[Federal Register Volume 73, Number 99 (Wednesday, May 21, 2008)]
[Rules and Regulations]
[Pages 29654-29680]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-11394]
[[Page 29653]]
-----------------------------------------------------------------------
Part IV
Federal Trade Commission
-----------------------------------------------------------------------
16 CFR Part 316
Definitions and Implementation Under the CAN-SPAM Act; Final Rule
��Federal Register / Vol. 73, No. 99 / Wednesday, May 21, 2008 / Rules
and Regulations��
[[Page 29654]]
-----------------------------------------------------------------------
FEDERAL TRADE COMMISSION
16 CFR Part 316
[Project No. R411008]
RIN 3084-AA96
Definitions and Implementation Under the CAN-SPAM Act
AGENCY: Federal Trade Commission.
ACTION: Final Rule.
-----------------------------------------------------------------------
SUMMARY: In this document, the Federal Trade Commission (``FTC'' or
``Commission'') issues its Statement of Basis and Purpose and final
Discretionary Rule (``final Rule'') pursuant to section 7711(a) of the
Controlling the Assault of Non-Solicited Pornography and Marketing Act
of 2003 (``CAN-SPAM'' or ``the Act''), which gives the FTC
discretionary authority to ``issue regulations to implement the
provisions of [the] Act.''
EFFECTIVE DATE: The provisions of the final Rule will become effective
on July 7, 2008.
ADDRESSES: Requests for copies of the provisions of the Statement of
Basis and Purpose and final Rule should be sent to: Public Records
Branch, Room 130, Federal Trade Commission, 600 Pennsylvania Avenue,
N.W., Washington, DC 20580. Copies of these documents are also
available at the Commission's Website: http://www.ftc.gov.
FOR FURTHER INFORMATION CONTACT: Janis Claire Kestenbaum, (202) 326-
2798, and Sana Coleman Chriss, (202) 326-2249, Division of Marketing
Practices, Bureau of Consumer Protection, Federal Trade Commission, 600
Pennsylvania Avenue, N.W., Washington, DC 20580.
SUPPLEMENTARY INFORMATION: The final Rule: (1) Adds a definition of the
term ``person''; (2) modifies the term ``sender'' in those instances
where a single email message contains advertisements for the products,
services, or websites of multiple entities; (3) clarifies that a sender
may comply with section 7704(a)(5)(A)(iii) of the Act by including in a
commercial email message a post office box or private mailbox
established pursuant to United States Postal Service regulations; and
(4) clarifies that to submit a valid opt-out request, a recipient
cannot be required to pay a fee, provide information other than his or
her email address and opt-out preferences, or take any steps other than
sending a reply email message or visiting a single page on an Internet
website. This Statement of Basis and Purpose also explains the
Commission's rationale for not adopting other proposals contained in
the Commission's May 12, 2005 Notice of Proposed Rulemaking
(``NPRM''),\1\ and addresses the application of CAN-SPAM to forward-to-
a-``friend'' emails and certain other categories of email messages
identified in the NPRM.
---------------------------------------------------------------------------
\1\ 70 FR 25426.
---------------------------------------------------------------------------
STATEMENT OF BASIS AND PURPOSE
I. BACKGROUND
A. CAN-SPAM Act of 2003
On December 16, 2003, the President signed into law the CAN-SPAM
Act.\2\ The Act, which took effect on January 1, 2004, imposes a series
of new requirements on the use of commercial electronic mail
(``email'') messages. In addition, the Act gives federal civil and
criminal enforcement authorities new tools to combat commercial email
that is unwanted by the recipient and/or deceptive. The Act also allows
state attorneys general to enforce its civil provisions, and creates a
private right of action for providers of Internet access service.
---------------------------------------------------------------------------
\2\ 15 U.S.C. 7701-7713.
---------------------------------------------------------------------------
In enacting the CAN-SPAM Act, Congress made the following
determinations of public policy, set forth in section 7701(b) of the
Act: (1) there is a substantial government interest in regulation of
commercial email on a nationwide basis; (2) senders of commercial email
should not mislead recipients as to the source or content of such mail;
and (3) recipients of commercial email have a right to decline to
receive additional commercial electronic mail from the same source.
Based on these policy determinations, Congress, in sections 7704(a)
and (b) of the CAN-SPAM Act, outlawed certain commercial email acts and
practices. Section 7704(a)(1) of the Act prohibits transmission of any
email that contains false or misleading header or ``from'' line
information. Section 7704(a)(2) prohibits the transmission of
commercial email messages with false or misleading subject headings.
Section 7704(a)(3) requires that a commercial email message contain a
functioning return email address or similar Internet-based mechanism
for recipients to use to ``opt out'' of receiving future commercial
email messages. Section 7704(a)(4) prohibits the sender, or others
acting on the sender's behalf, from initiating a commercial email to a
recipient more than ten business days after the recipient has opted
out. Section 7704(a)(5) prohibits the initiation of a commercial email
message unless it contains three disclosures: (1) clear and conspicuous
identification that the message is an advertisement or solicitation;
(2) clear and conspicuous notice of the opportunity to decline to
receive further commercial email messages from the sender; and (3) a
valid physical postal address of the sender. And section 7704(b)
specifies four ``aggravated violations'' -- practices that compound the
available statutory damages when alleged and proven in combination with
certain other CAN-SPAM violations.\3\
---------------------------------------------------------------------------
\3\ 15 U.S.C. 7704(b). The four such practices set forth in the
statute are: address harvesting; dictionary attacks; automated
creation of multiple email accounts; and relaying or retransmitting
through unauthorized access to a protected computer or network. The
Act's provisions relating to enforcement by state attorneys general
and providers of Internet access service create the possibility of
increased statutory damages if a court finds a defendant has engaged
in one of the practices specified in section 7704(b) while also
violating section 7704(a). Specifically, sections 7706(f)(3)(C) and
(g)(3)(C) permit a court to increase a statutory damages award up to
three times the amount that would have been granted without the
commission of an aggravated violation. Sections 7706(f)(3)(C) and
(g)(3)(C) also provide for this heightened statutory damages
calculation when a court finds that the defendant's violations of
section 7704(a) were committed ``willfully and knowingly.''
---------------------------------------------------------------------------
The Act authorizes the Commission to enforce violations of the Act
in the same manner as an FTC trade regulation rule.\4\ Section 7706(f)
authorizes the attorneys general of the states to enforce compliance
with certain provisions of section 7704(a) of the Act by initiating
enforcement actions in federal court, after serving prior written
notice upon the Commission when feasible.\5\ CAN-SPAM also authorizes
providers of Internet access service to bring a federal court action
for violations of certain provisions of sections 7704(a), (b), and
(d).\6\
---------------------------------------------------------------------------
\4\ Sections 7706(a) and (c) of the CAN-SPAM Act provide that a
violation of the Act shall be treated as a violation of a rule
issued under section 18(a)(1)(B) of the FTC Act, 15 U.S.C.
57a(a)(1)(B).
\5\ 15 U.S.C. 7706(f). Specifically, the state attorneys general
may bring enforcement actions for violations of section 7704(a)(1),
7704(a)(2), or 7704(d). The states may also bring an action against
any person who engages in a pattern or practice that violates
section 7704(a)(3), (4), or (5).
\6\ 15 U.S.C. 7706(g). Section 7704(d) of the Act requires
warning labels on commercial email messages containing sexually
oriented material. 15 U.S.C. 7704(d). In April, 2004, the Commission
promulgated its final rule regarding such labels. See 69 FR 21024
(Apr. 19, 2004); 16 CFR 316.4.
---------------------------------------------------------------------------
B. Notice of Proposed Rulemaking
In its May 12, 2005 NPRM, the Commission proposed rule provisions
on five topics: (1) defining the term ``person,'' a term used
throughout the Act, but not defined; (2) modifying the definition of
``sender'' to make it easier to determine which of multiple parties
[[Page 29655]]
advertising in a single email message must have its valid physical
postal address included in the message and is responsible for honoring
``opt-out'' requests; (3) clarifying that Post Office boxes and private
mailboxes established pursuant to United States Postal Service
regulations constitute ``valid physical postal addresses'' within the
meaning of the Act; (4) shortening from ten days to three days the time
a sender may take before honoring a recipient's opt-out request; and
(5) clarifying that to submit a valid opt-out request, a recipient
cannot be required to pay a fee, provide information other than his or
her email address and opt-out preferences, or take any steps other than
sending a reply email message or visiting a single page on an Internet
website.\7\
---------------------------------------------------------------------------
\7\ Prior to the NPRM, the Commission issued an Advance Notice
of Proposed Rulemaking (``ANPR''), 69 FR 11776 (Mar. 11, 2004),
soliciting comments on a number of issues raised by CAN-SPAM,
including the interpretation of the term ``primary purpose,'' which
the Commission addressed in a final Rule issued on January 19, 2005,
codified at 16 CFR 316.3. In addition, the ANPR requested comment on
the definitions of ``transactional or relationship message'' and
``valid physical postal address,'' the application of the Act to
both multiple-marketer and forward-to-a-``friend'' emails, the
sufficiency of the ten-business-day opt-out period that had been set
by the Act, the potential addition of new aggravated violations, and
implementation of the Act's provisions generally. (Two issues
addressed in the NPRM and in this Statement of Basis and Purpose --
the definition of ``person'' and the prohibition on charging a fee
or imposing other requirements on recipients who wish to opt-out --
were not addressed in the ANPR.) The ANPR also solicited comment on
questions related to four Commission reports required to be
submitted to Congress. The Commission received over 13,500 comments
in response to the ANPR.
---------------------------------------------------------------------------
In response to this NPRM, the Commission received 152 comments from
email marketers and their associations, email recipients, and other
interested parties.\8\ Based upon the entire record in this proceeding
and the Commission's law enforcement experience, the Commission hereby
adopts final Rule provisions that are very similar, but not identical,
to the proposed Rule provisions. As discussed in detail below, the
adopted provisions are based upon the recommendations of commenters to
make certain modifications in the proposed provisions, as well as the
Commission's anti-spam law enforcement experience. Commenters'
recommendations that the Commission has declined to adopt in its final
Rule are also identified, along with the Commission's reasons for
rejecting them.
II. DISCUSSION OF THE FINAL RULE
---------------------------------------------------------------------------
\8\ Approximately 93 of these comments were submitted by
industry representatives, 56 were submitted by consumers, and 3 were
submitted by privacy groups. Appendix A is a list of the commenters
and the acronyms used to identify each commenter who submitted a
comment in response to the NPRM. These comments are available on the
Commission's website at the following address: http://www.ftc.gov/os/comments/canspam3/index.shtm.
---------------------------------------------------------------------------
A. Section 316.2 -- Definitions
Section 316.12,\9\ one of the Rule provisions previously adopted
under CAN-SPAM, defines thirteen terms by reference to the
corresponding sections of the Act that define those terms.\10\ The NPRM
proposed modification of the previously-adopted definition of
``sender'' by adding a proviso to cover multiple sender scenarios. The
NPRM also proposed adding definitions of ``person'' and ``valid
physical postal address.'' All other definitions were to remain as
adopted. While the NPRM did not propose any changes to the Act's
definition of ``transactional or relationship message,'' it posed a
series of questions about the interpretation and potential expansion of
this definition, and similarly requested comment on the application of
the Act's definitions of ``sender'' and ``initiate'' to forward-to-a-
``friend'' email campaigns.
---------------------------------------------------------------------------
\9\ Because the final Rule contains several new provisions, the
numbering of the Rule's subsections has changed. All cites to the
Rule in this Statement of Basis and Purpose are to the new,
renumbered Rule provisions, unless otherwise stated.
\10\ The Commission adopted these definitions in the Adult
Labeling Rulemaking proceeding under section 7704(d) of CAN-SPAM,
which required the Commission to prescribe a mark to be included in
commercial email containing sexually oriented material. 69 FR 21024
(Apr. 19, 2004). A fourteenth term, ``character,'' not defined in
CAN-SPAM, was also defined in the Adult Labeling Rule. 16 CFR
316.2(b).
---------------------------------------------------------------------------
1. Section 316.2(h) -- Definition of ``Person''
In the NPRM,\11\ the Commission proposed adding a definition of
``person,'' a term used throughout the Act,\12\ pursuant to its
authority to ``issue regulations to implement the provisions of this
Act.''\13\ Under the definition proposed in the NPRM, which is
identical to the definition contained in the Telemarketing Sales Rule,
16 CFR 310.2, the term ``person'' would mean ``an individual, group,
unincorporated association, limited or general partnership,
corporation, or other business entity.''
---------------------------------------------------------------------------
\11\ NPRM, 70 FR at 25428.
\12\ See, e.g., 15 U.S.C. 7702(8), (9), (12), (15) & (16);
7704(a)(1), (2) & (3).
\13\ 15 U.S.C. 7711(a).
---------------------------------------------------------------------------
Seven of the eight commenters that addressed this issue supported
the addition of the Commission's proposed definition of ``person,''
opining that it would clarify the types of entities to which the Act
applies.\14\ The sole objection came from the Society for Human
Resources Management (``SHRM''), which argued that unincorporated
nonprofit associations should be excluded from the definition of
``person'' and, therefore, wholly exempt from CAN-SPAM.\15\ SHRM argued
that, without such an exemption, the risk of liability under the Act
could discourage the organization's members from volunteering to serve
in a leadership capacity.
---------------------------------------------------------------------------
\14\ See Discover; Empire; ESPC; FNB; KeySpan; NAR; Metz.
Adknowledge also advocated modifying the definition of ``person,''
but, at bottom, its argument appears to relate to liability in the
context of a multi-marketer email. The Commission thus has
considered Adknowledge's comment in connection with the definition
of ``sender,'' below. See infra Part II.A.2.
\15\ See also ABA (noting that its comments on the ANPR asked
the Commission to clarify that the term ``person'' should exclude
associations and other tax-exempt nonprofit organizations with
respect to their email sent in pursuit of their tax-exempt nonprofit
purposes).
---------------------------------------------------------------------------
Having considered the comments, the Commission adopts without
modification the definition of ``person'' in the proposed Rule. The
Commission believes that the addition of this definition will advance
the implementation of the Act by clarifying that the term ``person'' is
broadly construed and is not limited to a natural person. The
Commission rejects the argument that there should be a blanket
exemption for all messages sent by unincorporated nonprofit entities.
As we have previously observed, CAN--SPAM does not set up a dichotomy
between ``commercial'' and ``nonprofit'' messages.\16\ Accordingly,
when nonprofit organizations send emails the primary purpose of which
is the advertisement or promotion of a commercial product or service,
recipients are entitled to the Act's protections. In any event, as
discussed below, see infra Part II.A.3.j., messages from an association
to its members will often be ``transactional or relationship messages''
under section 7702(17) of the Act and thus not required to include a
functioning Internet-based mechanism for consumers to use to opt out of
receiving future commercial messages.\17\
---------------------------------------------------------------------------
\16\ 69 FR 50091, 50100 (Aug. 13, 2004).
\17\ Section 7706(d) makes clear that the Commission has only
the same jurisdiction and power under the Act as it has under the
FTC Act, 15 U.S.C. 41, et seq. Consequently, the FTC lacks
jurisdiction to enforce CAN-SPAM against any entity that is not
``organized to carry on business for its own profit or that of its
members.'' 15 U.S.C. 44. States and providers of Internet access
service can bring CAN-SPAM actions against nonprofits, however.
---------------------------------------------------------------------------
2. Section 316.2(m) -- Definition of ``Sender''
Section 7702(16)(A) of CAN-SPAM defines ``sender'' as ``a person
who initiates [a commercial electronic mail]
[[Page 29656]]
message and whose product, service, or Internet web site is advertised
or promoted by the message.''\18\ In the NPRM, the Commission proposed
amending the definition of ``sender'' to address concerns identified in
the ANPR comments about the application of CAN-SPAM's definition of
``sender'' to scenarios where multiple marketers use a single email
message ---- for example, where a commercial email from an airline also
contains advertisements or promotions for a hotel chain and a car
rental company. The Commission received almost 60 comments in response
to this proposal, many of which suggested modifications to the proposed
Rule provision. After consideration of these comments, the Commission
has modified the definition of ``sender'' as proposed in the NPRM. The
final Rule provides that multiple ``senders'' of a commercial email,
under certain conditions, may identify one among them as the ``sender''
who will be deemed the sole ``sender'' of the message (the ``designated
sender''). Thus, under the final Rule, the designated sender, but not
the other marketers using the same email message, must honor opt-out
requests made by recipients of the message.\19\ Moreover, under the
final Rule, the physical address of the designated sender, but not the
addresses of the other marketers using the same email message, must
appear in the message.
---------------------------------------------------------------------------
\18\ 15 U.S.C. 7702(16)(A). The Commission incorporated by
reference into the CAN-SPAM rules this definition of ``sender'' in
its primary purpose rulemaking. 16 CFR 316.2(l); 70 FR at 3127.
\19\ Under the final Rule, where a commercial email is sent by
multiple ``senders'' who designate one ``sender'' to be responsible
for honoring opt-out requests, the other marketers using the single
email message still will be ``initiators'' of the email message and
therefore responsible for complying with CAN-SPAM's requirements
concerning ``initiators'': 15 U.S.C. 7704(a)(1), 15 U.S.C.
7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and
16 CFR 316.4.
---------------------------------------------------------------------------
a. Background
As discussed in the ANPR, the Act itself does not specifically
address multiple-marketer emails. Rather, under the Act, if multiple
senders using a single email message meet the definition of ``sender,''
each would need to provide an opt-out mechanism, a valid physical
postal address for each sender would have to appear in the message, and
each would be responsible for honoring an opt-out request by a
recipient.\20\ The ANPR sought comment on ``whether it would further
the purposes of CAN--SPAM or assist the efforts of companies and
individuals seeking to comply with the Act if the Commission were to
adopt rule provisions clarifying the obligations of multiple senders
under the Act.''\21\
---------------------------------------------------------------------------
\20\ The ``sender'' is required by the Act to honor opt-out
requests. 15 U.S.C. 7704(a)(4)(A)(i). Additionally, the ``sender's''
physical postal address must be included in the message. 15 U.S.C.
7704(a)(5)(A)(iii).
\21\ 69 FR at 11778.
---------------------------------------------------------------------------
Commenters responding to the ANPR claimed that implementation of
the Act may be impeded in multiple marketer scenarios because marketers
and consumers will encounter certain difficulties under a regime that
holds more than one party responsible as the sender of a single email.
First, commenters claimed that consumer confusion would result from
multiple opt-out mechanisms and valid physical postal addresses in a
single email message.\22\ Second, some ANPR commenters predicted that
rigid application of CAN-SPAM's sender definition would likely chill
electronic commerce and destroy the type of joint marketing
arrangements that are common in industry.\23\ According to these
commenters, marketers would have to develop mechanisms for receiving
suppression lists (lists of email addresses of consumers who previously
had opted-out of receiving messages from a sender) from every marketer
or co-marketer with which they deal, and for comparing their own
mailing lists against multiple suppression lists.\24\ In addition, a
marketer would have to develop processes for managing multiple opt-
outs, i.e., ensuring that the consumer can opt out from each marketer
and that all opt-outs sent to the marketer are forwarded to the
marketers from whom the consumer no longer wishes to receive commercial
email. These commenters argued that existing CAN-SPAM treatment of
multiple senders in a single email is needlessly complex and results in
unnecessary administrative costs and delays for legitimate email
marketers because of the need to maintain and effectuate multiple
suppression lists.\25\ Third, commenters stated that a requirement to
check names against multiple lists would necessitate passing lists back
and forth among several parties, increasing the risk that consumers'
private information may be shared with inappropriate entities or
exposed to hackers. Moreover, these commenters opined that multiple
suppression lists could force a business to divulge customer names to
list owners and other marketers, even when the business has promised to
protect that information under its privacy policy.\26\
---------------------------------------------------------------------------
\22\ 70 FR at 25429 (citing comments by American Bankers
Association; DMA; ERA; IAC; MPAA; Microsoft; PMA; Time Warner).
\23\ Id. (citing comments by NAA; Time Warner).
\24\ Id. (citing comments by American Bankers Association; DMA;
ERA; IAC; MPAA; Microsoft; PMA; Time Warner).
\25\ Id. (citing comments by American Bankers Association; DMA;
ERA; MPAA; Microsoft).
\26\ Id. (citing comments by American Bankers Association; ASTA;
ACB; DMA; IAC; MPA; Microsoft; Time Warner). ANPR commenters
identified a fourth problem in some situations, such as newsletters.
Commenters stated that a requirement that each separate marketer in
a single email message be treated as a separate sender would run
counter to consumer expectations -- consumers would expect to opt
out of the email list of the person with whom the consumer had a
relationship, not from a marketer in the newsletter. Id. (citing
comments by ABM; DMA; Microsoft; Midway; Time Warner).
---------------------------------------------------------------------------
For these reasons, many commenters responding to the ANPR urged
that the Act's ``sender'' definition be modified to provide that when
more than one company's products or services are advertised or promoted
in a single email message, only one among them be responsible as the
sender of a message for purposes of the Act.
Based upon these comments, in the NPRM, the Commission proposed
adding a proviso to the definition of ``sender'' to allow multiple
sellers advertising in a single email message to designate one among
them as the single ``sender'' of the message for purposes of the Act.
Under the NPRM's proposed proviso, only one of multiple persons whose
products or services are advertised or promoted in an email message
would have been the ``sender'' if that person: (A) initiated the
message and otherwise met the Act's definition of ``sender,'' and (B)
was the only person who: (1) ``controls the content of such message,''
(2) ``determines the electronic mail addresses to which such message is
sent,'' or (3) ``is identified in the `from' line as the sender of the
message.'' Under the proposed Rule, if more than one person meeting the
Act's definition of ``sender'' were to satisfy one of these three
criteria, then each such person who satisfied the definition would have
been considered a sender for purposes of CAN-SPAM compliance
obligations.\27\
---------------------------------------------------------------------------
\27\ A hypothetical example illustrated the NPRM ``sender''
definition proposal. If X, Y, and Z are sellers who satisfy the
Act's ``sender'' definition, and they designate X to be the single
``sender'' under the Commission's proposal, among the three sellers,
only X may control the message's content, control its recipient
list, or appear in its ``from'' line. X need not satisfy all three
of these criteria, but no other seller may satisfy any of them. The
sellers may use third parties to be responsible for any criteria not
satisfied by X. For example, if X appears in the ``from'' line, the
sellers may use third parties -- but not Y or Z -- to control the
message's content and recipient list. 70 FR at 25428.
---------------------------------------------------------------------------
[[Page 29657]]
b. The Final Rule
Based upon the comments responding to the NPRM proposal, the
Commission believes that modification of the proposed Rule's definition
of ``sender'' as it relates to multi-marketer emails is necessary. The
final Rule drops the proposed ``controls the content'' and ``determines
the electronic mail addresses to which such message is sent'' elements,
adds compliance with the core provisions of CAN-SPAM as an element,
makes the elements conjunctive rather than disjunctive, and makes the
element requiring identification of the person in the ``from'' line
mandatory. The Commission believes that these modifications will meet
the concerns of marketers while still preserving CAN-SPAM opt-out
protections.
Thus, under the final Rule, multiple marketers can designate as a
single ``sender,'' for purposes of compliance with the Act, a person
who: (A) meets the Act's definition of ``sender,'' i.e., such person
initiates a commercial electronic mail message in which it advertises
or promotes its own goods, services, or Internet website; (B) is
identified uniquely in the ``from'' line of the message; and (C) is in
compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C.
7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4.\28\ In 16
CFR 316.2(m), the final Rule thus states:
---------------------------------------------------------------------------
\28\ These provisions, as explained below, apply to initiators
of commercial emails and require that the email message may not
contain false or misleading transmission information or a deceptive
subject heading; but must contain a valid postal address, a working
opt-out link, and proper identification of the message's commercial
or sexually explicit nature.
---------------------------------------------------------------------------
The definition of the term ``sender'' is the same as the definition of
that term in the CAN-SPAM Act, 15 U.S.C. 7702(16), provided that, when
more than one person's products, services, or Internet website are
advertised or promoted in a single electronic mail message, each such
person who is within the Act's definition will be deemed to be a
``sender,'' except that, only one person will be deemed to be the
``sender'' of that message if such person: (A) is within the Act's
definition of ``sender''; (B) is identified in the ``from'' line as the
sole sender of the message; and (C) is in compliance with 15 U.S.C.
7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C.
7704(a)(5)(A), and 16 CFR 316.4.
The Commission makes this clarification pursuant to its
discretionary rulemaking authority to ``issue regulations to implement
the provisions of this Act.''\29\
---------------------------------------------------------------------------
\29\ 15 U.S.C. 7711(a). Like the proposed Rule, this final Rule
does not eliminate the possibility that a message may have more than
one ``sender.'' However, marketers can use the criteria set forth in
the proviso to establish a single sender and reduce CAN-SPAM's
compliance burdens. If marketers fail to structure the message to
avoid multiple senders under the sender definition, then each sender
is obligated to comply with CAN-SPAM requirements for senders,
notably, to provide its physical postal address and to honor any
opt-out requests.
---------------------------------------------------------------------------
The definition of ``sender'' in the final Rule provides marketers
flexibility to structure their messages in a way that alleviates
redundant obligations for the various marketers in a single email while
ensuring that recipients of such messages receive the benefit of CAN-
SPAM's core opt-out protections. Specifically, the final Rule makes it
more practicable than the proposed Rule for multiple marketers
promoting their products in a single email to designate a single entity
as the ``sender'' under the Act because the marketers' decision as to
which of them will appear in the ``from'' line resolves the question of
which will be considered a ``sender'' under the Act and will be charged
with the resulting responsibilities. The final Rule eliminates the
complex fact determination of who ``controls'' the content and the
element of who ``determines the electronic mail addresses to which such
message is sent.'' By placing the focus on the ``from'' line, the best
point of reference for consumers, the modification in the final Rule
more directly conforms to consumers' expectations as to the identity of
the entity responsible for sending them a multi-marketer email.
An example illustrates how the final Rule's ``sender'' definition
applies in the multi-marketer email context. Suppose A, B, and C have
goods advertised or promoted in a single email message and that each is
an initiator under the Act. If A's name appears in the ``from'' line of
the message, A is considered the ``sender'' under the final Rule. While
B and C promote their goods, services, or Internet website in the
message, may control portions or all of the content of the message, and
may supply email addresses for A to use to address the message, neither
B nor C would be considered ``senders,'' unless A did not comply with
the listed requirements that apply to ``initiators,'' namely 15 U.S.C.
7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C.
7704(a)(5)(A), and 16 CFR 316.4. It would be clear to a consumer that
an opt-out request would be sent to A, the one person identified in the
``from'' line.
The comments and the FTC's law enforcement experience suggest that
a provision, such as the final Rule's sender definition, that allows
multiple senders flexibility in determining who will be the sole
``sender'' raises the possibility of abuse by illegitimate marketers.
As discussed below, this concern is addressed in part by the addition
of certain initiator provisions to the proviso: 15 U.S.C. 7704(a)(1),
15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C.
7704(a)(5)(A), and 16 CFR 316.4. If the designated sender is not in
compliance with the initiator provisions, then all marketers in the
message will be liable as senders.
c. Comments on the NPRM's Definition of ``Sender''
Commenters who addressed the proposed definition of sender were
nearly unanimous in supporting a ``sender'' definition that would
enable marketers to designate a single ``sender'' when multiple
marketers use a commercial email message. Reiterating ANPR comments,
several commenters noted that such a rule provision would avoid
``daunting compliance challenges'' for email marketers, such as the
heavy burden of cross-checking the opt-out lists of all the individual
marketers with the designated sender's opt-out list.\30\ Likewise,
commenters supported the NPRM's proposed Rule because it would enable
recipients to determine the party responsible for honoring opt-out
requests.\31\ Others noted with approval that designating a single
sender would eliminate confusion for consumers who otherwise would face
multiple opt-out links and postal addresses.\32\ Finally, other
commenters opined that the proposed Rule would promote protection of
consumer privacy.\33\
---------------------------------------------------------------------------
\30\ See, e.g., ATAA; Charter; DoubleClick; ERA; ESPC; FNB; IAC;
ICC; IPPC; Mattel; Microsoft; NAR; NEPA; NetCoalition; NNA. As the
ERA summarized it, ``[D]esignating a single sender will enhance
accuracy and compliance efforts, streamline the opt-out process for
consumers and sellers/marketers, and avoid confusion by, among other
things, avoiding cluttered or repetitious information in messages or
multiple suppression lists. It also helps address privacy concerns
that may attend to sharing consumer suppression data.''
\31\ See, e.g., Mattel; NAFCU.
\32\ See ATAA (it would be ``difficult to format messages in a
way that makes them compelling and understandable to recipients''
because of the welter of opt-out links and postal addresses); ERA;
ESPC.
\33\ See ERA; NetCoalition.
---------------------------------------------------------------------------
In contrast to the almost unanimous support for a multi-marketer
proviso, however, few commenters supported the definition of ``sender''
as proposed in the NPRM without change.\34\ Many commenters raised
concerns about the workability and clarity of the proposal,
[[Page 29658]]
as well as its consistency with consumer expectations. Most commenters
urged the Commission to modify or clarify the criteria articulated in
the proposed Rule. Such comments concerned four issues. The first three
issues relate to the three listed criteria in the NPRM's proposed
proviso: (1) the significance of the person identified in the ``from''
line; (2) the meaning of ``controls the content of the message'' and
the structure of the proviso; and (3) the meaning of ``determines the
electronic mail addresses'' to which a message is sent. A fourth
category of comments addressed what it means to ``advertise'' or
``promote'' a product, service, or website under the Act, which is
related to the question posed in the NPRM about whether ``list owners''
can be ``senders'' under the Rule and thus be required (or allowed) to
process opt-out requests in lieu of other marketers who promote a
product, service, or website in the email.\35\
---------------------------------------------------------------------------
\34\ See, e.g., ARDA; Empire; Mattel; NAFCU; NAR; NNA; SHRM;
Wahmpreneur.
\35\ At least one commenter suggested, without further detail,
that the sender in a multi-marketer email should be the ``entity
that controls the sampling, distribution, and opt-out registry.''
CMOR. Another commenter suggested determination of a sender in a
multi-marketer email with a ``single, dominant marketer'' test.
Bigfoot.
The Direct Marketing Association (``DMA'') advocated formal
adoption by the Commission of the Staff Letter of March 8, 2005,
which opined on a specific fact pattern involving, among other
things, multiple marketers who send commercial email messages to
persons who had provided affirmative consent to receive multi-
marketer commercial email messages. The Commission declines to adopt
the Staff Letter. The final Rule will govern multi-marketer message
sender liability.
---------------------------------------------------------------------------
(i) ``From'' Line
Many commenters favored looking to the ``from'' line of the message
in order to determine who, under the Act, is the ``sender'' of a multi-
marketer message. Commenters urged that this element is most critical
for recipient expectations\36\ and would be easy to use as a way to
designate a single sender.\37\ Some commenters argued that the other
two proposed elements should be deleted.\38\ A few commenters also
requested that the Commission provide additional guidance on which non-
deceptive names can be used in the ``from'' line, including a company's
brands and service names.\39\
---------------------------------------------------------------------------
\36\ See, e.g., Bigfoot; Charter; DoubleClick; KeySpan; MBNA;
Nextel; OPA; SHRM.
\37\ See Charter; DoubleClick; Nextel; Reed.
\38\ See DoubleClick; KeySpan.
\39\ See, e.g., MBNA; SIIA.
---------------------------------------------------------------------------
(ii) ``Controls the Content''
Most commenters voiced concerns about the ``controls the content''
element of the proposed proviso and its likely effect. Many of these
commenters found this criterion vague and urged the Commission to
provide additional guidance concerning what it means to ``control'' the
content of commercial email.\40\ Many advocated eliminating this factor
altogether,\41\ and others urged various ways to modify it.\42\ Two
primary themes emerged from the comments: (1) several parties may
exercise some degree of ``control'' over content, and (2) ``control''
in this context is a vague and ill-defined concept. Commenters
explained that in joint marketing arrangements, it is standard industry
practice for each marketer to exercise control over the use of its own
trademarks, branding, legal disclosures, and advertising copy.\43\
Commenters further explained that in highly regulated industries, such
as life insurance, securities, pharmaceuticals, and alcoholic
beverages, marketers may be required to include certain text and legal
disclosures.\44\ Some commenters also stated that, in addition to
controlling their own trademarks and disclosures, marketers sometimes
influence the content of other parts of a message without
``controlling'' it, or may suggest advertising text without making the
final decision about the advertising content.\45\ To protect their
brand reputations, commenters explained that they need to be able to
review and approve the advertising content of other marketers.\46\
---------------------------------------------------------------------------
\40\ See, e.g., ACB; ACLI; Associations; BOA; CBA; Charter; DLA;
DMA; Discover; ERA; ESPC; FNBO; HSBC; IAC; Mastercard; Microsoft;
MPA; MPAA; NAA; NAIFA; NBCEP; NEPA; NetCoalition; PMA; SIIA; Time
Warner.
\41\ See Associations; ATAA; Charter; DoubleClick; Keyspan;
MasterCard; NAIFA; SIIA; Wells Fargo. Similarly, other commenters
suggested that the proposed Rule be modified to allow more than one
marketer to control the content of the message, while still allowing
one of the marketers to be designated as the sender. See CBA; DMA;
MPA; NBCEP; NetCoalition; NRF.
\42\ See e.g., Adknowledge; ICC; MPA.
\43\ See Reed; DoubleClick; Time Warner; MasterCard; Microsoft;
Bigfoot; HSBC; MPAA; OPA.
\44\ See, e.g., ACLI; BF; HSBC; IPPC; MPAA; OPA; SIA.
\45\ See, e.g., BF; Visa.
\46\ See, e.g., Associations; ERA; HSBC; MasterCard; MPA;
NetCoalition; Nextel; NRF; OPA; PMA.
---------------------------------------------------------------------------
A number of commenters opined that, without clarification, under a
literal application of the proposed Rule, essentially all marketers
would be deemed to ``control'' the content of a multi-marketer email,
thereby preventing the designation of a single sender and defeating the
purpose of the proposed Rule.\47\ Conversely, according to commenters,
a standard that forced marketers to cede all control of the content of
messages to one marketer among several using a single email message
would greatly disrupt standard industry practices.\48\
---------------------------------------------------------------------------
\47\ See ATA; DoubleClick; HSBC; IAC; IPPC; Mastercard; Time
Warner.
\48\ See e.g., NAA; TimeWarner.
---------------------------------------------------------------------------
To alleviate these perceived problems, a number of commenters
suggested that the Commission eliminate the ``controls the content''
element, because they believed that the proposed Rule could operate
effectively in its absence.\49\ Others suggested that the Commission
clarify that ``control'' means control of the ``primary'' or
``overall'' content of the message, but does not mean either control by
a company over its own advertisement\50\ or the practice of reviewing
and approving the advertising content of other marketers.\51\ These
commenters asked the Commission to clarify that ``control'' should
refer to control over what content will be distributed in the email
message as a whole and not control over the design, content, or
placement of a particular advertisement in a multi-marketer
message.\52\ Other commenters advocated that ``control'' of the content
of the message should mean the ultimate ability to determine whether
and when the message is transmitted.\53\
---------------------------------------------------------------------------
\49\ See NAIFA; SIIA.
\50\ See, e.g., ACB; Adknowledge; Associations; ATAA; CBA;
Charter; Discover; DMA; Experian; FNB; IAC; ICC; KeySpan; Microsoft;
MPAA; NAIFA; NBCEP; NEPA; NetCoalition; NRF; OPA; Reed; SIIA; Time
Warner; Wells Fargo.
\51\ See, e.g., ERA; HSBC; MasterCard; MPA; Nextel; PMA.
\52\ See ACB; BoA; Discover; ERA; ESPC; Experian; HSBC; IAC;
ICC; Mastercard; Microsoft; MPA; MPAA; NAA; PMA; Visa.
\53\ See, e.g., BigFoot; SIIA.
---------------------------------------------------------------------------
In a similar vein, some commenters felt that the structure of the
proviso as proposed in the NPRM would have limited the ability of
legitimate marketers to co-promote their products without any
corresponding benefit to consumers.\54\ Commenters pointed out that
there are circumstances when one entity provides the email addresses to
which a message is to be sent and one or more other entities control
the content of the message. Under the proposal in the NPRM, all
entities would be considered senders because the proposed Rule's
definitional requirements allowing one sender to be designated could
not be met.\55\ These commenters asked that the final Rule be made more
flexible to accommodate the variety of marketing agreements commonly
used in the industry.\56\
---------------------------------------------------------------------------
\54\ See Bigfoot; CBA; DMA; DoubleClick; ESPC; MPAA; NBCEP;
NetCoalition; NRF; SIIA; Wells Fargo.
\55\ See DMA; SIIA.
\56\ See, e.g., MPAA.
---------------------------------------------------------------------------
[[Page 29659]]
(iii) ``Determines the Electronic Mail Addresses to Which Such Message
is Sent''
Few commenters discussed the third element of the proposed proviso
for the definition of ``sender'': that the sender be the party that
determines the email addresses to which such message is sent. Some
commenters objected to this element of the definition because, they
contend, entities in joint marketing campaigns may want to contribute
or recommend some email addresses without being considered the primary
``sender.''\57\
---------------------------------------------------------------------------
\57\ See, e.g., KeySpan; Reed; SIA. Several commenters also
requested clarification of what constitutes ``determines'' and
suggested that merely providing criteria for targeting recipients
(such as demographic characteristics) should not qualify as
``determining'' the email addresses. See DoubleClick; KeySpan;
MasterCard; Unsub. As discussed below, this element has been
removed, and thus these requests for clarification need not be
addressed.
---------------------------------------------------------------------------
(iv) ``Promote''
Finally, a few commenters suggested that the Commission define
broadly the term ``promote'' in the Act's definition of sender. They
argued that a person ``advertises'' or ``promotes'' the person's
``product, service, or Internet website'' by appearing in the ``from''
line of the message or simply by having the person's name referenced in
the email.\58\ Under this interpretation, they argued, more persons
could qualify as designated ``senders'' under the proviso.
---------------------------------------------------------------------------
\58\ See, e.g., Adknowledge; ESPC; Unsub.
---------------------------------------------------------------------------
d. Response to Comments on the Definition of ``Sender'' and Explanation
of the Final Rule's Definition of ``Sender''
Having considered the comments on the proposed definition of
``sender,'' the Commission adopts a modified version as its final Rule.
These modifications mitigate the concerns of marketers raised in the
comments, recognize the benefits afforded by advertising by multiple
entities in a single email, conform more closely to the expectations of
email recipients, and continue to provide the CAN-SPAM protections
contemplated by Congress. In summary, as discussed below, the
Commission retains the ``from'' line element in the proviso as a
mandatory element, drops the ``controls the content'' and ``determines
the electronic mail addresses to which the message is sent'' elements,
and adds a requirement that the designated sender be in compliance with
certain provisions of the Act and Rules that apply to initiators.
In response to comments regarding the ``from'' line, the Commission
found persuasive the suggestions that the ``sender'' of a multi-
marketer email should be the person identified in the ``from'' line of
the message. The Commission agrees that a rule that uses the ``from''
line as the sole determinant of the sender in a multi-marketer email
would be straightforward for marketers to follow and is the single most
helpful element of an email to enable recipients to identify the sender
of the email.\59\ A designated ``sender'' for purposes of a multi-
marketer email must, in addition to meeting the other requirements
listed below, include its non-deceptive name, trade name, product, or
service in the ``from'' line of the email.\60\
---------------------------------------------------------------------------
\59\ See Charter (stating that the ``from'' line criterion
``specifically accords with consumer expectations.'').
\60\ In response to commenters seeking further guidance about
whether a company's non-deceptive product or service names can be
used in the ``from'' line, the Commission responds as follows. CAN-
SPAM provides that ``a `from' line . . . that accurately identifies
any person who initiated the message shall not be considered
materially false or misleading.'' 15 U.S.C. 7704(a)(1)(B). The
Commission believes that this does not mean that the ``from'' line
necessarily must contain the initiator's formal or full legal name,
but it does mean that it must give the recipient enough information
to know who is sending the message. Email senders should consider
their messages from their recipients' perspective. If a reasonable
recipient would be confused by the ``from'' line identifier, the
sender is not providing sufficient information. See NPRM, 70 FR at
25431 (further discussing this issue).
---------------------------------------------------------------------------
And, under the final Rule, the designated sender must be
``identified in the `from' line as the sole sender of the message'' --
if two or more senders appear in the ``from'' line, the multi-marketer
proviso would not be met.
On the second issue identified by commenters, the Commission has
deleted the ``controls the content of such message'' element from the
proviso. Comments urging its removal were persuasive, and comments that
advocated clarification rather than removal revealed that retaining
this element would not serve to assist recipients in identifying or
confirming the sender of a multi-marketer message. By its nature, a
multi-marketer message promotes more than one company's content, and
thus more than one company controls its content in at least some
way.\61\ Modifying the criterion to require ``overall'' control of the
content would simply add further nuance and complication and make
enforcement difficult. Deleting this criterion will make the proviso
more practicable for legitimate marketers to designate a single
``sender'' while preserving for email recipients the protections of
CAN-SPAM.\62\ Under the final Rule, therefore, a non-designated sender
under the multi-marketer proviso will not have ``sender'' liability
just because it controls its own advertising copy, including its
trademarks and legal disclosures, or reviews other marketers' content
to ensure the absence of objectionable material in proximity to its own
brand.
---------------------------------------------------------------------------
\61\ See IAC.
\62\ See, e.g., Charter (``the Commission's proposed definition
is inadequate and unworkable''); DoubleClick; Keyspan; MasterCard;
NAIFA; SIIA.
---------------------------------------------------------------------------
The Commission has deleted the third element discussed by
commenters that required that the designated ``sender'' of a multi-
marketer email determine the email address to which such message will
be sent. The NPRM rationale for this element was to ensure that the
designated sender had the ability to process opt-out requests. The
Commission is now convinced that requiring the designated sender to
determine recipient email addresses would serve little, if any,
purpose. Under the Act, as a sender, the designated sender already must
check to make sure that none of the email recipients appears on its
opt-out list. In a multi-marketer email, if the designated sender
receives a list of proposed email addresses from a non-designated
sender, the designated sender must scrub that list against its own opt-
out list before sending the message to the addresses on that list.
On the fourth and final issue raised by commenters, the Commission
declines to make any additional changes to the definition of ``sender''
proposed by the NPRM. Some commenters suggested that the FTC define
broadly the phrase ``advertised or promoted'' in the Act's definition
of ``sender,'' so that more entities could qualify as ``senders'' under
the multi-marketer proviso. The Commission believes that the definition
of a ``sender'' should be based on consumer expectations. If a
reasonable consumer would not believe that a person's product, service,
or website were ``advertised or promoted'' in the message, then that
person does not qualify as a ``sender.'' The Commission believes that
the meaning of ``advertised or promoted'' is clear and broadly
understood.\63\
---------------------------------------------------------------------------
\63\ By analogy, another definition in the Act, that of a
``commercial electronic mail message,'' states that
[t]he inclusion of a reference to a commercial entity or a link
to the web site of a commercial entity in an electronic mail message
does not, by itself, cause such message to be treated as a
commercial electronic mail message for purposes of this chapter if
the contents or circumstances of the message indicate a primary
purpose other than commercial advertisement or promotion of a
commercial product or service.
15 U.S.C. 7702(2)(D).
---------------------------------------------------------------------------
[[Page 29660]]
Lastly, based on its law enforcement experience, the Commission
recognizes that illegitimate marketers may attempt to use the proviso
to escape liability under CAN-SPAM. Both CAN-SPAM's definition of
``initiator'' and the final Rule's revised definition of ``sender''
substantially reduce the likelihood of such abuse.\64\ First, marketers
in a single email message who are not designated senders are still
``initiators'' under CAN-SPAM and liable under any of the provisions
that apply to initiators, such as the prohibition against use of
deceptive headers and subject lines and the requirement to include an
opt-out link.\65\ Second, the final Rule's definition of ``sender''
requires that the designated ``sender'' be in compliance with certain
initiator provisions of the Act: 15 U.S.C. 7704(a)(1), 15 U.S.C.
7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16
CFR 316.4.\66\ The proviso states that if the designated sender does
not comply with these five ``initiator'' responsibilities, all the
marketers will be liable as senders (and not just initiators) under the
Act because the proviso will not apply. By requiring the designated
sender to comply with these provisions of law, the other marketers
using a single email message must ensure that the entity that is the
designated ``sender'' complies with the Act and the Commission's rules.
Otherwise, the other marketers using the email risk losing the
protections provided by the proviso and each will be a ``sender'' of
the message. The final Rule, therefore, provides senders of multi-
marketer emails a method of reducing the burdens associated with
multiple opt-out links and postal addresses while guarding against
possible abuse. Nonetheless, if the Commission finds such abuse through
the operation of the proviso, it will reconsider whether the final Rule
is justified under the Act.\67\
---------------------------------------------------------------------------
\64\ At least one commenter suggested that the proviso could be
subject to abuse. See Adknowledge (suggesting that to avoid abusive
practices, the proposed regulation explicitly should state that a
``person'' must be a ``bona fide business entity'' because
``spammers continually change the name of the originating entity
along with header or other information, or consider a mere email
address list as a `business entity.''').
\65\ See, e.g., FTC v. Phoenix Avatar, 2004-2 Trade Cas. (CCH) ]
74,507 (N.D. Ill. Jul. 30, 2004) (order granting preliminary
injunction); FTC v. Opt-in Global, No. 05-cv-1502 (N.D. Cal. filed
Apr. 12, 2005) (final order entered Apr. 6, 2006); FTC v. Dugger,
No. CV-06-0078 (D. Ariz. filed Jan. 9, 2006) (final order entered
Jul. 31, 2006).
\66\ Section 7704(a)(1) of the Act prohibits initiation of an
email that contains false or misleading transmission information,
and section 7704(a)(2) prohibits initiation of an email with a
deceptive subject heading. Section 7704(a)(3)(A)(i) requires an
initiator to include a ``functioning return electronic mail address
or other Internet-based mechanism, clearly and conspicuously
displayed, that a recipient may use to submit . . . a reply
electronic mail message or other form of Internet-based
communication requesting not to receive future commercial electronic
mail messages from [the] sender [responsible for the initial
commercial message].'' Section 7704(a)(5)(A) of the Act requires
that an initiator ``provide clear and conspicuous identification
that the message is an advertisement or solicitation, clear and
conspicuous notice of the opportunity . . . to decline to receive
further commercial electronic mail messages from the sender, and a
valid physical postal address of the sender.'' Finally, 16 CFR
316.4, the Sexually Explicit Labeling Rule, imposes certain
requirements on a message that includes sexually oriented material,
including the 19 characters ``SEXUALLY EXPLICIT: '' at the beginning
of the subject header of the message.
\67\ Of course, it should be noted that the proviso in no way
relieves non-designated senders of liability for ensuring that their
own advertising complies with the FTC Act.
---------------------------------------------------------------------------
e. List Owners
In the NPRM, the Commission asked whether under CAN-SPAM, third-
party list providers who do nothing more than provide a list of names
to whom others send commercial emails could be required to honor opt-
out requests.\68\ Specifically, the NPRM asked whether such list
providers could satisfy the statutory definition of sender, i.e., a
person that both initiates a message and advertises its product,
service, or website in the message.
---------------------------------------------------------------------------
\68\ 70 FR at 25450.
---------------------------------------------------------------------------
Some commenters opposed extending opt-out responsibilities to
third-party list providers because it would be contrary to
congressional intent, difficult to implement and monitor, and would
impose administrative costs and complexity for legitimate list
providers and email marketers.\69\ Although the NPRM asked about list
owners who have no other involvement in the message besides providing a
list of names to others, commenters discussed other list rental
arrangements in which both the marketer and the list owner have some
degree of control over the content of the message.\70\ In those cases,
list owners typically do not have control over the specific creative
content within an advertisement, but they can approve or disapprove an
advertisement for delivery to email addresses on their lists.
---------------------------------------------------------------------------
\69\ See FNB; Jumpstart; Lashback; Schnell; SIA (list providers
play a role ``similar to that of a telephone directory service,''
are neither ``advertising or promoting their products and
services,'' nor ``initiating the email,'' and accordingly ``do not
come within the definition of `sender' under the CAN-SPAM Act.'').
\70\ See, e.g., Unsub.
---------------------------------------------------------------------------
On the other hand, two commenters argued in favor of extending opt-
out obligations to third-party list providers.\71\ Some of these
commenters thought the Commission should clarify that in such
situations the list owner exercises fundamental ``control'' of the
content of the message for purposes of the then-proposed regulatory
definition of ``sender.''\72\ Other commenters urged the Commission to
adopt the position that a list owner would be considered a sender if
the list owner ``advertises or promotes'' its services merely by being
referenced in the ``from'' line or in the message itself, thereby
making it responsible for the opt-out function and other CAN-SPAM
compliance.\73\
---------------------------------------------------------------------------
\71\ See Adknowledge; EPIC.
\72\ See, e.g., ESPC.
\73\ See, e.g., Adknowledge; Baker; ESPC; cf. Microsoft (arguing
that it should constitute a deceptive trade practice for a list
owner to fail to identify itself and the role that it plays in
sending the message, that its identification would be considered
advertising or promoting its services, and thus that the list owner
would meet the definition of ``sender'' and have CAN-SPAM
liability); Adknowledge (proposing that the Commission make it
``mandatory for list owners to advertise or promote themselves in
each email message they transmit'').
---------------------------------------------------------------------------
Because of the variety of situations in which a list owner might be
involved in a commercial email, and because none of the commenters
provided a workable mechanism for all of these situations, the
Commission is persuaded that amending the rules under CAN-SPAM to
create a specific provision for list owners is not feasible.
The Commission finds that a list owner must honor opt-out requests
only if it qualifies as the ``sender'' of a commercial email (i.e., it
is an initiator and its ``product, service, or Internet web site'' are
``advertised or promoted'' in the email). And, if it does qualify as a
``sender,'' it may avail itself of the multi-marketer proviso added to
the definition of sender in the final Rule.
f. Safe Harbor for Email Messages Sent By Affiliates
In the NPRM, the Commission asked whether it should adopt a ``safe
harbor'' with respect to opt-out and other obligations for a sender
whose product, service, or website is advertised by affiliates or other
third parties. Moreover, the Commission sought guidance on the criteria
for a safe harbor.\74\
---------------------------------------------------------------------------
\74\ 70 FR at 25450.
---------------------------------------------------------------------------
Although the Act does not provide a definition of ``affiliate,''
the Commission noted in the NPRM that ``affiliates'' are induced to
send commercial email messages by sellers seeking to drive traffic to
their websites, and that sellers generally pay affiliates based on the
number of individuals who, directed by the affiliates, ultimately visit
the seller's
[[Page 29661]]
website and/or purchase the seller's product or service.\75\
---------------------------------------------------------------------------
\75\ 70 FR at 25428 n.23. According to IAC, in a typical
affiliate program, a marketer enters an arrangement with an
affiliate to pay the affiliate for referrals to its website. The
affiliate can employ a variety of methods to direct consumers to the
marketer's website, including email messages. The affiliate sends
email messages containing an advertisement promoting the marketer's
goods or services and a hypertext link to visit the marketer's
website directly from the email message (either as a direct link or
through the affiliate's link, which redirects the recipient to the
marketer's website). If a recipient of the email uses this link to
visit the marketer's website, the marketer logs the visit as
attributable to the affiliate's email. Depending on the arrangement
between the marketer and the affiliate, the marketer will pay the
affiliate a prescribed amount either for the visit (also known as a
``click through'') or for a completed sale, or both. IAC states in
its comments that it has thousands of affiliates. For Expedia, one
of IAC's websites, however, the majority of the sales from the
affiliate program are generated by a relatively small number of
productive affiliates.
---------------------------------------------------------------------------
Before turning to the issue of whether a safe harbor is appropriate
to shield marketers from liability for CAN-SPAM violations of
affiliates, two preliminary questions must be considered. First, is the
marketer who uses an affiliate an ``initiator'' under the final Rule?
Second, in scenarios where a marketer uses an affiliate, what is the
impact of the final Rule on the status of both the marketer and the
affiliate as ``senders''?
With regard to whether a marketer that uses affiliates is an
``initiator,'' under the Act, a person is an ``initiator'' if the
person originates, transmits, or ``procure[s] the origination or
transmission of'' a message.\76\ In the typical affiliate marketing
scenario, the affiliate originates and transmits the message, and is
therefore an initiator. The marketer, however, does not originate or
transmit the message, but does ``procure'' the origination of the
message. The Act defines ``procure'' as ``intentionally to pay or
provide other consideration to, or induce, another person to
initiate[]a message on one's behalf.''\77\ A few commenters argued that
a marketer does not actually ``initiate'' an email message if it does
not provide consideration to an affiliate for each message, because it
provides consideration to the affiliate for visits to its website or
completed sales made as a result of the affiliate's email messages.\78\
According to this argument, in these circumstances, the marketer pays
consideration for the referral, but not for the message itself.
---------------------------------------------------------------------------
\76\ 15 U.S.C. 7702(9).
\77\ 15 U.S.C. 7702(12) (emphasis added).
\78\ See IAC (arguing that affiliates are not ``hired'' to do
anything, but are ``simply paid a small fee for referrals,'' and
that the affiliate emails are ``created and transmitted entirely at
the discretion of the affiliate.''); Unsub (arguing that the payment
structure does not differ from a company renting a mailing list from
a third party).
---------------------------------------------------------------------------
The Commission believes that this interpretation is too narrow. By
agreeing in advance to pay an affiliate for sales to persons who come
to a marketer's website as a result of an affiliate's referral, a
seller or marketer creates an inducement for the affiliate to originate
or transmit commercial email messages to the public. In the language of
the Act, the seller induces another person -- the affiliate -- to
initiate messages on the seller's behalf.
With regard to the second question, in the typical affiliate
program, the marketer is a ``sender'' because its product, service, or
website is promoted in the email message, and the affiliate is only an
``initiator.'' It is only when the affiliate promotes its own product,
service, or website along with that of the marketer that the affiliate
is also a ``sender'' under the Act. In such a case, under the final
Rule, the affiliate may serve as the designated sender, provided that
it is listed in the ``from'' line of the message and is in compliance
with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C.
7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. If,
however, the affiliate promotes its own product, service, or website in
addition to that of the marketer, but does not comply with the
designated sender requirements in the final Rule, then both the
affiliate and the marketer are liable as ``senders'' under the final
Rule.\79\
---------------------------------------------------------------------------
\79\ In either case, both the affiliate and the marketer are
``initiators'' under the Act.
---------------------------------------------------------------------------
A ``safe harbor'' would absolve a marketer of initiator liability
(or of sender liability if the affiliate is not the designated sender
under the final Rule) if the marketer takes prescribed steps to ensure
that the affiliate complies with CAN-SPAM. Those who commented on this
issue were split on whether the Commission should adopt a safe harbor
for CAN-SPAM liability for marketers whose products are promoted by
affiliates or other third parties. Those opposed to a safe harbor
stated that it would allow marketers to circumvent CAN-SPAM
requirements.\80\ Those in favor of a safe harbor stated that it would:
(1) provide clarity to marketers that practice due diligence when
selecting third-party email marketers; (2) encourage marketers to
maintain reasonable practices and procedures to prevent violations of
CAN-SPAM; and (3) effectuate congressional intent.\81\
---------------------------------------------------------------------------
\80\ See, e.g., Amin; Jumpstart; LashBack; Schaefer; Unsub;
VFCU.
\81\ See e.g., AeA; ARDA; ERA LashBack; MPAA; NADA.
---------------------------------------------------------------------------
Many online businesses advocated the adoption of a safe harbor in
principle,\82\ but only a fraction of those commenters suggested
specific components to the safe harbor. Those suggestions included the
following requirements: (1) that the contract between the marketer and
the affiliate specifically require the affiliate to comply with CAN-
SPAM;\83\ (2) that the affiliate periodically certify that it complies
with CAN-SPAM;\84\ (3) that the marketer provide the affiliate with
written guidelines on how to comply with CAN-SPAM;\85\ (4) that the
marketer maintain additional reasonable procedures to determine whether
the affiliates are complying with CAN-SPAM;\86\ (5) that a marketer
comply with its privacy policy relating to the conduct of third parties
sending email messages on its behalf;\87\ and (6) that a marketer have
``flexibility to determine what procedures are reasonable.''\88\
---------------------------------------------------------------------------
\82\ See ESPC (noting that it is ``generally supportive of safe
harbor programs'' and ``would be very interested in further
discussion of such programs''); SIIA (making a ``preliminary
proposal''); Visa (``such a safe harbor could be based on examples
demonstrating relationships that do not result in control of content
or email addresses.''); Wahmpreneur (suggesting a safe harbor that
would apply to permission-based marketing).
\83\ See IAC.
\84\ See id.
\85\ See id.
\86\ See id.
\87\ See SIIA; ACLI.
\88\ See IAC.
---------------------------------------------------------------------------
After considering all the comments submitted and in the light of
the changes to the Rule's definition of ``sender'' for multi-marketer
messages as well as its law enforcement experience, the Commission has
decided against creation at this time of a ``safe harbor'' for
companies whose products, services, or website are advertised by
affiliates or other third parties. First, the requisite criteria for a
safe harbor have not been articulated clearly. Second, email marketing
models continue to evolve, and there may not be enough transparency in
email marketing to support a safe harbor.
The Commission believes that the final Rule's definition of
``sender'' gives marketers the necessary flexibility to market their
products using email on their own or in conjunction with other parties
while at the same time preserving the protections afforded to consumers
by CAN-SPAM. If, after marketers have had the opportunity to conduct
business under the ``sender'' definition in the final Rule, concerns
about the necessity of a safe harbor persist, the Commission can
reconsider this issue.
[[Page 29662]]
g. Messages Sent to Members of Online Groups
The NPRM asked whether CAN-SPAM should apply to email messages sent
to members of online groups. According to ESPC, online groups are also
known as discussion lists, list servs, mailing lists, and chat groups.
They often constitute communities engaging in both commercial and non-
commercial speech via email. Many such lists are volunteer efforts, but
their messages sometimes include commercial content. Lists can be fee-
based or free.\89\
---------------------------------------------------------------------------
\89\ See ESPC.
---------------------------------------------------------------------------
Generally discussion groups are permission-based, that is, ``opt-
in.'' Those lists that are free to join often include advertising in
messages sent to subscribers, either with or without content relating
to the purpose of the group. Depending on the type of discussion group,
different individuals may be able to send messages to the entire group.
In some groups, any member may send a message; in other groups, only
the moderator or list owner may send messages; in still other groups,
anyone may send a message, but the message must be approved by a
moderator. It is rare for mailing list software to allow subscribers to
choose the senders from whom they want to receive messages. In other
words, they opt to receive all messages in the discussion group or none
at all.\90\
---------------------------------------------------------------------------
\90\ See ESPC.
---------------------------------------------------------------------------
Four commenters stated that they believe online groups should not
be subject to CAN-SPAM.\91\ They felt that compliance with CAN-SPAM
would be too burdensome for unpaid list moderators and might cause them
to cease operations, potentially chilling free speech. ESPC argued that
email service providers that host mailing list services generally are
considered to be engaged in routine conveyance under the Act, taking
them outside the definition of initiator under the Act. ESPC also
argued that most moderators also would be engaging in routine
conveyance when sending messages to the group on behalf of group
members.\92\
---------------------------------------------------------------------------
\91\ See ESPC; NAEDA; PCIAA; Schnell.
\92\ The Commission notes, however, that CAN-SPAM defines
``routine conveyance'' as requiring an ``automatic technical
process.'' 15 U.S.C. 7702(15). Thus, if a list moderator is manually
forwarding messages to the group on behalf of group members, the
moderator would not be engaged in ``routine conveyance.'' See also
infra Part II.A.5 (discussing ``routine conveyance'' in connection
with forward-to-a-``friend'' emails).
---------------------------------------------------------------------------
One commenter urged the Commission not to distinguish between email
messages sent to members of groups and email messages sent to
recipients who are not members of groups. That commenter stated that an
exception from CAN-SPAM would give an unfair advantage to the operators
of online groups without compelling justification, and would create an
incentive for ``group'' status that would likely be exploited by
aggressive marketers.\93\
---------------------------------------------------------------------------
\93\ See Jumpstart.
---------------------------------------------------------------------------
The Commission believes that CAN-SPAM compliance is not unduly
burdensome for online groups. Of course, in some cases, the primary
purpose of emails sent by and to online groups will not be commercial,
and thus the Act will not apply.\94\ However, for those messages with a
primary purpose that is commercial, group members should be entitled to
the benefits of CAN-SPAM's opt-out provisions. Indeed, best practices
in the industry already require group members to opt into listservs and
provide straightforward mechanisms for opting out.\95\ The Commission,
therefore, has determined not to exempt online groups from CAN-SPAM at
this time, but may reconsider the issue in the future should
circumstances warrant.
---------------------------------------------------------------------------
\94\ Most of the Act's requirements apply to an email only if it
is a ``commercial electronic mail message,'' which is defined as an
email ``the primary purpose of which is the commercial advertisement
or promotion of a commercial product or service (including content
on an Internet web site operated for a commercial purpose).'' 15
U.S.C. 7702(2)(A). See also 16 CFR 316.3 (primary purpose rule).
\95\ See ESPC.
---------------------------------------------------------------------------
3. Section 316.2(o)--Definition of ``Transactional or Relationship
Message''
CAN-SPAM designates five broad categories of emails as
``transactional or relationship messages.''\96\ The Act excludes these
messages from its definition of ``commercial electronic mail
message,''\97\ and thus relieves them from most of the Act's
requirements and prohibitions.\98\ In the NPRM, the Commission proposed
no modification to Rule 316.2(n), which incorporates the Act's
definition of ``transactional or relationship message'' by reference.
Under the Act, the Commission can expand or contract the definition of
``transactional or relationship message'' only if two conditions are
met: (1) such modification is necessary to accommodate changes in email
technology or practices; and (2) such modification is necessary to
``accomplish the purposes of [the Act].''\99\ None of the 50 comments
submitted on this issue demonstrated that an expansion or contraction
of the ``transactional or relationship message'' categories were
necessary to accommodate changes in email technology of practices.
Accordingly, the final Rule leaves the statutory definition
unaltered.\100\ The NPRM also invited comment on a series of questions
concerning the application of the existing categories of
``transactional or relationship messages'' to certain types of
messages. The Commission has carefully reviewed these comments and
discusses its views on these issues below.
---------------------------------------------------------------------------
\96\ Section 7702(17)(A) of the Act defines a ``transactional or
relationship message'' as ``an electronic mail message the primary
purpose of which is --
(i)to facilitate, complete, or confirm a commercial transaction
that the recipient has previously agreed to enter into with the
sender;
(ii)to provide warranty information, product recall information,
or safety or security information with respect to a commercial
product or service used or purchased by the recipient;
(iii) to provide --
(I)notification concerning a change in the terms and features
of;
(II)notification of a change in the recipient's standing or
status with respect to; or
(III) at regular periodic intervals, account balance information
or other type of account statement with respect to, a subscription,
membership, account,loan, or comparable ongoing commercial
relationship involving the ongoing purchase or use by the recipient
of products or services offered by the sender;
(iv)to provide information directly related to an employment
relationship or related benefit plan in which the recipient is
currently involved, participating, or enrolled; or
(v)to deliver goods or services, including product updates or
upgrades, that the recipient is entitled to receive under the terms
of a transaction that the recipient has previously agreed to enter
into with the sender.''
\97\ See supra n.94.
\98\ Section 7704(a)(1)'s prohibition on false or misleading
transmission information applies equally to ``commercial electronic
mail messages'' and ``transactional or relationship messages.''
Otherwise, CAN-SPAM's prohibitions and requirements cover only
``commercial electronic mail messages.''
\99\ 15 U.S.C. 7702(17)(B).
\100\ The NPRM asked whether there are any types of messages
that erroneously fall outside of the reach of the proposed Rule,
and, if so, how such a shortcoming should be remedied. 70 FR at
25450. No commenters identified any such categories of messages.
See, e.g., Discover (stating that it was aware of no messages that
fall outside the Rule that should be covered by it). Accordingly,
the Commission adopts no modification of the definition of
``transactional or relationship message'' to accommodate any such
categories of messages.
---------------------------------------------------------------------------
a. Legally Mandated Notices
In the NPRM, the Commission asked whether an email message that
contains only a ``legally mandated notice'' -- i.e., communications
mandated by state or federal law -- should be considered a
``transactional or relationship message.''\101\ Commenters identified
messages mandated by the Truth in Lending Act, the Gramm-Leach-Bliley
[[Page 29663]]
Act, and the USA PATRIOT Act as well as messages concerning billing
errors and changes in terms or account features as examples of legally
mandated notices.\102\
---------------------------------------------------------------------------
\101\ 70 FR at 25450.
\102\ See, e.g., ACA; CBA; FNB; NRF.
---------------------------------------------------------------------------
All 13 commenters that addressed this issue opposed classifying
messages that solely contained legally mandated notices as ``commercial
electronic mail messages.''\103\ Commenters were divided on whether
such messages should be exempt from the Act,\104\ categorized under a
new definition of ``transactional or relationship message,''\105\ or
classified under one of the existing, statutory categories of
transactional or relationship emails, such as messages to facilitate a
commercial transaction that the parties have entered into (section
7702(17)(A)(i))\106\ or messages to provide notification regarding a
change in the terms and features of an account (section
7702(17)(A)(iii)).\107\
---------------------------------------------------------------------------
\103\ See FNB; KeySpan; Schnell; Wells Fargo; ESPC; BOA; ACA;
DoubleClick, NRF, HSBC; CBA; Discover; PCIAA.
\104\ See Discover; ESPC (arguing that legally mandated notices
are either exempt from the Act or transactional or relationship in
nature, depending on the content and context of the message in
question); FNB; KeySpan (arguing that legally mandated notices
should either be exempt from the Act or that the Commission should
create a new transactional or relationship category for legally
required notes); PCIAA (same); MPAA (arguing that messages
containing legally mandated notices are not ``commercial electronic
mail messages'' provided that their commercial content does not
exceed the amount reasonably believed by the sender to be required
to meet the legal requirement prompting the message); Schnell
(``[A]n e-mail message containing only a legally mandated notice
should have no standing in CAN-SPAM at all, other than perhaps a
routine conveyance. It is not a commercial e-mail message, and is
not a transactional or relationship message.'').
\105\ See DoubleClick; KeySpan; NRF.
\106\ See HSBC (arguing that such an email facilitates the
commercial transaction into which the parties have entered).
\107\ See ACA; CBA; Wells Fargo; BOA.
---------------------------------------------------------------------------
The Commission declines either to expand the definition of
``transactional or relationship message'' to include legally mandated
notices or to make a blanket determination that such messages fall
under one of the existing categories of transactional or relationship
emails. Despite the unanimity of opinion expressed in the comments that
such notices should not be treated as commercial in nature, none of the
commenters demonstrated that expansion of the definition of
``transactional or relationship message'' to include legally mandated
notices was necessary to accommodate changes in email technology or
practices and to accomplish the purposes of the Act.\108\ That said,
the Commission believes that, in most cases, the types of legally
mandated notices described by the commenters likely would be
categorized as transactional or relationship messages. Such
determinations, however, must be made on a case-by-case basis depending
on the specific content and context of such messages. Moreover, if a
message providing a non-commercial legally mandated notice also
includes commercial content, it should be evaluated under the
Commission's primary purpose criteria as a dual purpose message.\109\
---------------------------------------------------------------------------
\108\ KeySpan addressed the statutory standard by arguing that
``[i]t has become common practice for senders to email legally
required notices to individuals who purchased the sender's products
or services online.'' The Commission, however, is not persuaded that
this is a ``change'' in email practices that has evolved since the
passage of the Act.
\109\ 16 CFR 316.3; see also NPRM, 70 FR at 25438.
---------------------------------------------------------------------------
b. Debt Collection Emails
In the NPRM, the Commission invited comment on the Act's
application to debt collection email messages, including messages sent
by a third party on behalf of the seller from whom the recipient
purchased goods or services rather than by the seller itself.\110\
Nearly all of the 15 commenters that addressed this issue urged that
debt collection emails by a seller from whom the consumer made a
purchase should be considered transactional or relationship in
nature.\111\ Most of these commenters also stated that the same
conclusion should apply to emails sent by third-party debt
collectors.\112\
---------------------------------------------------------------------------
\110\ NPRM, 70 FR at 25450.
\111\ See NADA; Schnell; FNB; ESPC; DMA; NCTA; NNA; Charter;
HSBC; CUNA; KeySpan; PCIAA; VFCU. But see Discover (arguing that all
debt collection emails should be exempt from regulation under CAN-
SPAM); ACA (arguing that ``at most'' debt collection emails should
be regulated as ``transactional or relationship messages'').
\112\ See, e.g., DMA; ESPC; FNB; NCTA. But see Schnell (arguing
that debt collection emails from a third party should be considered
commercial); Charter (arguing that debt collection messages sent by
third-party debt collectors would be neither ``commercial'' nor
``transactional or relationship'' messages and thus would fall
outside the scope of CAN-SPAM).
---------------------------------------------------------------------------
The Commission declines to modify the definition of ``transactional
or relationship messages'' to include an express provision addressing
debt collection emails because there is no evidence in the record that
such a modification is necessary to accommodate new email technology or
practices. Such a modification is also unwarranted because debt
collection messages will usually qualify as ``transactional or
relationship messages'' under the existing definition of the term. The
primary purpose of debt collection emails is not the ``advertisement or
promotion of a commercial product or service,'' and, therefore, they
generally would not be ``commercial electronic mail messages'' under
section 7702(2)(A) of CAN-SPAM.\113\ Rather, debt collection emails
from a seller from whom the consumers made a purchase are best
understood as ``complet[ing] . . . a commercial transaction that the
email recipient has previously agreed to enter into with the sender,''
and thus are ``transactional or relationship messages'' under section
7702(17)(A)(i). Morever, the Commission agrees with the overwhelming
majority of commenters that the ``sender'' with whom the ``recipient
has previously agreed to enter into'' a commercial transaction can be
interpreted to encompass a third party acting on behalf of a seller
from whom the consumer made a purchase.\114\Thus, an email from a third
party collecting on behalf of a seller likely is a ``transactional or
relationship message.''
---------------------------------------------------------------------------
\113\ Cf. Telemarketing Sales Rule, 68 FR 4580, 4664 n.1020
(Jan. 29, 2003) (``[D]ebt collection . . . activities are not
covered by the [Telemarketing Sales Rule, 16 CFR 310] because they
are not `telemarketing' -- i.e., they are not calls made `to induce
the purchase of goods or services.'''). If a debt collection email
also contains material advertising or promoting a commercial
product, service, or website, then it must be analyzed as a dual
purpose message under Rule 316.3.
\114\ Debt collection emails also must comply with other
applicable federal and state laws. Significantly, the Fair Debt
Collection Practices Act, 15 U.S.C. 1601, et seq. (``FDCPA''),
imposes limitations on debt collectors' communications with
consumers and third parties. Compliance with CAN-SPAM in no way
excuses a debt collector from complying with the FDCPA and other
statutes and regulations affecting communications regarding debt
collection.
---------------------------------------------------------------------------
c. Copyright Infringement Notices and Market Research
Two business organizations urged the Commission to clarify that
messages containing copyright infringement notices or marketing and
opinion research surveys are neither commercial nor transactional or
relationship in nature and thus are exempt from the Act.\115\ One of
these commenters further asserted that an email containing a copyright
infringement notice that also provided information on how to obtain a
legitimate, licensed version of the copyrighted material in question
would not fall within the scope of the Act.\116\ In the NPRM, the
Commission acknowledged that there may be messages that are neither
``commercial electronic mail messages'' nor ``transactional or
relationship messages'' as defined by the Act, and thus are not
[[Page 29664]]
addressed in CAN-SPAM.\117\ As a general matter, the Commission agrees
that if a sender has had no previous dealings with the recipient --
thus lacking the predicate for a message to be deemed ``transactional''
-- and that sender's messages contain only a copyright infringement
notice, the messages also are not primarily commercial in purpose and
thus are not subject to the requirements and prohibitions of CAN-SPAM.
Nevertheless, where a copyright infringement notice also contains
information on how to obtain licensed versions of copyrighted
materials, evaluation under the Primary Purpose Rule provisions
governing dual purpose messages may lead to the conclusion that such
messages are covered by CAN-SPAM.\118\ Likewise, emails containing true
opinion and research surveys may fall outside the scope of the Act, but
to the extent that any such message seeks to advertise or promote a
brand, a company, or a product or service to the recipient, it also may
be primarily commercial in purpose, and therefore subject to the Act's
requirements and prohibitions.
---------------------------------------------------------------------------
\115\ See BSA (copyright infringement notices); SIA (research
and opinion surveys).
\116\ See BSA.
\117\ NPRM, 70 FR at 25433 n.85.
\118\ 16 CFR 316.3.
---------------------------------------------------------------------------
d. Transactions that Do Not Involve an Exchange of Consideration
The NPRM invited comment on the Act's application to messages sent
pursuant to a relationship in which no consideration passes, such as
messages from a ``free'' Internet service (such as Evite or
Shutterfly). No commenters provided any evidence of changes in email
practices or technology that would warrant modifying the definition of
``transactional or relationship message'' specifically to address such
messages. Indeed, as explained in the NPRM, even without a Rule change,
the existing definition of ``transactional or relationship message''
includes two categories that could include messages sent pursuant to a
relationship in which there has been no exchange of consideration:
section 7702(17)(A)(i), under which an electronic mail message the
primary purpose of which is to ``facilitate, complete, or confirm a
commercial transaction [emphasis added] that the recipient has
previously agreed to enter into with the sender'' is deemed
transactional or relationship in nature; and section 7702(17)(A)(v),
which provides that an email the primary purpose of which is ``to
deliver goods or services, including product updates or upgrades, that
the recipient is entitled to receive under the terms of a transaction
[emphasis added] that the recipient has previously agreed to enter into
with the sender'' also qualifies as transactional or relationship in
nature. In the NPRM, the Commission explained that it believed an email
from a free Internet service to someone who has registered with the
service would be considered a message ``to deliver goods or services *
* * that the recipient is entitled to receive under the terms of a
transaction'' under section 7702(17)(A)(v) rather than a ``commercial
transaction'' under section 7702(17)(A)(i) (emphasis added), but sought
comment on this question.\119\
---------------------------------------------------------------------------
\119\ NPRM, 70 FR at 25434.
---------------------------------------------------------------------------
Ten of the 13 commenters that addressed this issue took the
position that an email message that is primarily for the purpose of
facilitating, completing, or confirming a commercial transaction with
the sender previously agreed to by the recipient is ``transactional''
under section 7702(17)(A)(i), even when the transaction at issue
involves no exchange of consideration.\120\ A few of these commenters
argued further that, in any event, many ``free'' Internet services do
involve an exchange of consideration; these commenters contended that
agreeing to receive commercial email or to view advertising, for
example, constitutes consideration.\121\ Three commenters argued that a
``commercial transaction'' under section 7702(17)(A)(i) must involve an
exchange of consideration.\122\
---------------------------------------------------------------------------
\120\ See Discover; Jumpstart; Mattel; NFCU; NAR; NetCoalition;
SIA; Schnell; United; VFCU.
\121\ See Jumpstart; United. One commenter also suggested that
to protect consumers, trial memberships and other situations where
consideration is not paid until a later time should be considered
commercial. See Schnell.
\122\ See ABM; NADA; PCIAA.
---------------------------------------------------------------------------
The Commission continues to believe that in many cases it is
unnecessary to reach the question of whether registration with a
``free'' Internet service constitutes a ``commercial transaction''
under section 7702(17)(A)(i) (emphasis added), because it is likely a
``transaction'' under section 7702(17)(A)(v). That said, having
reviewed the comments, the Commission has been persuaded that the term
``commercial transaction'' in section 7702(17)(A)(i) can encompass
situations in which there has been no exchange of consideration between
the sender and the recipient.\123\ This is consistent with the
Commission's interpretation of the term ``commercial electronic mail
message,'' which, as defined in section 7707(2), includes an email the
primary purpose of which is the advertisement or promotion of a
commercial product or service that is free and does not involve the
exchange of consideration so long as it is a ``commercial product or
service (including content on an Internet website operated for a
commercial purpose).'' Many free Internet services are undoubtedly
engaged in ``commerce'' and offer consumers goods or services that are
``commercial'' in nature whether or not they involve an exchange of
consideration.\124\
---------------------------------------------------------------------------
\123\ The NPRM stated that the Commission ``believe[d] that the
modifier `commercial' has been deliberately omitted from [section
7702(17)(A)(v)] of CAN--SPAM to accommodate just the sort of
scenario that IAC and Microsoft raise,'' i.e., emails from free
Internet services, like Evite, to their members. 70 FR at 25434.
Upon further reflection, the Commission has concluded that a
transaction between a free Internet website, such as Evite, and its
members -- e.g., the transaction that occurs when a consumer
registers at the website -- can reasonably constitute a ``commercial
transaction.''
\124\ As the Commission noted in the Primary Purpose Rulemaking,
70 FR at 3113, the Random House College Dictionary defines
``commercial'' as ``of, pertaining to, or characteristic of
commerce; engaged in commerce.'' It defines ``commerce'' as ``an
interchange of goods or commodities, especially on a large scale;
trade; business.'' Random House College Dictionary 270 (Rev. ed.
unabridged 1980). Likewise, the term ``commerce'' as defined in
section 4 of the FTC Act, 15 U.S.C. Sec. 44, is broadly construed
to include services that are provided without charge where they
include commercial advertising. See, e.g., Ford Motor Co. v. FTC,
120 F.2d 175, 183 (6th Cir. 1971) (``Interstate commerce includes
intercourse for the purpose of trade which results in the passage of
property, persons or messages from within one state to within
another state. All of those things which stimulate or decrease the
flow of commerce, although not directly in its stream, are essential
adjuncts thereto . . . . The use of advertising as an aid to the
production and distribution of goods has been recognized so long as
to require only passing notice.'').
---------------------------------------------------------------------------
e. Affiliated Third Parties Acting on Behalf of a Person With Whom the
Recipient Has Previously Entered Into a Commercial Transaction
The NPRM invited comment concerning the application of the Act to
messages sent by affiliated third parties that are acting on behalf of
an entity with whom a consumer has transacted business. All but one of
the dozen commenters addressing this issue argued that messages ``to
facilitate, complete, or confirm a commercial transaction to which the
recipient has previously agreed'' are generally ``transactional or
relationship messages'' under section 7702(17)(A)(i) regardless of
whether the messages were transmitted by the entity with whom the
consumer transacted business or an affiliated third party acting on the
business's behalf.\125\
---------------------------------------------------------------------------
\125\ See NAEDA; Wahmpreneur; FNB; Wells Fargo; ESPC; NAFCU;
NAIFA; CBA; Discover; PCIAA; SIA. But see Schnell (arguing against
application of section 7702(17)(A)(i) to affiliated third parties).
---------------------------------------------------------------------------
[[Page 29665]]
Because there is no evidence of changes in email technology or
practices that would warrant amending the Rule expressly to address
messages sent by affiliated third parties that are acting on behalf of
an entity with whom the recipient has done business, the Commission
does not make any modifications to the Rule concerning such messages.
In addition, the Commission notes that the examples provided by
commenters (e.g., travel agents, insurance agents) are fairly
straightforward examples of types of messages that would likely qualify
as a ``transactional or relationship message'' under section
7702(17)(A)(i).\126\ The Commission, however, does not interpret this
provision as necessarily covering every email message sent by an
affiliated third party. For example, if an affiliated third party were
to market its own product, service, or Internet website in an email
message in which the affiliated third party is also facilitating or
completing a transaction on behalf of another vendor, then that message
would contain both commercial and transactional content, thus
triggering analysis of the primary purpose of the dual purpose message.
---------------------------------------------------------------------------
\126\ See NAIFA; NAIDA; FNB; IAC (comments submitted in response
to ANPR); Wahmpreneur. For example, if a consumer purchases an
airline ticket on a travel website like Orbitz, a subsequent message
from Orbitz or the airline (or both) ``to facilitate, complete, or
confirm'' the message will be a ``transactional or relationship
message'' (or a dual purpose message if there is additional content
in the email). Likewise, an email from an insurance agent to a
customer can qualify as transactional or relationship in nature
notwithstanding the fact the customer paid the premium to the
insurer, not its agent.
---------------------------------------------------------------------------
f. Messages Sent to Effectuate or Complete a Negotiation
In the NPRM, the Commission asked under what circumstances an email
sent to effectuate or complete a negotiation should be considered a
``transactional or relationship message'' under section
7702(17)(A)(i).\127\ Twelve of the 13 commenters addressing this issue
agreed that such messages should be deemed transactional or
relationship messages or should fall outside the scope of the Act.\128\
---------------------------------------------------------------------------
\127\ NPRM, 70 FR at 25434, 25450.
\128\ See NADA; ARDA; FNB; Wells Fargo; BOA; Cendant; SIA; SIIA;
CBA; MPAA; KeySpan; Discover. See also Schnell (emails to effectuate
or complete a negotiation should be deemed transactional or
relationship only if the recipient has a reasonable expectation that
such a negotiation will occur via email).
---------------------------------------------------------------------------
The Commission declines to alter the definition of ``transactional
or relationship message'' to address communications for the purpose of
effectuating or completing a negotiation because of the lack of any
evidence in the record that such a modification would be necessary to
accommodate changes in email technology or practices and to further the
purposes of the Act. However, even without such a modification, the
Commission continues to believe that, as it stated in the NPRM, to the
extent that negotiation may be considered a ``commercial transaction''
that a recipient has previously agreed to enter into, such messages
likely would be considered transactional or relationship under section
7702(17)(A)(i) if they were sent to facilitate or complete the
negotiation.\129\ The Commission, however, does not interpret the term
``transactional or relationship message'' to include an initial
unsolicited message that proposes a transaction and attempts to launch
a negotiation by offering goods or services. Likewise, after a party
has terminated a negotiation, an email from the other party seeking to
restart the negotiations would not be a ``transactional or relationship
message.''
---------------------------------------------------------------------------
\129\ NPRM, 70 FR at 25434.
---------------------------------------------------------------------------
g. Messages in the Employment Context
In the NPRM, the Commission sought comment on the Act's application
to several types of emails that arise in the employment context. Due to
the lack of evidence in the record that would satisfy the statutory
standard for modifying the definition of ``transactional or
relationship message,'' the Commission does not adopt any provision in
the final Rule concerning such messages.
(i) Messages Concerning Employee Discounts or Similar Messages
The NPRM asked whether it is appropriate to classify emails from
employers offering employee discounts or similar messages as
communications that ``provide information directly related to an
employment relationship'' under section 7702(17)(A)(iv).\130\ In
addition, the Commission asked whether it was relevant whether the
employee's email address to which the message was sent had been
assigned to the employee by the employer.\131\ All 20 commenters that
addressed this issue argued either that such messages should be
considered ``transactional or relationship messages'' under section
7702(17)(A)(iv)\132\ or that they are neither ``commercial'' nor
``transactional or relationship'' messages and thus fall outside the
scope of the Act.\133\ A consistent theme in the comments was that an
employer should be free to send whatever information it wants to an
email address that the employer owns and assigns to an employee.\134\
In such circumstances, these commenters argued, the employer is both
the ``sender'' and the ``recipient'' under the Act.
---------------------------------------------------------------------------
\130\ Id. at 25436, 25450.
\131\ Id. at 25450.
\132\ See Associations; NNA; CBA; NRF; NADA; FNB; MPA; SIIA;
Coalition; MPAA; KeySpan; Wells Fargo; BOA; ASTA; DoubleClick;
Nextel.
\133\ See AeA; Discover; PCIAA; Schnell.
\134\ See, e.g., CBA (``The conclusion must be that an employer
can send whatever message it desires to an e-mail account that the
employer owns and assigns the employee.''); NRF (``[If] the company
provides the e-mail account to the employee primarily for the
employer's benefit, [then] the employer should be free to utilize
its own proprietary network to send information to its
employees.'').
---------------------------------------------------------------------------
The comments persuade the Commission that section 7702(17)(A)(iv)
should be interpreted to encompass messages that offer employee
discounts from employers to email accounts they have provided to their
employees. Moreover, there is nothing in the legislative history
suggesting that such emails were of concern to Congress in enacting
CAN-SPAM. Further, it seems unlikely that employers would inundate
their employees' workplace email accounts with offers of employee
discounts and the like and thereby divert their employees' attention
from their job responsibilities.\135\ Thus, because the definition of
``transactional or relationship message'' is broad enough to encompass
emails from employers to their employees offering discounts, it is
unnecessary to modify the definition to address such messages.
---------------------------------------------------------------------------
\135\ The Commission, however, rejects the argument of some
commenters that employees should not be deemed ``recipients'' under
the Act of such messages sent by their employers to their employer-
provided email addresses. See, e.g., BOA; CBA; Coalition;
DoubleClick; DMA; MPA; Wells Fargo. The Act broadly defines the
``recipient'' as an ``authorized user of the electronic mail address
to which the message was sent or delivered'' and does not require
ownership of the email address. 15 U.S.C. 7702(14) (emphasis added).
Consequently, employees are ``recipients'' of messages delivered to
their workplace email accounts, whether such emails were sent by
their employers or another person.
---------------------------------------------------------------------------
(ii) Messages From a Third Party on Behalf of the Recipient's Employer
In the NPRM, the Commission asked whether an email that
``provide[s] information directly related to an employment relationship
or related benefit plan in which the recipient is currently involved''
and that would be a ``transactional or relationship message'' under
section 7702(17)(A)(iv) if it were sent by the recipient's employer
would retain its transactional or relationship character if sent by a
third party acting on the employer's behalf. Most of the handful of
commenters that addressed this
[[Page 29666]]
question agreed with the Commission's view that messages sent by a
third party on behalf of an employer should be considered transactional
or relationship in nature.\136\ The Commission reiterates its
interpretation of section 7702(17)(A)(iv) as being sufficiently broad
to allow an employer to retain a third party as its agent to send a
message to its employees that would otherwise fit within the confines
of a ``transactional or relationship message.''\137\ Thus, because the
definition of ``transactional or relationship message'' is broad enough
to include a message sent by the third-party agent of an employer to
its employees, provided the message would be considered transactional
or relationship in nature if sent by the employer itself, there is no
need to modify the definition of ``transactional or relationship
message'' to address such messages.
---------------------------------------------------------------------------
\136\ See KeySpan; FNB; MPAA; PCIAA. But see Schnell
(``commercial messages to employees of a given employer that come
from third parties should not be considered transactional or
relationship messages, and should be considered commercial under
CAN-SPAM'').
\137\ Nevertheless, the Commission's interpretation does have
its limits. For example, if a third party were to market to a client
company's employees the third party's own goods and services on its
own behalf, rather than on behalf of the client, those messages
would not be deemed ``transactional or relationship messages'' under
section 7702(17)(A)(iv).
---------------------------------------------------------------------------
(iii) Messages Sent After an Offer of Employment is Tendered
In the NPRM, the Commission asked whether, for purposes of section
7702(17)(A)(iv) of the Act, providing information directly related to
an employment relationship should include providing information related
to such a relationship after an offer of employment is tendered, but
prior to the recipient's acceptance of the job offer.\138\ The several
commenters that addressed the issue believed that such messages provide
``information directly related to an employment relationship'' and thus
are transactional and relationship in nature.\139\ None of the
commenters argued that prospective employees would be subject to
unwanted commercial email messages from their prospective employers
between the time an offer of employment is made and the time it is
either accepted or rejected.
---------------------------------------------------------------------------
\138\ NPRM, 70 FR at 25436, 25450.
\139\ See FNB; KeySpan; Discover; MPAA.
---------------------------------------------------------------------------
As an initial matter, the Commission notes that, where the primary
purpose of an email from an employer to a prospective employee is
something other than the promotion or advertisement of a commercial
product or service, the message would not be subject to CAN-SPAM's
requirements for commercial email messages.\140\ Where, for example, a
message provides only information about a prospective employee's salary
and job responsibilities and does not advertise or promote a commercial
product or service, it is not a ``commercial electronic mail message''
under the Act. Rather, an email sent to a prospective employee who has
received a bona fide offer of employment after actively seeking such
employment would be considered information ``directly related to an
employment relationship or related benefit plan'' under section
7702(17)(A)(iv), provided the email concerned only the prospective
employment relationship.\141\ To the extent, however, that such
messages included both information about the job offer and an
advertisement or promotion of a commercial product or service, e.g., an
effort to induce the job applicant to purchase the employer's goods or
services, then the message would be analyzed as a dual purpose message
under the Primary Purpose provisions of the Commission's CAN-SPAM
Rules.\142\
---------------------------------------------------------------------------
\140\ 15 U.S.C. 7702(2).
\141\ One commenter argued that section 7702(17)(A)(iv)'s
exemption for employment-related emails ``does not go far enough''
and that the final Rule should exempt ``e-mails regarding current or
prospective job openings that are sent to individuals who are not
currently employed by the sender, and who are not charged any fees
or other consideration in connection with any current or prospective
job.'' ASA. As noted above, if such emails do not advertise or
promote a product or service, they are not commercial email messages
and thus they fall outside the Act.
\142\ 16 CFR 316.3.
---------------------------------------------------------------------------
h. Electronic Newsletter Subscriptions and Other Content that a
Recipient is Entitled to Receive as a Result of a Prior Transaction
with the Sender
The NPRM asked ``where a recipient has entered into a transaction
with the sender that entitles the recipient to receive future
newsletters or other electronically delivered content, should email
messages the primary purpose of which is to deliver such products or
services be deemed transactional or relationship messages?''\143\ The
commenters that addressed this issue generally believed such emails
were ``transactional or relationship messages'' under section
7702(17)(A)(v).\144\ Several commenters thought the Commission's
``primary purpose'' rule already addressed the issue and supported the
position that transmission of a periodical delivered via email ``falls
within one of the `transactional or relationship message'
categories.''\145\ In addition, three commenters stressed that it is
irrelevant whether electronic newsletters or other content provided via
subscription are entirely commercial in nature (e.g., a catalog), so
long as the content conforms to the consumer's reasonable expectations
about the material he or she has requested.\146\
---------------------------------------------------------------------------
\143\ NPRM, 70 FR at 25450.
\144\ See NADA; NAEDA; Wahmpreneur; ICC; MPAA; KeySpan; PCIAA;
United; IPPC; Jumpstart; NEPA; TimeWarner; DoubleClick; Mattel. See
also NFCU (electronic newsletters sent to a sender's members should
be entirely exempt from CAN-SPAM); Discover (arguing that primary
purpose of a newsletter delivered by email should be determined on a
case-by-case basis); Schnell (opining that consumer request for
electronic newsletter or other content is not determinative under
CAN-SPAM); Sonnenschein (advocating a distinction between the ``bona
fide transaction [in which a consumer] sign[s] up for a service or
subscrib[es] to receive emails, coupons, or electronic newsletters
and the mere provision of affirmative consent to receive commercial
emails'').
\145\ See DoubleClick; MPAA; FNB.
\146\ See NEPA; ICC; Sonnenschein.
---------------------------------------------------------------------------
The comments do not establish the statutory prerequisite to
modifying the definition of ``transactional or relationship message''
expressly to address electronic newsletters and other content sent
pursuant to a subscription. Specifically, there is no showing that such
a modification is necessary to accommodate changes in email technology
or practices and to accomplish the goals of the Act. Moreover, the
Commission believes that the existing definition of ``transactional or
relationship message'' already adequately addresses such emails. In
view of the comments received on this issue, the Commission continues
to believe, as it stated in the Primary Purpose Rulemaking, that when a
recipient subscribes to a periodical delivered via email, transmission
of that periodical to that recipient falls within section
7702(17)(A)(v), which includes ``goods or services . . . that the
recipient is entitled to receive under the terms of a transaction that
the recipient has previously agreed to enter into with the sender,''
provided the periodical consists exclusively of informational content
or combines informational and commercial content.\147\ On the other
hand, when a sender delivers an unsolicited newsletter or other
periodical via email, and there is no subscription, the situation is
materially
[[Page 29667]]
different for purposes of CAN-SPAM than when such content is delivered
with the consent of the recipient. In such a scenario, the emails
likely would not be ``transactional or relationship messages'' within
the meaning of the Act.
---------------------------------------------------------------------------
\147\ See NPRM, 70 FR at 3118. Likewise, the Commission
continues to believe that, as it explained in the Primary Purpose
Rulemaking, ``if an email consists exclusively of commercial content
(such as a catalog or other content that is purely an advertisement
or promotion), then the email would be a single-purpose commercial
message. This is because delivery of such advertising or promotional
content would not constitute the `delivery of goods or services * *
* that the recipient is entitled to receive under the terms of a
transaction that the recipient has previously agreed to enter into
with the sender,' under section 7702(17)(A)(v).'' Id. at 3118 n.91.
---------------------------------------------------------------------------
i. ``Business Relationship'' Messages
The NPRM asked whether the Commission should expand the Act's
definition of ``transactional or relationship message'' to include what
some commenters call ``business relationship messages,'' which are
individualized messages sent from one employee of a company to an
individual recipient (or a small number of recipients) at another
business.\148\ Or, as one commenter described this type of message
``one-to-one e-mail that is sent by employees in the business-to-
business context.''\149\ The nine commenters who addressed the issue of
``business relationship'' messages all supported expanding the
definition of ``transactional or relationship message'' to include this
type of email. Commenters did not claim that business relationship
messages are ``commercial electronic mail messages'' under the Act,
but, rather, opined that if such messages were deemed ``commercial
electronic messages,'' they would face significant administrative and
technological burdens, because business email systems are not designed
to scrub each email sent by each employee against the business's CAN-
SPAM opt-out list.\150\ In addition, commenters argued that such a
requirement would interfere with legitimate practices that are critical
to business relationships and operations.\151\ To avoid any such
potential problems, the commenters urged the Commission to add a new
category of ``transactional or relationship message'' to cover business
relationship messages.
---------------------------------------------------------------------------
\148\ Id. at 25438 n.137, 25450. For the most part, commenters
described ``business relationship messages'' as arising in the
context of business-to-business communications, rather than
communications with individual consumers. See, e.g., BOA (``For
example, in the first mortgage business, e-mails are sent to brokers
to inform them up-to-the minute information about current mortgage
rates.''); CBA (``in the context of the equipment leasing industry,
it is typical for lenders to e-mail equipment vendors a rate sheet
that describes the amount of interest a lender would charge on a
given piece of equipment''); Reed (``For example, our ad sales
personnel routinely contact current advertisers about upcoming
issues of publications.''). But see Cendant (interpreting ``business
relationship messages'' to encompass messages from a business to
individual consumers with whom the sender has an existing business
relationship).
\149\ See CBA.
\150\ See, e.g., BOA; CBA; Wells Fargo; MPAA.
\151\ See BOA; CBA; Cendant; ESPC; ICC; KeySpan; MPAA; Reed;
Wells Fargo.
---------------------------------------------------------------------------
None of the commenters, however, demonstrated changes in email
technology or practices that would warrant an express carve-out for
business relationship messages. For example, there is no evidence that
the technological burdens that the commenters cite as a basis for
creating the exemption did not exist when the Act was passed in 2003.
There is, therefore, an insufficient evidentiary basis to modify the
definition of ``transactional or relationship message'' under the
statutory standard. Thus, the Commission declines to add a ``business
relationship message'' category to the definition of ``transactional or
relationship.''
In any event, the commenters' concerns about the impact of the Act
on the ability of one of their employees to send emails to a small
number of employees at another company with which they have a
preexisting relationship may be overblown. For example, to the extent
an employee at one company provides affirmative consent to receive
emails from an employee of another company, or from that company in
general, such consent overrides any prior opt-out request.\152\
Consequently, when affirmative consent has been given, there is no need
to ``scrub'' the email against the business's CAN-SPAM opt-out list.
Nevertheless, the recipient can always opt out of receiving future
emails from the sender, notwithstanding his or her prior affirmative
consent. As the Commission has previously observed, affirmative consent
to receive commercial emails from a sender does not eliminate the
sender's obligation to provide a functioning Internet-based mechanism
to opt out of receiving future emails or any of the sender's other
obligations under CAN-SPAM.
---------------------------------------------------------------------------
\152\ 15 U.S.C. 7704(a)(4)(B).
---------------------------------------------------------------------------
j. Messages from an Association to its Membership
In the NPRM, the Commission stated that it believes that email
messages from an association or membership entity to its members are
likely ``transactional or relationship messages'' under section
7702(17)(A)(v).\153\ The Commission inquired whether messages from such
senders to lapsed members should also be considered transactional or
relationship under section 7702(17)(A)(v), and whether messages to
lapsed members should be considered commercial electronic messages when
they advertise or promote the membership entity.\154\ The seven
commenters that addressed this question argued that email messages to
lapsed members should be considered ``transactional or relationship
messages,''\155\ but most recommended limiting the amount of time that
such email messages may be sent to former members.\156\
---------------------------------------------------------------------------
\153\ NPRM, 70 FR at 25450.
\154\ Id.
\155\ See NAEDA; Independent; NAFCU; CUNA; Cendant; PCIAA; SIIA.
In addition, some commenters, while not responding to the NPRM's
inquiry about lapsed members, addressed the question of the Act's
regulation of communications from an association to its current
members. See, e.g., Metz; SHRM; ABM; ARTBA; NAR; ACA; ASAE. As the
Commission explained in the NPRM, 70 FR at 25438, and reiterates
here, messages from an association to its membership are likely
transactional or relationship in nature. The Commission continues to
believe, however, that there is no basis to expand the existing
definition of ``transactional or relationship'' to create an express
exemption for such communications.
\156\ See NAEDA (arguing that messages to former members should
be allowed and considered transactional or relationship messages for
a specific amount of time e.g., 180 days); Independent (arguing that
messages to former members are still ``transactional or relationship
messages'' rather than ``commercial'' messages for 12 months after
membership lapses); Cendant (membership entity should be able to
contact members for 18 months after last transaction); CUNA (arguing
that contact may be made for a reasonable amount of time); PCIAA
(stating that, consistent with the Do-Not-Call Rules, an email
message to a lapsed member should be considered a ``transactional or
relationship message'' for 90 days after the membership has lapsed);
VFCU (arguing that email messages to lapsed members should still be
considered transactional or relationship in nature if the purpose is
related to administrative matters). See also SIIA (arguing against a
``per se approach'' concerning an association's communications with
lapsed members).
---------------------------------------------------------------------------
Under the existing definition of ``transactional or relationship
message'' the Commission believes that where a recipient is no longer a
member of an organization, it is unlikely that messages from the
organization fall within any of the categories of ``transactional or
relationship messages.''\157\ For example, a message that advertises or
promotes the sale of a new or renewed membership would be a
``commercial electronic mail message'' (or a dual purpose message to
the extent it also includes non-commercial content). However, the
Commission declines to modify the definition of ``transactional or
relationship message'' to include such emails. None of the commenters
offered any evidence that either such modification is necessary to
accommodate changes in email
[[Page 29668]]
practices or technology or to accomplish the purposes of the Act, and
thus the statutory standard for amending the definition of
``transactional or relationship message'' is not satisfied.
---------------------------------------------------------------------------
\157\ There are, of course, exceptions; for example, an email
from a membership organization to a lapsed member to obtain payment
of a debt would be a ``transactional or relationship'' message under
section 7702(17)(a)(i), just as a debt collection email from non-
membership entity would be transactional and relationship in nature,
as discussed above. See supra Part II.A.3.b.
---------------------------------------------------------------------------
4. Section 316.2(p) -- Definition of ``Valid Physical Postal Address''
Proposed Rule 316.2(p) clarified that a sender may comply with
section 7704(a)(5)(A)(iii) of the Act -- which requires inclusion in
any commercial email message of the sender's ``valid physical postal
address'' -- by including in any commercial email message any of the
following: (1) the sender's current street address; (2) a Post Office
box the sender has registered with the United States Postal Service; or
(3) a private mailbox the sender has registered with a commercial mail
receiving agency (``CMRA'') that is established pursuant to United
States Postal Service regulations. A substantial majority of commenters
supported the proposed definition. In consideration of these comments,
the Commission adopts as a final Rule a modified version of the
definition proposed in the NPRM. This modified definition allows for
the use of Post Office or private mailboxes, but clarifies that a
sender must ``accurately'' register such mailboxes pursuant to postal
regulations to be considered a ``valid physical postal address'' under
the Act. Comments addressing the proposed definition are discussed in
detail below.
In response to the NPRM, the Commission received 25 comments
addressing the definition of ``valid physical postal address.'' Of
these, 18 commenters supported the definition as proposed.
Specifically, supporters noted that the proposed definition
appropriately recognized that many legitimate businesses, large and
small alike, use Post Office boxes or private mailboxes, and that
allowing commercial email messages to disclose such a P.O. box or
private mailbox would provide flexibility and security to email
marketers without compromising law enforcement efforts.\158\ Other
commenters, including small businesses and independent contractors,
supported the proposed definition because it recognizes the privacy and
security concerns of individuals who work from home or are fearful of
publishing their street address for other reasons.\159\
---------------------------------------------------------------------------
\158\ See, e.g., ACLI; ACB; DMA; DoubleClick; NNA; SIA.
\159\ See Discover; Independent; NAR.
---------------------------------------------------------------------------
Two additional commenters supported the Commission's proposal that
P.O. boxes and private mailboxes be included under the definition of
``valid physical postal address,'' but objected to the additional
requirement that the sender be registered with the United States Postal
Service (``USPS''). Specifically, HSBC Bank Nevada (``HSBC'') and
MasterCard suggested that the definition be modified to allow for any
address to which mail is delivered for a particular sender, whether or
not that sender is registered with the USPS.\160\ HSBC noted that
several affiliated companies often will receive mail at the same P.O.
box, yet not all such companies may be registered to use that box with
the USPS, as the proposed definition would require.\161\ HSBC and
MasterCard argued that their proposed modifications would achieve the
purposes of the Act by providing consumers with a mechanism to contact
senders other than by email.\162\ The approach suggested by MasterCard
and HSBC, however, does not take into account the other important
purpose of the valid physical postal address provision -- that law
enforcement authorities be able to identify a sender using a given
address, which would be difficult if not impossible without
registration of all mailbox users with the USPS.\163\
---------------------------------------------------------------------------
\160\ See HSBC; MasterCard.
\161\ See HSBC.
\162\ See HSBC; MasterCard.
\163\ Under USPS regulations, federal, state, or local
government agencies may obtain postal and private mailbox registrant
information from the USPS upon written certification that such
information is required to perform the agency's duties. 39 CFR
265.6(d)(4) & (d)(9). This is one avenue that law enforcement can
pursue in order to identify a sender that fails to comply with CAN-
SPAM.
---------------------------------------------------------------------------
Furthermore, USPS regulations require that anyone registering an
individual P.O. box identify the names of all persons authorized to
receive mail at such address, and to provide two forms of
identification for each listed person.\164\ Similarly, with respect to
``organization'' P.O. boxes or private mailboxes where the applicant is
a ``firm,'' USPS regulations require any of the organization's members
or employees who receive mail at such mailbox to be listed on the
requisite postal form.\165\ Thus, USPS regulations specifically require
that anyone receiving mail at a given address be registered with the
USPS.
---------------------------------------------------------------------------
\164\ See Domestic Mail Manual (``DMM'') 508.4.3.1(b) (other
adult persons who receive mail in the post office box of an
individual box customer must be listed on Form 1093 and must present
two items of valid identification to the post office).
\165\ See DMM 508.4.3.1(c) (requiring an organization's
employees or members who receive mail at the organization's postal
box to be listed on Form 1093; each person must have verifiable
identification and present this identification to the Postal Service
upon request) and PS Form 1583 (if applicant is a firm, applicant
must provide the name of each person whose mail is to be delivered).
---------------------------------------------------------------------------
Only five commenters opposed the Commission's proposed definition
of ``valid physical postal address.'' Three of these commenters felt
that P.O. boxes and private mailboxes should not be included in the
proposed definition because they are often used in fraud schemes as a
way to shield their owners from identification.\166\ The Commission
previously addressed this argument in the NPRM, noting that ```[a]n
individual or entity seeking to evade identification can just as easily
use inaccurate street addresses' as hide behind a Post Office box or
private mailbox.''\167\ No commenters provided any information to
refute this statement.
---------------------------------------------------------------------------
\166\ See CUNA; NFCU; Sowell.
\167\ NPRM, 70 FR at 25439 (quoting SIIA).
---------------------------------------------------------------------------
One consumer commenter opposing the proposed definition suggested
that P.O. boxes have proven insufficient as a means of contacting
senders that fail to honor opt-out requests.\168\ The Commission,
however, has no evidence to suggest that certain senders are difficult
to contact because of the fact that those senders have provided P.O.
boxes or private mailboxes as their contact addresses. It is more
likely the case that such senders are unscrupulous and have either
provided a false or nonexistent address as a means of evading
identification, or simply do not respond to consumer inquiries. In such
instances, the Commission sees no added benefit to requiring that
senders provide a street address, which could just as easily be
falsified or simply disregarded.
---------------------------------------------------------------------------
\168\ See Kapecki.
---------------------------------------------------------------------------
Finally, ACUTA suggested that the Commission assess and evaluate
the relevant postal regulations to ensure that they adequately protect
the interests of consumers and law enforcement.\169\ Such evaluation,
however, goes beyond the scope of this rulemaking proceeding --
especially when the Commission has no basis upon which to question the
effectiveness of the USPS regulations.
---------------------------------------------------------------------------
\169\ See ACUTA.
---------------------------------------------------------------------------
In consideration of all of these comments, the Commission adopts a
modified definition of ``valid physical postal address.'' In the final
Rule, the Commission has modified slightly the definition of ``valid
physical postal address'' to clarify that a sender must ``accurately''
register a P.O. box or private mailbox in compliance with these
regulations. For example, if a sender provides a P.O. box or private
mailbox address in its commercial email message and is not accurately
identified
[[Page 29669]]
on the applicable postal form, fails to provide two forms of valid
identification if required,\170\ or otherwise fails to comply with
applicable USPS regulations, such address would not be considered a
``valid physical postal address'' for purposes of the Act. Accordingly,
the Commission adopts final Rule 316.2(p), which provides that a
```valid physical postal address' means the sender's current street
address, a Post Office box the sender has accurately registered with
the United States Postal Service, or a private mailbox the sender has
accurately registered with a commercial mail receiving agency that is
established pursuant to United States Postal Service regulations.''
(Emphasis added.)
---------------------------------------------------------------------------
\170\ See, e.g., DMM 508.1.9.2(a) (requiring applicants of
private mailboxes to furnish two forms of valid identification).
---------------------------------------------------------------------------
5. Applicability of the Act to Forward-to-a-``Friend'' Email Marketing
Campaigns
In the NPRM, the Commission sought comment on CAN-SPAM's impact on
forward-to-a-``friend'' email -- a type of commercial email that can
take a variety of forms. In its most basic form, a person (the
``forwarder'') receives a commercial email message from a seller and
forwards the email message to another person (the ``recipient''). Other
scenarios include those in which a seller's web page enables visitors
to the seller's website to provide the email address of a person to
whom the seller should send a commercial email.
Due to the myriad forms of forward-to-a-``friend'' email, CAN-
SPAM's applicability to such messages is a highly fact specific
inquiry. As explained below, the central question in this analysis
often will be whether the seller has ``procured'' the origination or
transmission of the forwarded message.
a. Background
In the NPRM, the Commission discussed the interplay of multiple
definitions in CAN-SPAM and their relevance in analyzing the Act's
applicability to forward-to-a-``friend'' emails. The Commission began
its analysis by examining CAN-SPAM's definition of ``sender'' which the
Act defines to mean ``a person who initiates [a commercial electronic
mail] message and whose product, service, or Internet web site is
advertised or promoted by the message.''\171\ Thus, to be a ``sender,''
a seller must be both an ``initiator'' of the message and have its
product, service, or Internet website advertised or promoted by the
message.
---------------------------------------------------------------------------
\171\ 15 U.S.C. 7702(16)(A).
---------------------------------------------------------------------------
A forward-to-a-``friend'' email will ordinarily advertise a
seller's product, service, or website. Thus, the NPRM focused on
whether a seller would meet CAN-SPAM's definition of ``initiate.'' The
Act defines ``initiate'' to mean ``to originate or transmit such
message or to procure the origination or transmission of such message,
but shall not include actions that constitute routine conveyance of
such message.''\172\
---------------------------------------------------------------------------
\172\ 15 U.S.C. 7702(9).
---------------------------------------------------------------------------
In the NPRM, the Commission then examined the meaning of the term
``procure'' and concluded that a seller ``procures'' an email by
either: (1) providing a forwarder with consideration (such as money,
coupons, discounts, awards, additional entries in sweepstakes, or the
like) in exchange for forwarding the message, or (2) intentionally
inducing the initiation of a commercial email through an affirmative
act or an explicit statement that is ``designed to urge another to
forward the message.''\173\ Thus, the Commission opined that CAN-SPAM's
inclusion of the word ``induce'' in the definition of ``procure,''
meant that a seller could ``procure'' the initiation of a message
without offering to provide a forwarder with any consideration if it
exhorted visitors to its website to forward a message.\174\
---------------------------------------------------------------------------
\173\ The NPRM indicated that to ``intentionally induce'' the
initiation of a commercial email a ``seller must make an explicit
statement that is designed to urge another to forward the message.''
70 FR 25441.
\174\ For instance, the Commission posited that a seller would
induce a message (and therefore ``procure'' the initiation of a
message) if, without offering to provide a forwarder with any
consideration, its web-based forwarding mechanism urged visitors to
``Tell-A-Friend--Help spread the word by forwarding this message to
friends! To share this message with a friend or colleague, click to
the `Forward E-mail button.''' NPRM, 70 FR at 25441 n.178.
---------------------------------------------------------------------------
Finally, the Commission concluded by stating that a seller who
offered a web-based ``click-here-to-forward'' mechanism, but did not
exhort visitors to forward a message or offer to pay or provide other
consideration in exchange for forwarding the message, would be engaged
in the ``routine conveyance'' of the message and therefore not be an
``initiator'' of the message.\175\
---------------------------------------------------------------------------
\175\ Id. at 25441-42.
---------------------------------------------------------------------------
b. Comments Received in Response to the NPRM
The Commission received more than forty comments concerning
forward-to-a-``friend'' emails. Some of these comments asserted that:
(1) forward-to-a-``friend'' messages are not ``commercial electronic
mail messages''; (2) most marketers whose products, services, or
website are promoted by a forward-to-a-``friend'' message are engaged
in ``routine conveyance''; (3) the Commission's view of ``routine
conveyance'' was unduly narrow; (4) forward-to-a-``friend'' emails sent
through a seller's web-based mechanism should be treated the same as
emails that the seller sends to a forwarder who then forwards the
messages to a recipient; (5) making CAN-SPAM's applicability hinge on
whether a seller offered to pay a forwarder consideration was contrary
to the language and purpose of the Act; (6) sweeping forward-to-a-
``friend'' messages into CAN-SPAM would impose high compliance burdens
for sellers. Each cluster of comments is elaborated upon below.
First, some commenters opined that the most relevant inquiry in a
forward-to-a-``friend'' scenario is whether the primary purpose of the
forwarded message is ``commercial.'' If the message's primary purpose
is not ``commercial'' (and it is not a ``transactional or relationship
message''), CAN-SPAM does not apply.\176\
---------------------------------------------------------------------------
\176\ See CBA; DMA; HSBC; Wells Fargo. Section 316.3 of the Rule
defines the ``primary purpose'' test for commercial email. 16 CFR
316.3.
---------------------------------------------------------------------------
Second, a handful of commenters asserted that the key factor in
determining whether a forward-to-a-``friend'' message is covered by the
Act should be whether the seller is engaged in ``routine
conveyance.''\177\ These commenters argued that under section 7702(9)
of the Act, any person engaged in ``routine conveyance'' is necessarily
not an ``initiator,'' and thus it is unnecessary to inquire whether it
``procured'' the message in question.
---------------------------------------------------------------------------
\177\ See, e.g., Microsoft.
---------------------------------------------------------------------------
Third, a number of commenters posited that the Commission's
understanding of what constitutes ``routine conveyance'' was unduly
narrow.\178\ Many commenters opined that all, or almost all, forward-
to-a-``friend'' mechanisms constitute ``routine conveyance.''\179\ Some
commenters argued that under the Act's definition of ``initiate,''
whether a company pays consideration or otherwise induces a person to
forward an email is irrelevant to whether the company is engaged in
``routine
[[Page 29670]]
conveyance.''\180\ The majority of commenters, however, expressed the
view that a company that offers consideration to a person to send or
forward an email to another person is not engaged in ``routine
conveyance'' under the Act.\181\ Within this group, commenters were
divided as to whether the offer of de minimis consideration, such as
coupons, sweepstakes entries, or points towards the purchase of a good
or service, was sufficient to render a company ineligible for the
``routine conveyance'' exception.\182\
---------------------------------------------------------------------------
\178\ See, e.g., AeA; Charter; ePrize; ERA; Independent; MPA;
Masterfoods; Mattel; Microsoft; OPA; PMA.
\179\ See AeA; ePrize; ERA; MPAA; MPA; Masterfoods; Mattel;
Microsoft; NCTA; NetCoalition; OPA; PMA; SIIA; Wells Fargo. But see
Metz (``A company that sends a commercial e-mail and provides a
website for forwarding that e-mail is not simply engaging in
`routine conveyance'; the message that it is conveying is its
own.'').
\180\ See, e.g., ERA; ePrize; MPA; Microsoft (``a message may be
induced or procured but still fall within the routine conveyance
exception to the Act's definition of `initiate'''); NAIFA; PMA;
SIIA.
\181\ See ACLI; BOA; Charter; CBA; Discover; MasterCard; MPAA;
NRF; NetCoalition; OPA; Time Warner.
\182\ For comments arguing that a company could be engaged in
routine conveyance notwithstanding its offer of sweepstakes entries,
coupons, discounts, ``points'' and the like to persons for
forwarding an email, see, e.g., AeA; ERA; FNB; Mattel; Coalition;
PMA; RIAA (``[The] legislative history also casts doubt on whether
Congress intended that the furnishing of merely nominal
consideration - for instance, `points' to be accumulated toward the
award of a free CD or music download - would be enough to qualify as
`procuring' the forwarding of a commercial e-mail. Surely when one
company `hires' another to carry out a commercial e-mail campaign,
much more than nominal consideration would be involved.''). For
comments expressing the view that an offer of sweepstakes entries,
points, coupons, discounts and the like in exchange for forwarding a
message would render a company ineligible for the routine conveyance
exception, see, e.g., Charter; MPAA; NAA; NRF; OPA; Time Warner.
---------------------------------------------------------------------------
Fourth, many commenters also stated that web-based mechanisms for
forwarding emails should be treated no differently than the ``forward''
button on a typical email program.\183\ In these email programs, the
``sender'' of the email, according to the commenters, is the person
forwarding the email.
---------------------------------------------------------------------------
\183\ See, e.g., Charter; DMA.
---------------------------------------------------------------------------
Fifth, many of the commenters noted that making the offer of
consideration the standard for determining whether a forwarder
``procured'' the origination or transmission of a message or engaged in
``routine conveyance'' would both be contrary to Congress's intent in
passing the CAN-SPAM Act,\184\ and unnecessary because there is no
evidence to suggest that Congress or consumers viewed forward-to-a-
``friend'' messages as spam.\185\
---------------------------------------------------------------------------
\184\ See AeA; Associations; Charter; CBA; DoubleClick;
MasterCard; Microsoft; NAIFA; NCTA; NetCoalition; PMA; RIAA; SIIA;
Wells Fargo.
\185\ See Masterfoods; Mattel; Visa.
---------------------------------------------------------------------------
Finally, some commenters noted the compliance burdens that would
result from the inclusion of forward-to-a-``friend'' emails in CAN-
SPAM's regulatory regime. According to these commenters, once a person
forwards an email using his or her own email program, the original
``sender'' loses the ability to control the email message's content and
whether the message retains its compliance with CAN-SPAM.\186\
Commenters also stated that it was very difficult to check the names of
recipients of forwarded messages against company opt-out lists.\187\
Moreover, some commenters who operate websites directed to children
opined that if they were considered the ``sender'' of certain forwarded
emails, they would have to honor opt-out requests and maintain opt-out
lists, which might cause conflicts with the Children's Online Privacy
Protection Rule.\188\
---------------------------------------------------------------------------
\186\ See Associations; BOA; Charter; CMOR; DMA; ERA; FNB;
Jumpstart; MPAA; MPA; Coalition; NRF; NetCoalition; RIAA;
Wahmpreneur.
\187\ See AeA; Cendant; ePrize (there are substantial costs in
building a software platform that would allow scrubbing of names
before using forwarding mechanism); MPAA (``It is virtually
impossible to meet the CAN-SPAM requirement that a company not send
e-mail to someone who has already opted out from its lists for
Forward to a Friend, because the company will never know the e-mail
address of the recipient . . . . The company would need to put all
such e-mail in a queue and then compare the recipient's e-mail
address with its opt-out list, a complicated and laborious
process.''); Masterfoods; Mattel; NRF; NetCoalition; Wahmpreneur.
\188\ The Children's Online Privacy Protection Rule (``COPPA''),
16 CFR Part 312, establishes rules and guidelines to provide a more
secure Internet experience for children and to protect them from
unwanted invasions of privacy. As a result, operators of websites
directed to children have to follow specific rules on what personal
information may or may not be gathered from children. Section 312.5
of COPPA states: ``An operator [of a website] is required to obtain
verifiable parental consent before any collection, use, and/or
disclosure of personal information from children . . . .'' Two
commenters, Masterfoods and Mattel, argued that the Commission's
proposed application of ``induce'' would likely result in their
being considered the ``sender'' of emails ``initiated'' through
their websites. They therefore argued that, under the Commission's
analysis in the NPRM, they would be required to maintain an opt-out
list, which would undoubtedly contain personal information of
children, and could thereby conflict with COPPA.
---------------------------------------------------------------------------
c. Commission Statement on Forward-to-a-``Friend'' Emails
Whether a seller or forwarder is a ``sender'' or ``initiator'' is a
highly fact specific inquiry. Nonetheless, the application of the Act
to a forward-to-a-``friend'' message likely often will turn on whether
the seller has offered to pay or provide other consideration to the
forwarder. Below, the Commission expands upon its discussion contained
in the NPRM by discussing the liability of sellers in two common forms
of forward-to-a-``friend'' emails: (1) those sent using a web-based
forwarding mechanism and (2) those forwarded using the forwarder's own
email program. The Commission then discusses the potential liability
CAN-SPAM imposes on consumers who send forward-to-a-``friend'' emails.
(i) Seller's Liability in the Context of a Forwarding Mechanism on a
Seller's Website
With a web-based mechanism, a seller's website includes a button
that enables a visitor to the website to send an email advertising the
seller's product, service, or website. When the visitor clicks on the
button, the seller requests the recipient's email address and often
additional information such as the visitor's name and email address.
The seller may also enable the visitor to add text that will be
included in the message sent to the recipient. Upon entering the
information, the visitor must press a ``send'' button for the message
to be sent. The message will be sent to the recipient via the seller's
or seller's agent's email server.
The starting point in analyzing CAN-SPAM's applicability to
forward-to-a-``friend'' messages is the language of the Act. A seller
is a ``sender'' if it ``initiates'' the message and its product,
service, or Internet website is advertised or promoted in the
message.\189\ Because the message sent using the seller's web-based
mechanism will ordinarily advertise the seller's product, service, or
website, the seller will be a ``sender'' if it ``initiates'' the
message sent to the recipient.
---------------------------------------------------------------------------
\189\ 15 U.S.C. 7702(16).
---------------------------------------------------------------------------
CAN-SPAM defines ``initiate'' to mean ``to originate or transmit [a
commercial email] or to procure the origination or transmission of such
message, but shall not include actions that constitute routine
conveyance of such message.''\190\ Thus, where a seller is involved
solely in ``routine conveyance,'' the seller will be exempt from the
responsibilities of an ``initiator'' or a ``sender'' under the Act. The
Act defines ``routine conveyance'' to mean the ``transmission, routing,
relaying, handling, or storing, through an automatic technical process,
of an electronic mail message for which another person has identified
the recipients or provided the recipient addresses.''\191\ The Act's
legislative history explains that a company engages in ``routine
conveyance'' when it ``simply plays a technical role in transmitting or
routing a message and is not involved in coordinating the recipient
addresses for the marketing appeal.''\192\ Thus, under the web-based
[[Page 29671]]
scenario described above, a seller that transmits a message through an
automatic technical process to an email address provided by a
forwarder, absent more, is engaged in ``routine conveyance'' and is
exempt from liability under the Act.
---------------------------------------------------------------------------
\190\ 15 U.S.C. 7702(9).
\191\ 15 U.S.C. 7702(15).
\192\ S. Rep. 108-102 at 15. The legislative history therefore
makes clear that, if a seller retains the email address of the
person to whom the message is being forwarded for a reason other
than relaying the forwarded message (such as for use in future
marketing efforts), the seller would not fall within the routine
conveyance exemption.
---------------------------------------------------------------------------
However, under the Act, ``routine conveyance'' is narrowly
circumscribed. Where the seller goes beyond serving as a technical
intermediary that transmits, routes, relays, handles, or stores the
email, the seller will be liable as the ``initiator'' and ``sender'' of
the message forwarded from its website. A seller who ``procures'' the
origination or transmission of an email goes well beyond the technical
role of transmitting or routing the message.
CAN-SPAM defines ``procure'' to mean ``intentionally to pay or
provide other consideration to, or induce another person to initiate [a
commercial email] on one's behalf.''\193\ As explained in the NPRM, if
a seller offers to ``pay or provide other consideration'' to a visitor
to its website in exchange for forwarding a commercial message, the
seller will have ``procured'' any such messages forwarded by the
visitor.\194\ As noted in the NPRM, the term ``consideration'' is not
defined in the Act, but is generally understood to mean ``something of
value (such as an act, a forbearance, or a return promise) received by
a promisor from a promisee.''\195\ This includes things of minimal
value. Accordingly, a message has been ``procured'' if the seller
offers money, coupons, discounts, awards, additional entries in a
sweepstakes, or the like in exchange for forwarding a message.\196\
Even the offer to provide de minimis consideration takes the seller
beyond the mere ``routine conveyance'' of the forwarded message and
into the ``procurement'' of the forwarded message.
---------------------------------------------------------------------------
\193\ 15 U.S.C. 7702(12).
\194\ 70 FR at 25441.
\195\ Black's Law Dictionary 300 (7th ed. 1999).
\196\ NPRM, 70 FR at 25441
---------------------------------------------------------------------------
The definition of ``procure,'' however, does not merely cover those
scenarios in which a seller offers to pay or provide other
consideration to a forwarder. A seller who ``induces'' another person
to initiate a commercial email will also fall within the definition of
``procure.'' The NPRM explained that ``to induce'' is much broader than
``to pay consideration.'' While CAN-SPAM does not define the term
``induce,'' in the NPRM, the Commission applied the word's common
definition: ``to lead on to; to influence; to prevail on; to move by
persuasion or influence.''\197\ The Commission then opined that ``to
induce'' did not require the transfer of something of value.\198\
Rather, the Commission explained, ``one must do something that is
designed to encourage or prompt the initiation of a commercial e-
mail.''\199\ Thus, the Commission stated that, ``in order to
`intentionally induce' the initiation of a commercial email, the sender
must affirmatively act or make an explicit statement that is designed
to urge another to forward the message.''\200\ In addition, the
Commission stated that whether a seller ``induced'' a person to forward
a message could hinge on the forcefulness of the language used by the
seller.\201\
---------------------------------------------------------------------------
\197\ Id.
\198\ Id.
\199\ Id.
\200\ Id.
\201\ 70 FR at 25441 n.178.
---------------------------------------------------------------------------
The Commission believes that this description of ``induce'' in the
NPRM is unduly narrow and inconsistent with the statute's text and
purpose. First, ``inducement'' need not take the form of an ``explicit
statement'' or ``affirmative act'' specifically urging someone to send
an email. The word ``induce'' in the definition of ``procure'' simply
makes clear that a seller may ``procure'' the origination or
transmission of a message even where it does not specifically pay or
provide other consideration to someone for sending an email. For
instance, where a seller offers to pay or provide consideration to
someone in exchange for generating traffic to a website or for any form
of referrals, and such offer results in the forwarding of the seller's
email message, the seller will have ``induced,'' and therefore
``procured,'' the forwarding of the seller's email. Likewise, in an
affiliate program where the seller does not directly offer to pay a
sub-affiliate in exchange for generating web traffic or other
referrals, the seller's offer to pay the affiliate for generating web
traffic or other referrals will constitute ``inducement'' of emails
sent by the sub-affiliate that advertise the seller's product, service,
or website. Under each of these scenarios, the seller will have
``induced'' the forwarding of an email and will have gone well beyond
routine conveyance.
However, CAN-SPAM's applicability should not rest on the
specificity or forcefulness of the language used by the seller,
notwithstanding the suggestion to the contrary in the NPRM.\202\
Accordingly, a seller's use of language exhorting consumers to forward
a message does not, absent more, subject the seller to ``sender''
liability under the Act.
---------------------------------------------------------------------------
\202\ Id.
---------------------------------------------------------------------------
A seller, of course, is not prohibited from offering consideration
to a visitor to its website in exchange for forwarding a commercial
message, or otherwise inducing the visitor to do so. If it does,
however, it will not be engaged in mere ``routine conveyance'' and must
therefore comply with CAN-SPAM's requirements for a ``sender.'' For
instance, the seller will need to ensure that it does not forward a
message to a recipient who has previously made an opt-out request and
will need to include in the message an opt-out mechanism.
(ii) Seller's Liability for Email Forwarded Using a Consumer's Email
Program
In the most basic forward-to-a-``friend'' scenario, a seller sends
a commercial email to a consumer who then, using his or her own email
program, forwards the message to a recipient.\203\ Typically, the
seller will have no liability under CAN-SPAM for the original
recipient's forwarding of an email. It is only where the seller
``initiates'' the forwarding of the message that it will be deemed the
``sender'' of the forwarded message under the Act.\204\ Again, the
starting point is the language of the Act, which defines ``initiate''
as ``to originate or transmit [a commercial email] or to procure the
origination or transmission of such message, but shall not include
actions that constitute routine conveyance of such message.''\205\ In
contrast to the web-based scenario discussed above, the ``routine
conveyance'' exemption has no applicability when a consumer forwards a
message using his or her own email program, because the seller would
not be involved in the transmission, routing, relaying, or storage of
the forwarded message. Nor is the seller ``originating'' or
``transmitting'' the message in this scenario. The inquiry thus turns
on whether the seller has ``procured'' the forwarded message. The
principles guiding the determination of whether the seller has
``procured'' the forwarded message are the same here as when the
forwarding occurs through the seller's website. Accordingly, if the
seller ``pays or provides other consideration'' to someone in exchange
for forwarding the commercial message, the seller will have
``procured'' the forwarding of the
[[Page 29672]]
email.\206\ For the reasons explained above, this is true regardless of
the amount of the consideration offered; offering de minimis
consideration in the form of coupons, discounts, sweepstakes entries
and the like in exchange for forwarding a commercial email constitutes
``procurement'' of the forwarded message. Likewise, if the seller
``induces'' the forwarding of the message -- such as by offering
payment in exchange for generating traffic to a website -- it will be
an ``initiator,'' and thus also the ``sender,'' of the forwarded
message. In such a circumstance, the seller will be obligated to comply
with CAN-SPAM's requirements for a ``sender,'' such as ensuring that
the forwarded message contains a functioning opt-out mechanism and
ensuring that email is not forwarded to someone who has already opted
out of receiving commercial emails from the seller.\207\
---------------------------------------------------------------------------
\203\ We assume for purposes of this analysis that the email
promotes or advertises the seller's product, service, or website.
\204\ 15 U.S.C. 7702(9).
\205\ Id.
\206\ 15 U.S.C. 7702(12).
\207\ As noted above, a number of commenters argued that
complying with the Act's requirements when a consumer uses his or
her own email program to forward the seller's email is impracticable
for the seller. See Associations; BOA; Charter; CMOR; DMA; ERA; FNB;
Jumpstart; MPAA; MPA; Coalition; NRF; NetCoalition; RIAA;
Wahmpreneur. However, it is our understanding that marketing
campaigns in which consideration is offered to consumers in exchange
for forwarding an email typically rely on the seller's web-based
forwarding mechanism. In such circumstances, there is no reason the
seller cannot fully comply with CAN-SPAM.
---------------------------------------------------------------------------
(iii) Liability of a Consumer-Forwarder
The NPRM did not discuss the potential liability of a consumer who
forwards a commercial message via a seller's web-based mechanism or
using his or her own email program. Such a consumer-forwarder would be
an ``initiator'' under CAN-SPAM regardless of whether the seller
``procured'' the message because, as explained above, the definition of
``initiate'' includes the ``origination'' of a message and the
consumer-forwarder would be the ``originator'' of the message. Thus,
while a seller who provided a web-based forwarding mechanism (and did
not ``procure'' the message) would be exempt from ``initiator'' or
``seller'' liability where it was engaged in ``routine conveyance,''
the consumer-forwarder still would be an ``initiator.'' Likewise, a
consumer who forwarded a message using his or her own email program
(and the message was not ``procured'' by the seller) would be an
``initiator'' of the message, while the seller would not be.
Thus, the Act's terms result in an anomaly: a seller in such
situations would be exempt from liability under CAN-SPAM, but the
consumer-forwarder would be required to comply with CAN-SPAM's
``initiator'' obligations. In other words, as ``initiators,'' ordinary
consumers who, without being offered any consideration or inducement,
forward a commercial message using either a seller's web-based
forwarding mechanism or their own email program, would be required to
provide recipients with a mechanism for opting out of receiving future
commercial emails from the ``sender,'' a clear and conspicuous
disclosure that the message is an advertisement or solicitation, a
clear and conspicuous notice of the right to opt out of receiving
commercial emails from the ``sender,'' and a clear and conspicuous
disclosure of the ``sender's physical address.'' Yet, because the
seller is not an ``initiator,'' there would be no ``sender'' of the
message under the Act.
The Commission believes that Congress did not intend to sweep into
CAN-SPAM's regulatory scheme consumers who, without being offered any
consideration or inducement for doing so, use a seller's web-based
forwarding mechanism or their own email programs to send isolated
commercial email messages to recipients. Indeed, as the Commission
recognized in promulgating the Primary Purpose Rule, ``the repeated
inclusion of the modifying word `commercial' in section 7702(2)(A) is
not merely tautological, but evidences an intention to ensure that the
CAN-SPAM regulatory scheme would not reach isolated email messages sent
by individuals who are not engaged in commerce, but nevertheless seek
to sell something to a friend, acquaintance, or other personal
contact.''\208\ Hence, the Commission believes that under these facts,
such a consumer-forwarder would not be swept into CAN-SPAM's regulatory
scheme.\209\
---------------------------------------------------------------------------
\208\ 70 FR at 3113.
\209\ For the same reason, even where consideration or
inducement such as coupons, discounts, awards, additional entries in
sweepstakes is provided to the consumer-forwarder, the consumer-
forwarder is unlikely to be a target of enforcement (though the
seller offering the consideration or other inducement might be),
absent indicia that the consumer-forwarder is, in fact, acting akin
to an affiliate marketer, for example.
---------------------------------------------------------------------------
B. Section 316.4 -- Prohibition Against Failure to Effectuate An Opt-
Out Request Within Ten Business Days of Receipt
Section 7704(a)(4) of the Act prohibits senders from initiating the
transmission of a commercial email message to a recipient more than ten
business days after the senders have received the recipient's opt-out
request. Section 7704(c)(1) gives the Commission authority to issue
regulations modifying the ten-business-day period -- what is, in
effect, a ``grace period'' -- for processing recipients' opt-out
requests if the Commission determines that a different time frame would
be more reasonable after taking into account ``(A) the purposes of
[subsection 7704(a)]; (B) the interests of recipients of commercial
electronic mail; and (C) the burdens imposed on senders of lawful
commercial electronic mail.''\210\ Accordingly, in the ANPR, the
Commission sought comment on the reasonableness of the ten-business-day
grace period for processing opt-out requests and whether a shorter
grace period would be more reasonable, in view of the three
considerations enumerated in the statute and the relative costs and
benefits.
---------------------------------------------------------------------------
\210\ 15 U.S.C. 7704(c)(1).
---------------------------------------------------------------------------
In consideration of the comments received in response to the ANPR,
the NPRM proposed to shorten the time period for honoring an opt-out
request from ten to three business days. The Commission also posed a
number of questions in Part VII of the NPRM about the appropriate time
to allow for processing an opt-out request, including questions about:
technical procedures and cost implications associated with opt-out
processing; the level of risk associated with ``mail bombing'' -- the
bombardment of an email address with commercial email in the nine
business days following an opt-out request, aggressive email targeting
tactics; and the effect of third-party arrangements on the timing of
opt-out processing. In response to the NPRM, the Commission received
numerous comments opposing the proposed rule.
Based on the Commission's analysis of the comments received in
response to the NPRM, the Commission is persuaded that: (1) reducing
the opt-out grace period from ten to three business days would not
necessarily advance the privacy interests of consumers; (2) the time
period for processing opt-out requests required by legitimate
commercial emailers varies, and often exceeds three business days
depending upon a number of factors, including the size of the business,
the existence of third-party marketing agreements, and the maintenance
of multiple email databases; and (3) neither the current record nor the
Commission's experience reflects that email bombing of commercial email
recipients is a wide-scale tactic deployed by lawful commercial
emailers. Furthermore, the record does not reflect that shortening the
opt-out grace period would
[[Page 29673]]
necessarily reduce any potential threat of email bombing. Accordingly,
the Commission declines to adopt a final Rule that would reduce the
statutory grace period from ten business days to three business days,
but will continue to monitor whether commercial emailers are using
abusive targeting tactics and/or failing to honor opt-out requests in a
timely manner to determine whether regulatory or other action is
required in the future. Likewise, as explained below, the Commission
reaffirms its refusal to impose a limit on the duration of opt-out
requests at this time.
1. The Appropriate Deadline for Effectuating an Opt-Out Request
Approximately 100 commenters addressed the issue of whether the
period for opt-out compliance should be reduced. The vast majority --
over 85 percent -- opposed reducing the time frame to less than ten
business days.\211\ Many of these commenters argued that the need for
coordination and synchronization of opt-out mechanisms requires a
minimum of ten days.\212\ Some of these commenters also suggested that
senders of email messages who are not now complying with the Act would
not comply with the proposed change, but those who are attempting to
comply would be burdened, with no gain in protection of consumers's
privacy interests.\213\
---------------------------------------------------------------------------
\211\ See, e.g., CMOR; BrightWave; Swent; Footlocker; Intermark;
Empire; SHRM; FNB; Wells Fargo; VCU; MPAA; ACB; Bigfoot; PMA; BOA;
NetCoalition; Reed; DoubleClick; DMA; CBA; Time Warner; Coalition;
NEPA; IAC.; Charter; Jumpstart; HSBC; ASAE; Comerica; Cendant; CUNA;
KeySpan; MasterCard; Discover; Microsoft; PCIAA; Vertical; BD;
Exact; ARTBA; ACUTA; Sprint (stating that it would have to devote at
least 30,000 man hours, or in excess of $2 million, in order to
modify its systems to accelerate the process of implementing opt-out
requests); ABM (``Diversified Business Communications has concluded
that imposition of a three-day opt-out requirement would reduce the
effectiveness of its marketing and increase its cost by a minimum of
$20,000 per year.'').
\212\ See, e.g., ACUTA; BD; Experian.
\213\ See, e.g., ERA; OPA; ATAA; ARDA; Charter; MPA; PMA.
---------------------------------------------------------------------------
A number of commenters provided substantive descriptions of the
time frames that are involved with processing opt-out requests and
coordinating such efforts with third-party vendors. Commenters
explained that the time necessary to process opt-out requests varies
based on a number of factors, such as whether the sender itself
collects opt-out requests and removes email addresses from its own
marketing list or uses a third-party vendor for the entire process or
for certain portions of the process.\214\
---------------------------------------------------------------------------
\214\ See, e.g., DMA.
---------------------------------------------------------------------------
According to another commenter, some cable companies rely on third-
party vendors to handle all email marketing, process opt-out requests,
and manage suppression lists. ``The cable operator may be able to input
a customer's opt-out request in one to two business days in its own
internal database, but the third party vendor that provides a variety
of targeted marketing and advertising services may take up to 8-10
business days to complete the processing.''\215\
---------------------------------------------------------------------------
\215\ See NCTA.
---------------------------------------------------------------------------
A few commenters argued that delays also can result from concerns
about privacy with respect to negotiating non-disclosure agreements and
using hard copy media, such as CDs, to transmit their suppression
files. As one commenter explained:
We often see other situations that make the three-day period difficult
at best, including large corporations with legacy databases that must
plan for their marketing campaigns and use of suppression lists a week
in advance, use of hard-copy media -- such as CDs -- to transmit the
files via the postal service, and then the use by small businesses
which only have access to low bandwidth connections. A three-day
deadline could cause many advertisers, especially small or
traditionally offline businesses, to abandon their e-mail acquisition
efforts altogether in order to comply.\216\
---------------------------------------------------------------------------
\216\ See Experian.
---------------------------------------------------------------------------
Finally, a few commenters pointed out that they offer not only
Internet-based opt-out mechanisms but also opportunities to unsubscribe
by telephone or other means, which can be very time-consuming.\217\
---------------------------------------------------------------------------
\217\ See, e.g., Masterfoods; Mattel; Jumpstart. With respect to
these comments, the Commission notes that section 7704(a)(3)(A)(i)
of the Act requires that a commercial email message contain a
functioning return email address or other Internet-based mechanism
that the recipient may use to submit an opt-out request, but does
not require requests submitted in other ways to be honored within
the given time period. See also NPRM, 70 FR at 25443.
---------------------------------------------------------------------------
In terms of potential benefits to consumers from reducing the grace
period to three business days, nearly all of the commenters argued that
bombarding a recipient with email following an opt-out request is not a
valid concern and that the potential risk of mail bombing would not, in
any event, be mitigated by shortening the opt-out period to three
days.\218\
---------------------------------------------------------------------------
\218\ See, e.g., CMOR; Verizon; LashBack; ACLI; ABM; FNB; ERA;
ESPC; ARTBA; MPA (arguing that, if a marketer were involved in mail
bombing, it could still do so under a three-business-day time
frame); PMA; BOA; SIA; NRF; NetCoalition; Reed; DoubleClick;
Associations; Time Warner; IAC; ICC; Nextel (asserting that no
rational marketer would undertake mail bombing); Charter; HSBC;
MasterCard; Discover; Microsoft; Nissan; Vertical; ExactTarget;
Sprint. But see iPost (``[I]t has been demonstrated by the use of
`honeypot' or `spamtrap' emailboxes that submitting opt-out requests
does lead to targeting for receipt of additional commercial email .
. . . The length of time that elapses following submission of the
opt-out request has little bearing on this practice, which no
responsible marketer would employ in any case.'').
---------------------------------------------------------------------------
A few commenters argued either in favor of the proposed three-day
time period,\219\ or recommended time periods of less than three
days.\220\ These commenters, several of whom are individual consumers,
generally believe that there are no technical obstacles to automatic or
near-automatic opt-out processing. Other commenters suggested that five
to seven days could represent a reasonable period of time to process an
opt-out request.\221\
---------------------------------------------------------------------------
\219\ See Unsub; Rushing; Nelson; NAFCU.
\220\ See Aurelius; Edge; Schaefer; Roberts; Pernetian; Amin.
\221\ See, e.g., May (``Extending the time period to 5 days, but
shortening from 7 [sic] days, would encompass 90% of the online
population and is a reasonable time period to comply with opt-in
requests.''); Clear (supporting a compromise of five or six days).
---------------------------------------------------------------------------
Many small businesses, however, opined that compliance with a
shorter time frame would pose a significant burden due to the technical
support needed.\222\ For example, some small entities process opt-out
requests manually or have only part-time staff. Given holidays and
vacations, those entities do not believe they could process requests
within three days.\223\ Small membership-based associations such as the
American Road and Transportation Builders Association and SHRM also
expressed concern about staffing issues. SHRM argued that it would be
unreasonable to expect volunteers or even a single paid staff director
to check for, and handle, opt-out requests several times per week to
satisfy the proposed three-day rule.
---------------------------------------------------------------------------
\222\ See, e.g., NADA; BrightWave; Ezines; ARDA; ABM; ASAE; NAMB
(``NAMB believes that the proposed 3-business day time period has a
disproportionate economic impact on all small business entities,
which includes many mortgage brokers.''); MPA; NAR; NAA (indicating
that a three-business-day period would be challenging for small
newspapers); ASTA (``Nearly instantaneous processing' may be
possible for some, but there is no record support for the
proposition that it is possible for all, or even most, businesses,
particularly small businesses.'').
\223\ See, e.g., Sheu; Wiederhoeft; Intermark; ECFCU; SHRM; IS;
ASAE; Comerica; IPPC; BD; ARTBA.
---------------------------------------------------------------------------
Finally, a few commenters argued that ten business days is not
sufficient time for processing opt-out requests and a longer time frame
would be better.\224\ Some of these commenters pointed out that
telemarketers have 31 days to process new listings on the National Do
[[Page 29674]]
Not Call Registry\225\ and that commercial email messages directed to
certain mobile devices are prohibited if the wireless domain name
referenced in the address has been posted on the Federal Communications
Commission's (``FCC'') wireless domain list for at least 30 days.\226\
These commenters argued that, for consistency, 31 or 30 days should be
allowed for processing opt-out requests.\227\
---------------------------------------------------------------------------
\224\ See, e.g., NNA; ACLI; NRF; ICC.
\225\ 69 FR 16368 (Mar. 29, 2004).
\226\ The FCC has issued a list of wireless domains to which
commercial email messages cannot be directed without the addressee's
express prior authorization or if other conditions are met. 47 CFR
64.3100(a) & (e). The thirty-day safe harbor does not apply if the
person or entity initiating the message did so knowing the address
was to a protected mobile service. 47 CFR 64.3100(a)(4); Rules and
Regulations Implementing the Controlling the Assault Of Non-
Solicited Pornography and Marketing Act of 2003, CG Docket No. 04-
53, Rules and Regulations Implementing the Telephone Consumer
Protection Act of 1991, CG Docket No. 02-278, 19 FCC Rcd. 15927,
15969 (2004).
\227\ See, e.g., Verizon; Intermark; NAR; SIIA; MCI; IAC.
---------------------------------------------------------------------------
Having carefully considered the comments concerning the amount of
time required to process and coordinate opt-out requests, along with
the Commission's law enforcement experience, the Commission is
persuaded that it should retain the ten-business-day grace period for
honoring opt-out requests. The Commission is persuaded that its
proposal in the NPRM to shorten the period to three business days could
impose a substantial burden on legitimate commercial email marketers.
In particular, the Commission is concerned that reducing the opt-out
period could pose a significant challenge for small entities. In
addition, the Commission believes that reducing the opt-out period
would not necessarily advance the privacy interests of consumers.
Neither the current record nor the Commission's law enforcement
experience indicates that email bombing of commercial email recipients
is a wide-scale tactic deployed by lawful commercial emailers, or that
reducing the opt-out grace period would necessarily reduce any
potential threat of email bombing.
At the same time, the Commission rejects the argument that email
marketers should have more than ten business days to process opt-out
requests. The Commission finds that, based on the record, senders of
commercial email are not unduly burdened by the ten-business-day grace
period for honoring opt-out requests established by Congress.\228\
Indeed, in 2005, a Commission study revealed that nearly 90% of the top
100 etailers honored the ten-business-day opt-out time period,\229\
which suggests that, on balance, compliance is feasible for most
senders of commercial email. Further, the Commission is not persuaded
that the fact that telemarketers have 31 days to process new listings
on the National Do Not Call Registry justifies extending the period for
honoring CAN-SPAM opt-out requests to 31 days, in view of the
difference in the structure and operation of email suppression lists as
compared to the National Do Not Call Registry.
---------------------------------------------------------------------------
\228\ See, e.g., DoubleClick; ACB; Cendant; iPost; Empire. See
also NCL's comments in the ANPR (stating that ``We are unaware of
any problems with the ten-business-day time period and would
strongly oppose lengthening it.'').
\229\ See ``Top Etailers' Compliance with CAN-SPAM's Opt-Out
Provisions.'' Staff Report (July 2005), available at http://www.ftc.gov/reports/optout05/050801optoutetailersrpt.pdf. This
report explained that 89% of the top 100 etailers that sent
commercial email during the study honored all three of the opt-out
requests made by FTC staff.
---------------------------------------------------------------------------
For all these reasons, the Commission declines to adopt proposed
Rule 316.4, which would have reduced the statutory ten-business-day
grace period for honoring opt-out requests.\230\ The grace period
therefore remains ten business days.
---------------------------------------------------------------------------
\230\ Proposed Rule 316.4(b) would have clarified that law
enforcement officials are not required to allege or prove a
defendant's state of mind to obtain a cease and desist order or an
injunction to enforce compliance with proposed Rule 316.4(a), which
pertains to the time period for honoring opt-out requests. Because
the Commission declines to adopt Rule 316.4(a), proposed Rule
316.4(b) is no longer necessary. Moreover, the language of the Act
itself is clear on this issue -- whenever a provision of the Act or
the Commission's Rule contains a state-of-mind component, that
requirement does not apply when a law enforcement official seeks a
cease and desist order or an injunction. 15 U.S.C. 7706(e) & (f)(2).
---------------------------------------------------------------------------
2. Expiration of Opt-out Requests
In the NPRM, the Commission declined to propose a time limit for
how long an opt-out request will remain in effect, but indicated that
it would consider submissions of information or data that would show
whether such a time limit would be useful in implementing the
provisions of the Act. The Commission noted that, in the somewhat
similar context of the Do Not Call Registry, the Registry administrator
is able routinely to purge defunct or changed telephone numbers from
the Registry database, whereas email marketers do not appear to have
similar capabilities for such purging.\231\ The Commission also stated
that an email marketer's suppression list is likely to have far fewer
entries than the then 91 million numbers\232\ on the Do Not Call
Registry, making the prospect of ``scrubbing'' far less daunting, and
potentially vitiating the argument that setting an expiration period
for opt-out requests is required.\233\
---------------------------------------------------------------------------
\231\ 70 FR at 2544. The NPRM also stated that the duration of a
person's registration on the Do Not Call Registry is five years or
until the registrant changes his or her telephone number or takes
the number off the Registry. Id. Congress has since enacted
legislation which eliminates the expiration of listings on the
Registry. See Do-Not-Call Improvement Act of 2007, Pub. L. No. 110-
188 (2008).
\232\ As of June 2007, the Do Not Call Registry contained more
than 145 million telephone numbers.
\233\ 70 FR at 2544.
---------------------------------------------------------------------------
Several commenters argued that the Commission should limit the
length of time that requests should remain in effect. These commenters,
however, were divided on what would be an appropriate time limit.\234\
Other commenters argued that the Commission should not impose a time
limit on a consumer's opt-out request.\235\
---------------------------------------------------------------------------
\234\ See, e.g. , ARDA; Wells Fargo; BOA; NRF (all arguing for a
two- to three-year time limit); CMOR; ABM; FNB; ERA; ESPC; ACB;
Bigfoot; Visa (all arguing for a five-year or longer time limit).
\235\ For example, DoubleClick argued that it did ``not believe
that a consumer's choice should have an expiration date. If a
consumer asks to be removed from a commercial email list and
subsequently changes her/his mind, s/he can re-subscribe to that
mailing list.'' Similarly, the Virginia Credit Union argued that it
also believes that ``the opt-out request should be honored
indefinitely until such time the consumer contacts the sender and
requests otherwise.''
---------------------------------------------------------------------------
Various commenters submitted data to the Commission about the size
of their suppression lists. That data showed that suppression list size
varies, and it is not clear whether or in what instances suppression
lists may exceed the Do Not Call Registry. While many suppression lists
contain less than 100,000 addresses,\236\ ESPC states that the
suppression lists of some companies exceed the Do Not Call Registry by
over 10 million entries. One commenter noted that ``[f]rom a logistical
perspective, many companies have large suppression lists that can
exceed a million names.''\237\ Another commenter reported that its
suppression list will likely have fewer than the number of entries that
the National Do Not Call Registry contains.\238\
---------------------------------------------------------------------------
\236\ See ESPC (``The time and cost varies linearly based on the
size of the lists involved. Both the size of the suppression list
and the size of the active list affect the processing time and cost.
Many senders' suppression lists contain less than 100,000 addresses,
in which case the time and cost are fairly negligible.'').
\237\ See DoubleClick.
\238\ See FNB.
---------------------------------------------------------------------------
In analyzing the data submitted by these commenters, the Commission
finds that, at this time, there is insufficient evidence to show that
email suppression list scrubbing is impeded by the lack of a time limit
on opt-out requests, or that imposing a limit will be
[[Page 29675]]
useful in implementing the provisions of the Act under section 7711(a).
Notably, Congress chose neither to impose such a time limit nor to
specifically authorize the Commission to do so at this time.
Consequently, the Commission declines to impose a time limit on the
duration of an opt-out request.
C. Proposed Rule 316.5 -- Prohibition on Charging a Fee or Imposing
Other Requirements on Recipients Who Wish To Opt Out
In the NPRM, the Commission proposed to prohibit the imposition, as
a condition for accepting or honoring a recipient's opt-out request, of
any fee, obligation to provide personally identifying information
(beyond one's email address), or any other requirement.\239\ Several
commenters agreed with the Commission's proposal to prohibit senders
from charging a fee to opt out,\240\ but challenged the portion of the
rule that would prevent the collection of additional personal
information or require email recipients to interface with more than one
Internet Web page to opt out from receiving future commercial email
messages from the sender. These commenters cumulatively identified a
host of factors -- the risk of typographical errors, computer security
issues, online identity theft, and sabotage by competitors -- arguing
for the necessity of collecting personal information or requiring
multiple opt-out steps to verify the identity of the recipient.\241\
While the Commission recognizes that computer security and identity
theft are serious problems facing online consumers, the Commission is
not persuaded that imposing additional requirements on consumers who
are attempting to opt out would do anything to minimize the risk of
these problems. To the contrary, the Commission believes that requiring
consumers to transmit additional personally identifying information
would increase the risk of that information being intercepted by a
hacker or rogue third party.
---------------------------------------------------------------------------
\239\ As proposed and adopted here, Rule 316.5 provides:
``Neither a sender nor any person acting on behalf of a sender may
require that any recipient pay any fee, provide any information
other than the recipient's electronic mail address and opt-out
preferences, or take any other steps except sending a reply
electronic message or visiting a single Internet web page, in order
to: (a) use a return electronic mail address or other Internet-based
mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not
to receive future commercial electronic mail messages from a sender;
or (b) have such a request honored as required by 15 U.S.C.
7704(a)(3)(B) and (a)(4).''
\240\ See, e.g., KeySpan; MasterCard; Metz; Empire; Wells Fargo;
Coalition; BOA.
\241\ See, e.g, Wells Fargo; Coalition; Experian; MPAA; AeA;
Microsoft; Verizon; MasterCard.
---------------------------------------------------------------------------
Other commenters explained that verifying the identity of a
recipient would be important because their suppression lists are
connected to consumer account information rather than consumer email
addresses. For example, DMA argued that ``tracking by account
information also makes it easier to honor opt-out requests for
customers regardless of what they change their email address to.''\242\
The Commission does not find this argument persuasive, because, as the
Commission stated in the NPRM, ``according to CAN-SPAM, opt-out
requests are specific to a recipient's email address, not his or her
name,'' and, in this case, certainly not to his or her account
information.\243\
---------------------------------------------------------------------------
\242\ See also MPAA; Microsoft (both requesting the Commission
to clarify that the use of passwords or other authentication
information is permitted under the rule); ABA (stating that it would
be beneficial to have ``member-recipients log on the entity's
Website, edit the member's profile, and thereby directly express the
member's complete opt-out preferences.'').
\243\ NPRM, 70 FR at 25445. Similarly, for this reason, the
Commission is not persuaded by those commenters arguing that senders
should be able to require their member-recipients to update their
member profiles in order to opt out from receiving commercial email
messages. See, e.g., ABA; ATAA.
---------------------------------------------------------------------------
At least one commenter argued in favor of allowing marketers an
opportunity to ``display an advertisement or other incentive in order
to remind the recipient of the value of the list subscription prior to
their unsubscription.''\244\ The Commission reiterates its position
stated in the NPRM that subjecting a recipient who wishes to opt out to
sales pitches before the opt-out request is completed is an
unacceptable encumbrance on a consumer's ability to opt out of
receiving unwanted commercial email messages.
---------------------------------------------------------------------------
\244\ See Experian.
---------------------------------------------------------------------------
Accordingly, the Commission adopts final Rule 316.5, which
prohibits the imposition of any fee, any requirement to provide
personally identifying information (beyond one's email address), or any
other obligation as a condition for accepting or honoring a recipient's
opt-out request.
D. Section 7704(c)(2) -- Aggravated Violations Related to Commercial
Email
The final Rule does not provide for any additional aggravated
violations beyond those already specified in the Act. Committing an
aggravated violation along with a violation of section 7704(a) could
subject a defendant to triple damages in a CAN-SPAM enforcement action
by a state attorney general or an ISP.\245\ Section 7704(b) of the Act
lists four practices which are to be considered ``aggravated
violations.''\246\ According to a Senate Committee Report on an earlier
version of the Act, designating specific practices as ``aggravated''
violations is intended to ``apply to those who violate the provisions
of the bill while employing certain problematic techniques used to
either generate recipient email addresses, or remove or mask the true
identity of the sender.''\247\
---------------------------------------------------------------------------
\245\ 15 U.S.C. 7706(f)(3)(C) & (g)(3)(C).
\246\ The four practices are: (1) automated email address
harvesting; (2) dictionary attacks; (3) automated creation of
multiple email accounts; and (4) relay or retransmission of a
commercial email message through unauthorized access.
\247\ S. Rep. No. 108-102, at 8 (2003).
---------------------------------------------------------------------------
Section 7704(c)(2) of the Act authorizes the Commission to specify
activities or practices -- in addition to the four already enumerated
in the statute -- as aggravated violations if the Commission determines
that ``those activities or practices are contributing substantially to
the proliferation of commercial electronic mail messages that are
unlawful under [section 7704(a) of the Act].'' (Emphasis added.)
In response to the Commission's request in the NPRM for comment on
whether any specific practices were contributing substantially to the
proliferation of email, the Commission received only five comments.
Three of the commenters complained about various practices that either
are already illegal under the Act or that the commenters believed
should be made illegal, but did not provide any evidence that the
practices were contributing substantially to the proliferation of
commercial electronic mail messages that are unlawful under section
7704(a) of the Act, and, thus, should be deemed aggravated
violations.\248\
---------------------------------------------------------------------------
\248\ See Nelson (email spoofing); Rubin (selling email
addresses after opt-out; single seller using multiple domain names);
Sowell (commercial email messages should have only one sender; email
should indicate how the sender obtained the recipient's name or
email address).
---------------------------------------------------------------------------
The other two commenters expressed concern that lists of email
addresses of consumers who have opted out from receiving email (known
as ``suppression lists'') can be, and in some instances have been,
misused by third parties to send unwanted email.\249\ Specifically,
these commenters indicated that, in some cases, third parties have
obtained unauthorized access to another company's suppression list,
which the third parties have then used to send emails of their own. The
record,
[[Page 29676]]
however, lacks evidence that this practice is widespread and is
``contributing substantially to the proliferation of commercial
electronic mail messages that are unlawful under [section 7704(a) of
the Act].\250\ Thus, there is an insufficient evidentiary basis for the
Commission to designate this practice as an aggravated violation. In
any event, depending on the facts, some of these practices may violate
section 7704(a)(4)(A)(iv) of the Act. Under this provision, ``the
sender or any other person that knows that the recipient has made [an
opt-out request to the sender]'' may not ``sell, lease, exchange, or
otherwise transfer or release the electronic mail address of the
recipient (including through any transaction or other transfer
involving mailing lists bearing the electronic address of the
recipient) for any purpose other than compliance with this chapter or
other provision of law.''
---------------------------------------------------------------------------
\249\ See LashBack (some companies allow third parties to access
their suppression lists); Unsub (``many sellers . . . post a text
version of their opt-out suppression lists on Blind Affiliate
Networks, allowing easy access for any list owner who is a member''
of that network).
\250\ 15 U.S.C. 7704(c)(2).
---------------------------------------------------------------------------
III. PAPERWORK REDUCTION ACT
In accordance with the Paperwork Reduction Act of 1995, 44 U.S.C.
3501-3520 (``PRA''), the Commission reviewed the proposed and final
Rule. The final Rule does not impose any recordkeeping, reporting, or
disclosure requirements and, thus, does not constitute a ``collection
of information'' as defined in the regulations implementing the
PRA.\251\
---------------------------------------------------------------------------
\251\ See 5 CFR 1320.3(c).
---------------------------------------------------------------------------
IV. REGULATORY FLEXIBILITY ACT
The NPRM included an initial regulatory flexibility analysis
(``IRFA'') under the Regulatory Flexibility Act (``RFA''),\252\ even
though the Commission did not expect that the proposed Rule would have
a significant economic impact on a substantial number of small
entities. In addition, the Commission invited public comment on the
proposed Rule's effect on small entities to ensure that no significant
impact would be overlooked.\253\
---------------------------------------------------------------------------
\252\ 5 U.S.C. 601-612.
\253\ NPRM, 70 FR at 25447-49.
---------------------------------------------------------------------------
This Final Regulatory Flexibility Analysis (``FRFA'') incorporates:
the Commission's initial findings, as set forth in the May 12, 2005
NPRM; addresses the comments submitted in response to the IRFA notice;
and describes the steps the Commission has taken in the final Rule to
minimize its impact on small entities consistent with the objectives of
the CAN-SPAM Act.
A. Succinct Statement of the Need for, and Objectives of, the Final
Rule
The final Rule was created pursuant to the Commission's mandate
under the CAN-SPAM Act. The Act authorizes the Commission, at its
discretion and subject to certain conditions, to: promulgate
regulations expanding or contracting the categories of ``transactional
or relationship messages'';\254\ modify the ten-business-day period
proscribed in the Act for effectuating a recipient's opt-out
request;\255\ and specify additional activities or practices as
``aggravated violations.''\256\ The Act also authorizes the Commission
to ``issue regulations to implement the provisions of [the] Act.''\257\
The final Rule modifies certain definitions of the Act, such as what
constitutes a ``sender'' and a ``valid physical postal address''; adds
a definition of ``person''; and clarifies other relevant provisions of
the Act.
---------------------------------------------------------------------------
\254\ 15 U.S.C. 7702(17)(B).
\255\ 15 U.S.C. 7704(c)(1)(A)-(C).
\256\ 15 U.S.C. 7704(c)(2).
\257\ 15 U.S.C. 7711(a).
---------------------------------------------------------------------------
B. Summary of Significant Issues Raised by the Public Comments in
Response to the IRFA
In the IRFA, the Commission sought comment regarding the impact of
the proposed Rule and any alternatives the Commission should consider,
with a specific focus on the effect of the proposed Rule on small
entities. The public comments on the proposed Rule are discussed above
throughout the Statement of Basis and Purpose, as are any changes that
have been made in the final Rule. After reviewing the comments,
including those that specifically addressed the impact of the Rule on
small entities, the Commission does not believe that the final Rule
will unduly burden entities that send commercial electronic mail
messages or transactional or relationship mail messages. The majority
of comments concerning the impact of the proposed Rule on small
entities addressed the Commission's proposal to shorten the opt-out
period from ten business days to three. As noted in Part II.B above,
these commenters argued that a shortened time frame would impose undue
administrative costs and burdens on small businesses.\258\ The
Commission agrees that the final Rule must not be unduly burdensome to
small businesses, and, while the record still lacks specific data
describing the time and cost involved with processing opt-out requests
for small businesses, the Commission finds that three business days
would pose a challenge for some of these entities. In light of the
concerns raised by the commenters, including small entities, the final
Rule retains the opt-out period at ten business days.
---------------------------------------------------------------------------
\258\ See, e.g., ABM; ARDA; BrightWave; Ezines; MPA; NAA; NADA;
NAMB; NAR.
---------------------------------------------------------------------------
C. Explanation as to Why No Estimate is Available as to the Number of
Small Entities to Which the Final Rule Will Apply
Determining a precise estimate of the number of small entities
subject to the final Rule, or describing those entities, is not readily
feasible for two reasons. First, there is insufficient publicly
available data to determine the number and type of small entities
currently using email in any commercial setting. As noted in the IRFA,
the final Rule will apply to ```senders' of `commercial electronic mail
messages,' and, to a lesser extent, to `senders' of `transactional or
relationship messages.'''\259\ Thus, any company, regardless of
industry or size, that sends commercial email messages or transactional
or relationship messages would be subject to the final Rule.
---------------------------------------------------------------------------
\259\ NPRM, 70 FR at 25448.
---------------------------------------------------------------------------
In the IRFA, the Commission set forth the few sources of publicly
available data to approximate the number of entities that send
commercial email messages or transactional or relationship messages,
noting that ``[g]iven the paucity of data concerning the number of
small businesses that send commercial e-mail messages or transactional
or relationship messages, it is not possible to determine precisely how
many small businesses would be subject to the proposed Rule.''\260\
None of the comments provided information regarding the number of
entities of any size that will be subject to the final Rule.
---------------------------------------------------------------------------
\260\ Id.
---------------------------------------------------------------------------
The second reason that determining a precise estimate of the number
of small entities subject to the final Rule is not readily feasible is
that the assessment of whether the primary purpose of an email message
is ``commercial,'' ``transactional or relationship,'' or ``other''
turns on a number of factors that require factual analysis on a case-
by-case basis. Thus, even if the number of entities that use email in
commercial dealings were known, the extent to which the messages they
send will be regulated by the final Rule depends upon the primary
purpose of such messages, a determination which cannot be made absent
factual analysis.
[[Page 29677]]
D. Description of the Projected Reporting, Recordkeeping, and Other
Compliance Requirements of the Final Rule, Including an Estimate of the
Classes of Small Entities that Will Be Subject to the Requirements of
the Final Rule and the Type of Professional Skills that Will Be
Necessary to Implement the Final Rule
The final Rule does not itself impose any reporting, recordkeeping,
or other disclosure requirements within the meaning of the Paperwork
Reduction Act. The final Rule primarily: clarifies the scope of certain
definitions within the CAN-SPAM Act, such as ``sender'' and ``valid
physical postal address''; defines one new term, ``person''; and
clarifies that a recipient may not be required to pay a fee, provide
information other than his or her email address and opt-out
preferences, or take any other steps other than sending a reply email
message or visiting a single Internet Web page to submit an opt-out
request. Any costs attributable to CAN-SPAM are the result of the
substantive requirements of the Act itself -- such as the requirement
that commercial email messages include an opt-out mechanism and certain
disclosures -- not the Commission's interpretive final Rule.
E. Discussion of Significant Alternatives the Commission Considered
That Would Accomplish the Stated Objectives of the CAN-SPAM Act and
That Would Minimize Any Significant Economic Impact of the Final Rule
on Small Entities
Through both the ANPR and the May 12, 2005 NPRM, the Commission
sought to gather information regarding the economic impact of CAN-
SPAM's requirements on all businesses, including small entities. The
Commission requested public comment on whether the proposed Rule would
unduly burden such entities that use email to send messages defined as
``commercial'' or ``transactional or relationship'' messages under the
Act and the FTC's CAN-SPAM Rule; whether this burden is justified by
offsetting benefits to consumers; what effect the proposed Rule would
have on small entities that initiate messages the primary purpose of
which are commercial or transactional or relationship; what costs would
be incurred by small entities to ``implement and comply'' with the
proposed Rule; and whether there were ways the proposed Rule could be
modified to reduce the costs or burdens for small entities while still
being consistent with the requirements of the Act. The Commission
requested this information in an attempt to minimize the final Rule's
burden on all businesses, including small entities.
In drafting the final Rule, the Commission carefully considered and
sought to mitigate the burdens placed on email marketers, both large
and small alike. For example, because a shortened time frame for
processing opt-out requests might place a significant burden on
senders, including small businesses, the final Rule retains the
original ten-business-day period set forth in the Act. Moreover, the
final Rule's definition of ``valid physical postal address'' provides
for the use of commercial and postal mailboxes in light of the concerns
many small entities expressed with respect to disclosing their physical
addresses in email messages. Finally, to the extent that small entities
participate in sending multiple marketer messages, the final Rule's
definition of ``sender'' minimizes the burden placed on such entities
by permitting the designation of a single ``sender'' to comply with
CAN-SPAM's disclosure and opt-out requirements.
As explained earlier in this Statement of Basis and Purpose, the
Commission has considered the comments and alternatives proposed by
such commenters, and continues to believe that the final Rule will not
create a significant economic impact on small entities or others who
send or initiate commercial email messages or transactional or
relationship messages.
List of Subjects in 16 CFR Part 316
Advertising, Business and industry, Computer technology, Consumer
protection, Labeling.
0
Accordingly, for the reasons set forth in the preamble above, the
Commission amends title 16, CFR Chapter I by revising Part 316 to read
as follows:
PART 316--CAN-SPAM RULE
Sec.
316.1 Scope.
316.2 Definitions.
316.3 Primary purpose.
316.4 Requirement to place warning labels on commercial electronic
mail that contains sexually oriented material.
316.5 Prohibition on charging a fee or imposing other requirements
on recipients who wish to opt out.
316.6 Severability.
Authority: 15 U.S.C. 7701-7713.
Sec. 316.1 Scope.
This part implements the Controlling the Assault of Non-Solicited
Pornography and Marketing Act of 2003 (``CAN-SPAM Act''), 15 U.S.C.
7701-7713.
Sec. 316.2 Definitions.
(a) The definition of the term ``affirmative consent'' is the same
as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(1).
(b) ``Character'' means an element of the American Standard Code
for Information Interchange (``ASCII'') character set.
(c) The definition of the term ``commercial electronic mail
message'' is the same as the definition of that term in the CAN-SPAM
Act, 15 U.S.C. 7702(2).
(d) The definition of the term ``electronic mail address'' is the
same as the definition of that term in the CAN-SPAM Act, 15 U.S.C.
7702(5).
(e) The definition of the term ``electronic mail message'' is the
same as the definition of that term in the CAN-SPAM Act, 15 U.S.C.
7702(6).
(f) The definition of the term ``initiate'' is the same as the
definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(9).
(g) The definition of the term ``Internet'' is the same as the
definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(10).
(h) ``Person'' means any individual, group, unincorporated
association, limited or general partnership, corporation, or other
business entity.
(i) The definition of the term ``procure'' is the same as the
definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(12).
(j) The definition of the term ``protected computer'' is the same
as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(13).
(k) The definition of the term ``recipient'' is the same as the
definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(14).
(l) The definition of the term ``routine conveyance'' is the same
as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(15).
(m) The definition of the term ``sender'' is the same as the
definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(16),
provided that, when more than one person's products, services, or
Internet website are advertised or promoted in a single electronic mail
message, each such person who is within the Act's definition will be
deemed to be a ``sender,'' except that, only one person will be deemed
to be the ``sender'' of that message if such person: (A) is within the
Act's definition of ``sender''; (B) is identified in the ``from'' line
as the sole sender of the message; and (C) is in compliance with 15
U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C.
[[Page 29678]]
7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4.
(n) The definition of the term ``sexually oriented material'' is
the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C.
7704(d)(4).
(o) The definition of the term ``transactional or relationship
messages'' is the same as the definition of that term in the CAN-SPAM
Act, 15 U.S.C. 7702(17).
(p) ``Valid physical postal address'' means the sender's current
street address, a Post Office box the sender has accurately registered
with the United States Postal Service, or a private mailbox the sender
has accurately registered with a commercial mail receiving agency that
is established pursuant to United States Postal Service regulations.
Sec. 316.3 Primary purpose.
(a) In applying the term ``commercial electronic mail message''
defined in the CAN-SPAM Act, 15 U.S.C. 7702(2), the ``primary purpose''
of an electronic mail message shall be deemed to be commercial based on
the criteria in paragraphs (a)(1) through (3) and (b) of this
section:\1\
---------------------------------------------------------------------------
\1\ The Commission does not intend for these criteria to treat
as a ``commercial electronic mail message'' anything that is not
commercial speech.
---------------------------------------------------------------------------
(1) If an electronic mail message consists exclusively of the
commercial advertisement or promotion of a commercial product or
service, then the ``primary purpose'' of the message shall be deemed to
be commercial.
(2) If an electronic mail message contains both the commercial
advertisement or promotion of a commercial product or service as well
as transactional or relationship content as set forth in paragraph (c)
of this section, then the ``primary purpose'' of the message shall be
deemed to be commercial if:
(i) A recipient reasonably interpreting the subject line of the
electronic mail message would likely conclude that the message contains
the commercial advertisement or promotion of a commercial product or
service; or
(ii) The electronic mail message's transactional or relationship
content as set forth in paragraph (c) of this section does not appear,
in whole or in substantial part, at the beginning of the body of the
message.
(3) If an electronic mail message contains both the commercial
advertisement or promotion of a commercial product or service as well
as other content that is not transactional or relationship content as
set forth in paragraph (c) of this section, then the ``primary
purpose'' of the message shall be deemed to be commercial if:
(i) A recipient reasonably interpreting the subject line of the
electronic mail message would likely conclude that the message contains
the commercial advertisement or promotion of a commercial product or
service; or
(ii) A recipient reasonably interpreting the body of the message
would likely conclude that the primary purpose of the message is the
commercial advertisement or promotion of a commercial product or
service. Factors illustrative of those relevant to this interpretation
include the placement of content that is the commercial advertisement
or promotion of a commercial product or service, in whole or in
substantial part, at the beginning of the body of the message; the
proportion of the message dedicated to such content; and how color,
graphics, type size, and style are used to highlight commercial
content.
(b) In applying the term ``transactional or relationship message''
defined in the CAN-SPAM Act, 15 U.S.C. Sec. 7702(17), the ``primary
purpose'' of an electronic mail message shall be deemed to be
transactional or relationship if the electronic mail message consists
exclusively of transactional or relationship content as set forth in
paragraph (c) of this section.
(c) Transactional or relationship content of email messages under
the CAN-SPAM Act is content:
(1) To facilitate, complete, or confirm a commercial transaction
that the recipient has previously agreed to enter into with the sender;
(2) To provide warranty information, product recall information, or
safety or security information with respect to a commercial product or
service used or purchased by the recipient;
(3) With respect to a subscription, membership, account, loan, or
comparable ongoing commercial relationship involving the ongoing
purchase or use by the recipient of products or services offered by the
sender, to provide --
(i) Notification concerning a change in the terms or features;
(ii) Notification of a change in the recipient's standing or
status; or
(iii) At regular periodic intervals, account balance information or
other type of account statement;
(4) To provide information directly related to an employment
relationship or related benefit plan in which the recipient is
currently involved, participating, or enrolled; or
(5) To deliver goods or services, including product updates or
upgrades, that the recipient is entitled to receive under the terms of
a transaction that the recipient has previously agreed to enter into
with the sender.
Sec. 316.4 Requirement to place warning labels on commercial
electronic mail that contains sexually oriented material.
(a) Any person who initiates, to a protected computer, the
transmission of a commercial electronic mail message that includes
sexually oriented material must:
(1) Exclude sexually oriented materials from the subject heading
for the electronic mail message and include in the subject heading the
phrase ``SEXUALLY-EXPLICIT: '' in capital letters as the first nineteen
(19) characters at the beginning of the subject line;\2\
---------------------------------------------------------------------------
\2\ The phrase ``SEXUALLY-EXPLICIT'' comprises 17 characters,
including the dash between the two words. The colon (:) and the
space following the phrase are the 18\th\ and 19\th\ characters.
---------------------------------------------------------------------------
(2) Provide that the content of the message that is initially
viewable by the recipient, when the message is opened by any recipient
and absent any further actions by the recipient, include only the
following information:
(i) The phrase ``SEXUALLY-EXPLICIT: '' in a clear and conspicuous
manner;\3\
---------------------------------------------------------------------------
\3\ This phrase consists of nineteen (19) characters and is
identical to the phrase required in 316.5(a)(1) of this Rule.
---------------------------------------------------------------------------
(ii) Clear and conspicuous identification that the message is an
advertisement or solicitation;
(iii) Clear and conspicuous notice of the opportunity of a
recipient to decline to receive further commercial electronic mail
messages from the sender;
(iv) A functioning return electronic mail address or other
Internet-based mechanism, clearly and conspicuously displayed, that
(A) A recipient may use to submit, in a manner specified in the
message, a reply electronic mail message or other form of Internet-
based communication requesting not to receive future commercial
electronic mail messages from that sender at the electronic mail
address where the message was received; and
(B) Remains capable of receiving such messages or communications
for no less than 30 days after the transmission of the original
message;
(v) Clear and conspicuous display of a valid physical postal
address of the sender; and
(vi) Any needed instructions on how to access, or activate a
mechanism to access, the sexually oriented material, preceded by a
clear and conspicuous statement that to avoid viewing the sexually
oriented material, a recipient
[[Page 29679]]
should delete the email message without following such instructions.
(b)Prior affirmative consent. Paragraph (a) does not apply to the
transmission of an electronic mail message if the recipient has given
prior affirmative consent to receipt of the message.
Sec. 316.5 Prohibition on charging a fee or imposing other
requirements on recipients who wish to opt out.
Neither a sender nor any person acting on behalf of a sender may
require that any recipient pay any fee, provide any information other
than the recipient's electronic mail address and opt-out preferences,
or take any other steps except sending a reply electronic mail message
or visiting a single Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based
mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to
receive future commercial electronic mail messages from a sender; or
(b) Have such a request honored as required by 15 U.S.C.
7704(a)(3)(B) and (a)(4).
Sec. 316.6 Severability.
The provisions of this Part are separate and severable from one
another. If any provision is stayed or determined to be invalid, it is
the Commission's intention that the remaining provisions shall continue
in effect.
By direction of the Commission.
Donald S. Clark
Secretary
Note: The following Appendix will not appear in the Code of Federal
Regulations
List of Commenters and Acronyms
CAN-SPAM DISCRETIONARY RULEMAKING COMMENTS
------------------------------------------------------------------------
Acronym Commenter
------------------------------------------------------------------------
ABA American Bar Association
ABM American Business Media
ACA ACA International
ACB America's Community Bankers
ACLI American Council of Life Insurers
ACUTA ACUTA, Inc.
Adknowledge Adknowledge, Inc.
AeA American Electronics Association
Allen Bobby Allen
Amin J. Amin
aQuantive aQuantive, Inc.
ARDA American Resort Development
Association
ARTBA American Road and Transportation
Builders Association
ASA American Staffing Association
ASAE American Society of Association
Executives
Associations Direct Marketing Association et al. on
behalf of
American Advertising Federation,
American Association of Advertising
Agencies,
American Bankers Association,
American Council of Life Insurers,
American Society of Association
Executives,
American Society of Travel Agents,
Inc. -- Cruise Lines International
Association,
Association of National Advertisers,
Consumer Bankers Association,
Direct Marketing Association, Inc.,
Electronic Retailing Association,
Email Service Provider Coalition,
The Financial Services Roundtable,
Information Technology Association of
America,
Interactive Travel Services
Association,
Internet Alliance,
Internet Commerce Coalition,
Magazine Publishers of America,
National Business Coalition on E-
Commerce and Privacy,
National Retail Federation,
NetCoalition,
Network Advertising Initiative,
Promotion Marketing Association,
U.S. Chamber of Commerce
ASTA American Society of Travel Agents,
Inc.
ATAA Air Transport Association of America
Ault Russell Ault
Aurelius Aurelius
Baker Baker & Hostetler, LLP
BD BD, Inc.
Bigfoot Bigfoot Interactive
BOA Bank of America Corporation
BrightWave BrightWave Marketing, Inc.
Brown Brown-Foreman Corporation
BSA Business Software Alliance
Buschner Arthur Buschner
Cambridge Cambridge Electronics Laboratory
Cantor Elaine Cantor
CBA Consumer Bankers Association
Cendant Cendant Cooperation
Cha Brian Cha
Charter Charter Communications, Inc.
Christensen Keith Christensen
Clark Patrick Clark
Clear Luanne Clear
Click Click Tactics, Inc.
CMOR The Council for Marketing and Opinion
Research
Coalition National Business Coalition on E-
Commerce and Privacy
Comerica Comerica Incorporated
CUNA Credit Union National Association
Darling RWR Darling
Dennis David Dennis
Discover Discover Financial Services
DMA Direct Marketing Association, Inc.
DoubleClick DoubleClick, Inc.
Edge Ronald D. Edge
Edwards Edwards
Ellenburg George M. Ellenburg
Empire Empire Corporate FCU
EPIC Electronic Privacy Information Center
ePrize ePrize, LLC
ERA Electronic Retailing Association
ESPC Email Service Provider Coalition
Exact ExactTarget, Inc.
Experian Experian Marketing Solutions
Ezines The Circle of Ezines
FNB First National Bank of Omaha
Footlocker Footlocker.com/Eastbay
Goldbar Goldbar Enterprises, LLC
Gorman Richard Gorman
Gray Woodrow Gray
HSBC HSBC Bank of Nevada
IAC IAC/InterActiveCorp
ICC Internet Commerce Coalition
ICOP International Council of Online
Professionals
IMN iMake News, Inc.
Independent Independent Sector
Intermark Intermark Media
iPost Bart Schaefer on behalf of iPost
IPPC International Pharmaceutical Privacy
Consortium
Jarrell Lon Jarrell, Jr.
Jumpstart Jumpstart Technologies, LLC
Kapecki Jon Kapecki
KeySpan KeySpan Energy
Landesmann Mark Landesmann
Lantow Lantow
LashBack LashBack, LLC
MasterCard MasterCard International
Masterfoods Masterfoods USA
Mattel Mattel, Inc.
May William May
MBNA MBNA America Bank, N.A.
MCI MCI, Inc.
Metz Seymour Metz
Microsoft Microsoft Cooperation
[[Page 29680]]
Morris Ireeta Morris
MPA Magazine Publishers of America
MPAA Motion Picture Association of America
NAA Newspaper Association of America
NADA National Automobile Dealers
Association
NAEDA North American Equipment Dealers
Association
NAFCU National Association of Federal Credit
Unions
NAIFA National Association of Insurance and
Financial Advisors
NAMB National Association of Mortgage
Brokers
NAR National Association of Realtors
NCTA National Cable and Telecommunications
Association
Nelson Nelson
NEPA Newsletter and Electronic Publishers
Association
NetCoalition NetCoalition
Nextel Nextel Communications, Inc.
NFCU Navy Federal Credit Union
Nissan Nissan North America, Inc.
NNA National Newspaper Association
NRF National Retail Federation
OPA Online Publishers Association
Oriez Charles Oriez
PCIAA Property Casualty Insurers Association
of America
Pernetian Pernetian
PMA Promotion Marketing Association, Inc.
Reed Reed Elsevier, Inc.
Return Return Path, Inc.
RIAA Recording Industry Association of
America
Roberts Bart Roberts
Rubin Kim Rubin
Rushing Rushing
Rushizky Paul Rushizky
SAG Strategic Advisory Group
Satchell Stephen Satchell
Schaefer Mark Schaefer
Schnell Ron Schnell
Sheu Caroline Sheu
Shires William Shires
SHRM Society for Human Resource Management
SIA Securities Industry Association
SIIA Software Information Industry
Association
Sing Ah Sing-Bombard
Slachetka Mike Slachetka
Sonnenschein Sonnenschein Nath & Rosenthal, LLP
Sowell Sean Sowell
Sprint Sprint Corporation
Subscriber SubscriberMail, LLC
Swent Norm Swent
Tietjens Richard Tietjens
Time Warner Time Warner, Inc.
Topica Topica
Travaglini Anne Travaglini
Unsub UnsubCentral
UOL United Online
VCU Virginia Credit Union
VFCU Visions Federal Credit Union
Verizon Verizon, Inc.
Vertical Vertical Response, Inc.
Visa Visa U.S.A., Inc.
Wahmpreneur Wahmpreneur Publishing, Inc.
Wells Fargo Wells Fargo & Company
West Hal West
Wiederhoeft Phyllis Wiederhoeft
Wyle Ed Wyle
------------------------------------------------------------------------
[FR Doc. E8-11394 Filed 5-20-08: 8:45 am]
BILLING CODE 6750-01-S