January 21, 2004

Update Memo: CAN-SPAM Good News & Bad, Bad, Bad, Bad News

SUMMARY: No summary available.
By Anne Holland, MarketingSherpa Publisher

Legal disclaimers: We are not lawyers, please consult your own legal counsel for advice. Also, no part of this article may be reprinted or quoted out of context. Thank you.

On the day before Christmas Eve, I sent all MarketingSherpa readers an Urgent Memo on how it looked like CAN-SPAM would affect their business.

Since then, I've been researching my brains out - including spending two and a half hours on the phone quizzing FTC Staff Attorney Michael Goodman who is personally responsible for coordinating the FTC's CAN-SPAM rule-making efforts.

I learned some things during my conversation with the FTC and four more experts, including Jim Koenig who heads PricewaterhouseCoopers' Privacy Practice, that surprised me very much.

These facts won't keep until my formal Recommendations Report due to be published January 30th 2004. So, here's a quick factoid list for you in the meantime:

Good news: It's fairly easy to comply with content rules

In short, as long as your promotional messages (emails sent with the primary purpose of promoting a commercial good or service), are not misleading in subject, "from" or content, and you include your street address (not PO box) and a working opt-out link … you're ok.

For most organizations that's easy. And hey it's a best practice anyway, so why not?

Bad News #1: It's hard to comply with opt-out rules. Welcome to suppression file hell…

If anyone in the US clicks on a commercial email message's opt-out link, their name has to be suppressed from all commercial emails "from" the product or service brand that the initial message was about. ("From" means whether you push the send button yourself, or an outside marketer sends an email to anyone on your behalf.)

Sounds simple - but it's not.

The problem is it's not about opting out of a list as most permission mailers understand it. It's about opting out of a brand name.

The email recipient is saying, "I don't want to ever get another promotional message via email about this brand name again, no matter what list my name is on."

So, you not only have to take that name off of the list they reacted to, you also have to suppress (stop) the name from ever getting commercial emails about you from other mailers as well. Other mailers might be:

- affiliates
- rented lists or CPA email campaigns
- outside sales reps
- internal sales reps
- franchise owners, divisions, and/or branch offices
- you name it.

You're off the hook for sponsorship ads in email newsletters (whew) because their primary purpose is the editorial content and not your ad. But otherwise, welcome to suppression-file hell.

Bad News #2: CAN-SPAM applies to more types of organizations and email than you think - scary news for everyone

Nobody gets off the hook because they are a special type of organization. If you mail commercial messages into US email addresses, you have to comply. It doesn't matter whether you are
outside the US (the FTC is working with other governments), or if you are a not-for-profit organization, or if you are an individual entrepreneur.

Also, CAN-SPAM doesn't put a minimum on how many emails must be included in a broadcast to qualify. To put this in another way: even one single email sent to one single address qualifies.

This means employees' activities outside of the broadcast email department can mess you up. For example, if one of your sales reps sends a promotional email to anyone who ever clicked on that "opt-out" link in any of your brand's promotions, that sales rep just broke the law.

Get ready to invest in an organization-wide email system if you haven't already. You can't let staff run silo-ed email lists of their own anymore.

Also, take five minutes right now to get out an official memo organization-wide telling folks they must add an email signature (aka SIG) to all of their sends from now on that has your brand's official opt-out link and your street address.

For example, our new company-wide SIG says:

Join/leave our lists: http://www.marketingsherpa.net/n/mngsubs.asp
MarketingSherpa Inc, 499 Main St., Warren, RI 02885

Bad News #3: There's no "grace period."

Capitol Hill wanted to make a big difference fast, so they didn't build in a compliance grace period to the basic provisions of the CAN-SPAM act except for the sections that are specifically noted.

Bad News #4: And, almost anyone can sue you.

Lots of mailers, including me, thought we didn't need to worry much about CAN-SPAM because only the FTC and state legal officials would be using it to go after spammers -- and obviously they are going to chose to go after the big "bad guys" instead of permission-based companies.

So, although the suppression files may be a nightmare, no one will really look if we aren't absolutely perfect. We're the good guys after all.

The problem with that scenario is the fact that the law also allows "providers of Internet access services" to sue you. I asked Goodman if that meant ISPs such as AOL could go after people.

He said, "…the definition is fairly broad and I think it could include a company that offers networking services to its employees."

Which is basically anybody with an IT department. Between the anti-any-commercial-email crowd and the folks who just dislike your brand name (has anyone posted a sucks.com site about you?), there's a world of angry people who might now have the power to sue if they opt-out and then get even one promotional email message sent by one person on your behalf.

Just before I started writing this Memo, I was on the phone with a reporter for the San Jose Mercury News. He wanted to know if this provision meant doomsday was near, or if some folks were being unduly alarmist about it.

I told him no one can know for sure this early on. A lot depends on how much publicity these CAN-SPAM details get in the general media, and how much publicity any ensuing lawsuits get.

The act has placed a potential weapon in the hands of every IT department in the US. It remains to see how they'll use it.

Next up -- FTC still working on "grey areas" and they'll want your input

In the next 60-days or so, the FTC will post a request for comments at the FTC.gov site. (I'll alert you when it's ready.)

They will be seeking any and all input on the "grey areas" of the act, including such things as how are list brokers, media buyers and ad agencies affected? What about emails sent using automated "tell a friend" systems? What percent of "commercial matter" can tip an email newsletter over the edge from being an editorial-not-affected-by-CAN-SPAM to being considered a primarily commercial message? etc. etc.

I urge you to read the CAN-SPAM act again (there's a link below if you don't already have a copy of it), discuss it with your legal counsel and also with your trade association, and then post your concerns to the FTC.

It's your chance to make this law make better sense.

And good luck to all of us.

Useful links related to this article:

#1. Get a copy of the Act itself -- PDF link:

#2. AIM's guidelines for secure email merge/purge:

#3. Our Tech Editor Jill Keogh's useful memo:
Since You Can-Spam Now, Why Follow Opt-in? Why Permission Practices Remain Critical

Improve Your Marketing

Join our thousands of weekly case study readers.

Enter your email below to receive MarketingSherpa news, updates, and promotions:

Note: Already a subscriber? Want to add a subscription?
Click Here to Manage Subscriptions