Email Marketing & the Law

On November 23rd, the US House of Representatives voted overwhelmingly to approve anti-spam legislation in the form of the "CAN-SPAM Act of 2003." The Senate approved the same legislation a few days later, and President Bush has indicated that he will sign the bill into law after he receives it in December.

This bill will pre-empt more restrictive state laws, including the one that California enacted in September and was scheduled to take effect on January 1, 2004. If this federal bill is approved and signed into law, the California state anti-spam law would essentially never take effect. For a quick summary of the California law and other state’s anti-spam laws go to: http://www.spamlaws.com/state/summary.html.

CAN-SPAM ACT will make it illegal to send spam with forged headers*, but allows spam with certain restrictions and requirements. It also clears the way for the FTC to create a “do not e-mail” list, and allows for possible subject line tagging requirements in the future.

Is this a license to spam?

Absolutely not.

First, the law does not prohibit ISPs from filtering or rejecting e-mail even if it falls within the law’s requirements. Thus, ISPs will continue to have strong opt-in policies and free reign to block whatever they want without the mailer or company having any legal recourse to challenge unfair filtering or blocking.

Second, the EU Privacy Directive 2002/58/EC, which instructs member states to enact opt-in laws regarding unsolicited e-mail. The EU directive is clear: Safeguards should be provided for subscribers against intrusion of their privacy by unsolicited communications for direct marketing purposes in particular by means of automated calling machines, telefaxes, and e-mails, including SMS messages. [...] For such forms of unsolicited communications for direct marketing, it is justified to require that prior explicit consent of the recipients is obtained before such communications are addressed to them. Since it is impossible to determine the country of origin of most e-mail addresses, staying compliant to this directive is just as important as any U.S. law.

The key to getting your e-mail to its intended recipient is to stick with good opt-in policies, which you're probably already utilizing today. Mailing to opt-in users only exempts you from subject line tagging and will reduce the likelihood that ISPs will reject your mail.

And if that isn’t enough, there is the "do not e-mail" list mentioned above. Again, companies and individuals with strong opt-in e-mail policies, will likely be exempt from the list.

Fast facts on the CAN-SPAM ACT of 2003

Forbids:
· False header information and deceptive subject lines*.
· Relay/proxy abuse and computer hijacking.
· E-mail address harvesting**.

Requires:
· A working unsubscribe mechanism.
· Mailers to respect unsubscribes; i.e. don't mail the opt-outs.

Allows:
· ISPs to set their own guidelines on what mail they'll accept.
· ISPs can continue to block whatever they want.
· The FTC to create a "do not e-mail" list.

Penalties:
· No private right-to-action.
· State Attorneys General, designated state agencies, and ISPs can sue in Federal court.
· Escalating up to jail time depending on severity.
· Forfeiture of profits and seizure of equipment used.

* Header forgery: Besides the common "to", "from", and "subject" header lines in e-mails, there are also other header lines. The most common/most important ones are called "received headers" and they are hidden headers that track what server an e-mail message originated from. A lot of spammers add fake "received headers" to the e-mail to try to throw off unsuspecting spam hunters. They will also sometimes purposely add a fake header line that references an anti-spam group, just to draw spam complaints to them.

· Subject line tagging. Subject line tagging refers to putting a string of letters in the subject of the e-mail to indicate that it's an unsolicited advertisement. "ADV:" is the most common tag for this. Most spam filters block mail with ADV: in the subject line.

· E-mail address harvesting. Spammers have software programs called "harvesters." These programs scour websites and discussion boards looking for e-mail addresses. They copy those e-mail addresses to their spam lists. If you ever posted to somebody's guest book or website, and started getting spam a few days later, that's probably why.

Return to Library of Business Information