Cover Image

v7 n2

Previous Story | Next Story

Section Review

New regulations put greater restrictions on ‘spam’ e-mail

Thomas V. Bennett is a partner with Barron & Stadfeld in Boston. He concentrates his practice in business, real estate, banking and commercial finance.
Business people are increasingly looking for ways to stay in contact with their clients and colleagues, and one of the most convenient ways these days is e-mail. However, it is important that business people protect themselves by knowing the legal limitations of commercial e-mails (“spam”). The United States Congress enacted a new law entitled Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, for short the CAN-SPAM Act of 2003. The act initially became effective Jan. 1, 2004. The act further provided for the Federal Trade Commission to adopt rules implementing the act. The final rule of the FTC became effective Feb. 18, 2005.

Congress found that e-mail has become an extremely important and popular means of communication relied on by millions of Americans each day for personal and commercial purposes. Its low-cost global reach makes it extremely convenient and efficient and offers unique opportunities for the development and growth of frictionless commerce. Congress also found that the convenience and efficiency of e-mail has been threatened by the extremely rapid growth of the volume of unsolicited commercial e-mail. In addition to the annoyance of commercial messages, some e-mail contains material that many recipients may consider vulgar or pornographic. Congress, therefore, decided to put in place some regulations to separate the wheat from the chaff. This also preempted the state laws, which may be contrary to the act, so that there will be a consistency of policy on a national level with respect to e-mail communications.

With respect to the marketing issues addressed by the act, it first defines commercial e-mail communications that are allowed and not regulated. Second, it addresses commercial e-mail communications that are allowed but addresses what those e-mail communications must contain. Finally, it prohibits certain activities with respect to commercial e-mail communications.

Commercial e-mail communications are unregulated by the terms of the act if they are transactional or relationship messages. In general, the term “transactional or relationship message” means an e-mail message, the primary purpose of which is:

(i) to facilitate, complete or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender;

(ii) to provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient;

(iii) to provide:

(I) notification concerning a change in the terms or features of;

(II) notification of a change in the recipient’s standing or status with respect to; or

(III) at regular periodic intervals, account balance information or other type of account statement with respect to a subscription, membership, account, loan or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender;

(iv) to provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating or enrolled; or

(v) to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.

If the commercial e-mail communication is not of the foregoing type, it is considered to be commercial advertisement or promotion of a commercial product or service (including content on an Internet Web site operated for a commercial purpose). The act has certain requirements in connection with these promotional e-mails. These commercial e-mail communications must comply with the following rules:

(i) It is unlawful to send a commercial e-mail message accompanied by a header that is materially false or materially misleading. That means you have to identify who the message is from truthfully and accurately.

(ii) The subject heading may not be deceptive, which means it will not be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message.

(iii) The e-mail message must also clearly and conspicuously display a functioning return e-mail address or other Internet-based mechanism that the recipient may use to submit, in a manner specified in the message, a reply e-mail message requesting not to receive future e-mail messages from the sender (the “opt-out”). The return address must remain capable of receiving such messages for no fewer than 30 days after the transmission of the original message. If the recipient of the message “opts out,” the recipient may not be communicated with again more than 10 days after the receipt of the requested opt-out.

(iv) The e-mail must provide a clear and conspicuous identification that the message is advertisement or solicitation

(v) The e-mail must contain a valid physical postal address of the sender.

Each violation of the above provisions is subject to fines of up to $11,000. Deceptive commercial e-mail also is subject to laws banning false or misleading advertising.

The following are activities that are proscribed by the act and are subject to additional fines:

(i) “harvesting” e-mail addresses from Web sites or Web services that have published a notice prohibiting the transfer of e-mail addresses for the purposes of sending mail;

(ii) generating e-mail addresses using a “dictionary attack” — combining names, letters or numbers into multiple permutations;

(iii) using scripts or other automated ways to register for multiple e-mail or user accounts to send commercial e-mail;

(iv) relaying e-mails through a computer or network without permission — for example, by taking advantage of open relays or open proxies without authorization.

The act allows the Department of Justice to seek criminal penalties, including imprisonment, for commercial e-mailers who do — or conspire to:

(i) use another computer without authorization and send commercial e-mail from or through it;

(ii) use a computer to relay or retransmit multiple commercial e-mail messages to deceive or mislead recipients or an Internet access service about the origin of the message;

(iii) falsify header information in multiple e-mail messages and initiate the transmission of such messages;

(iv) register for multiple e-mail accounts or domain names using information that falsifies the identity of the actual registrant;

(v) falsely represent themselves as owners of multiple Internet Protocol addresses that are used to send commercial e-mail messages.

An example of this is an action taken in 2004 by the Attorney General’s Office in Massachusetts under the act against an unincorporated business and the company’s principal, who resided in Florida and who sent thousands of misleading e-mail messages from a business address in Newton, Mass., where the company had no physical presence. The complaint filed with the Suffolk Superior Court alleged that DC Enterprises had failed to include an opt-out provision; failed to clearly identify messages as advertisements; and used a non-functioning sender address when disseminating messages, all of which violate the act protecting against unwanted spam and the Massachusetts Consumer Protection Act.

Although the act is intended to punish the spammers of the world, a small business intending to stay in touch with its customer base could easily violate the law if it does not follow each of the steps set forth above in communicating with its customers or clients or those to whom it would like to present its goods or services through e-mail.

In addition to the foregoing, the act has far-reaching provisions dealing with pornographic e-mail communications.

©2017 Massachusetts Bar Association