In 2003, Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing Act, otherwise known as the CAN-SPAM Act of 2003, 15 U.S.C. §§ 7701 to 7713 (2005), which prohibits the distribution of certain unsolicited electronic mail, or "spam." The Act imposes both civil and criminal penalties upon violators but does not create a private cause of action on the part of the spam recipient.
Among other things, the Act
-
makes it a federal crime, punishable by fines and incarceration, to send unsolicited commercial electronic mail containing fraudulent header information;
-
prohibits certain methods of generating electronic mail address lists;
-
prohibits the transmission of commercial electronic mail to recipients who have "opted out" of receiving such communications from the sender;
-
creates a regulatory scheme by which certain identifying information is required in all commercial electronic mail; and
-
"directs the Federal Trade Commission (FTC) to develop a plan for implementing a national Do-Not-E-Mail registry."
The Act is enforced through a combination of criminal penalties, authorized civil actions by state authorities, FTC action, and civil actions filed by Internet Service Providers ("ISPs"). It supersedes any statute, regulation, or rule of a state or political subdivision of a state that expressly regulates the use or transmission of spam, except to the extent that any such state, regulation, or rule prohibits falsity or deception in any portion of spam or information attached thereto. The Act does not, however, preempt state laws that are not specific to spam, including state trespass, contract, and tort law; similarly, it does not preempt states laws that relate to computer crimes. (For instance, Virginia Code section 18.2-152.3:1, which prohibits the knowing falsification of electronic mail information or routing information and the sale or other distribution of software intended to falsify such information, is not preempted.)
The Act does not prohibit the sending of unsolicited commercial e-mails, as long as they contain:
-
accurate routing information;
-
the physical mailing address of the sender;
-
an appropriate notation if the subject content is intended for adults only; and
-
a reasonable method by which the recipient may "opt-out" of receiving similar communications in the future.
Obviously, the Act imposes liability on a direct violator, one who sends commercial e-mail in a manner prohibited by the statute. However, the Act also imposes liability on those who "procure the origination or transmission" of a prohibited commercial e-mail and those who "allow the promotion of" their businesses in a commercial e-mail which contains false or misleading transmission information.
This aspect of the law has caused some concern that liability may be imposed upon e-commerce businesses who advertise through Internet marketing firms or affiliates who violate the Act. When one considers the fact that many e-commerce businesses utilize affiliate marketing programs with tens or hundreds of thousands of members (satellite television retailer VMC Satellite, Inc. advertises that it has more than 250,000 affiliates while Amazon boasts more than 1,000,000), the potential for legal exposure under the Act is astounding.
As it turns out, however, avoiding the unreasonable imposition of liability under the Act may be a fairly straightforward process. Recent cases have suggested that an e-commerce business should reduce its risk by including a well-drafted "anti-spam" provision in its Internet advertising contracts and the terms and conditions which apply to its affiliate program. Of course, such a provision will carry little weight if an opposing party can establish that it was not truly enforced but was implemented only to avoid liability.
Other Posts in this Series
Issue # 1: Protection of Domain Names
Issue # 2: Protection of Original Website Content
Issue # 3: Website Terms of Use
Issue #4: The Potential for Universal Jurisdiction
Issue #6: Keyword Advertising and the Effect of Trademark Law