As a general rule, businesses sending e-mail to customers could be confident, prior to January 1, 2005, that their electronic message would not be running afoul of U.S. spam laws1 if the message regarded the customer’s business relationship or transaction. Recently, however, Congress recognized that such e-mails often serve as an opportunity to communicate unsolicited "commercial" information as well. Such "dual-purpose" communications were not directly addressed in the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act or the Act), but Congress asked the U.S. Federal Trade Commission (FTC) to issue a rule defining when an e-mail’s "primary purpose" is commercial and therefore covered by the Act. The FTC’s new rules on the subject promise to raise as many questions as they answer; nonetheless, the new rules do provide a roadmap for businesses trying not to fall afoul of the Act when sending dual-purpose e-mail to their customers. This On the Subject reviews the basics of compliance with the Act and then discusses the new rules for dual-purpose e-mail.

Commercial E-mail Must Comply with CAN-SPAM Requirements

The Act clearly prohibits sending "commercial" e-mail messages without including 1) clear and conspicuous identification that the message is an advertisement or solicitation; 2) clear and conspicuous notice of the opportunity to opt-out of future messages from the sender (along with a link allowing the user to do so that operates for at least 30 days); and 3) a valid physical address for the sender. Further, requests to opt out of future messages must be honored within 10 days. "Commercial" e-mail is defined as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet web site operated for a commercial purpose)" (emphasis added). If a message contains only content that commercially advertises or promotes a commercial product or service, it will fit into this category and must comply with CAN-SPAM’s notice and opt-out requirements.

Transaction or Relationship Messages are Exempt

The Act exempts "transactional or relationship" messages from the Act’s notice and opt-out requirements. Transactional or relationship messages are defined as those with "the primary purpose of which is 1) to facilitate, complete, or confirm a commercial transaction that the message recipient has previously agreed to enter into with the sender; 2) to provide warranty, product recall or safety or security information about a commercial product or service used or purchased by the recipient; 3) for ongoing relationships between the sender and recipient involving a commercial product or service (such as a subscription, membership, account or loan), to provide notification regarding a change in the terms or features, a change in the recipient’s status, or at regular periodic intervals, account balances or statements or the like; 4) to provide information directly related to an employment relationship or related benefit plan in which the recipient is participating; or 5) to deliver goods and services that the recipient is entitled to receive as part of a previous transaction between the sender and recipient, such as product upgrades" (emphasis added). If an e-mail contains only content falling into one of the transactional/relationship categories, it need not comply with the Act.

Rules for Dual-Purpose Messages

The new rules apply to "dual-purpose e-mails." As an example, an account statement to a current customer that also promotes other services will be considered a "dual-purpose" e-mail under the new rules. There are two tests to determine if a dual-purpose email must comply with the Act. If a message fails either test, its primary purpose is considered to be commercial, and it must comply with CAN-SPAM. The first test focuses on the subject line and whether "a recipient reasonably interpreting the subject line of the message would likely conclude that the message contains the commercial advertisement or promotion of a commercial product or service." If so, the primary purpose is commercial. The FTC reasoned that recipients use the subject line when deciding whether to read a message or not and, thus, the subject line should be considered when evaluating an e-mail’s primary purpose.

Under the second test, an e-mail will be considered commercial if the transactional/relationship content "does not appear, in whole or in substantial part, at the beginning of the body of the message." "Substantial" refers to the nature of the content, not the size. The FTC has said that recipients should be alerted to important transactional/related content without having to first wade through advertising. The FTC "believes that this placement test provides an objective standard for e-mail senders to comply with, allows for flexibility in message design, and ensures that recipients receive the most important content of a dual-purpose message first."

A somewhat different test applies to messages with both commercial and other content that is not of a transactional nature, such as a newsletter sent to recipients who have had no previous dealings with the sender. These types of messages will be evaluated pursuant to the subject line test described above. The second test is the so-called "net impression" test, applied to the body of the e-mail. If a "recipient reasonably interpreting the body of the message would likely conclude that the primary purpose of the message is the commercial advertisement or promotion of a commercial product or service," the primary purpose of the e-mail will be commercial, and the Act will apply. Factors to be considered include the commercial content’s placement and proportion and how it is highlighted through the use of color, graphics, type size and style. The FTC admitted that this is necessarily a fact-based analysis, but felt that because the net impression standard is derived from its traditional analysis of advertising under the FTC Act, it is one with which advertisers are already familiar and able to comply.

It is disappointing that the FTC didn’t choose a more straightforward definition of what constitutes a commercial message, particularly for e-mail that contains both transactional/relationship and commercial content. The FTC rejected suggestions that any transactional/relationship content should exempt a message from the Act’s requirements. Nonetheless, as the FTC noted, businesses are given latitude to craft email messages so as to avoid the CAN-SPAM notice and opt-out requirements. In summary, the rule will allow an e-mail to include commercial content in a transactional/relationship e-mail without complying with CAN-SPAM, as long as 1) the subject line doesn’t give the recipient the impression that the message is going to contain an ad, and 2) a substantial portion of the transactional/relationship message (in terms of content, not length) appears at or near the top of the message body. It is important to remember that if an e-mail fails either the subject line test or the placement test, its primary purpose will be considered commercial and it must comply with the Act.

Consequences

The FTC is authorized to enforce violations of CAN-SPAM in the same manner as an FTC trade regulation rule, and will doubtless apply standards developed in that context. Further, State Attorneys General are authorized to enforce compliance with some provisions of the Act, such as the prohibition on deceptive headers and transmission information, through an action in federal court. Internet Service Providers can also bring a federal court action for violations of the provisions prohibiting false or misleading header information. Indeed, they are aggressively doing so. In March 2004, AOL, Earthlink, Microsoft, and Yahoo! filed six lawsuits against hundreds of large-scale spammers. At the end of April 2004, the FTC announced its first set of enforcement actions under the CAN-SPAM Act against two spam operations. Civil remedies include damages of up to $750 per violation, with a maximum award of $6 million. The penalties are even higher for certain aggravated offenses, such as if the sender has actual or implied knowledge that an e-mail address was obtained by "address harvesting" (using software to "harvest" e-mail addresses from web pages and chat rooms) or a "dictionary attack" (connecting to a third-party’s e-mail server, submitting millions of random e-mail addresses and adding live addresses to its mailing list). Businesses that use third-party services as part of their online marketing efforts should ensure that they are not being fed e-mail addresses obtained in these ways.

Conclusion
While the FTC’s new rule certainly does not offer a bright-line rule for businesses that include advertising material in their transactional or relationship e-mail to their customers, careful crafting of subject lines and message content should allow companies to send such messages to their customers without including the notices and opt-out features required by CAN-SPAM. Business should have an e-mail compliance program in place to ensure that all e-mails that go out either qualify as a transactional/relationship e-mail or comply with CAN-SPAM.

Footnotes

1. 15 U.S.C. §§ 7701-7713, effective January 2004.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought in your specific circumstances