registry, the Registry administrator is able routinely to purge defunct or changed telephone numbers from the Registry database, whereas email marketers do not appear to have similar capabilities for such purging. The Commission also stated that an email marketer’s suppression list is likely to have 231 far fewer entries than the then 91 million numbers on the Do Not Call Registry, making the 232 prospect of “scrubbing” far less daunting, and potentially vitiating the argument that setting an expiration period for opt-out requests is required. 233 Several commenters argued that the Commission should limit the length of time that requests should remain in effect. These commenters, however, were divided on what would be an appropriate time limit. Other commenters argued that the Commission should not impose a time limit on a 234 consumer’s opt-out request. 235(...continued) 235 indefinitely until such time the consumer contacts the sender and requests otherwise.” See ESPC (“The time and cost varies linearly based on the size of the lists involved. 236 Both the size of the suppression list and the size of the active list affect the processing time and cost. Many senders’ suppression lists contain less than 100,000 addresses, in which case the time and cost are fairly negligible.”). See DoubleClick. 237 See FNB. 238 -89- Various commenters submitted data to the Commission about the size of their suppression lists. That data showed that suppression list size varies, and it is not clear whether or in what instances suppression lists may exceed the Do Not Call Registry. While many suppression lists contain less than 100,000 addresses, ESPC states that the suppression lists of some companies 236 exceed the Do Not Call Registry by over 10 million entries. One commenter noted that “[f]rom a logistical perspective, many companies have large suppression lists that can exceed a million names.” Another commenter reported that its suppression list will likely have fewer than the 237 number of entries that the National Do Not Call Registry contains. 238 In analyzing the data submitted by these commenters, the Commission finds that, at this time, there is insufficient evidence to show that email suppression list scrubbing is impeded by the lack of a time limit on opt-out requests, or that imposing a limit will be useful in implementing the provisions of the Act under section 7711(a). Notably, Congress chose neither to impose such a time limit nor to specifically authorize the Commission to do so at this time. Consequently, the Commission declines to impose a time limit on the duration of an opt-out request. As proposed and adopted here, Rule 316.5 provides: “Neither a sender nor any person 239 acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient’s electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic message or visiting a single Internet web page, in order to: (a) use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or (b) have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).” See, e.g., KeySpan; MasterCard; Metz; Empire; Wells Fargo; Coalition; BOA. 240 See, e.g, Wells Fargo; Coalition; Experian; MPAA; AeA; Microsoft; Verizon; 241 MasterCard. -90- C. Proposed Rule 316.5 — Prohibition on Charging a Fee or Imposing Other Requirements on Recipients Who Wish To Opt Out In the NPRM, the Commission proposed to prohibit the imposition, as a condition for accepting or honoring a recipient’s opt-out request, of any fee, obligation to provide personally identifying information (beyond one’s email address), or any other requirement. Several 239 commenters agreed with the Commission’s proposal to prohibit senders from charging a fee to opt out, but challenged the portion of the rule that would prevent the collection of additional personal 240 information or require email recipients to interface with more than one Internet Web page to opt out from receiving future commercial email messages from the sender. These commenters cumulatively identified a host of factors — the risk of typographical errors, computer security issues, online identity theft, and sabotage by competitors — arguing for the necessity of collecting personal information or requiring multiple opt-out steps to verify the identity of the recipient. While the 241 Commission recognizes that computer security and identity theft are serious problems facing online consumers, the Commission is not persuaded that imposing additional requirements on consumers who are attempting to opt out would do anything to minimize the risk of these problems. To the contrary, the Commission believes that requiring consumers to transmit additional personallySee also MPAA; Microsoft (both requesting the Commission to clarify that the use of 242 passwords or other authentication information is permitted under the rule); ABA (stating that it would be beneficial to have “member-recipients log on the entity’s Website, edit the member’s profile, and thereby directly express the member’s complete opt-out preferences.”). NPRM, 70 FR at 25445. Similarly, for this reason, the Commission is not persuaded 243 by those commenters arguing that senders should be able to require their member-recipients to update their member profiles in order to opt out from receiving commercial email messages. See, e.g., ABA; ATAA. See Experian. 244 -91- identifying information would increase the risk of that information being intercepted by a hacker or rogue third party. Other commenters explained that verifying the identity of a recipient would be important because their suppression lists are connected to consumer account information rather than consumer email addresses. For example, DMA argued that “tracking by account information also makes it easier to honor opt-out requests for customers regardless of what they change their email address to.” The Commission does not find this argument persuasive, because, as the Commission stated 242 in the NPRM, “according to CAN-SPAM, opt-out requests are specific to a recipient’s email address, not his or her name,” and, in this case, certainly not to his or her account information. 243 At least one commenter argued in favor of allowing marketers an opportunity to “display an advertisement or other incentive in order to remind the recipient of the value of the list subscription prior to their unsubscription.” The Commission reiterates its position stated in the NPRM that 244 subjecting a recipient who wishes to opt out to sales pitches before the opt-out request is completed is an unacceptable encumbrance on a consumer’s ability to opt out of receiving unwanted commercial email messages.15 U.S.C. 7706(f)(3)(C) & (g)(3)(C). 245 The four practices are: (1) automated email address harvesting; (2) dictionary attacks; 246 (3) automated creation of multiple email accounts; and (4) relay or retransmission of a commercial email message through unauthorized access. S. Rep. No. 108-102, at 8 (2003). 247 -92- Accordingly, the Commission adopts final Rule 316.5, which prohibits the imposition of any fee, any requirement to provide personally identifying information (beyond one’s email address), or any other obligation as a condition for accepting or honoring a recipient’s opt-out request. D. Section 7704(c)(2) — Aggravated Violations Related to Commercial Email The final Rule does not provide for any additional aggravated violations beyond those already specified in the Act. Committing an aggravated violation along with a violation of section 7704(a) could subject a defendant to triple damages in a CAN-SPAM enforcement action by a state attorney general or an ISP. Section 7704(b) of the Act lists four practices which are to be considered 245 “aggravated violations.” According to a Senate Committee Report on an earlier version of the Act, 246 designating specific practices as “aggravated” violations is intended to “apply to those who violate the provisions of the bill while employing certain problematic techniques used to either generate recipient email addresses, or remove or mask the true identity of the sender.” 247 Section 7704(c)(2) of the Act authorizes the Commission to specify activities or practices — in addition to the four already enumerated in the statute — as aggravated violations if the Commission determines that “those activities or practices are contributing substantially to the proliferation of commercial electronic mail messages that are unlawful under [section 7704(a) of the Act].” (Emphasis added.) See Nelson (email spoofing); Rubin (selling email addresses after opt-out; single seller 248 using multiple domain names); Sowell (commercial email messages should have only one sender; email should indicate how the sender obtained the recipient’s name or email address). See LashBack (some companies allow third parties to access their suppression lists); 249 Unsub (“many sellers . . . post a text version of their opt-out suppression lists on Blind Affiliate Networks, allowing easy access for any list owner who is a member” of that network). 15 U.S.C. 7704(c)(2). 250 -93- In response to the Commission’s request in the NPRM for comment on whether any specific practices were contributing substantially to the proliferation of email, the Commission received only five comments. Three of the commenters complained about various practices that either are already illegal under the Act or that the commenters believed should be made illegal, but did not provide any evidence that the practices were contributing substantially to the proliferation of commercial electronic mail messages that are unlawful under section 7704(a) of the Act, and, thus, should be deemed aggravated violations. 248 The other two commenters expressed concern that lists of email addresses of consumers who have opted out from receiving email (known as “suppression lists”) can be, and in some instances have been, misused by third parties to send unwanted email. Specifically, these commenters 249 indicated that, in some cases, third parties have obtained unauthorized access to another company’s suppression list, which the third parties have then used to send emails of their own. The record, however, lacks evidence that this practice is widespread and is “contributing substantially to the proliferation of commercial electronic mail messages that are unlawful under [section 7704(a) of the Act]. Thus, there is an insufficient evidentiary basis for the Commission to designate this practice 250 as an aggravated violation. In any event, depending on the facts, some of these practices may violate section 7704(a)(4)(A)(iv) of the Act. Under this provision, “the sender or any other person thatSee 5 CFR 1320.3(c). 251 5 U.S.C. 601-612. 252 NPRM, 70 FR at 25447-49. 253 -94- knows that the recipient has made [an opt-out request to the sender]” may not “sell, lease, exchange, or otherwise transfer or release the electronic mail address of the recipient (including through any transaction or other transfer involving mailing lists bearing the electronic address of the recipient) for any purpose other than compliance with this chapter or other provision of law.” III. PAPERWORK REDUCTION ACT In accordance with the Paperwork Reduction Act of 1995, 44 U.S.C. 3501-3520 (“PRA”), the Commission reviewed the proposed and final Rule. The final Rule does not impose any recordkeeping, reporting, or disclosure requirements and, thus, does not constitute a “collection of information” as defined in the regulations implementing the PRA. 251 IV. REGULATORY FLEXIBILITY ACT The NPRM included an initial regulatory flexibility analysis (“IRFA”) under the Regulatory Flexibility Act (“RFA”), even though the Commission did not expect that the proposed Rule would 252 have a significant economic impact on a substantial number of small entities. In addition, the Commission invited public comment on the proposed Rule’s effect on small entities to ensure that no significant impact would be overlooked. 253 This Final Regulatory Flexibility Analysis (“FRFA”) incorporates: the Commission’s initial findings, as set forth in the May 12, 2005 NPRM; addresses the comments submitted in response to the IRFA notice; and describes the steps the Commission has taken in the final Rule to minimize its impact on small entities consistent with the objectives of the CAN-SPAM Act.15 U.S.C. 7702(17)(B). 254 15 U.S.C. 7704(c)(1)(A)-(C). 255 15 U.S.C. 7704(c)(2). 256 15 U.S.C. 7711(a). 257 -95- A. Succinct Statement of the Need for, and Objectives of, the Final Rule The final Rule was created pursuant to the Commission’s mandate under the CAN-SPAM Act. The Act authorizes the Commission, at its discretion and subject to certain conditions, to: promulgate regulations expanding or contracting the categories of “transactional or relationship messages”; 254 modify the ten-business-day period proscribed in the Act for effectuating a recipient’s opt-out request; and specify additional activities or practices as “aggravated violations.” The Act also 255 256 authorizes the Commission to “issue regulations to implement the provisions of [the] Act.” The 257 final Rule modifies certain definitions of the Act, such as what constitutes a “sender” and a “valid physical postal address”; adds a definition of “person”; and clarifies other relevant provisions of the Act. B. Summary of Significant Issues Raised by the Public Comments in Response to the IRFA In the IRFA, the Commission sought comment regarding the impact of the proposed Rule and any alternatives the Commission should consider, with a specific focus on the effect of the proposed Rule on small entities. The public comments on the proposed Rule are discussed above throughout the Statement of Basis and Purpose, as are any changes that have been made in the final Rule. After reviewing the comments, including those that specifically addressed the impact of the Rule on small entities, the Commission does not believe that the final Rule will unduly burden entities that sendSee, e.g., ABM; ARDA; BrightWave; Ezines; MPA; NAA; NADA; NAMB; NAR. 258 NPRM, 70 FR at 25448. 259 -96- commercial electronic mail messages or transactional or relationship mail messages. The majority of comments concerning the impact of the proposed Rule on small entities addressed the Commission’s proposal to shorten the opt-out period from ten business days to three. As noted in Part II.B above, these commenters argued that a shortened time frame would impose undue administrative costs and burdens on small businesses. The Commission agrees that the final Rule 258 must not be unduly burdensome to small businesses, and, while the record still lacks specific data describing the time and cost involved with processing opt-out requests for small businesses, the Commission finds that three business days would pose a challenge for some of these entities. In light of the concerns raised by the commenters, including small entities, the final Rule retains the opt-out period at ten business days. C. Explanation as to Why No Estimate is Available as to the Number of Small Entities to Which the Final Rule Will Apply Determining a precise estimate of the number of small entities subject to the final Rule, or describing those entities, is not readily feasible for two reasons. First, there is insufficient publicly available data to determine the number and type of small entities currently using email in any commercial setting. As noted in the IRFA, the final Rule will apply to “‘senders’ of ‘commercial electronic mail messages,’ and, to a lesser extent, to ‘senders’ of ‘transactional or relationship messages.’” Thus, any company, regardless of industry or size, that sends commercial email 259 messages or transactional or relationship messages would be subject to the final Rule. Id. 260 -97- In the IRFA, the Commission set forth the few sources of publicly available data to approximate the number of entities that send commercial email messages or transactional or relationship messages, noting that “[g]iven the paucity of data concerning the number of small businesses that send commercial e-mail messages or transactional or relationship messages, it is not possible to determine precisely how many small businesses would be subject to the proposed Rule.” 260 None of the comments provided information regarding the number of entities of any size that will be subject to the final Rule. The second reason that determining a precise estimate of the number of small entities subject to the final Rule is not readily feasible is that the assessment of whether the primary purpose of an email message is “commercial,” “transactional or relationship,” or “other” turns on a number of factors that require factual analysis on a case-by-case basis. Thus, even if the number of entities that use email in commercial dealings were known, the extent to which the messages they send will be regulated by the final Rule depends upon the primary purpose of such messages, a determination which cannot be made absent factual analysis. D. Description of the Projected Reporting, Recordkeeping, and Other Compliance Requirements of the Final Rule, Including an Estimate of the Classes of Small Entities that Will Be Subject to the Requirements of the Final Rule and the Type of Professional Skills that Will Be Necessary to Implement the Final Rule The final Rule does not itself impose any reporting, recordkeeping, or other disclosure requirements within the meaning of the Paperwork Reduction Act. The final Rule primarily: clarifies the scope of certain definitions within the CAN-SPAM Act, such as “sender” and “valid physical postal address”; defines one new term, “person”; and clarifies that a recipient may not be required to-98- pay a fee, provide information other than his or her email address and opt-out preferences, or take any other steps other than sending a reply email message or visiting a single Internet Web page to submit an opt-out request. Any costs attributable to CAN-SPAM are the result of the substantive requirements of the Act itself — such as the requirement that commercial email messages include an opt-out mechanism and certain disclosures — not the Commission’s interpretive final Rule. E. Discussion of Significant Alternatives the Commission Considered That Would Accomplish the Stated Objectives of the CAN-SPAM Act and That Would Minimize Any Significant Economic Impact of the Final Rule on Small Entities Through both the ANPR and the May 12, 2005 NPRM, the Commission sought to gather information regarding the economic impact of CAN-SPAM’s requirements on all businesses, including small entities. The Commission requested public comment on whether the proposed Rule would unduly burden such entities that use email to send messages defined as “commercial” or “transactional or relationship” messages under the Act and the FTC’s CAN-SPAM Rule; whether this burden is justified by offsetting benefits to consumers; what effect the proposed Rule would have on small entities that initiate messages the primary purpose of which are commercial or transactional or relationship; what costs would be incurred by small entities to “implement and comply” with the proposed Rule; and whether there were ways the proposed Rule could be modified to reduce the costs or burdens for small entities while still being consistent with the requirements of the Act. The Commission requested this information in an attempt to minimize the final Rule’s burden on all businesses, including small entities. In drafting the final Rule, the Commission carefully considered and sought to mitigate the burdens placed on email marketers, both large and small alike. For example, because a shortened-99- time frame for processing opt-out requests might place a significant burden on senders, including small businesses, the final Rule retains the original ten-business-day period set forth in the Act. Moreover, the final Rule’s definition of “valid physical postal address” provides for the use of commercial and postal mailboxes in light of the concerns many small entities expressed with respect to disclosing their physical addresses in email messages. Finally, to the extent that small entities participate in sending multiple marketer messages, the final Rule’s definition of “sender” minimizes the burden placed on such entities by permitting the designation of a single “sender” to comply with CAN-SPAM’s disclosure and opt-out requirements. As explained earlier in this Statement of Basis and Purpose, the Commission has considered the comments and alternatives proposed by such commenters, and continues to believe that the final Rule will not create a significant economic impact on small entities or others who send or initiate commercial email messages or transactional or relationship messages. List of Subjects in 16 CFR Part 316 Advertising, Business and industry, Computer technology, Consumer protection, Labeling. Accordingly, for the reasons set forth in the preamble above, the Commission amends title 16 CFR Chapter I by revising Part 316 to read as follows: PART 316 – CAN-SPAM RULE Sec. 316.1 Scope. 316.2 Definitions. 316.3 Primary purpose. 316.4 Requirement to place warning labels on commercial electronic mail that contains sexually oriented material.-100- 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out. 316.6 Severability. Authority: 15 U.S.C. 7701-7713. § 316.1 Scope. This part implements the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM Act”), 15 U.S.C. 7701-7713. § 316.2 Definitions. (a) The definition of the term “affirmative consent” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(1). (b) “Character” means an element of the American Standard Code for Information Interchange (“ASCII”) character set. (c) The definition of the term “commercial electronic mail message” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(2). (d) The definition of the term “electronic mail address” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(5). (e) The definition of the term “electronic mail message” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(6). (f) The definition of the term “initiate” is the same as the definition of that term in the CANSPAM Act, 15 U.S.C. 7702(9). (g) The definition of the term “Internet” is the same as the definition of that term in the CANSPAM Act, 15 U.S.C. 7702(10). (h) “Person” means any individual, group, unincorporated association, limited or general partnership, corporation, or other business entity. (i) The definition of the term “procure” is the same as the definition of that term in the CANSPAM Act, 15 U.S.C. 7702(12). (j) The definition of the term “protected computer” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(13).The Commission does not intend for these criteria to treat as a “commercial electronic 1 mail message” anything that is not commercial speech. -101- (k) The definition of the term “recipient” is the same as the definition of that term in the CANSPAM Act, 15 U.S.C. 7702(14). (l) The definition of the term “routine conveyance” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(15). (m) The definition of the term “sender” is the same as the definition of that term in the CANSPAM Act, 15 U.S.C. 7702(16), provided that, when more than one person’s products, services, or Internet website are advertised or promoted in a single electronic mail message, each such person who is within the Act’s definition will be deemed to be a “sender,” except that, only one person will be deemed to be the “sender” of that message if such person: (A) is within the Act’s definition of “sender”; (B) is identified in the “from” line as the sole sender of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. (n) The definition of the term “sexually oriented material” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7704(d)(4). (o) The definition of the term “transactional or relationship messages” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(17). (p) “Valid physical postal address” means the sender’s current street address, a Post Office box the sender has accurately registered with the United States Postal Service, or a private mailbox the sender has accurately registered with a commercial mail receiving agency that is established pursuant to United States Postal Service regulations. § 316.3 Primary purpose. (a) In applying the term “commercial electronic mail message” defined in the CAN-SPAM Act, 15 U.S.C. 7702(2), the “primary purpose” of an electronic mail message shall be deemed to be commercial based on the criteria in paragraphs (a)(1) through (3) and (b) of this section: 1 (1) If an electronic mail message consists exclusively of the commercial advertisement or promotion of a commercial product or service, then the “primary purpose” of the message shall be deemed to be commercial. (2) If an electronic mail message contains both the commercial advertisement or promotion of a commercial product or service as well as transactional or relationship content as set forth in paragraph (c) of this section, then the “primary purpose” of the message shall be deemed to be commercial if:-102- (i) A recipient reasonably interpreting the subject line of the electronic mail message would likely conclude that the message contains the commercial advertisement or promotion of a commercial product or service; or (ii) The electronic mail message’s transactional or relationship content as set forth in paragraph (c) of this section does not appear, in whole or in substantial part, at the beginning of the body of the message. (3) If an electronic mail message contains both the commercial advertisement or promotion of a commercial product or service as well as other content that is not transactional or relationship content as set forth in paragraph (c) of this section, then the “primary purpose” of the message shall be deemed to be commercial if: (i) A recipient reasonably interpreting the subject line of the electronic mail message would likely conclude that the message contains the commercial advertisement or promotion of a commercial product or service; or (ii) A recipient reasonably interpreting the body of the message would likely conclude that the primary purpose of the message is the commercial advertisement or promotion of a commercial product or service. Factors illustrative of those relevant to this interpretation include the placement of content that is the commercial advertisement or promotion of a commercial product or service, in whole or in substantial part, at the beginning of the body of the message; the proportion of the message dedicated to such content; and how color, graphics, type size, and style are used to highlight commercial content. (b) In applying the term “transactional or relationship message” defined in the CAN-SPAM Act, 15 U.S.C. § 7702(17), the “primary purpose” of an electronic mail message shall be deemed to be transactional or relationship if the electronic mail message consists exclusively of transactional or relationship content as set forth in paragraph (c) of this section. (c) Transactional or relationship content of email messages under the CAN-SPAM Act is content: (1) To facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender; (2) To provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient;The phrase “SEXUALLY-EXPLICIT” comprises 17 characters, including the dash 2 between the two words. The colon (:) and the space following the phrase are the 18 and 19 th th characters. This phrase consists of nineteen (19) characters and is identical to the phrase required in 3 316.5(a)(1) of this Rule. -103- (3) With respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender, to provide – (i) Notification concerning a change in the terms or features; (ii) Notification of a change in the recipient’s standing or status; or (iii) At regular periodic intervals, account balance information or other type of account statement; (4) To provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or (5) To deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender. § 316.4 Requirement to place warning labels on commercial electronic mail that contains sexually oriented material. (a) Any person who initiates, to a protected computer, the transmission of a commercial electronic mail message that includes sexually oriented material must: (1) Exclude sexually oriented materials from the subject heading for the electronic mail message and include in the subject heading the phrase “SEXUALLY-EXPLICIT: ” in capital letters as the first nineteen (19) characters at the beginning of the subject line; 2 (2) Provide that the content of the message that is initially viewable by the recipient, when the message is opened by any recipient and absent any further actions by the recipient, include only the following information: (i) The phrase “SEXUALLY-EXPLICIT: ” in a clear and conspicuous manner; 3-104- (ii) Clear and conspicuous identification that the message is an advertisement or solicitation; (iii) Clear and conspicuous notice of the opportunity of a recipient to decline to receive further commercial electronic mail messages from the sender; (iv) A functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed, that - (A) A recipient may use to submit, in a manner specified in the message, a reply electronic mail message or other form of Internet-based communication requesting not to receive future commercial electronic mail messages from that sender at the electronic mail address where the message was received; and (B) Remains capable of receiving such messages or communications for no less than 30 days after the transmission of the original message; (v) Clear and conspicuous display of a valid physical postal address of the sender; and (vi) Any needed instructions on how to access, or activate a mechanism to access, the sexually oriented material, preceded by a clear and conspicuous statement that to avoid viewing the sexually oriented material, a recipient should delete the email message without following such instructions. (b) Prior affirmative consent. Paragraph (a) does not apply to the transmission of an electronic mail message if the recipient has given prior affirmative consent to receipt of the message. § 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out. Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient’s electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to: (a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or (b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).-105- § 316.6 Severability. The provisions of this Part are separate and severable from one another. If any provision is stayed or determined to be invalid, it is the Commission’s intention that the remaining provisions shall continue in effect. By direction of the Commission. Donald S. Clark Secretary-106- Note: The following Appendix will not appear in the Code of Federal Regulations

 

--------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------

2003 Original Law Text Below

--------------------------------------------------------------------------------------------------------------------------------------

Public Law 108–187 108th Congress An Act To regulate interstate commerce by imposing limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ‘‘Controlling the Assault of NonSolicited Pornography and Marketing Act of 2003’’, or the ‘‘CANSPAM Act of 2003’’. SEC. 2. CONGRESSIONAL FINDINGS AND POLICY. (a) FINDINGS.—The Congress finds the following: (1) Electronic mail has become an extremely important and popular means of communication, relied on by millions of Americans on a daily basis for personal and commercial purposes. Its low cost and global reach make it extremely convenient and efficient, and offer unique opportunities for the development and growth of frictionless commerce. (2) The convenience and efficiency of electronic mail are threatened by the extremely rapid growth in the volume of unsolicited commercial electronic mail. Unsolicited commercial electronic mail is currently estimated to account for over half of all electronic mail traffic, up from an estimated 7 percent in 2001, and the volume continues to rise. Most of these messages are fraudulent or deceptive in one or more respects. (3) The receipt of unsolicited commercial electronic mail may result in costs to recipients who cannot refuse to accept such mail and who incur costs for the storage of such mail, or for the time spent accessing, reviewing, and discarding such mail, or for both. (4) The receipt of a large number of unwanted messages also decreases the convenience of electronic mail and creates a risk that wanted electronic mail messages, both commercial and noncommercial, will be lost, overlooked, or discarded amidst the larger volume of unwanted messages, thus reducing the reliability and usefulness of electronic mail to the recipient. (5) Some commercial electronic mail contains material that many recipients may consider vulgar or pornographic in nature. (6) The growth in unsolicited commercial electronic mail imposes significant monetary costs on providers of Internet access services, businesses, and educational and nonprofit institutions that carry and receive such mail, as there is a finite volume of mail that such providers, businesses, and 15 USC 7701. 15 USC 7701 note. Controlling the Assault of NonSolicited Pornography and Marketing Act of 2003. Dec. 16, 2003 [S. 877] VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00001 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2700 PUBLIC LAW 108–187—DEC. 16, 2003 institutions can handle without further investment in infrastructure. (7) Many senders of unsolicited commercial electronic mail purposefully disguise the source of such mail. (8) Many senders of unsolicited commercial electronic mail purposefully include misleading information in the messages’ subject lines in order to induce the recipients to view the messages. (9) While some senders of commercial electronic mail messages provide simple and reliable ways for recipients to reject (or ‘‘opt-out’’ of) receipt of commercial electronic mail from such senders in the future, other senders provide no such ‘‘opt-out’’ mechanism, or refuse to honor the requests of recipients not to receive electronic mail from such senders in the future, or both. (10) Many senders of bulk unsolicited commercial electronic mail use computer programs to gather large numbers of electronic mail addresses on an automated basis from Internet websites or online services where users must post their addresses in order to make full use of the website or service. (11) Many States have enacted legislation intended to regulate or reduce unsolicited commercial electronic mail, but these statutes impose different standards and requirements. As a result, they do not appear to have been successful in addressing the problems associated with unsolicited commercial electronic mail, in part because, since an electronic mail address does not specify a geographic location, it can be extremely difficult for law-abiding businesses to know with which of these disparate statutes they are required to comply. (12) The problems associated with the rapid growth and abuse of unsolicited commercial electronic mail cannot be solved by Federal legislation alone. The development and adoption of technological approaches and the pursuit of cooperative efforts with other countries will be necessary as well. (b) CONGRESSIONAL DETERMINATION OF PUBLIC POLICY.—On the basis of the findings in subsection (a), the Congress determines that— (1) there is a substantial government interest in regulation of commercial electronic mail on a nationwide basis; (2) senders of commercial electronic mail should not mislead recipients as to the source or content of such mail; and (3) recipients of commercial electronic mail have a right to decline to receive additional commercial electronic mail from the same source. SEC. 3. DEFINITIONS. In this Act: (1) AFFIRMATIVE CONSENT.—The term ‘‘affirmative consent’’, when used with respect to a commercial electronic mail message, means that— (A) the recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the recipient’s own initiative; and (B) if the message is from a party other than the party to which the recipient communicated such consent, the recipient was given clear and conspicuous notice at 15 USC 7702. VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00002 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2701 the time the consent was communicated that the recipient’s electronic mail address could be transferred to such other party for the purpose of initiating commercial electronic mail messages. (2) COMMERCIAL ELECTRONIC MAIL MESSAGE.— (A) IN GENERAL.—The term ‘‘commercial electronic mail message’’ means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose). (B) TRANSACTIONAL OR RELATIONSHIP MESSAGES.—The term ‘‘commercial electronic mail message’’ does not include a transactional or relationship message. (C) REGULATIONS REGARDING PRIMARY PURPOSE.—Not later than 12 months after the date of the enactment of this Act, the Commission shall issue regulations pursuant to section 13 defining the relevant criteria to facilitate the determination of the primary purpose of an electronic mail message. (D) REFERENCE TO COMPANY OR WEBSITE.—The inclusion of a reference to a commercial entity or a link to the website of a commercial entity in an electronic mail message does not, by itself, cause such message to be treated as a commercial electronic mail message for purposes of this Act if the contents or circumstances of the message indicate a primary purpose other than commercial advertisement or promotion of a commercial product or service. (3) COMMISSION.—The term ‘‘Commission’’ means the Federal Trade Commission. (4) DOMAIN NAME.—The term ‘‘domain name’’ means any alphanumeric designation which is registered with or assigned by any domain name registrar, domain name registry, or other domain name registration authority as part of an electronic address on the Internet. (5) ELECTRONIC MAIL ADDRESS.—The term ‘‘electronic mail address’’ means a destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox (commonly referred to as the ‘‘local part’’) and a reference to an Internet domain (commonly referred to as the ‘‘domain part’’), whether or not displayed, to which an electronic mail message can be sent or delivered. (6) ELECTRONIC MAIL MESSAGE.—The term ‘‘electronic mail message’’ means a message sent to a unique electronic mail address. (7) FTC ACT.—The term ‘‘FTC Act’’ means the Federal Trade Commission Act (15 U.S.C. 41 et seq.). (8) HEADER INFORMATION.—The term ‘‘header information’’ means the source, destination, and routing information attached to an electronic mail message, including the originating domain name and originating electronic mail address, and any other information that appears in the line identifying, or purporting to identify, a person initiating the message. (9) INITIATE.—The term ‘‘initiate’’, when used with respect to a commercial electronic mail message, means to originate or transmit such message or to procure the origination or Deadline. VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00003 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2702 PUBLIC LAW 108–187—DEC. 16, 2003 transmission of such message, but shall not include actions that constitute routine conveyance of such message. For purposes of this paragraph, more than one person may be considered to have initiated a message. (10) INTERNET.—The term ‘‘Internet’’ has the meaning given that term in the Internet Tax Freedom Act (47 U.S.C. 151 nt). (11) INTERNET ACCESS SERVICE.—The term ‘‘Internet access service’’ has the meaning given that term in section 231(e)(4) of the Communications Act of 1934 (47 U.S.C. 231(e)(4)). (12) PROCURE.—The term ‘‘procure’’, when used with respect to the initiation of a commercial electronic mail message, means intentionally to pay or provide other consideration to, or induce, another person to initiate such a message on one’s behalf. (13) PROTECTED COMPUTER.—The term ‘‘protected computer’’ has the meaning given that term in section 1030(e)(2)(B) of title 18, United States Code. (14) RECIPIENT.—The term ‘‘recipient’’, when used with respect to a commercial electronic mail message, means an authorized user of the electronic mail address to which the message was sent or delivered. If a recipient of a commercial electronic mail message has one or more electronic mail addresses in addition to the address to which the message was sent or delivered, the recipient shall be treated as a separate recipient with respect to each such address. If an electronic mail address is reassigned to a new user, the new user shall not be treated as a recipient of any commercial electronic mail message sent or delivered to that address before it was reassigned. (15) ROUTINE CONVEYANCE.—The term ‘‘routine conveyance’’ means the transmission, routing, relaying, handling, or storing, through an automatic technical process, of an electronic mail message for which another person has identified the recipients or provided the recipient addresses. (16) SENDER.— (A) IN GENERAL.—Except as provided in subparagraph (B), the term ‘‘sender’’, when used with respect to a commercial electronic mail message, means a person who initiates such a message and whose product, service, or Internet web site is advertised or promoted by the message. (B) SEPARATE LINES OF BUSINESS OR DIVISIONS.—If an entity operates through separate lines of business or divisions and holds itself out to the recipient throughout the message as that particular line of business or division rather than as the entity of which such line of business or division is a part, then the line of business or the division shall be treated as the sender of such message for purposes of this Act. (17) TRANSACTIONAL OR RELATIONSHIP MESSAGE.— (A) IN GENERAL.—The term ‘‘transactional or relationship message’’ means an electronic mail message the primary purpose of which is— (i) to facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender; VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00004 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2703 (ii) to provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient; (iii) to provide— (I) notification concerning a change in the terms or features of; (II) notification of a change in the recipient’s standing or status with respect to; or (III) at regular periodic intervals, account balance information or other type of account statement with respect to, a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender; (iv) to provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or (v) to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender. (B) MODIFICATION OF DEFINITION.—The Commission by regulation pursuant to section 13 may modify the definition in subparagraph (A) to expand or contract the categories of messages that are treated as transactional or relationship messages for purposes of this Act to the extent that such modification is necessary to accommodate changes in electronic mail technology or practices and accomplish the purposes of this Act. SEC. 4. PROHIBITION AGAINST PREDATORY AND ABUSIVE COMMERCIAL E-MAIL. (a) OFFENSE.— (1) IN GENERAL.—Chapter 47 of title 18, United States Code, is amended by adding at the end the following new section: ‘‘§ 1037. Fraud and related activity in connection with electronic mail ‘‘(a) IN GENERAL.—Whoever, in or affecting interstate or foreign commerce, knowingly— ‘‘(1) accesses a protected computer without authorization, and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer, ‘‘(2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages, ‘‘(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages, ‘‘(4) registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic 15 USC 7703. VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00005 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2704 PUBLIC LAW 108–187—DEC. 16, 2003 mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, or ‘‘(5) falsely represents oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses, and intentionally initiates the transmission of multiple commercial electronic mail messages from such addresses, or conspires to do so, shall be punished as provided in subsection (b). ‘‘(b) PENALTIES.—The punishment for an offense under subsection (a) is— ‘‘(1) a fine under this title, imprisonment for not more than 5 years, or both, if— ‘‘(A) the offense is committed in furtherance of any felony under the laws of the United States or of any State; or ‘‘(B) the defendant has previously been convicted under this section or section 1030, or under the law of any State for conduct involving the transmission of multiple commercial electronic mail messages or unauthorized access to a computer system; ‘‘(2) a fine under this title, imprisonment for not more than 3 years, or both, if— ‘‘(A) the offense is an offense under subsection (a)(1); ‘‘(B) the offense is an offense under subsection (a)(4) and involved 20 or more falsified electronic mail or online user account registrations, or 10 or more falsified domain name registrations; ‘‘(C) the volume of electronic mail messages transmitted in furtherance of the offense exceeded 2,500 during any 24-hour period, 25,000 during any 30-day period, or 250,000 during any 1-year period; ‘‘(D) the offense caused loss to one or more persons aggregating $5,000 or more in value during any 1-year period; ‘‘(E) as a result of the offense any individual committing the offense obtained anything of value aggregating $5,000 or more during any 1-year period; or ‘‘(F) the offense was undertaken by the defendant in concert with three or more other persons with respect to whom the defendant occupied a position of organizer or leader; and ‘‘(3) a fine under this title or imprisonment for not more than 1 year, or both, in any other case. ‘‘(c) FORFEITURE.— ‘‘(1) IN GENERAL.—The court, in imposing sentence on a person who is convicted of an offense under this section, shall order that the defendant forfeit to the United States— ‘‘(A) any property, real or personal, constituting or traceable to gross proceeds obtained from such offense; and ‘‘(B) any equipment, software, or other technology used or intended to be used to commit or to facilitate the commission of such offense. Courts. VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00006 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2705 ‘‘(2) PROCEDURES.—The procedures set forth in section 413 of the Controlled Substances Act (21 U.S.C. 853), other than subsection (d) of that section, and in Rule 32.2 of the Federal Rules of Criminal Procedure, shall apply to all stages of a criminal forfeiture proceeding under this section. ‘‘(d) DEFINITIONS.—In this section: ‘‘(1) LOSS.—The term ‘loss’ has the meaning given that term in section 1030(e) of this title. ‘‘(2) MATERIALLY.—For purposes of paragraphs (3) and (4) of subsection (a), header information or registration information is materially falsified if it is altered or concealed in a manner that would impair the ability of a recipient of the message, an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation. ‘‘(3) MULTIPLE.—The term ‘multiple’ means more than 100 electronic mail messages during a 24-hour period, more than 1,000 electronic mail messages during a 30-day period, or more than 10,000 electronic mail messages during a 1-year period. ‘‘(4) OTHER TERMS.—Any other term has the meaning given that term by section 3 of the CAN-SPAM Act of 2003.’’. (2) CONFORMING AMENDMENT.—The chapter analysis for chapter 47 of title 18, United States Code, is amended by adding at the end the following: ‘‘Sec. ‘‘1037. Fraud and related activity in connection with electronic mail.’’. (b) UNITED STATES SENTENCING COMMISSION.— (1) DIRECTIVE.—Pursuant to its authority under section 994(p) of title 28, United States Code, and in accordance with this section, the United States Sentencing Commission shall review and, as appropriate, amend the sentencing guidelines and policy statements to provide appropriate penalties for violations of section 1037 of title 18, United States Code, as added by this section, and other offenses that may be facilitated by the sending of large quantities of unsolicited electronic mail. (2) REQUIREMENTS.—In carrying out this subsection, the Sentencing Commission shall consider providing sentencing enhancements for— (A) those convicted under section 1037 of title 18, United States Code, who— (i) obtained electronic mail addresses through improper means, including— (I) harvesting electronic mail addresses of the users of a website, proprietary service, or other online public forum operated by another person, without the authorization of such person; and (II) randomly generating electronic mail addresses by computer; or (ii) knew that the commercial electronic mail messages involved in the offense contained or advertised an Internet domain for which the registrant of the domain had provided false registration information; and 28 USC 994 note. Applicability. VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00007 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2706 PUBLIC LAW 108–187—DEC. 16, 2003 (B) those convicted of other offenses, including offenses involving fraud, identity theft, obscenity, child pornography, and the sexual exploitation of children, if such offenses involved the sending of large quantities of electronic mail. (c) SENSE OF CONGRESS.—It is the sense of Congress that— (1) Spam has become the method of choice for those who distribute pornography, perpetrate fraudulent schemes, and introduce viruses, worms, and Trojan horses into personal and business computer systems; and (2) the Department of Justice should use all existing law enforcement tools to investigate and prosecute those who send bulk commercial e-mail to facilitate the commission of Federal crimes, including the tools contained in chapters 47 and 63 of title 18, United States Code (relating to fraud and false statements); chapter 71 of title 18, United States Code (relating to obscenity); chapter 110 of title 18, United States Code (relating to the sexual exploitation of children); and chapter 95 of title 18, United States Code (relating to racketeering), as appropriate. SEC. 5. OTHER PROTECTIONS FOR USERS OF COMMERCIAL ELECTRONIC MAIL. (a) REQUIREMENTS FOR TRANSMISSION OF MESSAGES.— (1) PROHIBITION OF FALSE OR MISLEADING TRANSMISSION INFORMATION.—It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message, or a transactional or relationship message, that contains, or is accompanied by, header information that is materially false or materially misleading. For purposes of this paragraph— (A) header information that is technically accurate but includes an originating electronic mail address, domain name, or Internet Protocol address the access to which for purposes of initiating the message was obtained by means of false or fraudulent pretenses or representations shall be considered materially misleading; (B) a ‘‘from’’ line (the line identifying or purporting to identify a person initiating the message) that accurately identifies any person who initiated the message shall not be considered materially false or materially misleading; and (C) header information shall be considered materially misleading if it fails to identify accurately a protected computer used to initiate the message because the person initiating the message knowingly uses another protected computer to relay or retransmit the message for purposes of disguising its origin. (2) PROHIBITION OF DECEPTIVE SUBJECT HEADINGS.—It is unlawful for any person to initiate the transmission to a protected computer of a commercial electronic mail message if such person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that a subject heading of the message would be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact 15 USC 7704. VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00008 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2707 regarding the contents or subject matter of the message (consistent with the criteria used in enforcement of section 5 of the Federal Trade Commission Act (15 U.S.C. 45)). (3) INCLUSION OF RETURN ADDRESS OR COMPARABLE MECHANISM IN COMMERCIAL ELECTRONIC MAIL.— (A) IN GENERAL.—It is unlawful for any person to initiate the transmission to a protected computer of a commercial electronic mail message that does not contain a functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed, that— (i) a recipient may use to submit, in a manner specified in the message, a reply electronic mail message or other form of Internet-based communication requesting not to receive future commercial electronic mail messages from that sender at the electronic mail address where the message was received; and (ii) remains capable of receiving such messages or communications for no less than 30 days after the transmission of the original message. (B) MORE DETAILED OPTIONS POSSIBLE.—The person initiating a commercial electronic mail message may comply with subparagraph (A)(i) by providing the recipient a list or menu from which the recipient may choose the specific types of commercial electronic mail messages the recipient wants to receive or does not want to receive from the sender, if the list or menu includes an option under which the recipient may choose not to receive any commercial electronic mail messages from the sender. (C) TEMPORARY INABILITY TO RECEIVE MESSAGES OR PROCESS REQUESTS.—A return electronic mail address or other mechanism does not fail to satisfy the requirements of subparagraph (A) if it is unexpectedly and temporarily unable to receive messages or process requests due to a technical problem beyond the control of the sender if the problem is corrected within a reasonable time period. (4) PROHIBITION OF TRANSMISSION OF COMMERCIAL ELECTRONIC MAIL AFTER OBJECTION.— (A) IN GENERAL.—If a recipient makes a request using a mechanism provided pursuant to paragraph (3) not to receive some or any commercial electronic mail messages from such sender, then it is unlawful— (i) for the sender to initiate the transmission to the recipient, more than 10 business days after the receipt of such request, of a commercial electronic mail message that falls within the scope of the request; (ii) for any person acting on behalf of the sender to initiate the transmission to the recipient, more than 10 business days after the receipt of such request, of a commercial electronic mail message with actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that such message falls within the scope of the request; (iii) for any person acting on behalf of the sender to assist in initiating the transmission to the recipient, through the provision or selection of addresses to which the message will be sent, of a commercial electronic VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00009 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2708 PUBLIC LAW 108–187—DEC. 16, 2003 mail message with actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that such message would violate clause (i) or (ii); or (iv) for the sender, or any other person who knows that the recipient has made such a request, to sell, lease, exchange, or otherwise transfer or release the electronic mail address of the recipient (including through any transaction or other transfer involving mailing lists bearing the electronic mail address of the recipient) for any purpose other than compliance with this Act or other provision of law. (B) SUBSEQUENT AFFIRMATIVE CONSENT.—A prohibition in subparagraph (A) does not apply if there is affirmative consent by the recipient subsequent to the request under subparagraph (A). (5) INCLUSION OF IDENTIFIER, OPT-OUT, AND PHYSICAL ADDRESS IN COMMERCIAL ELECTRONIC MAIL.—(A) It is unlawful for any person to initiate the transmission of any commercial electronic mail message to a protected computer unless the message provides— (i) clear and conspicuous identification that the message is an advertisement or solicitation; (ii) clear and conspicuous notice of the opportunity under paragraph (3) to decline to receive further commercial electronic mail messages from the sender; and (iii) a valid physical postal address of the sender. (B) Subparagraph (A)(i) does not apply to the transmission of a commercial electronic mail message if the recipient has given prior affirmative consent to receipt of the message. (6) MATERIALLY.—For purposes of paragraph (1), the term ‘‘materially’’, when used with respect to false or misleading header information, includes the alteration or concealment of header information in a manner that would impair the ability of an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation, or the ability of a recipient of the message to respond to a person who initiated the electronic message. (b) AGGRAVATED VIOLATIONS RELATING TO COMMERCIAL ELECTRONIC MAIL.— (1) ADDRESS HARVESTING AND DICTIONARY ATTACKS.— (A) IN GENERAL.—It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message that is unlawful under subsection (a), or to assist in the origination of such message through the provision or selection of addresses to which the message will be transmitted, if such person had actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that— (i) the electronic mail address of the recipient was obtained using an automated means from an Internet website or proprietary online service operated by another person, and such website or online service included, at the time the address was obtained, a notice stating that the operator of such website or online VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00010 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2709 service will not give, sell, or otherwise transfer addresses maintained by such website or online service to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages; or (ii) the electronic mail address of the recipient was obtained using an automated means that generates possible electronic mail addresses by combining names, letters, or numbers into numerous permutations. (B) DISCLAIMER.—Nothing in this paragraph creates an ownership or proprietary interest in such electronic mail addresses. (2) AUTOMATED CREATION OF MULTIPLE ELECTRONIC MAIL ACCOUNTS.—It is unlawful for any person to use scripts or other automated means to register for multiple electronic mail accounts or online user accounts from which to transmit to a protected computer, or enable another person to transmit to a protected computer, a commercial electronic mail message that is unlawful under subsection (a). (3) RELAY OR RETRANSMISSION THROUGH UNAUTHORIZED ACCESS.—It is unlawful for any person knowingly to relay or retransmit a commercial electronic mail message that is unlawful under subsection (a) from a protected computer or computer network that such person has accessed without authorization. (c) SUPPLEMENTARY RULEMAKING AUTHORITY.—The Commission shall by regulation, pursuant to section 13— (1) modify the 10-business-day period under subsection (a)(4)(A) or subsection (a)(4)(B), or both, if the Commission determines that a different period would be more reasonable after taking into account— (A) the purposes of subsection (a); (B) the interests of recipients of commercial electronic mail; and (C) the burdens imposed on senders of lawful commercial electronic mail; and (2) specify additional activities or practices to which subsection (b) applies if the Commission determines that those activities or practices are contributing substantially to the proliferation of commercial electronic mail messages that are unlawful under subsection (a). (d) REQUIREMENT TO PLACE WARNING LABELS ON COMMERCIAL ELECTRONIC MAIL CONTAINING SEXUALLY ORIENTED MATERIAL.— (1) IN GENERAL.—No person may initiate in or affecting interstate commerce the transmission, to a protected computer, of any commercial electronic mail message that includes sexually oriented material and— (A) fail to include in subject heading for the electronic mail message the marks or notices prescribed by the Commission under this subsection; or (B) fail to provide that the matter in the message that is initially viewable to the recipient, when the message is opened by any recipient and absent any further actions by the recipient, includes only— (i) to the extent required or authorized pursuant to paragraph (2), any such marks or notices; VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00011 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2710 PUBLIC LAW 108–187—DEC. 16, 2003 (ii) the information required to be included in the message pursuant to subsection (a)(5); and (iii) instructions on how to access, or a mechanism to access, the sexually oriented material. (2) PRIOR AFFIRMATIVE CONSENT.—Paragraph (1) does not apply to the transmission of an electronic mail message if the recipient has given prior affirmative consent to receipt of the message. (3) PRESCRIPTION OF MARKS AND NOTICES.—Not later than 120 days after the date of the enactment of this Act, the Commission in consultation with the Attorney General shall prescribe clearly identifiable marks or notices to be included in or associated with commercial electronic mail that contains sexually oriented material, in order to inform the recipient of that fact and to facilitate filtering of such electronic mail. The Commission shall publish in the Federal Register and provide notice to the public of the marks or notices prescribed under this paragraph. (4) DEFINITION.—In this subsection, the term ‘‘sexually oriented material’’ means any material that depicts sexually explicit conduct (as that term is defined in section 2256 of title 18, United States Code), unless the depiction constitutes a small and insignificant part of the whole, the remainder of which is not primarily devoted to sexual matters. (5) PENALTY.—Whoever knowingly violates paragraph (1) shall be fined under title 18, United States Code, or imprisoned not more than 5 years, or both. SEC. 6. BUSINESSES KNOWINGLY PROMOTED BY ELECTRONIC MAIL WITH FALSE OR MISLEADING TRANSMISSION INFORMATION. (a) IN GENERAL.—It is unlawful for a person to promote, or allow the promotion of, that person’s trade or business, or goods, products, property, or services sold, offered for sale, leased or offered for lease, or otherwise made available through that trade or business, in a commercial electronic mail message the transmission of which is in violation of section 5(a)(1) if that person— (1) knows, or should have known in the ordinary course of that person’s trade or business, that the goods, products, property, or services sold, offered for sale, leased or offered for lease, or otherwise made available through that trade or business were being promoted in such a message; (2) received or expected to receive an economic benefit from such promotion; and (3) took no reasonable action— (A) to prevent the transmission; or (B) to detect the transmission and report it to the Commission. (b) LIMITED ENFORCEMENT AGAINST THIRD PARTIES.— (1) IN GENERAL.—Except as provided in paragraph (2), a person (hereinafter referred to as the ‘‘third party’’) that provides goods, products, property, or services to another person that violates subsection (a) shall not be held liable for such violation. (2) EXCEPTION.—Liability for a violation of subsection (a) shall be imputed to a third party that provides goods, products, property, or services to another person that violates subsection (a) if that third party— 15 USC 7705. Federal Register, publication. Deadline. VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00012 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2711 (A) owns, or has a greater than 50 percent ownership or economic interest in, the trade or business of the person that violated subsection (a); or (B)(i) has actual knowledge that goods, products, property, or services are promoted in a commercial electronic mail message the transmission of which is in violation of section 5(a)(1); and (ii) receives, or expects to receive, an economic benefit from such promotion. (c) EXCLUSIVE ENFORCEMENT BY FTC.—Subsections (f) and (g) of section 7 do not apply to violations of this section. (d) SAVINGS PROVISION.—Except as provided in section 7(f)(8), nothing in this section may be construed to limit or prevent any action that may be taken under this Act with respect to any violation of any other section of this Act. SEC. 7. ENFORCEMENT GENERALLY. (a) VIOLATION IS UNFAIR OR DECEPTIVE ACT OR PRACTICE.— Except as provided in subsection (b), this Act shall be enforced by the Commission as if the violation of this Act were an unfair or deceptive act or practice proscribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)). (b) ENFORCEMENT BY CERTAIN OTHER AGENCIES.—Compliance with this Act shall be enforced— (1) under section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), in the case of— (A) national banks, and Federal branches and Federal agencies of foreign banks, by the Office of the Comptroller of the Currency; (B) member banks of the Federal Reserve System (other than national banks), branches and agencies of foreign banks (other than Federal branches, Federal agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, organizations operating under section 25 or 25A of the Federal Reserve Act (12 U.S.C. 601 and 611), and bank holding companies, by the Board; (C) banks insured by the Federal Deposit Insurance Corporation (other than members of the Federal Reserve System) and insured State branches of foreign banks, by the Board of Directors of the Federal Deposit Insurance Corporation; and (D) savings associations the deposits of which are insured by the Federal Deposit Insurance Corporation, by the Director of the Office of Thrift Supervision; (2) under the Federal Credit Union Act (12 U.S.C. 1751 et seq.) by the Board of the National Credit Union Administration with respect to any Federally insured credit union; (3) under the Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.) by the Securities and Exchange Commission with respect to any broker or dealer; (4) under the Investment Company Act of 1940 (15 U.S.C. 80a–1 et seq.) by the Securities and Exchange Commission with respect to investment companies; (5) under the Investment Advisers Act of 1940 (15 U.S.C. 80b–1 et seq.) by the Securities and Exchange Commission with respect to investment advisers registered under that Act; 15 USC 7706. VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00013 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2712 PUBLIC LAW 108–187—DEC. 16, 2003 (6) under State insurance law in the case of any person engaged in providing insurance, by the applicable State insurance authority of the State in which the person is domiciled, subject to section 104 of the Gramm-Bliley-Leach Act (15 U.S.C. 6701), except that in any State in which the State insurance authority elects not to exercise this power, the enforcement authority pursuant to this Act shall be exercised by the Commission in accordance with subsection (a); (7) under part A of subtitle VII of title 49, United States Code, by the Secretary of Transportation with respect to any air carrier or foreign air carrier subject to that part; (8) under the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et seq.) (except as provided in section 406 of that Act (7 U.S.C. 226, 227)), by the Secretary of Agriculture with respect to any activities subject to that Act; (9) under the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by the Farm Credit Administration with respect to any Federal land bank, Federal land bank association, Federal intermediate credit bank, or production credit association; and (10) under the Communications Act of 1934 (47 U.S.C. 151 et seq.) by the Federal Communications Commission with respect to any person subject to the provisions of that Act. (c) EXERCISE OF CERTAIN POWERS.—For the purpose of the exercise by any agency referred to in subsection (b) of its powers under any Act referred to in that subsection, a violation of this Act is deemed to be a violation of a Federal Trade Commission trade regulation rule. In addition to its powers under any provision of law specifically referred to in subsection (b), each of the agencies referred to in that subsection may exercise, for the purpose of enforcing compliance with any requirement imposed under this Act, any other authority conferred on it by law. (d) ACTIONS BY THE COMMISSION.—The Commission shall prevent any person from violating this Act in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act. Any entity that violates any provision of that subtitle is subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act in the same manner, by the same means, and with the same jurisdiction, power, and duties as though all applicable terms and provisions of the Federal Trade Commission Act were incorporated into and made a part of that subtitle. (e) AVAILABILITY OF CEASE-AND-DESIST ORDERS AND INJUNCTIVE RELIEF WITHOUT SHOWING OF KNOWLEDGE.—Notwithstanding any other provision of this Act, in any proceeding or action pursuant to subsection (a), (b), (c), or (d) of this section to enforce compliance, through an order to cease and desist or an injunction, with section 5(a)(1)(C), section 5(a)(2), clause (ii), (iii), or (iv) of section 5(a)(4)(A), section 5(b)(1)(A), or section 5(b)(3), neither the Commission nor the Federal Communications Commission shall be required to allege or prove the state of mind required by such section or subparagraph. (f) ENFORCEMENT BY STATES.— (1) CIVIL ACTION.—In any case in which the attorney general of a State, or an official or agency of a State, has reason to believe that an interest of the residents of that State has been or is threatened or adversely affected by any person who VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00014 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2713 violates paragraph (1) or (2) of section 5(a), who violates section 5(d), or who engages in a pattern or practice that violates paragraph (3), (4), or (5) of section 5(a), of this Act, the attorney general, official, or agency of the State, as parens patriae, may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction— (A) to enjoin further violation of section 5 of this Act by the defendant; or (B) to obtain damages on behalf of residents of the State, in an amount equal to the greater of— (i) the actual monetary loss suffered by such residents; or (ii) the amount determined under paragraph (3). (2) AVAILABILITY OF INJUNCTIVE RELIEF WITHOUT SHOWING OF KNOWLEDGE.—Notwithstanding any other provision of this Act, in a civil action under paragraph (1)(A) of this subsection, the attorney general, official, or agency of the State shall not be required to allege or prove the state of mind required by section 5(a)(1)(C), section 5(a)(2), clause (ii), (iii), or (iv) of section 5(a)(4)(A), section 5(b)(1)(A), or section 5(b)(3). (3) STATUTORY DAMAGES.— (A) IN GENERAL.—For purposes of paragraph (1)(B)(ii), the amount determined under this paragraph is the amount calculated by multiplying the number of violations (with each separately addressed unlawful message received by or addressed to such residents treated as a separate violation) by up to $250. (B) LIMITATION.—For any violation of section 5 (other than section 5(a)(1)), the amount determined under subparagraph (A) may not exceed $2,000,000. (C) AGGRAVATED DAMAGES.—The court may increase a damage award to an amount equal to not more than three times the amount otherwise available under this paragraph if— (i) the court determines that the defendant committed the violation willfully and knowingly; or (ii) the defendant’s unlawful activity included one or more of the aggravating violations set forth in section 5(b). (D) REDUCTION OF DAMAGES.—In assessing damages under subparagraph (A), the court may consider whether— (i) the defendant has established and implemented, with due care, commercially reasonable practices and procedures designed to effectively prevent such violations; or (ii) the violation occurred despite commercially reasonable efforts to maintain compliance the practices and procedures to which reference is made in clause (i). (4) ATTORNEY FEES.—In the case of any successful action under paragraph (1), the court, in its discretion, may award the costs of the action and reasonable attorney fees to the State. (5) RIGHTS OF FEDERAL REGULATORS.—The State shall serve prior written notice of any action under paragraph (1) upon Notice. Records. VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00015 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2714 PUBLIC LAW 108–187—DEC. 16, 2003 the Federal Trade Commission or the appropriate Federal regulator determined under subsection (b) and provide the Commission or appropriate Federal regulator with a copy of its complaint, except in any case in which such prior notice is not feasible, in which case the State shall serve such notice immediately upon instituting such action. The Federal Trade Commission or appropriate Federal regulator shall have the right— (A) to intervene in the action; (B) upon so intervening, to be heard on all matters arising therein; (C) to remove the action to the appropriate United States district court; and (D) to file petitions for appeal. (6) CONSTRUCTION.—For purposes of bringing any civil action under paragraph (1), nothing in this Act shall be construed to prevent an attorney general of a State from exercising the powers conferred on the attorney general by the laws of that State to— (A) conduct investigations; (B) administer oaths or affirmations; or (C) compel the attendance of witnesses or the production of documentary and other evidence. (7) VENUE; SERVICE OF PROCESS.— (A) VENUE.—Any action brought under paragraph (1) may be brought in the district court of the United States that meets applicable requirements relating to venue under section 1391 of title 28, United States Code. (B) SERVICE OF PROCESS.—In an action brought under paragraph (1), process may be served in any district in which the defendant— (i) is an inhabitant; or (ii) maintains a physical place of business. (8) LIMITATION ON STATE ACTION WHILE FEDERAL ACTION IS PENDING.—If the Commission, or other appropriate Federal agency under subsection (b), has instituted a civil action or an administrative action for violation of this Act, no State attorney general, or official or agency of a State, may bring an action under this subsection during the pendency of that action against any defendant named in the complaint of the Commission or the other agency for any violation of this Act alleged in the complaint. (9) REQUISITE SCIENTER FOR CERTAIN CIVIL ACTIONS.— Except as provided in section 5(a)(1)(C), section 5(a)(2), clause (ii), (iii), or (iv) of section 5(a)(4)(A), section 5(b)(1)(A), or section 5(b)(3), in a civil action brought by a State attorney general, or an official or agency of a State, to recover monetary damages for a violation of this Act, the court shall not grant the relief sought unless the attorney general, official, or agency establishes that the defendant acted with actual knowledge, or knowledge fairly implied on the basis of objective circumstances, of the act or omission that constitutes the violation. (g) ACTION BY PROVIDER OF INTERNET ACCESS SERVICE.— (1) ACTION AUTHORIZED.—A provider of Internet access service adversely affected by a violation of section 5(a)(1), 5(b), or 5(d), or a pattern or practice that violates paragraph (2), (3), (4), or (5) of section 5(a), may bring a civil action in VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00016 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2715 any district court of the United States with jurisdiction over the defendant— (A) to enjoin further violation by the defendant; or (B) to recover damages in an amount equal to the greater of— (i) actual monetary loss incurred by the provider of Internet access service as a result of such violation; or (ii) the amount determined under paragraph (3). (2) SPECIAL DEFINITION OF ‘‘PROCURE’’.—In any action brought under paragraph (1), this Act shall be applied as if the definition of the term ‘‘procure’’ in section 3(12) contained, after ‘‘behalf’’ the words ‘‘with actual knowledge, or by consciously avoiding knowing, whether such person is engaging, or will engage, in a pattern or practice that violates this Act’’. (3) STATUTORY DAMAGES.— (A) IN GENERAL.—For purposes of paragraph (1)(B)(ii), the amount determined under this paragraph is the amount calculated by multiplying the number of violations (with each separately addressed unlawful message that is transmitted or attempted to be transmitted over the facilities of the provider of Internet access service, or that is transmitted or attempted to be transmitted to an electronic mail address obtained from the provider of Internet access service in violation of section 5(b)(1)(A)(i), treated as a separate violation) by— (i) up to $100, in the case of a violation of section 5(a)(1); or (ii) up to $25, in the case of any other violation of section 5. (B) LIMITATION.—For any violation of section 5 (other than section 5(a)(1)), the amount determined under subparagraph (A) may not exceed $1,000,000. (C) AGGRAVATED DAMAGES.—The court may increase a damage award to an amount equal to not more than three times the amount otherwise available under this paragraph if— (i) the court determines that the defendant committed the violation willfully and knowingly; or (ii) the defendant’s unlawful activity included one or more of the aggravated violations set forth in section 5(b). (D) REDUCTION OF DAMAGES.—In assessing damages under subparagraph (A), the court may consider whether— (i) the defendant has established and implemented, with due care, commercially reasonable practices and procedures designed to effectively prevent such violations; or (ii) the violation occurred despite commercially reasonable efforts to maintain compliance with the practices and procedures to which reference is made in clause (i). (4) ATTORNEY FEES.—In any action brought pursuant to paragraph (1), the court may, in its discretion, require an undertaking for the payment of the costs of such action, and assess reasonable costs, including reasonable attorneys’ fees, against any party. VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00017 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2716 PUBLIC LAW 108–187—DEC. 16, 2003 SEC. 8. EFFECT ON OTHER LAWS. (a) FEDERAL LAW.—(1) Nothing in this Act shall be construed to impair the enforcement of section 223 or 231 of the Communications Act of 1934 (47 U.S.C. 223 or 231, respectively), chapter 71 (relating to obscenity) or 110 (relating to sexual exploitation of children) of title 18, United States Code, or any other Federal criminal statute. (2) Nothing in this Act shall be construed to affect in any way the Commission’s authority to bring enforcement actions under FTC Act for materially false or deceptive representations or unfair practices in commercial electronic mail messages. (b) STATE LAW.— (1) IN GENERAL.—This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto. (2) STATE LAW NOT SPECIFIC TO ELECTRONIC MAIL.—This Act shall not be construed to preempt the applicability of— (A) State laws that are not specific to electronic mail, including State trespass, contract, or tort law; or (B) other State laws to the extent that those laws relate to acts of fraud or computer crime. (c) NO EFFECT ON POLICIES OF PROVIDERS OF INTERNET ACCESS SERVICE.—Nothing in this Act shall be construed to have any effect on the lawfulness or unlawfulness, under any other provision of law, of the adoption, implementation, or enforcement by a provider of Internet access service of a policy of declining to transmit, route, relay, handle, or store certain types of electronic mail messages. SEC. 9. DO-NOT-E-MAIL REGISTRY. (a) IN GENERAL.—Not later than 6 months after the date of enactment of this Act, the Commission shall transmit to the Senate Committee on Commerce, Science, and Transportation and the House of Representatives Committee on Energy and Commerce a report that— (1) sets forth a plan and timetable for establishing a nationwide marketing Do-Not-E-Mail registry; (2) includes an explanation of any practical, technical, security, privacy, enforceability, or other concerns that the Commission has regarding such a registry; and (3) includes an explanation of how the registry would be applied with respect to children with e-mail accounts. (b) AUTHORIZATION TO IMPLEMENT.—The Commission may establish and implement the plan, but not earlier than 9 months after the date of enactment of this Act. SEC. 10. STUDY OF EFFECTS OF COMMERCIAL ELECTRONIC MAIL. (a) IN GENERAL.—Not later than 24 months after the date of the enactment of this Act, the Commission, in consultation with the Department of Justice and other appropriate agencies, shall submit a report to the Congress that provides a detailed analysis of the effectiveness and enforcement of the provisions of this Act and the need (if any) for the Congress to modify such provisions. Deadline. Reports. 15 USC 7709. Deadline. Reports. 15 USC 7708. 15 USC 7707. VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00018 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2717 (b) REQUIRED ANALYSIS.—The Commission shall include in the report required by subsection (a)— (1) an analysis of the extent to which technological and marketplace developments, including changes in the nature of the devices through which consumers access their electronic mail messages, may affect the practicality and effectiveness of the provisions of this Act; (2) analysis and recommendations concerning how to address commercial electronic mail that originates in or is transmitted through or to facilities or computers in other nations, including initiatives or policy positions that the Federal Government could pursue through international negotiations, fora, organizations, or institutions; and (3) analysis and recommendations concerning options for protecting consumers, including children, from the receipt and viewing of commercial electronic mail that is obscene or pornographic. SEC. 11. IMPROVING ENFORCEMENT BY PROVIDING REWARDS FOR INFORMATION ABOUT VIOLATIONS; LABELING. The Commission shall transmit to the Senate Committee on Commerce, Science, and Transportation and the House of Representatives Committee on Energy and Commerce— (1) a report, within 9 months after the date of enactment of this Act, that sets forth a system for rewarding those who supply information about violations of this Act, including— (A) procedures for the Commission to grant a reward of not less than 20 percent of the total civil penalty collected for a violation of this Act to the first person that— (i) identifies the person in violation of this Act; and (ii) supplies information that leads to the successful collection of a civil penalty by the Commission; and (B) procedures to minimize the burden of submitting a complaint to the Commission concerning violations of this Act, including procedures to allow the electronic submission of complaints to the Commission; and (2) a report, within 18 months after the date of enactment of this Act, that sets forth a plan for requiring commercial electronic mail to be identifiable from its subject line, by means of compliance with Internet Engineering Task Force Standards, the use of the characters ‘‘ADV’’ in the subject line, or other comparable identifier, or an explanation of any concerns the Commission has that cause the Commission to recommend against the plan. SEC. 12. RESTRICTIONS ON OTHER TRANSMISSIONS. Section 227(b)(1) of the Communications Act of 1934 (47 U.S.C. 227(b)(1)) is amended, in the matter preceding subparagraph (A), by inserting ‘‘, or any person outside the United States if the recipient is within the United States’’ after ‘‘United States’’. SEC. 13. REGULATIONS. (a) IN GENERAL.—The Commission may issue regulations to implement the provisions of this Act (not including the amendments made by sections 4 and 12). Any such regulations shall be issued in accordance with section 553 of title 5, United States Code. 15 USC 7711. Reports. Deadlines. Procedures. 15 USC 7710. VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00019 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187117 STAT. 2718 PUBLIC LAW 108–187—DEC. 16, 2003 (b) LIMITATION.—Subsection (a) may not be construed to authorize the Commission to establish a requirement pursuant to section 5(a)(5)(A) to include any specific words, characters, marks, or labels in a commercial electronic mail message, or to include the identification required by section 5(a)(5)(A) in any particular part of such a mail message (such as the subject line or body). SEC. 14. APPLICATION TO WIRELESS. (a) EFFECT ON OTHER LAW.—Nothing in this Act shall be interpreted to preclude or override the applicability of section 227 of the Communications Act of 1934 (47 U.S.C. 227) or the rules prescribed under section 3 of the Telemarketing and Consumer Fraud and Abuse Prevention Act (15 U.S.C. 6102). (b) FCC RULEMAKING.—The Federal Communications Commission, in consultation with the Federal Trade Commission, shall promulgate rules within 270 days to protect consumers from unwanted mobile service commercial messages. The Federal Communications Commission, in promulgating the rules, shall, to the extent consistent with subsection (c)— (1) provide subscribers to commercial mobile services the ability to avoid receiving mobile service commercial messages unless the subscriber has provided express prior authorization to the sender, except as provided in paragraph (3); (2) allow recipients of mobile service commercial messages to indicate electronically a desire not to receive future mobile service commercial messages from the sender; (3) take into consideration, in determining whether to subject providers of commercial mobile services to paragraph (1), the relationship that exists between providers of such services and their subscribers, but if the Commission determines that such providers should not be subject to paragraph (1), the rules shall require such providers, in addition to complying with the other provisions of this Act, to allow subscribers to indicate a desire not to receive future mobile service commercial messages from the provider— (A) at the time of subscribing to such service; and (B) in any billing mechanism; and (4) determine how a sender of mobile service commercial messages may comply with the provisions of this Act, considering the unique technical aspects, including the functional and character limitations, of devices that receive such messages. (c) OTHER FACTORS CONSIDERED.—The Federal Communications Commission shall consider the ability of a sender of a commercial electronic mail message to reasonably determine that the message is a mobile service commercial message. (d) MOBILE SERVICE COMMERCIAL MESSAGE DEFINED.—In this section, the term ‘‘mobile service commercial message’’ means a commercial electronic mail message that is transmitted directly to a wireless device that is utilized by a subscriber of commercial mobile service (as such term is defined in section 332(d) of the Communications Act of 1934 (47 U.S.C. 332(d))) in connection with such service. SEC. 15. SEPARABILITY. If any provision of this Act or the application thereof to any person or circumstance is held invalid, the remainder of this Act and the application of such provision to other persons or circumstances shall not be affected. 15 USC 7713. Deadline. 15 USC 7712. VerDate 11-MAY-2000 15:26 Dec 24, 2003 Jkt 029139 PO 00187 Frm 00020 Fmt 6580 Sfmt 6581 E:\PUBLAW\PUBL187.108 SUEP PsN: PUBL187PUBLIC LAW 108–187—DEC. 16, 2003 117 STAT. 2719 LEGISLATIVE HISTORY—S. 877: SENATE REPORTS: No. 108–102 (Comm. on Commerce, Science, and Transportation). CONGRESSIONAL RECORD, Vol. 149 (2003): Oct. 22, considered and passed Senate. Nov. 21, considered and passed House, amended. Nov. 25, Senate concurred in House amendment with an amendment. Dec. 8, House conccurred in Senate amendment. Æ SEC. 16. EFFECTIVE DATE. The provisions of this Act, other than section 9, shall take effect on January 1, 2004. Approved December 16, 2003

--------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------

Title 16: Commercial Practices

Part 316

Authority:   15 U.S.C. 7701-7713.

Source:   73 FR 29677, May 21, 2008, unless otherwise noted

§ 316.1   Scope.

This part implements the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM Act”), 15 U.S.C. 7701-7713.

§ 316.2   Definitions.

(a) The definition of the term “affirmative consent” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(1).

(b) “Character” means an element of the American Standard Code for Information Interchange (“ASCII”) character set.

(c) The definition of the term “commercial electronic mail message” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(2).

(d) The definition of the term “electronic mail address” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(5).

(e) The definition of the term “electronic mail message” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(6).

(f) The definition of the term “initiate” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(9).

(g) The definition of the term “Internet” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(10).

(h) “Person” means any individual, group, unincorporated association, limited or general partnership, corporation, or other business entity.

(i) The definition of the term “procure” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(12).

(j) The definition of the term “protected computer” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(13).

(k) The definition of the term “recipient” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(14).

(l) The definition of the term “routine conveyance” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(15).

(m) The definition of the term “sender” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(16), provided that , when more than one person's products, services, or Internet website are advertised or promoted in a single electronic mail message, each such person who is within the Act's definition will be deemed to be a “sender,” except that, only one person will be deemed to be the “sender” of that message if such person: (A) is within the Act's definition of “sender”; (B) is identified in the “from” line as the sole sender of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4.

(n) The definition of the term “sexually oriented material” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7704(d)(4).

(o) The definition of the term “transactional or relationship messages” is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(17).

(p) “Valid physical postal address” means the sender's current street address, a Post Office box the sender has accurately registered with the United States Postal Service, or a private mailbox the sender has accurately registered with a commercial mail receiving agency that is established pursuant to United States Postal Service regulations.

§ 316.3   Primary purpose.

(a) In applying the term “commercial electronic mail message” defined in the CAN-SPAM Act, 15 U.S.C. 7702(2), the “primary purpose” of an electronic mail message shall be deemed to be commercial based on the criteria in paragraphs (a)(1) through (3) and (b) of this section:1

1 The Commission does not intend for these criteria to treat as a “commercial electronic mail message” anything that is not commercial speech.

(1) If an electronic mail message consists exclusively of the commercial advertisement or promotion of a commercial product or service, then the “primary purpose” of the message shall be deemed to be commercial.

(2) If an electronic mail message contains both the commercial advertisement or promotion of a commercial product or service as well as transactional or relationship content as set forth in paragraph (c) of this section, then the “primary purpose” of the message shall be deemed to be commercial if:

(i) A recipient reasonably interpreting the subject line of the electronic mail message would likely conclude that the message contains the commercial advertisement or promotion of a commercial product or service; or

(ii) The electronic mail message's transactional or relationship content as set forth in paragraph (c) of this section does not appear, in whole or in substantial part, at the beginning of the body of the message.

(3) If an electronic mail message contains both the commercial advertisement or promotion of a commercial product or service as well as other content that is not transactional or relationship content as set forth in paragraph (c) of this section, then the “primary purpose” of the message shall be deemed to be commercial if:

(i) A recipient reasonably interpreting the subject line of the electronic mail message would likely conclude that the message contains the commercial advertisement or promotion of a commercial product or service; or

(ii) A recipient reasonably interpreting the body of the message would likely conclude that the primary purpose of the message is the commercial advertisement or promotion of a commercial product or service. Factors illustrative of those relevant to this interpretation include the placement of content that is the commercial advertisement or promotion of a commercial product or service, in whole or in substantial part, at the beginning of the body of the message; the proportion of the message dedicated to such content; and how color, graphics, type size, and style are used to highlight commercial content.

(b) In applying the term “transactional or relationship message” defined in the CAN-SPAM Act, 15 U.S.C. 7702(17), the “primary purpose” of an electronic mail message shall be deemed to be transactional or relationship if the electronic mail message consists exclusively of transactional or relationship content as set forth in paragraph (c) of this section.

(c) Transactional or relationship content of email messages under the CAN-SPAM Act is content:

(1) To facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender;

(2) To provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient;

(3) With respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender, to provide —

(i) Notification concerning a change in the terms or features;

(ii) Notification of a change in the recipient's standing or status; or

(iii) At regular periodic intervals, account balance information or other type of account statement;

(4) To provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or

(5) To deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.

§ 316.4   Requirement to place warning labels on commercial electronic mail that contains sexually oriented material.

(a) Any person who initiates, to a protected computer, the transmission of a commercial electronic mail message that includes sexually oriented material must:

(1) Exclude sexually oriented materials from the subject heading for the electronic mail message and include in the subject heading the phrase “SEXUALLY-EXPLICIT: ” in capital letters as the first nineteen (19) characters at the beginning of the subject line;2

2 The phrase “SEXUALLY-EXPLICIT” comprises 17 characters, including the dash between the two words. The colon (:) and the space following the phrase are the 18th and 19th characters.

(2) Provide that the content of the message that is initially viewable by the recipient, when the message is opened by any recipient and absent any further actions by the recipient, include only the following information:

(i) The phrase “SEXUALLY-EXPLICIT: ” in a clear and conspicuous manner;3

3 This phrase consists of nineteen (19) characters and is identical to the phrase required in 316.5(a)(1) of this Rule.

(ii) Clear and conspicuous identification that the message is an advertisement or solicitation;

(iii) Clear and conspicuous notice of the opportunity of a recipient to decline to receive further commercial electronic mail messages from the sender;

(iv) A functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed, that

(A) A recipient may use to submit, in a manner specified in the message, a reply electronic mail message or other form of Internet-based communication requesting not to receive future commercial electronic mail messages from that sender at the electronic mail address where the message was received; and

(B) Remains capable of receiving such messages or communications for no less than 30 days after the transmission of the original message;

(v) Clear and conspicuous display of a valid physical postal address of the sender; and

(vi) Any needed instructions on how to access, or activate a mechanism to access, the sexually oriented material, preceded by a clear and conspicuous statement that to avoid viewing the sexually oriented material, a recipient should delete the email message without following such instructions.

(b) Prior affirmative consent . Paragraph (a) does not apply to the transmission of an electronic mail message if the recipient has given prior affirmative consent to receipt of the message.

§ 316.5   Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out.

Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient's electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:

(a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or

(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).

§ 316.6   Severability.

The provisions of this Part are separate and severable from one another. If any provision is stayed or determined to be invalid, it is the Commission's intention that the remaining provisions shall continue in effect.