Note: We are not lawyers, nor did legal counsel review this article prior to publication. Please check with your own lawyer for help.

The FTC's final rulings on the CAN-SPAM Act were published Thursday, December 16, 2004 -- exactly one year to the date that the Act was first passed.

The document is 81-pages long (see link below). And yet, most of the commentary we've seen in the press about it completely misses the point.

You see, those 81-pages are taken up with arguments to and fro about what type of email is covered by the Act. They boil down to what you already guessed using common sense. Commercial emails are anything that's primarily promotional or that focuses on driving clicks to a site that's primarily promotional.

It could be anything from a sales alert to your house list to a pitch letter sent by one of your field sales reps to a single prospect.

In our opinion, the lengthy fuss most people are making about this definition has obscured the most critical factor. It's not which email is included, it's what's required of that email.

On the surface, the requirements appear to be so utterly basic that even a dummy could comply. Why worry what's "commercial" or not? Just sling your street address and an opt-out link on all email you send, abstain from slimy "deceptive" subject lines, add some copy if you mail porn, and you're all set.

No biggie.

... except for one thing that many folks overlooked: Do Not Email.

The Act says, "recipients of commercial electronic mail have a right to decline to receive additional commercial electronic mail from the same source."

Although this seems simple, just give folks an opt-out; it's hellish for many organizations to actually implement Do Not Email. That's because the opt-out isn't just for the particular list that sent the mail. The opt-out is for any promotional mail your brand might ever send that email address *from any list or staffer* ever again.

Example:

Acme Inc sends a 20% off widgets sales alert to its house list. Recipient John@ISP.com decides to opt out. Acme Inc has to now remove (or suppress) that email address from every single promotional mailing that it sends, or is sent on its behalf, ever again.

Sounds simple, but consider all the silo-ed lists and databases that John@ISP.com might be on.

Perhaps an outside sales rep at Acme decides to send a sales pitch to John@ISP.com. How about an ACME reseller or distributor? What if ACME has an affiliate program? Or perhaps other widget-selling locations, branches, or franchises. Not to mention a permission opt-in list that Acme's marketing team might rent in the future...

All of these have to remove (or suppress) John@ISP.com prior to sending a commercial message, even if that message otherwise complies with CAN-SPAM (you know, that easy stuff about a street address, honest subject lines, and a working opt-out link).

Otherwise Acme could be sued.

Is Acme in real danger if they ignore the suppression rule, and allow commercial email to be sent to John@ISP.com?

We're not lawyers or statisticians, but probably not. As you guessed, most lawsuits will be filed against the big bad obvious targets. Folks who send truly offensive and/or deceptive email to non-permission lists.

If you drive through a red light in a small town at 2am, you probably won't get in trouble. But that doesn't mean you aren't breaking the law.

Your organization -- preferably your CEO with input from legal, marketing, and IT -- needs to make an eyes-wide-open decision about your Do Not Email suppression tactics for 2005 and beyond.

Yes, there are vendors who can help by making suppression secure and easy (we've included a link to one below).

There are also plenty of potential scams popping up promising CAN-SPAM "certification" without any means of truly delivering on their promise. (In fact, we queried the Spam Prevention Discussion List about one of them recently and were told firmly that such "certification" was pretty much worthless in the eyes of major ISPs.) So, don't invest in anything that's not proven to help you. Official-sounding names and icons mean almost nothing to ISP filters, or to the FTC for that matter.

Good luck.

This has been a CAN-SPAM reality check. Now, back to your usual broadcast station. :-)

Useful links related to this article:

FTC's official final rulings memo: http://www.marketingsherpa.com/can-spm/study.html

MarketingSherpa's Guide to Spam Laws Affecting US Marketers Emailing Canadians, Europeans, Brits, & Aussies: http://www.marketingsherpa.com/sample.cfm?contentID=2781

UnSubCentral - A vendor offering secure and easy suppression services (Note: MarketingSherpa is a client.): http://www.unsubcentral.com

Spam Prevention Discussion List Archives (Note: You must be a List subscriber to surf archives, subscriptions are free. The List is not associated in any way with MarketingSherpa.): http://peach.ease.lsoft.com/archives/spam-l.html