[Federal Register Volume 70, Number 91 (Thursday, May 12, 2005)]
[Proposed Rules]
[Pages 25426-25455]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-9353]
[[Page 25425]]
-----------------------------------------------------------------------
Part IV
Federal Trade Commission
-----------------------------------------------------------------------
16 CFR Part 316
Definitions, Implementation, and Reporting Requirements Under the CAN-
SPAM Act; Proposed Rule
��Federal Register / Vol. 70, No. 91 / Thursday, May 12, 2005 /
Proposed Rules��
[[Page 25426]]
-----------------------------------------------------------------------
FEDERAL TRADE COMMISSION
16 CFR Part 316
[Project No. R411008]
RIN 3084-AA96
Definitions, Implementation, and Reporting Requirements Under the
CAN-SPAM Act
AGENCY: Federal Trade Commission (FTC).
ACTION: Notice of Proposed Rulemaking; request for public comment.
-----------------------------------------------------------------------
SUMMARY: In this document, the Federal Trade Commission (``Commission''
or ``FTC'') proposes rules pursuant to several distinct provisions of
the Controlling the Assault of Non-Solicited Pornography and Marketing
Act of 2003 (``CAN-SPAM'' or ``the Act''). Specifically, section
7702(17)(B) grants the FTC discretionary authority to prescribe rules
modifying the Act's definition of ``transactional or relationship
message.'' Section 7704(c)(1) authorizes the Commission to adopt a rule
modifying the ten-business-day period senders (and those acting on
their behalf) have under the Act to process recipients' ``opt-out''
requests with respect to ``commercial electronic mail messages.''
Section 7704(c)(2) authorizes the Commission to adopt a rule specifying
activities or practices that would be considered ``aggravated
violations'' by section 7704(b) of the Act, in addition to the
aggravated violations already specified in the statute. Finally,
section 7711(a) gives the FTC discretionary authority to ``issue
regulations to implement the provisions of [the] Act.''
This document invites written comments on issues raised by the
proposed Rule and seeks answers to the specific questions set forth in
Part VII of this NPRM.
DATES: Written comments must be received by June 27, 2005.
ADDRESSES: Interested parties are invited to submit written comments.
Comments should refer to ``CAN-SPAM Act Rulemaking, Project No.
R411008'' to facilitate the organization of comments. A comment filed
in paper form should include this reference both in the text and on the
envelope, and should be mailed to the following address: Federal Trade
Commission, CAN-SPAM Act, Post Office Box 1030, Merrifield, VA 22116-
1030. Please note that courier and overnight deliveries cannot be
accepted at this address. Courier and overnight deliveries should be
delivered to the following address: Federal Trade Commission/Office of
the Secretary, Room H-159, 600 Pennsylvania Avenue, NW., Washington, DC
20580. Comments containing confidential material must be filed in paper
form, must be clearly labeled ``Confidential,'' and must comply with
Commission Rule 4.9(c), 16 CFR 4.9(c) (2005).\1\
---------------------------------------------------------------------------
\1\ The comment must be accompanied by an explicit request for
confidential treatment, including the factual and legal basis for
the request, and must identify the specific portions of the comment
to be withheld from the public record. The request will be granted
or denied by the Commission's General Counsel, consistent with
applicable law and the public interest. See Commission Rule 4.9(c),
16 CFR 4.9(c).
---------------------------------------------------------------------------
Comments filed in electronic form should be submitted by clicking
on the following Weblink: https://secure.commentworks.com/ftc-canspam/
and following the instructions on the Web-based form. To ensure that
the Commission considers an electronic comment, you must file it on the
Web-based form at https://secure.commentworks.com/ftc-canspam/ Weblink.
You may also visit http://www.regulations.gov to read this proposed
Rule, and may file an electronic comment through that Web site. The
Commission will consider all comments that regulations.gov forwards to
it.
The FTC Act and other laws the Commission administers permit the
collection of public comments to consider and use in this proceeding as
appropriate. All timely and responsive public comments, whether filed
in paper or electronic form, will be considered by the Commission, and
will be available to the public on the FTC Web site, to the extent
practicable, at http://www.ftc.gov. As a matter of discretion, the FTC
makes every effort to remove home contact information for individuals
from the public comments it receives before placing those comments on
the FTC Web site. More information, including routine uses permitted by
the Privacy Act, may be found in the FTC's privacy policy, at http://www.ftc.gov/ftc/privacy.htm.
FOR FURTHER INFORMATION CONTACT: Sana Coleman, Staff Attorney, (202)
326-2249; or Catherine Harrington-McBride, Staff Attorney, (202) 326-
2452; Division of Marketing Practices, Bureau of Consumer Protection,
Federal Trade Commission, 600 Pennsylvania Avenue, NW., Washington, DC
20580.
SUPPLEMENTARY INFORMATION:
I. Background
A. CAN-SPAM Act of 2003
On December 16, 2003, the President signed the CAN-SPAM Act into
law.\2\ The Act, which took effect on January 1, 2004, imposes a series
of new requirements on the use of commercial electronic mail (``e-
mail'') messages. In addition, the Act gives Federal civil and criminal
enforcement authorities new tools to combat unsolicited commercial e-
mail (``UCE'' or ``spam''). Moreover, the Act allows State attorneys
general to enforce its civil provisions, and creates a private right of
action for providers of Internet access services.
---------------------------------------------------------------------------
\2\ 15 U.S.C. 7701-7713.
---------------------------------------------------------------------------
The Act also provides for FTC rulemaking on a number of topics. The
Commission has already published final Rule provisions: (1) Governing
the labeling of commercial e-mail containing sexually-oriented
material,\3\ and (2) establishing criteria for determining when the
primary purpose of an e-mail message is commercial.\4\ The current
Notice addresses the Act's grant of discretionary authority for the
Commission to issue regulations concerning certain of the Act's other
definitions and provisions,\5\ specifically, to:
---------------------------------------------------------------------------
\3\ 69 FR 21024 (Apr. 19, 2004).
\4\ 70 FR 3110 (Jan. 19, 2005).
\5\ The Act authorizes the Commission to use notice and comment
rulemaking pursuant to the Administrative Procedures Act, 5 U.S.C.
553. 15 U.S.C. 7711.
---------------------------------------------------------------------------
Expand or contract the definition of the term
``transactional or relationship message'' under the Act ``to the extent
that such modification is necessary to accommodate changes in
electronic mail technology or practices and accomplish the purposes of
[the] Act'' \6\
---------------------------------------------------------------------------
\6\ 15 U.S.C. 7702(17)(B).
---------------------------------------------------------------------------
Modify the ten-business-day period prescribed in the Act
for honoring a recipient's opt-out request; \7\
---------------------------------------------------------------------------
\7\ 15 U.S.C. 7704(c)(1).
---------------------------------------------------------------------------
Specify activities or practices as aggravated violations
(in addition to those set forth as such in section 7704(b) of CAN-SPAM)
``if the Commission determines that those activities or practices are
contributing substantially to the proliferation of commercial
electronic mail messages that are unlawful under subsection [7704(a) of
the Act]''; \8\ and
---------------------------------------------------------------------------
\8\ 15 U.S.C. 7704(c)(2).
---------------------------------------------------------------------------
``issue regulations to implement the provisions of this
Act.''\9\
---------------------------------------------------------------------------
\9\ 15 U.S.C. 7711(a). This provision excludes from the scope of
its general grant of rulemaking authority section 7703 of the Act
(relating to criminal offenses) and section 7712 of the Act
(expanding the scope of the Communications Act of 1934). In
addition, section 7711(b) limits the general grant of rulemaking
authority in section 7711(a) by specifying that the Commijssion may
not use that authority to establish ``a requirement pursuant to
Section 7704(a)(5)(A) to include any specific words, characters,
marks, or labels in a commercial electronic mail message, or to
include the identification required by Section 7704(a)(5)(A) * * *
in any particular part of such a mail message (such as the subject
line or body).''
---------------------------------------------------------------------------
[[Page 25427]]
B. Advance Notice of Proposed Rulemaking
On March 11, 2004, the Commission published an Advance Notice of
Proposed Rulemaking (``ANPR'') which solicited comments on a number of
issues raised by the CAN-SPAM Act, most importantly, the interpretation
of ``primary purpose.'' In addition, the ANPR requested comment on the
modification of the definition of ``transactional or relationship
message,'' on the appropriateness of the ten-business-day opt-out
period that had been set by the Act, on additional aggravated
violations that might be appropriate, and on implementation of the
Act's provisions generally.\10\ The ANPR set a date of April 12, 2004,
by which to submit comments. In response to petitions from several
trade associations, the Commission announced on April 7 that it would
extend the comment period to April 20, 2004.\11\
---------------------------------------------------------------------------
\10\ 69 FR 11776 (Mar. 11, 2004). The ANPR also solicited
comment on questions related to four Commission reports required to
be submitted to Congress: a report on establishing a ``Do Not E-
mail'' Registry, submitted on June 15, 2004; a report on
establishing a system for rewarding those who supply information
about CAN-SPAM violations, submitted on September 16, 2004; a report
setting forth a plan for requiring commercial e-mail to be
identifiable from its subject line, to be submitted by June 16,
2005; and a report on the effectiveness of CAN-SPAM, to be submitted
by December 16, 2005. The comments related to the ``Do Not E-mail''
Registry are discussed in the Commission's June 15, 2004, Report,
and comments related to the informant reward system are discussed in
the September 16, 2004, Report. The Commission will consider the
relevant comments received in response to the ANPR in preparing the
remaining reports.
\11\ 69 FR 18851 (Apr. 9, 2004). The associations seeking
additional time were the Direct Marketing Association, the American
Association of Advertising Agencies, the Association of National
Advertisers, the Consumer Bankers Association, and the Magazine
Publishers of America. The associations indicated that an extension
was necessary because of the religious holidays and the need to
consult more fully with their memberships to prepare complete
responses.
---------------------------------------------------------------------------
In response to the ANPR, the Commission received approximately
13,517 comments from representatives of a broad spectrum of the online
commerce industry, trade associations, individual consumers, and
consumer and privacy advocates.\12\ Commenters generally applauded CAN-
SPAM as an effort to stem the flood of unsolicited and deceptive
commercial e-mail that has threatened the convenience and efficiency of
online commerce. Commenters also offered several suggestions for the
Commission's consideration in drafting regulations to implement the
Act.
---------------------------------------------------------------------------
\12\ This figure includes comments received on the ``Do Not E-
mail'' Registry, which had a comment period that ended March 31,
2004. Appendix A is a list of commenters who submitted a comment in
response to the ANPR cited in this NPRM. Appendix A also provides
the acronyms used to identify each commente in this NPRM. A full
list of commenters, as well as a complete record of this proceeding,
may be found on the Commissioner's Web site: http://www.ftc.gov/os/comments/conspan/index.htm.
---------------------------------------------------------------------------
C. Notice of Proposed Rulemaking on CAN-SPAM Issues Other Than the
``Primary Purpose'' of an E-mail Message
Based on the comments received in response to the ANPR, as well as
the Commission's law enforcement experience, in this NPRM the
Commission proposes rule provisions on five broad topics: (1) Defining
the term ``person'' (in Part II.A.1.); (2) limiting the definition of
``sender'' to address scenarios where a single e-mail message contains
advertisements from multiple entities (in Part II A. 2.); (3)
clarifying that Post Office boxes and private mailboxes established
pursuant to United States Postal Service regulations are ``valid
physical postal addresses'' (in Part II.A.4.); (4) shortening the time
a sender has to honor a recipient's opt-out request (in Part II. B.);
and (5) clarifying that a recipient may not be required to pay a fee,
provide information other than his or her e-mail address and opt-out
preferences, or take any steps other than sending a reply e-mail
message or visiting a single Internet Web page to submit a valid opt-
out request (in Part II. C.).\13\ In Part II of this NPRM, each of
these proposed provisions is discussed, section by section. Other
topics are also discussed, in response to issues raised in comments
responding to the ANPR, regarding CAN-SPAM's definition of
``transactional or relationship message'' (in Part II.A.3.), and the
Commission's views on how CAN-SPAM applies to certain e-mail marketing
practices, including ``forward-to-a-friend'' e-mail marketing campaigns
(in Part II.A.5.), even though the Commission does not propose rule
provisions addressing those practices. Finally, in Part II.D., the
Commission discusses its determination not to designate additional
``aggravated violations'' under section 7704(c)(2).
---------------------------------------------------------------------------
\13\ In addition to proposing several new Rule provisions, this
NPRM proposes to renumber certain Rule provisions that were
previously adopted. 69 FR 21024 (Apr. 19, 2004); 70 FR 3110 (Jan.
19, 2005). The Commission proposes no other substantive changes to
the previously-adopted Rule provisions. The Sexually Explicit
Labeling Rule provisions, which were found at 316.4 in the January
19, 2005, Federal Register Notice's final Rule, are at 316.6 in the
proposed Rule presented in this NPRM. The severability provision,
which was 316.5, is now 316.7. The new 316.4 proposes a modification
to the amount of time senders (and those acting on their behalf)
have to process recipients' opt-out requests. The new 316.5 proposes
to regulate how opt-out mechanisms in commercial e-mail messages may
work. Sections 316.1, 316.2, and 316.3 (regarding scope,
definitions, and ``primary purpose'' criteria respectively) retain
their numbering from the January 19, 2005, Federal Register Notice.
---------------------------------------------------------------------------
The Commission invites written comment on the questions in Part VII
to assist the Commission in determining whether the proposed Rule
provisions strike an appropriate balance, maximizing protections for e-
mail recipients while avoiding the imposition of unnecessary compliance
burdens on law-abiding industry members.\14\
---------------------------------------------------------------------------
\14\ The August 13, 2004, NPRM was limited to the Commission's
proposal for criteria to facilitate the determination of the primary
purpose of an electronic mail message, 69 FR 50091. These criteria
were finalized in a January 19, 2005, Federal Register Notice, and
have been adopted as 16 CFR 316.3. See 70 FR 3110. Nevertheless,
many comments submitted in response to that NPRM addressed issues
other than ``primary purpose'' that were not raised in the August
13, 2004, NPRM, but are addressed in the instant NPRM. The
Commission will consider comments relevant to discretionary
rulemaking issues that were submitted in response to the August 13,
2004, NPRM. Commenters are advised, however, that the instant NPRM
proposes rule provisions and seeks comment relevant to the
discretionary rulemaking topics. Commenters wishing to respond to
this NPRM's proposals and requests for comment should take advantage
of this current public comment opportunity.
---------------------------------------------------------------------------
II. Analysis of Comments and Discussion of the Proposed Rule
A. Section 316.2--Definitions
Section 316.2--one of the Rule provisions previously adopted under
CAN-SPAM--defines thirteen terms by reference to the corresponding
sections of the Act that define those terms.\15\ This NPRM does not
reopen the rulemaking process for twelve of these definitions. This
NPRM, however, does propose adding a proviso to the previously-adopted
definition of ``sender.'' This NPRM also proposes adding definitions of
``person'' and ``valid physical postal address.'' These proposed
definitional provisions were not part of the earlier rulemaking
proceedings, but are discussed and explained in the sections that
follow. (Parts II.A.1, 2 and 4.) This discussion of definitions also
covers, in Part II.A.3 and 5, why the Commission is not proposing any
change to the Act's definition of ``transactional or relationship
message'' and how CAN-SPAM applies to ``forward-to-a-friend'' e-mail
campaigns.
---------------------------------------------------------------------------
\15\ See 16 CFR 316.2; 69 FR 2104 (Apr. 19, 2004); 70 FR 3110
(Jan. 19, 2005).
---------------------------------------------------------------------------
[[Page 25428]]
1. Section 316.2(h)--Definition of ``Person''
The term ``person'' appears throughout CAN-SPAM,\16\ and is also
used in a number of Rule provisions. The Commission proposes to add a
definition of this term under authority granted in section 7711 of the
Act, which empowers the Commission to ``issue regulations to implement
the provisions of this Act.'' The Commission believes that making it
clear that the term ``person'' is broadly construed, and is not limited
solely to a natural person, will advance the implementation of the Act.
The proposed definition tracks the definition of the term included in
the Telemarketing Sales Rule, 16 CFR 310.2(v): ``an individual, group,
unincorporated association, limited or general partnership,
corporation, or other business entity.''
---------------------------------------------------------------------------
\16\ See, e.g., 15 U.S.C. 7702(8), (12), (15), (16); 7704(a)(1),
(2) and (3).
---------------------------------------------------------------------------
2. Section 316.2(m)--Definition of ``Sender''
Section 7702(16)(A) of the Act defines ``sender'' as ``a person who
initiates [a commercial electronic mail] message and whose product,
service, or Internet Web site is advertised or promoted by the
message.'' \17\ The definitional provisions that the Commission has
already adopted under CAN-SPAM \18\ incorporate by reference the Act's
definition of ``sender.'' Many commenters urged that this definition be
modified to provide that when more than one person's products or
services are advertised or promoted in a single e-mail message there
would be only one sender of a message for purposes of the Act.\19\ In
response to these comments, the Commission proposes in 316.2(m) to set
out the criteria for identifying the ``sender'' in that situation. The
Commission proposes this clarification pursuant to its discretionary
rulemaking authority to ``issue regulations to implement the provisions
of this Act.'' \20\ Implementation of the Act requires clarity with
respect to who is the ``sender'' of a commercial e-mail message because
the ``sender'' is obligated under the Act to honor any opt-out
requests. Moreover, the sender, as the initiator of a commercial e-mail
message, is also obligated to provide a functioning return e-mail
address or other Internet-based opt-out mechanism and provide a valid
physical postal address of the sender.\21\ Therefore, the proposed
definition is:
---------------------------------------------------------------------------
\17\ 15 U.S.C. 7702(16)(A).
\18\ 16 CFR 316.2(m).
\19\ The ANPR asked whether it would be helpful to clarify the
obligations of the parties when more than one seller's products or
services are advertised in a message. The responders to the ANPR's
web-based questionnaire overwhelmingly supported clarifying the
obligations of multiple senders--seventy-seven percent of responders
favored clarifying the obligations and eighty-two percent supported
having the Commission issue regulations clarifying who meets the
definition of ``sender.'' Commenters who submitted written comments
also strongly supported clarification. See, e.g., ABA; IAC;
Moerlien; PMA; USTOA; and Visa. Nevertheless, some commenters opined
that e-mail messages may have multiple senders and that each should
comply with the opt-out requirements. See, e.g., ABM at 6-7
(``[E]ach business whose products are advertised should be
considered a sender of the e-mail * * * provided that they are truly
`initiators' and that a reasonable recipient would perceive each of
the businesses equally as a sender of the mail.'') ABM proposed a
drop-down menu from which recipients could choose whether to opt-out
from future commercial e-mail from all, one, or several senders. See
also ERA; Time Warner (joint marketing effort where two or more
companies send out joint e-mail messages).
\20\ 15 U.S.C. 7711(a).
\21\ 15 U.S.C. 7704(a)(3), (a)(4), and (a)(5).
---------------------------------------------------------------------------
The definition of the term ``sender'' is the same as the definition
of that term in the CAN-SPAM Act, 15 U.S.C. 7702(16), provided that,
when more than one person's products or services are advertised or
promoted in a single electronic mail message, each such person who is
within the Act's definition will be deemed to be a ``sender,'' except
that, if only one such person both is within the Act's definition and
meets one or more of the criteria set forth below, only that person
will be deemed to be the ``sender'' of that message:
(i) The person controls the content of such message;
(ii) The person determines the electronic mail addresses to which
such message is sent; or
(iii) The person is identified in the ``from'' line as the sender
of the message.
Under this proposal, only one of several persons whose products or
services are advertised or promoted in an e-mail message would be the
``sender'' if the person initiated the message and was the only person
who controlled the content of the message, determined the e-mail
addresses to which it would be sent, or was identified in the ``from''
line as the sender.\22\ If no one person who meets the Act's definition
of ``sender'' satisfies the latter part of this proposed definition
(i.e., if no one person controls the content of the message, determines
the e-mail addresses to which the message would be sent, or is
identified in the ``from'' line as the sender), then all persons who
satisfy the definition will be considered senders for purposes of CAN-
SPAM compliance obligations.
---------------------------------------------------------------------------
\22\ This proposed definition does not eliminate the possibility
that a message may have more than one ``sender.'' However,
advertisers can use the criteria set forth in the proposed
definition to establish a single sender and avoid a multiple-sender
situation. If advertisers fail to structure the message to avoid
multiple senders under the proposed definition, then each sender is
obligated to comply with CAN-SPAM requirements, notably, to provide
an Internet-based opt-out mechanism and a valid physical postal
address, and to honor any opt-out requests.
---------------------------------------------------------------------------
A hypothetical example can illustrate this proposal. If X, Y, and Z
are sellers who satisfy the Act's ``sender'' definition, and they
designate X to be the single ``sender'' under the Commission's
proposal, among the three sellers, only X may control the message's
content, control its recipient list, or appear in its ``from'' line. X
need not satisfy all three of these criteria, but no other seller may
satisfy any of them. The sellers may use third parties to be
responsible for any criteria not satisfied by X. For example, if X
appears in the ``from'' line, the sellers may use third parties--but
not Y or Z--to control the message's content and recipient list.
a. Comments on the Definition of ``Sender''
The Act's definition is clear with respect to a scenario where a
person tries to hide his identity or escape responsibility by having
someone else send commercial e-mail on his behalf. Indeed, the
legislative history indicates an intent that the definition of
``sender'' reach any entity that either sends its own e-mail messages
or contracts with one or more third parties \23\ to transmit messages
on its behalf.\24\ The Senate Report states:
---------------------------------------------------------------------------
\23\ This would include arrangements where numerous so-called
``affiliates'' are induced to send commercial e-mail messages on
behalf of a seller to drive traffic to the seller's Web site, and
the affiliates are paid based on the number of individuals who
ultimately purchase the seller's product or service, or visit the
operator's Web site through referral from the affiliate.
\24\ See, e.g., Bankers; IAC; Microsoft.
Thus, if one company hires another to coordinate an e-mail
marketing campaign on its behalf, only the first company is the
sender, because the second company's product is not advertised by
the message. If the second company in this example, however,
originates or transmits e-mail on behalf of the first company, then
* * * both companies would be considered to have ``initiated'' the
e-mail, even though only the first company is considered to be the
``sender.'' \25\
---------------------------------------------------------------------------
\25\ S. Rep. No. 108-102, at 16 (2003).
However, commenters argued strongly that the Act's definition is
unclear when applied to more complex marketing arrangements involving
multiple advertisers and e-mail service providers.
Several commenters claimed to find support in the Act and its
legislative
[[Page 25429]]
history for the theory that CAN-SPAM provides for only one sender. For
example, IAC, MBNA, and Microsoft pointed out that the statute,
throughout, refers to a singular entity: ``the sender'' or ``that
sender.'' \26\ By comparison, CAN-SPAM's definition of ``initiate''
expressly provides that more than one person may initiate a
message.\27\ These commenters also noted that the Senate Report cited
immediately above refers exclusively to messages with one sender.\28\
The Commission is not persuaded by these arguments. The Act's
definitions of ``initiate'' and ``sender'' are intertwined and must be
read together. Every ``sender'' must also satisfy the ``initiate''
definition, so the Act's provision for multiple initiators can apply to
multiple senders as well. Moreover, based on the Senate Report excerpt
cited above, the Commission believes that CAN-SPAM's drafters
apparently had only one scenario in mind--a single seller hiring a
third party to transmit messages on its behalf. It is not uncommon,
however, for a particular commercial e-mail message to include
promotions or advertisements from more than one seller. Under the Act's
definition of ``sender,'' each advertiser in an e-mail message may be a
``sender'' of the message because each: (1) ``Initiates'' the message
\29\ (i.e., has ``procured'' the initiation of the message by paying,
providing consideration to, or inducing another person to initiate the
message on its behalf); \30\ and (2) has products or services that are
promoted or advertised in the message.\31\
---------------------------------------------------------------------------
\26\ See, e.g., 15 U.S.C. 7704(a)(3), 7704(a)(5), 7702(17)(a).
\27\ See 15 U.S.C. 7702(9).
\28\ IAC; MBNA; Microsoft. See S. Rep. No. 108-102.
\29\ 15 U.S.C. 7702(9).
\30\ 15 U.S.C. 7702(12).
\31\ 15 U.S.C. 7702(16)(A).
---------------------------------------------------------------------------
Responding to the possibility that multiple senders in a single
message may have to comply independently with CAN-SPAM, commenters
claimed that implementation of the Act may be impeded in single
message/multiple advertiser scenarios because of four significant
problems the commenters identified regarding a regime that holds more
than one party responsible for being the sender of a single e-mail: the
difficulty of providing multiple opt-out mechanisms and valid physical
postal addresses in a single message; the burden of maintaining
multiple suppression lists; the possible violation of privacy policies
and statutes; and frustration of consumer expectations. Each of these
problems is discussed below.
First, commenters argued that if the law holds more than one party
responsible for being ``senders'' of a single e-mail message, the
message would have to contain a welter of opt-out mechanisms and
physical postal addresses, likely resulting in consumer confusion.\32\
---------------------------------------------------------------------------
\32\ See, e.g., Bankers; DMA; ERA; IAC; MPAA; Microsoft; PMA;
Time Warner.
---------------------------------------------------------------------------
Second, commenters argued that treating each advertiser in an e-
mail as a ``sender'' would require multiple suppression lists--i.e.,
when a list owner advertises its products in an e-mail, along with
advertisements of other companies, the list owner and each advertiser
would have to add each person that opts out to their ``suppression''
lists and check each list against those of each of the others before
sending additional messages.\33\ Commenters argued that this result
would add unnecessary administrative costs and complexity for
legitimate e-mail marketers.\34\ A list owner would have to develop a
mechanism for receiving suppression lists from every advertiser with
which it deals, and for comparing its own mailing list against multiple
suppression lists for each message it sends.\35\ In addition, a list
owner would have to develop a mechanism for managing multiple opt-outs,
i.e., ensuring that the consumer can opt out from each advertiser and
that all opt-outs sent to the list owner are forwarded to the
advertisers from whom the consumer no longer wishes to receive
commercial e-mail.\36\ Commenters therefore argued that multiple
suppression lists would increase costs and time delays.\37\ Commenters
also noted that, in the case of online newsletters or similar
publications, the need for multiple suppression lists could endanger
the existence of such newsletters because it would be impossible to
create a different newsletter tailored for each recipient, containing
only advertisements for companies to which that recipient had not sent
an opt-out request.\38\ In this regard, some commenters indicated that
requiring multiple suppression lists also would threaten the type of
joint marketing arrangements that are common in industry and chill
electronic commerce.\39\
---------------------------------------------------------------------------
\33\ Id.
\34\ See, E.g., Bankers; ASTA; DMA; MPAA; Microsoft; SBA pointed
out that this would be particularly injurious to small businesses.
\35\ See, e.g., DMA; ERA; Microsoft; PMA.
\36\ See, e.g., Microsoft.
\37\ See, e.g., Bankers; DMA; ERA; MPAA; Microsoft.
\38\ See, e.g., NAA; OPA; Time Warner.
\39\ See, e.g., NAA; Time Warner.
---------------------------------------------------------------------------
Third, commenters contended that the need for multiple suppression
lists leads to another problem with treating each advertiser as a
``sender'': Multiple suppression lists could force a business to
divulge customer names to list owners and other advertisers, even when
the business has promised to protect that information under its privacy
policy.\40\ In addition to contravening privacy policies, a requirement
to check names against multiple lists would necessitate passing lists
back and forth among several parties, increasing the risk that
consumers' private information may be shared with inappropriate
entities, or subjected to greater vulnerability from hackers.\41\
---------------------------------------------------------------------------
\40\ See, e.g., Bankers; ASTA; ACB; DMA; IAC; MPA; Microsoft;
Time Warner. Of course, to the extent permitted by law, an
advertiser could change its privacy policy to reflect the need to
share opt-out information with other advertisers. Such a change,
however, would not necessarily be in the bets interests of consumers
who do not want their e-mail addresses shared among third parties.
\41\ See, e.g., DMA; IAC; MPAA; Microsoft; Time Warner.
---------------------------------------------------------------------------
Fourth, some commenters stated that, in some situations at least, a
requirement that each separate advertiser in a single e-mail message be
treated as a separate sender would run counter to consumer
expectations.\42\ Commenters noted that, when consumers have subscribed
to an online newsletter or similar service, they would expect to submit
an opt-out request to that newsletter publisher, not to each advertiser
in the newsletter.\43\ In other words, consumers would expect to send
an opt-out request to the party with whom they have previously done
business, and to whom they have provided affirmative consent to receive
e-mails, not to advertisers that may be included in that party's
message.\44\
---------------------------------------------------------------------------
\42\ ABM; DMA; Time Warner.
\43\ AMB; Microsoft; Midway; Time Warner.
\44\ See, e.g., Time Warner. Arguments regarding consumers' opt-
out expectations are complicated by the fact that, in some
situations, the party to whom consumers would expect to submit an
opt-out request would not be a ``sender'' under the Act. For
example, commenters raised the case of an e-mail address list owner
who sends commercial messages on behalf of others but does not
advertise any products or services of its own. See, e.g., IAC;
Microsoft (also arguing that the Act's regulation of this
arrangement decreases consumer choice and control). If consumers
have asked the list owner to send them commercial messages, they may
expect to be able to opt out of that party's messages. This party
would not be a ``sender'' under the Act and thus would not have to
honor opt-out requests if its own products or services are not
advertised in the message. List owners who send messages on a
seller's behalf, however, may satisfy the Act's ``initiate''
definition. 15 U.S.C. 7702(9). Persons who ``initiate'' commercial
e-mail must comply with the Act. See, e.g., 15 U.S.C. 7704(a) and
(b).
---------------------------------------------------------------------------
[[Page 25430]]
b. Proposal To Modify Definition of ``Sender''
Based on the arguments discussed above, the Commission believes
there is merit in the argument that an interpretation of ``sender''
that would not allow multiple advertisers in a single message to
designate one as the ``sender'' could impede implementation of CAN-SPAM
by placing undue compliance burdens on businesses and endangering the
privacy of consumers' personal information. Therefore, the Commission
believes that to implement CAN-SPAM, the definition of ``sender''
should be modified so that in situations when more than one person's
products or services are promoted or advertised in a single e-mail
message, those sellers may structure the sending of the e-mail message
so that there will be only one sender of the message for purposes of
the Act.
If there is only one sender, the question remains how to determine
who is the sender in messages with multiple advertisers. Commenters
proposed a variety of criteria for designating a single ``sender'' of
such e-mail messages. Most commenters focused on two principal indicia
for determining the identity of the sender: (1) Control of the message
and (2) recipient expectations.\45\
---------------------------------------------------------------------------
\45\ Nevertheless, a small group of commenters recommended that
the Commission use a ``but for'' test. See, e.g., Bankers; ASTA;
DMA; Discover; IAC; MPAA; Microsoft; Time Warner. Under such a test,
if an e-mail message would have been sent regardless of whether a
particular advertisement was included, then the advertiser would not
be a sender. The Commission does not believe that such a test is
workable from the perspective of law enforcement because it relies
on gauging the intent of the sender, an approach that is contrary to
the Commission's traditional analysis of advertising or marketing
claims. In its final primary purpose criteria, the Commission
similarly declined to adopt a ``but for'' test for determining a
message's ``primary purpose,'' instead opting to look at the message
from the recipient's perspective. 70 FR at 3118. The Commission
noted that its decision to use the recipient's perspective is based
on the analytical approach the Commission traditionally has taken
with advertising, where claims are judged from the consumer's
perspective not the marketer's. Id. Therefore, the Commission
declines to adopt a ``but for'' test, or any other approach that
focuses on a sender's intent, in determining the identity of the
``sender.''
---------------------------------------------------------------------------
(1) Control of the Message
Commenters cited several factors evidencing control that would be
useful in determining the sender's identity, including:
Which entity holds itself out as the sender? Who is in the
``from'' line? \46\
---------------------------------------------------------------------------
\46\ Bankers; DMA; ERA; Experian; Go Daddy; MPAA.
---------------------------------------------------------------------------
Who originates or transmits the e-mail? Who sends it or
causes it to be sent? \47\
---------------------------------------------------------------------------
\47\ See, e.g., ABM; AeA; ACB; ERA; Experian; Go Daddy; IPPC;
MMS; NAR; Coalition; Time Warner; USTOA.
---------------------------------------------------------------------------
Who collects the recipients' e-mail addresses? Who is the
list owner? \48\
---------------------------------------------------------------------------
\48\ See, e.g., DMA; Experian; ERA; IAC; IPPC; Microsoft;
Moerlien; Time Warner. IAC and Microsoft also recommended that the
list owner or broker be required to identify itself and the role it
plays in sending the e-mail.
---------------------------------------------------------------------------
Who provides the list of recipients' e-mail addresses? Who
controls the recipient list? \49\
---------------------------------------------------------------------------
\49\ See, e.g., Bankers; AeA; DMA; ERA; MPAA; IAC; IPPC; MPAA.
---------------------------------------------------------------------------
Who provides the content? Who controls the development of
the message content? \50\
---------------------------------------------------------------------------
\50\ See, e.g., AeA; DMA; ERA; Go Daddy; NAR.
---------------------------------------------------------------------------
Who, if anyone, has an existing relationship with the
recipient? Who, if anyone, received affirmative consent to e-mail the
recipient? Who controls the relationship with the recipient? \51\
---------------------------------------------------------------------------
\51\ See, e.g., AeA; Experian; IAC; Coalition.
---------------------------------------------------------------------------
Who is the recipient directed to contact if he or she
wants more information or to purchase the product or service
advertised? \52\
---------------------------------------------------------------------------
\52\ See, e.g., Coalition (suggesting one test would be who
derives the primary value from the message); USTOA.
---------------------------------------------------------------------------
(2) Recipient Expectations
Other commenters urged the Commission to use a ``net impression''
test, in which the ``sender'' would be determined in a way that would
be consistent with the recipient's reasonable expectations, i.e., the
entity that a reasonable recipient would expect to be the ``sender.''
\53\ Commenters suggested that, under such an approach, the Commission
would evaluate a message using a variety of factors, like those listed
above, that may evidence control.
---------------------------------------------------------------------------
\53\ See, e.g., ABM; IAC; Microsoft; NAR; Coalition; USTOA.
---------------------------------------------------------------------------
The Commission believes that the factors highlighted by commenters
are relevant to the issue of who should be considered the ``sender.''
These factors can be distilled to three elements, any one or more of
which may be the deciding factor as to who is the sender in situations
when more than one person's products or services are advertised or
promoted in a single e-mail message. The proposed Rule provides that in
such situations, the sellers may structure the sending of the e-mail
message so that there is but one ``sender''--a person who not only
meets the Act's definition, but who also controls the content of the
message, determines the e-mail addresses to which such message is sent,
or is identified in the ``from'' line as the sender of the message.\54\
This proposal would ameliorate what some commenters argued was an
overwhelming obstacle to multiple-advertiser messages while preserving
e-mail recipients' rights under CAN-SPAM. Sellers who do not avail
themselves of this opportunity, in effect, to designate one ``sender''
will each be considered a sender of an e-mail message advertising
products or services offered by multiple sellers.
---------------------------------------------------------------------------
\54\ See ``from'' line discussion in this NPRM, below, for
explication of the requirements of CAN-SPAM and section 5 of the FTC
Act with respect to the ``from'' line.
---------------------------------------------------------------------------
c. ``Sender'' Definition Issues Other Than Single Message/Multiple
Senders
Commenters raised additional issues that relate to the definition
of ``sender.'' These comments fall into three broad topics: (1) An
entity's ``sender'' obligations under CAN-SPAM when its separate lines
of business or divisions transmit e-mail messages; (2) an entity's
``sender'' obligations under CAN-SPAM for e-mails transmitted by its
affiliates or other similar parties; and (3) content of the ``from''
line as it relates to the identity of the ``sender.'' Comments on each
of these topics are discussed in the sections immediately below.
(1) Separate Lines of Business or Divisions
Proposed 316.2(m) incorporates by reference the Act's language
regarding obligations under CAN-SPAM when an entity's separate lines of
business or divisions transmit e-mail messages.\55\ Thus, when a
separate line of business or division initiates a message in which it
holds itself out to be that line of business or division rather than
the entity of which it is a part, the ``sender'' of the message will be
considered to be the line of business or division.
---------------------------------------------------------------------------
\55\ 15 U.S.C. 7702(16)(B).
---------------------------------------------------------------------------
Some commenters asked the Commission to provide further
clarification of the Act's language with regard to separate lines of
business or divisions.\56\ The Commission believes, however, that the
elements of the definition of ``sender'' adequately clarify obligations
in such situations and no additional Rule provision is needed.
---------------------------------------------------------------------------
\56\ See, e.g., DSA; IFA; Go Daddy (suggesting that ``sender''
should not include affiliates unless companies are so closely
intertwined that a reasonable person would conclude they were the
same entity); IPPC; MMS; USTOA; Weston.
---------------------------------------------------------------------------
Other commenters raised different concerns with how the ``sender''
definition's approach to separate lines of business or divisions would
apply to various business models in e-mail
[[Page 25431]]
marketing. These commenters argued that third-party list providers or
e-mail services should be considered akin to separate lines of business
or divisions and asked that the Commission incorporate the concept of
``third-party advertising service'' or list provider into the
definition of ``sender.'' \57\ These commenters expressed concern that
the definition of ``sender'' does not encompass third-party advertising
services, e-mail list service providers, or similar services that
compile lists of e-mail addresses, have an established relationship
with the recipients, and often use their own lists of e-mail addresses
to transmit messages on behalf of advertisers.\58\ Some commenters
disagreed, urging the Commission to hold responsible the entity whose
products or services are advertised or promoted in an e-mail, not the
facilitators of the transaction such as list owners/brokers/managers,
broadcast services, and other entities not promoting their own products
and services in the e-mail.\59\
---------------------------------------------------------------------------
\57\ See, e.g., Experian; Coalition (suggesting the Commission
could interpret the Act as providing that a ``third party
advertising service'' which ``holds itself out to the recipient
throughout the message as that particular [third party advertising
service] rather than as the [advertiser itself], shall be treated as
the sender of such message for purposes of this Act'').
\58\ See, e.g., Experian.
\59\ See, e.g., MMS.
---------------------------------------------------------------------------
The Act is quite clear that the definition of ``sender'' includes
two elements: one must initiate a message and advertise one's own
product, service, or Web site in order to be a ``sender.'' \60\ Thus,
the Act reflects Congress's determination that the obligations of the
``sender'' will fall only on an entity whose products or services are
advertised in the message, even though other parties may also transmit
or procure the transmission of the message. The Act's definition of
``sender'' simply does not apply to entities that do nothing more than
provide a list of names or transmit a commercial e-mail message on
behalf of those whose products or services are advertised in the
message. Of course, if an e-mail service provider or list compiler or
owner initiates messages that advertise or promote its own product or
service as well as the products or services of others, the list owner
may be considered to be the sender. Given this framework, the
Commission is not inclined to expand CAN-SPAM's regulation of who must
honor opt-out requests to entities whose products or services are not
advertised or promoted in a message. However, pursuant to section 7709,
which requires the Commission to report to Congress on its analysis of
the effectiveness and enforcement of the Act, the Commission includes
questions in Part VII on the benefits and burdens of such an expansion.
---------------------------------------------------------------------------
\60\ S. Rep. No. 108-102.
---------------------------------------------------------------------------
(2) Sender Liability for Practices of Affiliates or Other Similar
Entities
Some commenters asked the Commission for a ruling that content
providers are not responsible for e-mail messages advertising their
product or service if the messages are sent by affiliates or other
third parties over which they have no control.\61\ The Commission
declines to issue so broad a statement--especially because, in other
contexts, it has specifically held sellers liable for the actions of
third-party representatives if those sellers have failed to adequately
monitor the activities of such third parties and have neglected to take
corrective action when those parties fail to comply with the law.\62\
The Commission believes it inappropriate to excuse content providers in
advance from the obligation to monitor the activities of third parties
with whom they contract. However, the Commission includes questions in
Part VII on whether a ``safe harbor'' provision should be added to the
Rule and, if so, what criteria such a safe harbor might include.
---------------------------------------------------------------------------
\61\ See, e.g., ACB; IFA MPAA; Time Warner; Weston.
\62\ See, e.g., 310.4(b)(3)(v) of the Telemarketing Sales Rule,
which requires sellers and telemarketers to monitor and enforce
compliance with the do-not-call policy and procedures. See also U.S.
v. Richard Prochnow, No. 1:02-CV-917-JOF (N.D. Ga. June 9, 2003).
---------------------------------------------------------------------------
(3) Content of the ``From'' Line as It Relates to the Identity of the
``Sender''
Several commenters requested guidance on CAN-SPAM's regulation of
``from'' line content. CAN-SPAM provides that ``a `from' line * * *
that accurately identifies any person who initiated the message shall
not be considered materially false or misleading.'' \63\ Although this
seems fairly straightforward on its face, a number of commenters
expressed the view that clarification is needed as to what may be
acceptable in the ``from'' line and what would be considered materially
false or misleading.\64\ Commenters noted that many of the problems
with deceptive or fraudulent commercial e-mail involve ``spoofing,''
where the sender pretends to be someone else to induce the recipient to
open the e-mail message.\65\ Commenters also urged the Commission to
use caution and retain a flexible standard, allowing the use of any
name in the ``from'' line as long as the name is not deceptive or
misleading.\66\ In this regard, they indicated that guidelines that are
too specific may be overly restrictive because any particular sender
might use a variety of names, none of which is deceptive.\67\
Commenters suggested that each of the following could be non-deceptive
when used in the ``from'' line: Advertiser's name, product being
promoted, user ID, screen name, trade name, corporate division, e-mail
service provider, third-party advertising service, or marketing company
or list used.\68\
---------------------------------------------------------------------------
\63\ 15 U.S.C. 7704(a)(1)(B).
\64\ See, e.g., Experian; Go Daddy; Jaffe; ValueClick. On the
other hand, NFCU considered the Act's language to be perfectly
clear. Several commenters asked that the Rule prohibit deceptive or
misleading routing or ``reply to'' information. See Bahr; K.
Krueger. The Commission believes that this practice is already
prohibited by section 7704(a)(1) and no further prohibition is
needed.
\65\ See, e.g., Bahr, Giambra; Potocki; SIIA.
\66\ See, e.g., ASTA; EDC; EFF; Experian; Gilbert; Go Daddy;
Jaffe; MBNA; NetCoalition; Richardson; SIIA; ValueClick.
\67\ See, e.g., ASTA; EFF; Experian; Gilbert; Go Daddy; Mead;
NetCoalition; SIIA; ValueClick.
\68\ See, e.g., ASTA; Bank; Calvert; Countrywide; EDC; EFF;
Experian; K. Krueger; MBNA; NetCoalition; Reed; Richardson; SIIA.
---------------------------------------------------------------------------
Because a significant number of commenters sought guidance on this
issue, the Commission believes it helpful to set forth its
interpretation of this portion of the Act, although it is not proposing
rule provisions in this regard. The analysis must begin with section
7704(a)(1)(B), quoted above, which establishes that ``a `from' line * *
* that accurately identifies any person who initiated the message shall
not be considered materially false or misleading.'' \69\ Section
7704(a)(6) of the Act is also important because it defines
``materially'' in this context, stating that:
---------------------------------------------------------------------------
\69\ 15 U.S.C. 7704(a)(1)(B).
For purposes of [the Act's prohibition on false or misleading
header information, including the ``from'' line], the term
``materially,'' when used with respect to false or misleading header
information, includes the alteration or concealment of header
information in a manner that would impair the ability of an Internet
access service processing the message on behalf of a recipient, a
person alleging a violation of this section, or a law enforcement
agency to identify, locate, or respond to a person who initiated the
electronic mail message or to investigate the alleged violation, or
the ability of a recipient of the message to respond to a person who
---------------------------------------------------------------------------
initiated the electronic message.
Reading these two provisions together reveals that the test of whether
a ``from'' line of an e-mail message runs afoul of CAN-SPAM entails
resolution of two issues:
[[Page 25432]]
Whether the ``from'' line has been altered or concealed in
a manner that would impair the ability of an ISP or a law enforcement
agency to identify, locate, or respond to the person who initiated the
message; and
Whether the ``from'' line ``accurately identifies any
person who initiated the message.''
The first element of this analysis demands little explication. It
focuses on the typical spammer's favorite device--falsifying or
manipulating header information to thwart efforts to identify and
locate the originator of the e-mail. As to the second element, if the
``from'' line accurately identifies the person who initiated the
message, then the ``from'' line would not be deceptive. The Commission
believes that this does not mean that the ``from'' line necessarily
must contain the initiator's formal or full legal name, but it does
mean that it must give the recipient enough information to know who is
sending the message. For example, if John Doe, marketing director for
XYZ Company, sent out commercial e-mails for the company and the
``from'' line indicated that the message was from ``John Doe'' or from
``XYZ Company,'' the ``from'' line would have accurately identified the
person who initiated the message. Whether any other name--such as the
user ID, corporate division, e-mail service provider, or others
suggested by commenters--would be legally sufficient depends on whether
such name ``accurately identifies'' a person who ``initiated'' the
message, as that term is defined by the Act. For additional guidance on
what information in the ``from'' line is acceptable, e-mail senders
should consider their messages from their recipients' perspective. If a
reasonable recipient would be confused by the ``from'' line identifier,
or if a reasonable recipient would not expect the ``from'' line
identifier that is provided, those are indications that the sender is
not providing sufficient information.
3. Section 316.2(o)--Definition of ``Transactional or Relationship
Message''
CAN-SPAM designates five broad categories of messages as
``transactional or relationship messages.'' \70\ The Act excludes these
messages from its definition of ``commercial electronic mail message,''
\71\ and thus excludes them from most of the Act's substantive
requirements and prohibitions.\72\
---------------------------------------------------------------------------
\70\ Section 7702(17)(A) of the Act defines a ``transactional or
relationship message'' as ``an electronic mail message the primary
purpose of which is--
(i) To facilitate, complete, or confirm a commercial transaction
that the recipient has previously agreed to enter into with the
sender;
(ii) To provide warranty information, product recall
information, or safety or security information with respect to a
commercial product or service used or purchased by the recipient;
(iii) To provide--
(I) Notification concerning a change in the terms and features
of;
(II) Notification of a change in the recipient's standing or
status with respect to; or
(III) At regular periodic intervals, account balance information
or other type of account statement with respect to--
A subscription, membership, account, loan, or comparable ongoing
commercial relationship involving the ongoing purchase or use by the
recipient of products or services offered by the sender;
(iv) To provide information directly related to an employment
relationship or related benefit plan in which the recipient is
currently involved, participating, or enrolled; or
(v) To deliver goods or services, including product updates or
upgrades, that the recipient is entitled to receive under the terms
of a transaction that the recipient has previously agreed to enter
into with the sender.''
\71\ The Act defines a ``commercial electronic mail message'' as
one ``the primary purpose of which is the commercial advertisement
or promotion of a commercial product or service (including content
on an Internet Web site operated for a commercial purpose).'' 15
U.S.C. 7702(2)(A).
\72\ One provision, section 7704(a)(1), which prohibits false or
misleading transmission information, applies equally to ``commercial
electronic mail messages'' and ``transactional or relationship
messages''; otherwise, CAN-SPAM's prohibitions and requirements
cover only ``commercial electronic mail messages.''
---------------------------------------------------------------------------
The Act authorizes the Commission ``to expand or contract the
categories of messages that are treated as transactional or
relationship messages for purposes of [the Act] to the extent that such
modification is necessary to accommodate changes in e-mail technology
or practices and accomplish the purposes of [the Act].'' \73\ Rule
provisions previously adopted under CAN-SPAM \74\ include 316.2(o),
which incorporates the Act's definition of ``transactional or
relationship message'' by reference. The Commission proposes no
modification to this Rule provision. While many commenters made a
number of thoughtful suggestions, none advanced any of them with
sufficient evidentiary support for the Commission to conclude that any
suggested modification ``is necessary to accommodate changes in
electronic mail technology or practices and accomplish the purposes of
[the Act],'' as CAN-SPAM requires.\75\ Nevertheless, the Commission has
considered all the comments on this issue and sets forth its analysis
below. The following sections discuss, in turn: (a) CAN-SPAM's
regulation of ``transactional or relationship'' e-mail messages as
compared with that of ``commercial'' e-mail messages; (b) the Act's
standard for modifying the ``transactional or relationship message''
definition; and (c) commenters'' suggestions for expanding the
statutory categories of ``transactional or relationship messages.''
Commenters' suggestions regarding each of the ``transactional or
relationship'' categories as designated by the Act are discussed below,
category-by-category.
---------------------------------------------------------------------------
\73\ 15 U.S.C. 7702(17)(B).
\74\ 69 FR 21024 (Apr. 19, 2004); 70 FR 3110 (Jan. 19, 2005).
\75\ Id.
---------------------------------------------------------------------------
a. CAN-SPAM's Regulation of ``Transactional or Relationship'' E-mail
Messages as Compared to That of ``Commercial'' E-mail Messages
As noted, CAN-SPAM's requirements and prohibitions are mainly
applicable to commercial e-mail messages. The Act defines commercial e-
mail messages as those the ``primary purpose of which is the commercial
advertisement or promotion of a commercial product or service
(including content on an Internet Web site operated for a commercial
purpose).'' \76\ Commercial e-mail messages are subject to the Act's
requirements that the sender or initiator include in the message: (1) A
clear and conspicuous notice that the message is an advertisement or
solicitation, if the message is sent without the ``affirmative
consent'' of the recipient; (2) clear and conspicuous notice of the
recipient's right to opt out of subsequent commercial messages from the
same sender; and (3) a valid physical postal address of the sender.\77\
The Act further prohibits false or misleading transmission information
and deceptive subject headings, and requires that a sender provide a
mechanism through which opt-out requests may be made online and honor a
recipient's opt-out preference.\78\
---------------------------------------------------------------------------
\76\ 15 U.S.C. 7702(2)(A). See Rule Provisions Establishing
Criteria for Determining When the Primary Purpose of an E-mail
Message is Commercial, 70 FR 3110 (Jan. 19, 2005).
\77\ 15 U.S.C. 7704(a)(5)(A)(i)-(iii).
\78\ 15 U.S.C. 7704(a)(1); (a)(2); (a)(3); and (a)(4).
---------------------------------------------------------------------------
Messages categorized as ``transactional or relationship'' are
subject only to the Act's prohibition on false or misleading
transmission information.\79\ If a sender's e-mail message, however, is
not considered as having a ``transactional or relationship'' primary
purpose under one of the statutorily established categories, but
instead is deemed to have a primary purpose that is commercial, the
consequences are relatively modest. In such a case, the sender must
comply with requirements of CAN-SPAM--most importantly (from the
recipient's
[[Page 25433]]
standpoint), to provide an opt-out mechanism and to honor opt-out
requests received. These requirements do not prohibit transmission of
``transactional or relationship'' content. Even if a recipient opts out
of receiving messages with a commercial primary purpose from a
particular sender, that sender may continue to transmit other types of
messages. Therefore, recipients who invoke their rights under the opt-
out mechanism required by CAN-SPAM will continue to receive valuable
``transactional or relationship'' messages. This is important because
transactional or relationship messages are communications that Congress
has determined to be per se valuable to recipients. Nevertheless, to
ensure that the protection from unwanted commercial e-mail CAN-SPAM
affords recipients not be eroded, the Commission believes the partial
exemptions from the Act's provisions established in the definitions of
``commercial electronic mail message'' and ``transactional or
relationship message'' should be interpreted narrowly.
---------------------------------------------------------------------------
\79\ 15 U.S.C. 7704(a)(1).
---------------------------------------------------------------------------
b. CAN-SPAM's Standard for Expanding or Contracting the Categories
Designated as ``Transactional or Relationship'' Messages
CAN-SPAM authorizes the Commission to expand or contract the
statutory definition of ``transactional or relationship message'' if
two criteria are met: (1) The modification must be necessary to
accommodate changes in e-mail technology or practices; and (2) the
modification must accomplish the purposes of the Act. More than 120
commenters recommended specific modifications to expand or constrict
the categories of transactional or relationship messages.\80\
Nevertheless, it is striking that only a single commenter asserted that
modification was necessary to accommodate changes in e-mail technology
or practices.\81\ Even this lone commenter did not assert that the
change had occurred since the passage of the Act.\82\ A handful of
commenters suggested that their proposed modifications were necessary
to accomplish the purposes of the Act, but these commenters did not
claim that any change in technology or practice necessitated their
suggested modifications.\83\ Therefore, the Commission proposes no
substantive modification to expand or contract coverage of the
definition of ``transactional or relationship message.'' Although it
appears that no such changes are warranted at this time, the Commission
did consider all of the comments received on this issue. The various
proposals for modification are summarized below.
---------------------------------------------------------------------------
\80\ A smattering of other commenters discussed technological
changes that do not necessitate modification of the transactional or
relationship definition. For example, a few commenters noted that
new spam-blocking techniques used by ISPs to filter spam should not
be allowed to filter out transactional or relationship messages.
Jaffe; CMOR. Another commenter noted that ``the use of ICQ, IM and
text messaging via phone and blackberry has increased the source of
UCE.'' Shaw. (ICQ is a type of instant messaging program. Instant
messaging is defined by Webopedia.com as ``a type of communications
service that enables you to create a kind of private chat room with
another individual in order to communicate in real time over the
Internet, analogous to a telephone conversation, but using text-
based, not voice-based, communication.'')
\81\ Discover.
\82\ Discover cited a purportedly ``recent'' development in
online marketing whereby ``companies increasingly use e-mail to
facilitate or complete transactions as to which the recipient has
made an inquiry or application, but has not yet entered into a
contract.''
\83\ Lenox; Visa. In fact, Go Daddy opined that there were no
technological changes of which it was aware that would necessitate
modification of this definition. Go Daddy.
---------------------------------------------------------------------------
c. Commenters' Proposals With Respect to Transactional or Relationship
Messages
In general, business commenters urged expansion of the definition
of ``transactional or relationship message'' to ensure that it includes
the messages that these commenters believe do not warrant the opt-out
rights and disclosures that CAN-SPAM requires of commercial e-mail.
Some commenters recommended modifying the existing statutory
transactional or relationship categories explicitly to encompass
certain types of e-mail messages. Others recommended specifying whole
new categories. Still others sought clarification that particular e-
mail messages would be deemed by the Commission to fall into one of the
existing specified types. Some consumer commenters, however, believed
that the specified categories of transactional or relationship messages
were too broad. One such commenter opined that a message should only be
considered transactional or relationship if the ``recipient has given
an e-mail address to the sender and requested that the sender use this
method to send these messages.'' \84\ Commenters' proposals regarding
the five categories of transactional or relationship messages
established by the Act are discussed immediately below, category by
category, followed by a discussion of commenters' proposals for new
categories of transactional or relationship messages.\85\
---------------------------------------------------------------------------
\84\ Marzuola.
\85\ A variety of commenters claimed that some e-mail messages
are neither commercial nor ``transactional or relationship,'' and
therefore should be considered exempt from the Act and the proposed
Rule. See, e.g., CBA; CMOR (messages sent to conduct marketing and
opinion research); BMI (copyright infringement notices). See also
ACA (claiming that debt collection e-mail messages are not
commercial, and are ``at most, `transactional or relationship
messages' ''). The Commission agrees that certain types of messages
may not satisfy either the ``commercial'' or ``transactional or
relationship'' definitions, and thus are not regulated by CAN-SPAM.
The Commission has posed questions in this NPRM asking whether
certain types of messages are beyond the scope of the Act, and
whether CAN-SPAM should be modified to address these messages.
---------------------------------------------------------------------------
(1) Section 7702(17)(A)(i)--Messages To Facilitate, Complete, or
Confirm a Commercial Transaction That the Recipient Has Previously
Agreed To Enter Into With the Sender
Of the five categories of messages included in the Act's definition
of transactional or relationship messages, the first is messages ``to
facilitate, complete, or confirm a commercial transaction that the
recipient has previously agreed to enter into with the sender.'' \86\
Although numerous commenters suggested modifications--predominantly
that this part of the definition be expanded--the Commission proposes
no modification to the Act's definition of ``transactional or
relationship message'' in this area. As noted above, the Commission
finds insufficient support in the comments to meet the statutory
standard for modifying this definition. Commenters did not demonstrate
that any modification is needed to accommodate changes in e-mail
technology or practices, and to accomplish the purposes of the Act.
Nonetheless, the Commission believes it worthwhile to summarize briefly
the kinds of modifications suggested by commenters, and to explain its
views regarding certain of this section's provisions. These suggested
modifications fall under four basic topics: (a) What constitutes a
``commercial transaction'' under section 7702(17)(A)(i)? (b) How many
confirmation messages under section 7702(17)(A)(i) may a sender
transmit pursuant to a single transaction? (c) May an e-mail sender use
a third-party to send messages under section 7702(17)(A)(i) on its
behalf? and (d) Do messages negotiating a commercial transaction
satisfy section 7702(17)(A)(i)? Comments relating to each of these
topics are discussed in the sections below.
---------------------------------------------------------------------------
\86\ 15 U.S.C. 7702(17)(A)(i).
---------------------------------------------------------------------------
[[Page 25434]]
(a) What Constitutes a ``Commercial Transaction'' Under Section
7702(17)(A)(i)?
IAC urged the Commission to opine that a ``commercial
transaction,'' as used in section 7702(17)(A)(i) , need not involve the
exchange of consideration.\87\ IAC noted that in the definition of
``commercial electronic mail message'' the term ``commercial products
or services'' includes ``content on an Internet Web site operated for a
commercial purpose.'' Based on this, IAC argues that registering for a
free Internet service such as Evite (a Web site through which
registrants may send electronic invitations to events) constitutes a
commercial transaction. Microsoft also advocated this position, raising
the specter that if the Commission does not adopt this view, it would
only encourage ``many more online businesses to charge for their
services.'' \88\
---------------------------------------------------------------------------
\87\ IAC.
\88\ Microsoft.
---------------------------------------------------------------------------
The Commission believes that this reading of section 7702(17)(A)(i)
is unnecessary because the types of e-mail messages that prompt the
concern of IAC and Microsoft would likely be deemed ``transactional or
relationship messages'' under a separate subparagraph of section
7702(17)(A). Specifically, under section 7702(17)(A)(v), it seems
likely that a message sent from Evite or a similar entity to one who
had registered to use its services would be considered a message ``to
deliver goods or services * * * that the recipient is entitled to
receive under the terms of a transaction'' between the recipient and
Evite. The Commission believes that the modifier ``commercial'' has
been deliberately omitted from this provision of CAN-SPAM to
accommodate just the sort of scenario that IAC and Microsoft raise. The
Commission seeks comment on whether messages sent pursuant to a
relationship in which no consideration passes may be considered to be a
``commercial transaction'' under section 7702(17)(A)(i), or would more
appropriately be considered a transactional or relationship message
under section 7702(17)(A)(v), or under some other theory.
(b) How Many Confirmation Messages Under Section 7702(17)(A)(i) May a
Sender Transmit Pursuant to a Single Transaction?
IAC also requested that the Commission expressly allow each
confirmation message pursuant to a single transaction to be a
transactional or relationship message, even if more than one such
message is sent. As an example, IAC cited a scenario in which one
confirmation is sent immediately after a consumer completes an online
transaction (such as booking an airline flight or hotel room) and
another is sent in close proximity to the travel time to remind a
recipient of her reservation.\89\ The Act is silent as to the number of
times a sender may transmit to a particular recipient a message to
facilitate, complete, or confirm a single commercial transaction.
Nevertheless, the Commission believes that, given the purposes of the
Act, a standard of reasonableness is implied, and that senders must
meet that standard.\90\ IAC's scenario would appear to meet this
standard, but other scenarios would not. As an extreme example to
illustrate the point, if a company sent hourly confirmations of a
transaction that warranted merely a single such notice--particularly if
the message also contained content advertising or promoting products or
services--the Commission would likely view such messages as commercial
and not transactional.
---------------------------------------------------------------------------
\89\ IAC.
\90\ See Go Daddy (advocating requiring contact via
transactional or relationship messages to be reasonable).
---------------------------------------------------------------------------
(c) May an E-mail Sender Use a Third Party To Send Messages Under
Section 7702(17)(A)(i) on Its Behalf?
IAC also urged the Commission to opine that when an entity with
whom a recipient has done business uses a third party to send a message
confirming a transaction, the message would still be considered a
transactional or relationship message.\91\ By way of example, IAC
argued that when a consumer books an airline reservation using Expedia,
the consumer should be considered to have entered into a transaction
not only with the airline, but also with Expedia.\92\ NAIFA asked that
the Commission opine that e-mail messages from an insurance agent to a
customer should be considered transactional or relationship messages
even though the customer pays the premium to the insurer, not the
agent.\93\
---------------------------------------------------------------------------
\91\ IAC.
\92\ According to IAC, absent such an interpretation, if a
consumer were to forward an opt-out request to Expedia pursuant to
section 7704(a)(3)(A)(i) prior to the time Expedia had transferred
the customer's e-mail address to the airline, such transfer could be
considered a violation of section 7704(a)(4)(A)(iv).
\93\ NAIFA.
---------------------------------------------------------------------------
These comments raise the question of whether the language of
section 7702(17)(A)(i) supports allowing such transactional or
relationship messages only from the sender, or also from affiliated
third parties if they are facilitating, completing, or confirming a
transaction. In the examples cited--when Expedia processes sales on
behalf of an airline, and when an insurance company uses agents to sell
policies--a message confirming the transaction would qualify as a
transactional or relationship message under section 7702(17)(A)(i)
whether, in the first example, it came from either Expedia or the
airline, and whether, in the second example, it came from either the
insurance company or the selling agent. These examples seem fairly
straightforward; the Commission seeks comment on whether other
situations involving transactional or relationship messages from an
entity purporting to be acting on behalf of a sender might be more
problematic for consumers or cooperating sellers, or present
opportunities for evasion of CAN-SPAM's consumer protections.
(d) Do Messages Negotiating a Commercial Transaction Satisfy Section
7702(17)(A)(i)?
Some commenters asked that the Commission ensure that e-mail
messages sent to negotiate a transaction be included in the definition
of transactional or relationship message.\94\ The Commission believes
that, to the extent that negotiation may be considered a ``commercial
transaction'' that a recipient has previously agreed to enter into, it
would seem that such messages likely would be considered transactional
or relationship as long as they were sent to facilitate or complete the
negotiation. On the other hand, the Commission would not interpret the
term ``transactional or relationship message'' to include an initial
unsolicited message that proposes a transaction and attempts to launch
a negotiation by offering goods or services. Rather, such a message
would likely be categorized as a commercial e-mail message, and would
be required to comply with all prescriptions of the Act. The Commission
seeks more information about whether e-mail messages sent to effectuate
or complete a negotiation might be considered ``transactional or
relationship messages'' under section 7702(17)(A)(i), and if so, under
what circumstances that may or may not be the case.
---------------------------------------------------------------------------
\94\ See, e.g., Mellon; SIA; Wells Fargo.
---------------------------------------------------------------------------
[[Page 25435]]
(2) Section 7702(17)(A)(ii)--Messages To Provide Warranty Information,
Product Recall Information, or Safety or Security Information With
Respect to a Commercial Product or Service Used or Purchased by the
Recipient
Commenters had relatively few suggestions for modification to this
category, but NADA requested that the Commission opine that scheduled
maintenance notifications be considered safety or security information
and covered by this definition.\95\ To the extent that scheduled
maintenance is designed to ensure the safe operation of a product, the
Commission believes that reminders of this nature would be considered
safety information under the ``transactional or relationship'' partial
exemption from CAN-SPAM's requirements. Scheduled maintenance that is
not necessary for safe operation of a product, however, would not
satisfy this ``transactional or relationship'' category. A message
notifying recipients when such scheduled maintenance is due could
satisfy section 7702(17)(A)(v)--covering, among other things, delivery
of product updates or upgrades--if recipients previously agreed to
receive such notices from the sender. Section 7702(17)(A)(v), the fifth
``transactional or relationship'' category, is discussed below.
---------------------------------------------------------------------------
\95\ NADA.
---------------------------------------------------------------------------
Two other comments requested expansion of this category to cover
additional messages. First, Ford Motor recommended that ``product
service'' information be expressly included in this category. It is not
clear from the comment what kinds of messages might fall outside the
existing categories in this section, but within the ``product service''
category. Nor does the comment contain sufficient evidence that this
suggested modification is necessary to accommodate changes in e-mail
technology or practices and accomplish the purposes of the Act. As a
result, the Commission declines to incorporate this language into the
proposed Rule.\96\ Second, Countrywide recommended expansion of
``security information'' to include ``security-related notifications or
education.'' The language of the Act is clear that messages relaying
``security information'' will be categorized as ``transactional or
relationship,'' and the Commission finds that the comments contain
insufficient justification for altering this language.
---------------------------------------------------------------------------
\96\ If recipients agreed to receive such messages, however,
they could satisfy section 7702(17)(A)(v) in the same way that
messages reminding recipients of scheduled maintenance could. See
discussion of section 7702(17)(A)(v) below.
---------------------------------------------------------------------------
(3) Section 7702(17)(A)(iii)--Messages To Provide--(I) Notification
Concerning a Change in the Terms or Features of; (II) Notification of a
Change in the Recipient's Standing or Status With Respect To; or (III)
at Regular Periodic Intervals, Account Balance Information or Other
Type of Account Statement With Respect to, a Subscription, Membership,
Account, Loan, or Comparable Ongoing Commercial Relationship Involving
the Ongoing Purchase or Use by the Recipient of Products or Services
Offered by the Sender
The Commission received many comments related to the three sub-
categories that comprise this provision. Most business commenters
recommended expanding these sub-categories or interpreting them broadly
to include more (or even all) messages between a sender and any
customer with whom the sender has an established business
relationship.\97\ Some commenters who endorsed this expansion suggested
that the proposed Rule require that the frequency with which recipients
are contacted must be reasonable.\98\ Some consumers expressed concern
about the volume of e-mail messages they might receive if this
transactional or relationship category were interpreted too
broadly.\99\
---------------------------------------------------------------------------
\97\ See, e.g., Cendant.
\98\ Go Daddy.
\99\ Jensen (noting that merely purchasing a single item from a
company should not ``allow the company to then inundate the customer
with sales pitches, nor should a bank be able to send messages for
its many services unrelated to a customers [sic] checking account if
that is the only relationship that exists between the parties'').
---------------------------------------------------------------------------
The recommendations for expansion were couched in a variety of
terms. Some commenters requested that any e-mails regarding a
transaction that formed the basis of a relationship between the seller
and consumer be considered transactional or relationship messages.
Others suggested that messages about an ongoing service that the
customer has requested or consented to receive be considered
``transactional or relationship.'' \100\ Still others recommended
adding a new category for messages ``concerning information, products,
or services that the recipient has received or will receive from the
sender.'' \101\
---------------------------------------------------------------------------
\100\ MPAA; Lenox.
\101\ Wells Fargo.
---------------------------------------------------------------------------
Some of the comments focused on specific elements of the language
of section 7702(17)(A)(iii). For example, some comments advocated
interpreting ``an ongoing commercial relationship'' as beginning when a
person opts in to receiving future messages, even in the absence of a
purchase.\102\ Others suggested removing the restriction that account
balance information and statements be sent at regular intervals, noting
that certain account statements are ``sent following a transaction,
rather than on a `regular' temporal schedule.'' \103\ Some sought a
specific articulation that billing statements are transactional or
relationship messages, even if some advertising content is included
because ``billing statements would be sent irrespective of the
inclusion of an advertisement.'' \104\ One commenter recommended
allowing not only account balance but also ``account-related''
information to be considered transactional.\105\ Another inquired
whether offerings of related or alternative financial relationships
could be categorized as transactional or relationship messages.\106\
---------------------------------------------------------------------------
\102\ See, e.g., MPAA (noting that a ``subscription or
`preferred customer' loyalty program where special discounts and
event opportunities are routinely promoted'' often do not involve
the exchange of consideration).
\103\ CBA. The Commission believes that if such notices are
routinely sent at a certain interval following a transaction that
this may well meet the regular interval standard.
\104\ Reed. This issue is addressed in the January 19, 2005,
Federal Register Notice. 70 FR at 3117.
\105\ Countrywide.
\106\ Visa.
---------------------------------------------------------------------------
The Commission is not inclined to adopt any of these suggestions.
As noted above, the Commission believes that the ``transactional or
relationship'' provision should be interpreted narrowly to prevent
erosion of the protection CAN-SPAM affords recipients from receiving
unwanted messages. The categories delineated in the ``transactional or
relationship'' provision of the statute are clear and comprehensive,
representing Congress's judgment as to the kinds of messages that
should be exempt from most provisions of the Act, including its opt-out
requirements. Furthermore, the statute provides that the Commission can
modify these categories only if the modification is necessary to
accommodate changes in e-mail technology or practices and accomplish
the purposes of the Act. Because there is inadequate support in the
comments to support such a finding, the Commission is not inclined to
expand this category of transactional or relationship messages as
suggested by commenters.
A small number of the comments focused on narrowing the category to
prevent abuses in instances when marketers continue to send commercial
[[Page 25436]]
e-mail messages under the guise of transactional or relationship
messages even after a loan is paid off, claiming to be changing the
status of the recipient from ``paid off'' to ``inactive.'' \107\ In a
similar vein, NCL expressed concern about the use of dual-purpose
messages not only to transmit the recipient's bank balance, but also to
advertise additional financial products or services, noting the
``potential for abuse'' if the advertising content overwhelms the
transactional or relationship content. As noted above, application of
the Commission's primary purpose criteria \108\ will allow for proper
categorization of such messages. Moreover, as noted in relation to
section 7702(17)(A)(i), the Commission interprets the Act as implying a
standard of reasonableness. As a result, the Commission may evaluate
whether the frequency of contact with which messages purported to be
``transactional or relationship'' are sent exceeds what would be
reasonable for such communications in determining whether the message
is delivering bona fide transactional or relationship content. The
Commission therefore is not inclined to propose a rule provision that
departs from the statutory language of section 7702(17)(A)(iii).
---------------------------------------------------------------------------
\107\ See, e.g., Ford.
\108\ 16 CFR 316.3.
---------------------------------------------------------------------------
(4) Section 7702(17)(A)(iv)--Messages To Provide Information Directly
Related to an Employment Relationship or Related Benefit Plan in Which
the Recipient Is Currently Involved, Participating, or Enrolled
The Commission received a relatively small number of comments on
this part of the definition of transactional or relationship message. A
consistent theme in the few comments received was the concern that
employers be able to send messages to their employees promoting
discounts or other offers available to them because of their status as
employees.\109\ As noted above, the Commission believes that the
categories within the definition of transactional or relationship
message should be interpreted narrowly. It is unclear from the comments
received in response to the ANPR, however, how narrowly this provision
must be construed to ensure that e-mail recipients are not unduly
burdened by unwanted commercial e-mail messages in the context of an
employer-employee relationship. The Commission therefore poses
questions in this NPRM soliciting data about classifying messages that
offer employee discounts or other similar messages as transactional or
relationship messages on the ground that they ``provide information
directly related to an employment relationship * * *.''
---------------------------------------------------------------------------
\109\ Wells Fargo; CBA; NADA.
---------------------------------------------------------------------------
One commenter urged the Commission to opine that a message sent by
a third party on behalf of an employer would be considered
transactional.\110\ The Commission believes that it is reasonable to
interpret the Act to allow an employer to retain a third party as its
agent to send a message that would otherwise fit within the confines of
this definition; such a message would not be excluded from the
definition merely because the third party initiated the e-mail.
Nevertheless, the Commission does not interpret this provision as
providing blanket treatment as ``transactional or relationship'' for
any e-mail message sent on behalf of a third party, even with the
permission of an employer. Thus, if a third party were to market its
own goods and services to the employees of another company on its own
behalf, rather than on behalf of the employer, those messages would not
be deemed ``transactional or relationship'' under section
7702(17)(A)(iv). The Commission welcomes further comment this issue.
---------------------------------------------------------------------------
\110\ SVM (``This definition should be modified to acknowledge
that a message is transactional or relationship message, regardless
of whether it is sent directly by the employer or with the consent
of the employer or on behalf of the employer by a third party or by
a service in which the employer of the recipient has enrolled on
behalf of the recipient.'').
---------------------------------------------------------------------------
A few commenters suggested that the Commission depart from the
language of the Act by deleting the term ``directly,'' to require only
that a message be ``related to an employment relationship or related
employee benefit plan.'' \111\ Others suggested that the term ``
`directly related to an employment relationship' is not sufficiently
clear,'' and recommended that the proposed Rule provide that ``[e]ven
commercial messages are employment related when delivered over
employer-provided computers.'' \112\ The Commission believes such
departures from the statute are unwarranted because the comments
provide insufficient evidentiary basis that the modification would meet
the statutory standard--i.e., necessary to accommodate changes in e-
mail technology or practices and to accomplish the purposes of the Act.
Moreover, such a modification would diminish the protections provided
to recipients of unwanted commercial e-mail messages. For the same
reasons, the Commission declines to interpret the phrase ``employment
relationship'' so broadly as to allow any messages sent by an employer
to an employee to qualify as transactional or relationship messsages.
The language of the statute clearly delineates this category of
transactional or relationship messages as those ``to provide
information directly related to an employment relationship * * *'' and
the Commission finds no basis in the comments to expand this category.
---------------------------------------------------------------------------
\111\ See, e.g., Countrywide.
\112\ Ford Motor.
---------------------------------------------------------------------------
Other comments focused on when an employment relationship begins.
MPAA requested clarification that an `` `employment relationship'
begins at the time when an offer of employment is tendered.'' \113\
This transactional or relationship category includes ``provid[ing]
information directly related to an employment relationship.''
Information submitted to a prospective employee who has received a bona
fide offer of employment after actively seeking such employment could
be considered information ``directly related to an employment
relationship,'' provided such information regards only the prospective
employment relationship. As discussed above, the Commission narrowly
interprets the scope of the employment relationship. Therefore, e-mail
messages sent in regard to the initiation of such an employment
relationship present little risk of abuse. At this time, the Commission
believes that there is little likelihood that prospective employees
would be subject to unwanted commercial e-mail messages from their
prospective employers between the time an offer of employment is made
and the time it is either accepted or rejected. Questions regarding
this interpretation are posed in this NPRM.
---------------------------------------------------------------------------
\113\ MPAA.
---------------------------------------------------------------------------
As discussed above, since no comments suggested changes that would
meet the statutory standard, the Commission declines to propose a rule
that would depart from the statutory language.
(5) Section 7702(17)(A)(v)--Messages To Deliver Goods or Services,
Including Product Updates or Upgrades, That the Recipient Is Entitled
To Receive Under the Terms of a Transaction That the Recipient Has
Previously Agreed To Enter Into With the Sender
The Commission received many comments on this provision, most of
which addressed application of the act to: (a) E-mail messages
delivered pursuant to an electronic subscription; (b) e-mail sent in
response to a request for information from a recipient; or (c) messages
from an association to its
[[Page 25437]]
membership. Each of these is discussed below.
(a) E-mail Messages Delivered Pursuant to an Electronic Subscription
Several commenters recommended considering subscriptions (to
newsletters, membership clubs, or other similar electronically
delivered content) ``transactional or relationship'' because such
messages deliver goods or services the recipient is entitled to receive
under the terms of a transaction that the recipient previously agreed
to enter into with the sender.\114\ According to one of these
commenters, section 7702(17)(A)(v)'s reference to a previously agreed-
to transaction is satisfied when a recipient opts in to a sender's
mailing list, whether or not the recipient provided consideration.\115\
Similarly, Microsoft suggested ``where the underlying transaction
specifically includes the receipt of promotional e-mails, such as a
subscription to a free online service that is supported in whole or in
part through the transmission of promotional messages to subscribers,''
such promotional messages should be considered ``transactional or
relationship.'' \116\
---------------------------------------------------------------------------
\114\ P&G United; Speer (noting that the language of the Act
should be expanded to allow for the delivery of ``information'' as
well as goods or services); SIA (requesting that the FTC clarify
that certain informational messages, including ``newsletters,
reports, and others that provide information to customers,
concerning such things as investments or advice, do not have a
primary purpose that is commercial in nature''); Lunde; Lenox;
Venable; NEPA; Comerica.
\115\ Edgley.
\116\ Microsoft.
---------------------------------------------------------------------------
CAN-SPAM's regulation of a message delivered pursuant to a
subscription depends on whether or not the message contains exclusively
commercial content. The Commission addressed this distinction in the
``primary purpose'' rulemaking proceeding. In that proceeding, the
Commission stated that an exclusively commercial message does not
satisfy section 7702(17)(A)(v).\117\ Rather, CAN-SPAM treats such a
message, when it is sent pursuant to a subscription, as a commercial e-
mail message delivered with the recipient's ``affirmative consent.''
\118\ In that case, all of CAN-SPAM's provisions regulating commercial
e-mail apply, except a recipient's ``affirmative consent'' overrides
his or her previously-submitted opt-out request, and a message sent
with a recipient's affirmative consent does not have to provide clear
and conspicuous identification that the message is an advertisement or
solicitation.\119\ When a subscription calls for delivery of a message
that is not exclusively commercial, then the message is ``transactional
or relationship'' under section 7702(17)(A)(v) as long as ``the
recipient is entitled to receive [the message] under the terms of a
transaction that the recipient has previously agreed to enter into with
the sender.'' \120\ The sender is not required to receive consideration
from the recipient for the message to fall within this category.
---------------------------------------------------------------------------
\117\ 70 FR at 3118, n. 91.
\118\ See 15 U.S.C. 7702(1) for the Act's definition of
``affirmative consent.''
\119\ See 15 U.S.C. 7704(a)(4)(B); 7704(a)(5)(B).
\120\ 15 U.S.C. 7702(17)(A)(v).
---------------------------------------------------------------------------
(b) E-mail Messages That Respond to a Recipient's Request for
Information
Some commenters suggested that messages containing information
specifically requested by the recipient be considered ``transactional
or relationship.'' \121\ ValueClick noted that absent such an
interpretation, a consumer visiting a travel Web site and requesting
information about a specific destination might be unable to receive
messages about the destination about which she inquired.\122\
Justasmallthing.com echoed this sentiment, stating that if a request
for a catalog is made by a recipient, a company should have the right
to respond by e-mail, unless the recipient has requested not to be
contacted in that manner.\123\ ABM argued that messages sent in
response to a specific request for information should be allowed even
if the requestor had previously opted out of commercial mail
messages.\124\ These commenters were consistent in their belief that
the intent of the Act is not to regulate solicited e-mail messages, and
that failure to state expressly that such messages are included in the
definition of transactional or relationship message would lead to
decreased productivity and unnecessary restrictions on consensual
communication.\125\
---------------------------------------------------------------------------
\121\ See Edgley; ESPC; Fredrikson; Mellon.
\122\ See also Discover; KeyCorp; PMA; SIA. ASA made a similar
argument in the business-to-business context regarding messages
responding to an invitation from a general contractor to bid on a
project. According to ASA, if bid proposals sent in response to such
invitations were not considered transactional, subcontractors
wishing to reply could have to determine if the general contractor
has opted out before doing so.
\123\ See also Edgley; Fredrikson.
\124\ See also KeyCorp; NADA (analogizing to the Telemarketing
Sales Rule, which permits telemarketing calls in response to an
inquiry or application even if the individual called is on the
National Do Not Call Registry). This is permissible under section
7704(a)(4)(B) of the Act.
\125\ See, e.g., ABA (noting that the Act was ``intended to
apply primarily to unsolicited communications sent by for-profit
businesses, not to e-mail communications between associations and
other tax-exempt nonprofit organizations and their respective
members'' and that members ``expect--and value--the receipt of such
information'' as renewals, seminar notices, and educational
materials); UNC; United (arguing that since messages a recipient
``knowingly chooses to receive'' are not unsolicited, they should be
treated as transactional or relationship messages); Lenox; ClickZ;
ICOP; Aspects.
---------------------------------------------------------------------------
The Commission believes that the concerns raised by these
commenters are already addressed by section 7704(a)(4) of the Act,
which makes clear that even commercial e-mail messages may be sent to a
recipient who has previously opted out ``if there is affirmative
consent by the recipient subsequent to the opt-out request.'' \126\ In
each of the scenarios posed by commenters, consumers who request
information or consent to receive it would, presumably, have provided
``affirmative consent,'' thus enabling the sender to respond.\127\
---------------------------------------------------------------------------
\126\ 15 U.S.C. 7704(a)(4)(B). Section 7702(1) presents the
Act's definition of ``affirmative consent.'' Of course, any
commercial e-mail message sent with a recipient's affirmative
consent must provide an opt-out mechanism that complies with
sections 7704(a)(3) and 7704(a)(5).
\127\ 15 U.S.C. 7702(1)(A) (defining ``affirmative consent'' to
mean ``the recipient expressly consented to receive the message,
either in response to a clear and conspicuous request for such
consent or at the recipient's own initiative'').
---------------------------------------------------------------------------
(c) E-mail Messages From an Association to Its Members
Many membership associations argued that e-mail messages sent by
associations to their members should be considered transactional. ABA
requested that the definition of transactional or relationship messages
be modified to expressly ``include all e-mail communications, whether
commercial or informational, that are sent by associations and other
tax-exempt nonprofit organizations to their own members.'' \128\ As ABA
noted, ``[t]he act of procuring membership in an organization has long
provided explicit and implicit consent to communication from that
organization regarding that membership, especially when the individual
voluntarily provides his or her e-mail address fully anticipating
receipt of e-mail communications.''* * * \129\
---------------------------------------------------------------------------
\128\ ABA. See also RTCM; AAOMS; IAAMC; ABM; AOC (suggesting
that while existing categories of transactional or relationship
message may include communications between organizations and their
members, the expansion of either category or the creation of a new
category that explicitly delineates such messages as transactional
or relationship would be preferable).
\129\ One consequence of categorizing such opt-in mail as
transactional or relationship is that those who receive it would not
have a legally-mandated opportunity to make an opt-out request
pursuant to sections 7704(a)(3)(A) and (a)(4)(A). Some commenters
noted that association members, and others who receive transactional
or relationship messages, are afforded the right to ``opt out'' as
part of their membership. See, e.g., AOC; AWWA. There is, however,
no legal compulsion for associations to grant this right to members.
---------------------------------------------------------------------------
[[Page 25438]]
The Commission believes it is likely that many such messages may
have a primary purpose that fits within the existing categories of
transactional or relationship messages. However, the Act does not
provide an explicit exemption for communications by membership
associations with their members, nor do any of the comments argue that
modifying the definition of ``transactional or relationship message''
to include comments from associations to their membership is necessary
to accommodate changes in e-mail technology or practices and accomplish
the purposes of the Act. Thus, to the extent that application of the
primary purpose criteria yields the conclusion that a membership
association's e-mail message sent to its membership has a commercial
primary purpose, then the association, as a sender, would need to
comply with the provisions of the Act relating to commercial e-mail
messages.
Lastly, some commenters requested expanding the section
7702(17)(A)(v) category to include messages about service updates or
upgrades, in addition to product upgrades.\130\ One suggested that the
provision should be framed around messages the sender is entitled to
send, rather than those a recipient is entitled to receive.\131\ As
neither of these suggestions was supported by evidence that the
proposed change is necessary to accommodate changes in e-mail
technology or practices and accomplish the purposes of the Act, the
Commission is not inclined to adopt them.
---------------------------------------------------------------------------
\130\ SVM.
\131\ SVM.
---------------------------------------------------------------------------
(6) New Categories of Transactional or Relationship Messages
Recommended by Commenters
Commenters proposed a variety of new transactional or relationship
categories for specific market segments or types of campaigns. These
include messages from educational institutions to their faculty, staff,
students, alumni, and friends; \132\ communications between franchisors
and franchisees; \133\ messages sent by cemeteries and funeral homes;
\134\ all messages sent by businesses to their existing customers;
\135\ business-to-business communications,\136\ including what some
commenters termed ``business relationship messages'''; \137\ messages
sent by non-profit organizations; \138\ messages that provide legally
mandated notifications to customers; \139\ and messages reminding
consumers ``that they are included in the sender's database or have
been added to such database and how they may opt-out.'' \140\ As
discussed above, because no comments suggest that the recommended
changes are necessary to accommodate changes in e-mail technology or
practices and accomplish the purposes of the Act, the Commission
declines to adopt these recommendations. If a message contains the
commercial advertisement or promotion of a commercial product or
service, it contains ``commercial'' content under the Act. If a message
providing non-commercial content (such as a legally mandated
notification) also contains commercial content, then it will be
governed by the Commission's primary purpose criteria as a dual-purpose
message.\141\ The Commission has included in this NPRM questions that
solicit further information on the topic of new transactional or
relationship categories.
---------------------------------------------------------------------------
\132\ KSUF; UNC (arguing that ``CAN-SPAM compliance language''
requiring an opt-out mechanism in every message deemed to be
commercial would negatively impact the recipients' view of the
message, and ``reduce drastically the size'' of their e-mail contact
list).
\133\ Cendant (arguing that the primary purpose of these
messages, even those offering business seminars, is not to sell such
services, but rather to ``timely communicate and offer business
seminars to our franchisees'').
\134\ ICFA (arguing that the CAN-SPAM Act ``never intended to
restrict'' messages sent by cemeteries and funeral homes to alert
families to special events or services, or changes in cemetery
rules).
\135\ NEPA. See also Comerica; ACB; PMA (``[A]ny e-mail relating
to the goods or services which formed the basis of the transaction
or relationship between the sender and the consumer should be
considered a transactional or relationship message.'').
\136\ See, e.g., Visa (noting that the Commission had included a
business-to-business exemption in the Telemarketing Sales Rule);
ACLI (noting the definition of ``Pre-Existing Business
Relationship'' in Sec. 214 of the FACT Act, Pub. L. 108-159, 117
Stat. 1952); MMS; Harte; RMAS; SIA. Courthouse agreed that such a
preexisting or current business relationship exemption is desirable,
but noted that it may be appropriate to limit it to relationships
where there has been a ``prior monetary payment by the recipient to
the sender.''
\137\ Some commenters mentioned a special category of ``business
relationship'' messages: those that are individualized and sent from
one employee of a company to an individual recipient (or small
number of recipients). See, e.g., ESPC; Wells Fargo (stating that if
each e-mail sent by an employee of a business has to be scrubbed
against that business's suppression list it would be
``extraordinarily burdensome and expensive''). The Commission has
asked questions in Part VII of this NPRM about whether such a carve-
out is warranted due to changes in e-mail technology and practices,
and whether such a carve-out is necessary to accomplish the purposes
of the Act.
\138\ See, e g., ASAE; AWWA; ABA; RTCM; AAOMS; IAAMC; ABM; AOC.
Several of these commenters argued that all e-mail communications
from non-profit organizations to their current members should be
deemed ``transactional or relationship messages.'' Others claimed
that messages by nonprofits might be considered ``commercial'' only
if the messages' content related to an activity not substantially
related to the organization's tax-exempt, non-profit purposes. The
main justification offered by these commenters was that a
nonprofit's messages to its members are intended to provide
information in connection with an organization or association
membership and/or to deliver goods and services under the terms of
an existing member, donor or customer relationship.
\139\ According to commenters, these include privacy notices,
billing error notices, and change in terms notices. See IBAT; RMAS
(urging that e-mails including a service deliverable, obligatory
notice, or other contracted-for advice, product, or service should
be transactional); SIA (recommending that notices mandated under
Gramm-Leach-Bliley be considered transactional); Wells Fargo
(suggesting that the Commission coordinate with banking regulators
regarding the overlap in regulations regarding legal notices);
Comerica.
\140\ ValueClick.
\141\ See 16 CFR 316.3. For a detailed discussion of the
Commission's primary purpose criteria, see 70 FR 3110.
---------------------------------------------------------------------------
4. Section 316.2(p)--Definition of ``Valid Physical Postal Address''
The proposed Rule defines the term ``valid physical postal
address'' to clarify that a sender may comply with section
7704(a)(5)(A)(iii) of the Act by including in any commercial e-mail
message any of the following: (1) The sender's current street address;
(2) a Post Office box the sender has registered with the United States
Postal Service; or (3) a private mailbox the sender has registered with
a commercial mail receiving agency (``CMRA'') that is established
pursuant to United States Postal Service regulations. This proposed
definition is important because section 7704(a)(5)(A)(iii) of the Act
requires any commercial e-mail message to include ``a valid physical
postal address of the sender.'' \142\
---------------------------------------------------------------------------
\142\ 15 U.S.C. 7704(a)(5)(A)(iii). It is noteworthy that other
anti-spam legislation introduced in the 108th Congress contained a
requirement that the valid physical address of the sender be
included in each e-mail message. See SPAM Act, S. 1231, section 206
(introduced June 11, 2003). Still other bills required inclusion of
the sender's valid physical street address. See, e.g., Reduction in
Distribution of Spam Act of 2003, H.R. 2214, section 101(a)(1)(D)
(introduced May 22, 2003).
---------------------------------------------------------------------------
In its ANPR, the Commission noted that many senders of commercial
e-mail seeking compliance advice had questioned the scope of the term
``valid physical postal address,'' suggesting rulemaking under section
7711 might be appropriate to clarify this issue.\143\ Accordingly, the
ANPR asked whether the term ``valid physical postal address'' could
fairly be read to encompass a Post Office box or private mailbox,\144\
and
[[Page 25439]]
whether it would be desirable for the Commission to adopt rule
provisions clarifying the scope of the term.\145\
---------------------------------------------------------------------------
\143\ 69 FR at 11781.
\144\ This NPRM uses the term ``private mailbox,'' a term of art
used in the regulations of the United States Postal Service, in
place of the term commercial mail drop, which the ANPR used. When a
commenter is quoted, however, the term the commenter actually used
is reproduced.
\145\ 69 FR at 11781.
---------------------------------------------------------------------------
Dozens of commenters responded on this issue.\146\ A significant
majority of these comments urged the Commission to clarify that a
sender could satisfy the Act's valid physical postal address disclosure
requirement by providing a Post Office box or private mailbox address.
The Commission is persuaded by the arguments these commenters advanced,
and therefore has defined the term in the proposed Rule to include the
sender's street address, Post Office box, or private mailbox, duly
registered with the United States Postal Service or a CMRA. These
comments address a valid physical postal address as a means of
identifying and locating the sender; the statutory intent reflected in
the use of the term ``physical'' in the Act's reference to ``valid
physical postal address;'' and practical concerns regarding the
potential burdens on e-mail senders if Post Office boxes and private
mailbox addresses were not considered to satisfy this requirement.
Comments relating to each of these topics are discussed in turn
immediately below.
---------------------------------------------------------------------------
\146\ One commenter suggested requiring that information
provided to a domain name registrar be valid and include a confirmed
physical address. Vandenberg. Such a requirement is unnecessary as
obtaining a domain name by false or fraudulent representations is
already prohibited by section 7704(a)(1)(A) of the Act. See 15
U.S.C. 7704(a)(1)(A).
---------------------------------------------------------------------------
a. A Valid Physical Postal Address as a Means of Identifying and
Locating the Sender
Commenters uniformly agreed that one intent of CAN-SPAM is to allow
recipients and law enforcement officials to easily identify and locate
senders of e-mail.\147\ These commenters were split, however, on the
issue of whether inclusion of a street address is necessary to
effectuate this intent. Arguing that Post Office boxes and private
mailboxes have been used by criminals in the past as a means of
preserving their anonymity, NFCU opposed reading the term ``valid
physical postal address'' to include those alternatives.\148\ Other
commenters opposed defining ``valid physical postal address'' to
include private mailboxes on the grounds that they are more likely than
Post Office boxes to be used to mask the identity of a rogue spammer
because the United States Postal Service typically has more rigorous
identification procedures than private mailbox companies.\149\ ASTA
opined that allowing a Post Office box or commercial maildrop to be a
``valid physical postal address'' would frustrate the purpose of the
Act because, if the sender falsified his or her registration
information, the address would not help recipients or law enforcement
authorities locate the sender.\150\
---------------------------------------------------------------------------
\147\ A few commenters on either side of this issue were
particularly precise, focusing on the value of a valid physical
postal address to law enforcement authorities and potential
plaintiffs seeking to accomplish service of legal process. See AT&T;
K. Krueger. But see DoubleClick (``If the purpose of this provision
were to identify where companies could be served with legal process,
then the law would have required the listing of a sender's corporate
headquarters or legal `place of doing business.' '').
\148\ See NFCU (noting that ``such addresses are often used in
fraud schemes and effectively shield their owners from
identification''). See also Sachau (``[W]e have too many fly by
nights with post office boxes--here today and gone tomorrow.'');
ValueClick; ICC.
\149\ Gilbert (``P.O. Boxes require identification etc. Many
private mailboxes do not.''); NCL (noting that since some
individuals' and businesses' ``only mailing address * * * is a post
office box,'' inclusion of a P.O. box would be acceptable, but that
private mailbox addresses should be excluded because they ``are
often used to obscure [senders'] real physical locations''); Shaw
(no ``mail drops'').
\150\ ASTA (also noting that a street address is desirable ``to
have a locus about which complaints could be filed if necessary'').
See also RDS (noting that recipients and law enforcement officials
must ``have access to the persons responsible for sending the e-
mail''); NetCoalition (A physical address is necessary to ``ensur[e]
that a sender can be physically located.'').
---------------------------------------------------------------------------
Many commenters took the opposite tack, arguing that allowing a
Post Office box or private mailbox to be a ``valid physical postal
address'' would make it possible to identify and locate senders because
renters of Post Office boxes must provide their street location to the
Post Office as a condition for obtaining a box address.\151\ ERA also
suggested that since very few recipients would ever visit the sender in
person, a Post Office box or private mailbox address would be useful
even if it only allowed the recipient to contact the sender by
conventional mail.\152\ Experian opined that for the Commission to
limit the definition of ``valid physical postal address'' by excluding
Post Office boxes and private mailboxes would exceed the agency's
mandate under the Act.
---------------------------------------------------------------------------
\151\ See, e.g., SIA; Discover; IAC; DMA (suggesting that a Post
Office box should be included as a valid physical postal address
``[w]here the sender is otherwise locatable as a result of being a
registered entity under corporate law or federal securities
regulation''); ABA; DoubleClick. But see Gilbert (claiming that many
private mailboxes do not require identification).
\152\ ERA (noting that a requirement that the street location be
disclosed could result in sender's having to train staff to handle
customer visits).
---------------------------------------------------------------------------
The Commission is aware from its own law enforcement experience
that those who orchestrate illegal schemes typically seek to remain
anonymous to law enforcement officials and the irate public affected by
their schemes. Nevertheless, CAN-SPAM and the FTC's regulations under
it will impact the business practices of many legitimate companies that
send commercial e-mail messages, and the Commission is reluctant to
require such entities to alter their mail handling procedures
unnecessarily. As SIIA noted, ``[a]n individual or entity seeking to
evade identification can just as easily use inaccurate street
addresses'' as hide behind a Post Office box or private mailbox.\153\
Such a seller would simply tell the same lies in a different way. Thus,
allowing the use of Post Office boxes and private mailboxes creates no
greater risk that a sender will falsify information to thwart the
purposes of the Act. Moreover, the regulations of the United States
Postal Service require verification of the street address of any person
seeking to rent a Post Office box or a private mailbox through a
CMRA.\154\ Therefore, the proposed Rule defines the term ``valid
physical postal address'' to include Post Office boxes and private
mailboxes duly registered pursuant to regulations of the United States
Postal Service.\155\
---------------------------------------------------------------------------
\153\ See SIIA. See also Coalition (noting that this provision
is likely to impact legitimate marketers who do not misrepresent
their identity rather than spammers who might as easily falsify a
street address as hide behind a falsely registered Post Office box
or private mailbox).
\154\ A CMRA must confirm that an applicant for a private
mailbox resides or conducts business at the permanent address shown
on the application submitted to the CMRA. Applicants have a duty to
file a revised application if any of the information provided
changes. D042.2.6 (governing procedures for delivery of mail to a
CMRA). Similarly, an application for a Post Office box ``may not be
approved until the applicant's identity and current permanent
physical address where he or she resides or conducts business is
verified.'' D910.2.1-2.2 (DMM Issue 58 plus Postal Bulletin changes
through PB 22130 (6-10-04)). Furthermore, criminal or civil
sanctions for providing false or misleading information on either
application accrue, pursuant to 18 U.S.C. 1001.
\155\ Proposed Rule 316.2(p).
---------------------------------------------------------------------------
b. Statutory Intent Reflected in the Use of the Term ``Physical''
A second issue raised by several commenters was the meaning of the
term ``physical'' in this section of the Act. Some commenters argued
that the inclusion of the word ``physical'' must be given weight and
that this word must be seen as a delimiter of the rest of the phrase,
``valid * * * postal address,'' thus requiring a street address.\156\
These
[[Page 25440]]
commenters read ``physical'' to mean something more than a mere
mailbox. Other commenters countered this argument by citing legislative
history to show that Congress intended that the term ``physical'' be
viewed in contrast to the term ``electronic,'' and to clarify that it
would be insufficient for a sender to simply include an e-mail address
to comply with this provision.\157\
---------------------------------------------------------------------------
\156\ ValueClick (noting that ``[t]he principal rule of
statutory construction is to give meaning to every word''); ICC
(``To give some meaning to the term `physical,' something more than
a mere P.O. Box is required.''); AT&T (``[B]y choosing the adjective
`physical,' Congress intended to authorize the Commission to require
a more substantial presence than a mere Post Office box.'').
\157\ Bahr.
---------------------------------------------------------------------------
The Commission is persuaded that the term ``physical'' can
reasonably be read to include not only street addresses, but also
validly registered Post Office boxes and private mailboxes. Post Office
boxes and private mailboxes have a physical presence, and both are
considered legitimate by the United States Postal Service.
c. Practical Concerns if Post Office Boxes and Private Mailboxes Were
Not Considered ``Valid Physical Postal Addresses''
Commenters who advocated that Post Office box and private mailbox
addresses be considered ``valid physical postal addresses'' also raised
several practical concerns about the possible consequences of excluding
them from the definition. First, some commenters argued that exclusion
of these alternatives could create confusion because there are still
some areas within the United States that do not use street addresses,
but rather rely on Post Office boxes for the delivery of all local
mail.\158\ The proposed definition of ``valid physical postal
address,'' which includes Post Office boxes and private mailboxes, will
resolve the concerns expressed by these commenters.
---------------------------------------------------------------------------
\158\ True (noting that ``[i]t would be literally impossible for
many legitimate mailers to comply with the Act if a PO Box were not
acceptable''); AAR; Jaffe; NAA noting that many smaller newspapers
are on rural routes, designated as box numbers); NCL (``[T]he only
mailing address that some people have is a post office box.'')
---------------------------------------------------------------------------
Other commenters expressed concern that any interpretation of
``valid physical postal address'' that would require a small home-based
business to include its street address in commercial e-mail would
negatively impact the privacy, and possibly the physical security, of
those who run such enterprises.\159\ SBA noted that it has long
advocated allowing the use of Post Office boxes to protect the security
of home-based businesses, which account for more than half of all small
businesses.\160\ The Commission finds these comments persuasive, and
believes that the proposed Rule's definition of ``valid physical postal
address'' addresses their concerns.
---------------------------------------------------------------------------
\159\ MIS; Consumer; Lunde; Jaffe; Oldaker; ESPC; Bahr (noting
that ``junk mailers'' are not required by the Postal Service to
include a return address on their mail); DSA: Independent; ERA.
\160\ SBA.
---------------------------------------------------------------------------
Finally, commenters cited efficiency as a reason for allowing a
Post Office box or private mailbox to be considered a ``valid physical
postal address.'' Comerica noted that Post Office boxes are typically
used by corporations to speed the process of delivery of mail
internally.\161\ ACLI and others pointed out that this is not only an
efficient business practice, but a common one used for many years by a
host of legitimate businesses. Prompted by these and the other
considerations discussed above, the Commission proposes to define
``valid physical postal address'' to include such addresses.
---------------------------------------------------------------------------
\161\ Comerica. See also Visa; DoubleClick; ESPC; SIA; ABA;
MasterCard; Ford Motor; Coalition; SIIA.
---------------------------------------------------------------------------
5. Implications of Certain Definitions for ``Forward-to-a-Friend''
Scenarios
In the ANPR, the Commission requested comment on the impact of CAN-
SPAM on ``forward-to-a-friend'' e-mail marketing campaigns, by which
recipients forward a company's message to other persons. In response,
the Commission received more than forty comments on the issue of
whether forward-to-a-friend marketing campaigns should be required to
comply with the Act.
The most clear-cut ``forward-to-a-friend'' scenario involves the
situation in which a person receives a commercial e-mail message and
forwards the e-mail message to another person. Commenters were also
concerned about a similar, but materially different, scenario involving
a Web page that enables persons who visit it to send a link to or a
copy of that Web page to others via e-mail. CAN-SPAM does not expressly
address either of these forward-to-a-friend scenarios, but three of the
Act's interconnected core definitions--``sender,'' ``initiate,'' and
``procure'' \162\--have an impact on them. Therefore, to assist
industry in complying with the Act, this notice discusses the
applicability of these definitions to forward-to-a-friend practices.
---------------------------------------------------------------------------
\162\ The final Rule incorporates by reference these definitions
in 316.2(m), (f), and (i).
---------------------------------------------------------------------------
Industry commenters uniformly opined that forward-to-a-friend
campaigns should not be required to comply with the Act, especially
when no consideration is provided.\163\ They also opined that once a
commercial e-mail message is forwarded by the original recipient to a
friend or family member, it ceases to be a ``commercial e-mail
message'' under the Act.\164\ Industry commenters expressed concern
that they would be held responsible for CAN-SPAM violations in messages
over which they have no control.\165\ They cited the fact that when the
initial recipient of an e-mail message forwards a company's message,
the company has no control over the content or destination of the
message, and, thus, lacks the ability to ensure CAN-SPAM
compliance.\166\ The original recipient could, for example, delete the
required opt-out mechanism or the valid physical postal address before
forwarding the message to another, or forward the message to someone
who, unbeknownst to the original recipient, has previously sent the
company an opt-out request. If the company--the original sender or
initiator of the e-mail message--is also deemed the sender or initiator
of the forwarded e-mail message, then the company may be liable for
sending a commercial e-mail message that does not include all the
disclosures required by CAN-SPAM \167\ or for sending a
[[Page 25441]]
message to a person who had already sent the company an opt-out
request.\168\
---------------------------------------------------------------------------
\163\ See, e.g., NRF; Visa; M&F PMA; NAA; DoubleClick; MPAA;
Coalition; Time Warner. Commenters tended to discuss two categories
of e-mail messages: marketing campaigns that provide consideration
for forwarding messages and those that do not. Of course,
commenters' concerns were solely about commercial e-mail messages.
One who transmits a non-commercial e-mail message, including a
``transactional or relationship message,'' is not covered by most
CAN-SPAM requirements.
\164\ See, e.g., Experian; Visa; M&F PMA; Coalition; DMA; MPA;
ERA. These commenters reasoned that what begins as a message with a
commercial primary purpose takes on a new personal primary purpose
once the original recipient forwards it to friends and family. As
discussed below, this argument is unavailing. Under the Act, the
primary purpose of an e-mail message does not change based on the
original recipient's reasons for forwarding it. If the original
sender has procured the forwarding of its commercial e-mail message
by intentionally paying, providing other consideration to, or
inducing the original recipient to forward it, then the message
retains its commercial primary purpose. If the original sender does
not procure the forwarding of its message, then that entity is no
longer the ``sender'' of that message if the original recipient
forwards it to other people.
\165\ These commenters' concerns regarding CAN-SPAM compliance
and control over an e-mail message are not implicated in situations
in which the seller/advertiser, rather than the original recipient,
actually originates or transmits the message, such as when the
recipient submits to the seller/advertiser a list of friends and
family to receive commercial messages.
\166\ See, e.g., Experian; PMA; ERA.
\167\ ``It is unlawful for any person to initiate the
transmission of any commercial electronic mail message to a
protected computer unless the message provides (i) clear and
conspicuous identification that the message is an advertisement or
solicitation; (ii) clear and conspicuous notice of the opportunity
under paragraph (3) to decline to receive further commercial
electronic mail messages from the sender; and (iii) a valid physical
postal address of the sender.'' 15 U.S.C. 7704(a)(5) (emphasis
supplied). A recipient who forwards a sender's non-compliant
commercial e-mail message to one or more people could also face
liability as an initiator under CAN-SPAM. 15 U.S.C. 7702(9).
\168\ ``It is unlawful for any person to initiate the
transmission to a protected computer of a commercial electronic mail
message that does not contain a functioning return electronic mail
address or other Internet-based mechanism, clearly and conspicuously
displayed, that (i) a recipient may use to submit, in a manner
specified in the message, a reply electronic mail message or other
form of Internet-based communication requesting not to receive
future commercial electronic mail messages from that sender at the
electronic mail address where the message was received. * * *'' 15
U.S.C. 7704(a)(3)(A) (emphasis supplied). A recipient who forwards a
sender's non-compliant commercial e-mail message to one or more
people could also face liability as an initiator under CAN-SPAM. 15
U.S.C. 7702(9).
---------------------------------------------------------------------------
In contrast, a few consumers, consumer groups, and others opined
that forward-to-a-friend campaigns should comply with the Act
regardless of whether consideration is offered or provided for
forwarding an e-mail message.\169\ NCL expressed concern that these
campaigns may violate the privacy rights of consumers because e-mail
may be sent to consumers who have opted out of receiving e-mail from
the seller. Go Daddy expressed the opinion that such campaigns should
contain an opt-out mechanism that applies to the advertiser.
---------------------------------------------------------------------------
\169\ K. Krueger; NCL; Go Daddy.
---------------------------------------------------------------------------
The analytical starting point for determining the applicability of
the Act to forward-to-a-friend scenarios is the Act's definitions. CAN-
SPAM's definition of `` `sender,' when used with respect to a
commercial electronic mail message, means a person who initiates such a
message and whose product, service, or Internet web site is advertised
or promoted by the message.'' \170\ The term ``initiate,'' in turn,
means ``to originate or transmit such message or to procure the
origination or transmission of such message, but shall not include
actions that constitute routine conveyance of such message.'' \171\
Finally, ``procure'' is defined as follows: ``when used with respect to
the initiation of a commercial electronic mail message, [`procure']
means intentionally to pay or provide other consideration to, or
induce, another person to initiate such a message on one's behalf.''
\172\ By operation of these definitions, a person who intentionally
pays, provides consideration to, or induces another to send on his or
her behalf a commercial e-mail message that advertises or promotes his
or her product may be considered to have ``procured'' the origination
of that message under the Act, and therefore to be an initiator or
sender.\173\ That person is therefore legally responsible for ensuring
that the message includes an opt-out mechanism and the disclosures CAN-
SPAM requires,\174\ and for ensuring that opt-out requests are
honored.\175\
---------------------------------------------------------------------------
\170\ 15 U.S.C. 7702(16)(A) (emphasis supplied).
\171\ 15 U.S.C. 7702(9) (emphasis supplied). ``Routine
conveyance'' is defined as ``the transmission, routing, relaying,
handling, or storing, through an automatic technical process, of an
electronic mail message for which another person has identified the
recipients or provided the recipient addresses.'' 15 U.S.C. 7702(15)
(emphasis supplied).
\172\ 15 U.S.C. 7702(12) (emphasis supplied).
\173\ This, of course, assumes that the activity in question is
not routine conveyance. Activity which constitutes routine
conveyance is not considered initiating or sending a commercial e-
mail. 15 U.S.C. 7702(9) and (15).
\174\ See notes 167 & 168.
\175\ 15 U.S.C. 7704(a)(4).
---------------------------------------------------------------------------
There are two words used in the definition of ``procure'' that need
further explication--``consideration'' and ``induce''--because they are
not defined within the Act and are key to understanding the scope of
the application of the phrase ``intentionally to pay or provide other
consideration to, or induce'' to forward-to-a-friend scenarios.
The term ``consideration'' is generally understood to mean
``something of value (such as an act, a forbearance, or a return
promise) received by a promisor from a promisee.'' \176\ Nothing in
CAN-SPAM's legislative history suggests that Congress intended any
meaning different from this common legal definition of the term. Thus,
where a person forwards, or uses a Web-based mechanism to transmit, a
commercial e-mail message to another, the Commission believes the
initiation of the message has been ``procured'' if the person receives
money, coupons, discounts, awards, additional entries in a sweepstakes,
or the like in exchange for doing so. In such cases, the seller/
advertiser would be the sender or initiator and would be responsible
for ensuring that the message contains the required opt-out mechanism
and disclosures, and that opt-out requests are honored.
---------------------------------------------------------------------------
\176\ Black's Law Dictionary 300 (7th ed. 1999).
---------------------------------------------------------------------------
On the other hand, where there is no payment or consideration from
the sender or initiator, the forwarding of the e-mail will not have
been ``procured'' unless the recipient has been ``induced'' to forward
the message. To induce means ``to lead on to; to influence; to prevail
on; to move by persuasion or influence.'' \177\ ``To induce'' is much
broader than ``to pay consideration'' because it does not require a
transfer of something of value. Nevertheless, the modifier
``intentionally'' limits the verb ``induce,'' and the Commission
believes that Congress used this language to convey that to
``procure,'' one must do something that is designed to encourage or
prompt the initiation of a commercial e-mail.\178\ Thus, the Commission
believes that in order to ``intentionally induce'' the initiation of a
commercial e-mail, the sender must affirmatively act or make an
explicit statement that is designed to urge another to forward the
message.\179\
---------------------------------------------------------------------------
\177\ Webster's New International Dictionary 1269 (2nd ed.
unabridged 1938).
\178\ For example, an e-mail message likely satisfies the Act's
definition of ``procure'' when it includes text such as ``Tell-A-
Friend--Help spread the word by forwarding this message to friends!
To share this message with a friend or colleague, click the `Forward
E-mail' button.''
\179\ In most cases, the Commission is not required to prove
intent when it alleges a law violation. See note 45 above
(Commission not required to prove sender's intent); 70 FR at 3118.
However, in this case, Congress has specifically included intent as
part of the definition of ``procure.''
---------------------------------------------------------------------------
The Commission believes that making available the means for
forwarding a commercial e-mail message, such as using a Web-based
``click-here-to-forward'' mechanism, would not likely rise to the level
of ``inducing'' the sending of the e-mail.\180\ The Commission believes
that this conduct falls within the ambit of ``routine conveyance,''
defined as ``the transmission, routing, relaying, handling, or storing,
through an automatic technical process, of an electronic mail message
for which another person has identified the recipients or provided the
recipient addresses.'' \181\ The Act specifies that ``actions that
constitute routine conveyance'' do not constitute initiation of a
commercial e-mail message.\182\
---------------------------------------------------------------------------
\180\ For example, online retailers may include in their e-mails
or on their Web sites a link that simply states ``E-mail to a
friend.'' Retailers give consumers who click on such links the
opportunity to forward a Web address or content on a Web site via e-
mail. The Commission does not believe that these features satisfy
the definition of ``induce'' because there is only de minimis, if
any, persuasion or influence exerted through such a statement.
\181\ 15 U.S.C. 7702(15) (emphasis supplied).
\182\ 15 U.S.C. 7702(9).
---------------------------------------------------------------------------
When a company makes available the means for persons to forward a
commercial e-mail message--such as using a Web-based ``click-here-to-
forward'' mechanism--the company obviously hopes that its products or
services will be advertised by interested viewers.\183\ Nevertheless,
the Act's legislative history regarding the definition of ``initiate''
explains that a company is engaged in ``routine
[[Page 25442]]
conveyance'' rather than ``initiating'' a commercial e-mail message
when it ``simply plays a technical role in transmitting or routing a
message and is not involved in coordinating the recipient addresses for
the marketing appeal.'' \184\ Based on this legislative history, it
seems clear that a seller that simply offers a mechanism on a Web site
for forwarding advertising engages in ``routine conveyance'' when
someone other than the seller identifies the recipients or provides
their addresses. It seems equally clear, however, that a seller who
offers payment or other consideration to Web site visitors to use a
forwarding mechanism encourages visitors to send commercial e-mail to
recipients who otherwise would not receive the e-mail. In such cases,
the Commission believes that the seller is ``involved in coordinating
the recipient addresses for the marketing appeal.'' Such a seller would
not be entitled to avail itself of the ``routine conveyance'' exception
to ``initiate.'' Questions concerning the Commission's interpretation
of ``routine conveyance'' are included in Part VII of this Notice.
---------------------------------------------------------------------------
\183\ See, e.g., Jaffe (``All companies rely heavily on their
happy customers to spread the word of their products or
services.''); Register (``There is nothing untoward in a company
asking its customers to recommend its goods and services.'').
\184\ S. Rep. 108-102, at 15.
---------------------------------------------------------------------------
B. Section 316.4--Prohibition Against Failure To Effectuate An Opt-Out
Request Within Three Business Days of Receipt
Section 7704(a)(4) of the Act prohibits senders, or persons acting
on their behalf, from initiating the transmission of a commercial e-
mail message to a recipient more than ten business days after senders
have received a recipient's opt-out request.\185\ Section 7704(c)(1) of
the Act empowers the Commission to modify the ten-business-day opt-out
period if it ``determines that a different time frame would be more
appropriate after taking into account the purposes of section 7704(a);
the interests of recipients of commercial electronic mail; and the
burdens imposed on senders of lawful commercial electronic mail.''
\186\ Accordingly, the ANPR asked whether ten business days is a
reasonable time period for effectuating opt-out requests, or whether
the Commission should shorten or lengthen the time frame.
---------------------------------------------------------------------------
\185\ 15 U.S.C. 7704(a)(4).
\186\ 15 U.S.C. 7704(c)(1).
---------------------------------------------------------------------------
As discussed in greater detail below, 316.4(a) of the proposed Rule
tracks section 7704(a)(4) verbatim, with the exception of shortening
the time period for implementation to three business days instead of
ten. This proposed modification will provide enhanced protection for e-
mail recipients' privacy, a key goal of section 7704(a) of the Act, and
is supported by the record that current technology allows for
processing such opt-out requests more expeditiously than the current
ten-business-day time frame.
Section 316.4(b) of the proposed Rule provides that, when enforcing
compliance with proposed 316.4(a) through an order to cease and desist
or an injunction, the Commission, the Federal Communications
Commission, and the attorney general, official, or agency of a State
will not be required to allege or prove a defendant's state of mind as
required by subsections (a)(2)-(4). Proposed 316.4(b) tracks sections
7706(e) and (f)(2) of the Act, which provide that law enforcement
officials need not allege or prove a defendant's state of mind to
obtain a cease and desist order or an injunction to enforce compliance
with any CAN-SPAM provision that includes a state-of-mind component.
The Commission proposes 316.4(b) pursuant to its rulemaking authority
under section 7711(a) to ``issue regulations to implement the
provisions of [the] Act.'' \187\ Proposed 316.4(b) satisfies this
rulemaking standard because it will ensure that the Act's regulation of
CAN-SPAM enforcement applies equally to enforcement of the Rule and the
Act: Whenever a provision of the Act or the Commission's proposed Rule
contains a state-of-mind component, that component is waived when a law
enforcement official seeks a cease and desist order or an
injunction.\188\
---------------------------------------------------------------------------
\187\ 15 U.S.C. 7711(a).
\188\ Pursuant to the Act, this waiver is not available to a
provider of Internet access service bringing a civil action pursuant
to section 7706(g). 15 U.S.C. 7706(g).
---------------------------------------------------------------------------
Below, the Commission reviews comments on the proper time limit to
process opt-out requests and whether recipients' opt-out requests
should expire, and explains its proposed requirement that opt-out
requests be processed within three business days.
1. Commenters' Proposals Regarding the Appropriate Deadline for
Effectuating an Opt-Out Request
Commenters were divided on this issue, with the majority of
industry members, including small businesses, recommending that it be
kept at ten business days or lengthened, and the majority of individual
consumers favoring shortening the period.\189\
---------------------------------------------------------------------------
\189\ Additionally, of the 3,818 responders to the web-based
questionnaire, nearly half (1,700 responders) felt that ten business
days was an appropriate time period for processing opt-out requests.
Thirty-eight percent (1,449 responders), however, supported
shortening this time frame. Only sixteen percent (623 responders)
felt that the time period should be extended.
---------------------------------------------------------------------------
a. Comments Suggesting That a Ten-Business-Day Deadline for
Effectuating an Opt-Out Request Is Appropriate
Nearly half of consumers who commented, and some e-mail senders who
commented, indicated that ten business days is an appropriate time
period for processing opt-out requests,\190\ opining that this time
period provides sufficient time for companies who must synchronize
multiple e-mail databases, forward opt-out requests to third parties,
or manually process opt-out requests.\191\ Other commenters indicated
that currently they are able to process opt-out requests in far fewer
than ten days, but still support the ten-business-day opt-out period to
provide flexibility to accommodate the various ways companies
effectuate opt-out requests.\192\
---------------------------------------------------------------------------
\190\ DoubleClick; ClickZ; SVM; NCL.
\191\ NetCoalition; MPAA; DoubleClick.
\192\ NFCU; NetCoalition; ValueClick.
---------------------------------------------------------------------------
b. Comments Suggesting That Ten Business Days Is Not Enough Time To
Effectuate an Opt-Out Request
A substantial number of commenters proposed lengthening the
deadline for effectuating an opt-out request, citing complex business
arrangements, the use of third-party marketers, and the maintenance of
multiple e-mail databases as reasons for doing so.\193\ While the time
periods proposed by commenters varied, the most common suggestion was
thirty-one days.\194\ Smaller numbers of commenters suggested extending
the opt-out period to fifteen, twenty, or thirty days.\195\ Visa
suggested that rather than a ``bright-line standard'' for the opt-out
time period, the Commission should provide senders with ``flexibility
that is consistent with their business operations and [opt-out]
processing schedules.'' \196\
---------------------------------------------------------------------------
\193\ See, e.g., DMA; ESPC.
\194\ See, e.g., ABM; Chamber; Wells Fargo; DMA; Piper CBA; MPA;
Bankers. Several commenters argued that thirty-one days is an
appropriate time period because it conforms to the recently amended
Telemarketing Sales Rule, which requires telemarketers to scrub
their telemarketing lists against the National Do-Not-Call Registry
every thirty-one days. 69 FR 16368 (March 29, 2004).
\195\ See, e.g., Time Warner (recommending fifteen days); BMO
(recommending twenty days); NNA (recommending thirty days); ESPC
(recommending thirty days).
\196\ Visa (noting that in the Gramm-Leach-Bliley Act
rulemaking, the Commission ultimately determined that it is
appropriate for consumers' opt-out requests to be honored ``as soon
as reasonably practicable'').
---------------------------------------------------------------------------
The ANPR posed questions about the technical procedures, and the
relevant time and costs, associated with processing opt-out requests.
The vast majority of commenters who responded
[[Page 25443]]
to these questions, however, provided only the most conclusory
information. For example, commenters who asserted that complex business
arrangements or the use of third-party marketers impede many senders
from effectuating opt-out requests within ten business days omitted
details about how or why these complex arrangements affect the time and
procedures involved in processing opt-out requests.\197\ Nor did they
specifically explain the role of third parties as they relate to
maintaining and processing suppression lists. Similarly, several
commenters who referred to the use of third-party e-mailers as a reason
for extending the opt-out period did not specify how long it takes to
transfer opt-out requests to these third parties, or the specific
technical procedures involved in such a transfer.\198\
---------------------------------------------------------------------------
\197\ See, e.g., NNA; ABM.
\198\ See, e.g., Visa; ICC; ERA; ABM. But see RDS (suggesting
that where third parties are used, three to five days is an
appropriate time period for processing opt-out requests); Go Daddy
(recommending that five days is an appropriate time frame to allow
for companies that utilize third parties).
---------------------------------------------------------------------------
Several commenters indicated that the average time to effectuate an
opt-out request ``varies'' or that it depends on the size and structure
of the sender's business, but did not provide any specific data
reflecting the minimum or maximum amount of time it can take to
effectuate an opt-out request.\199\ Some commenters complained that the
Act's ten-business-day time frame has proven burdensome for small
businesses with limited staff and resources, or those who lack an
Information Technology department, yet these commenters provided no
specific data justifying a longer period.\200\
---------------------------------------------------------------------------
\199\ Experian. Generally, commenters indicated that currently
there is no industry standard for effectuating opt-out requests.
See, e.g., Go Daddy; ACLI.
\200\ See., e.g., NNA; BMO.
---------------------------------------------------------------------------
The Commission received very few comments that addressed how long
it takes for each step of the opt-out process.\201\ Some commenters
indicated that many opt-out requests are effectuated almost entirely
electronically; other commenters indicated that senders often must
process opt-out requests manually, and argued that such manual
processing warranted extending the opt-out period.\202\ These
commenters did not fully explain the circumstances that would require
opt-outs to be processed by hand, or precisely what such manual
processing entails. As a result, the record lacks anything beyond mere
assertions that complex business processes, limited resources, and
manual processing may prevent senders from honoring opt-out requests
within ten business days. Thus, there is insufficient basis for
extending the opt-out period.
---------------------------------------------------------------------------
\201\ See MBNA.
\202\ See, e.g., MPAA; IPPC; KeyCorp; MBA; BMO (suggesting that
employees who send out individual commercial e-mail messages often
need to collect and circulate opt-out requests manually).
---------------------------------------------------------------------------
Another basis advanced to justify a longer time frame in which to
process opt-out requests was the argument that additional time was
necessary to enable senders to process requests that are submitted via
regular mail or using a method that does not conform to the manner
specified in the e-mail message.\203\ The Commission notes that section
7704(a)(3)(A)(i) of the Act requires that a commercial e-mail message
contain a functioning return e-mail address or other Internet-based
mechanism that the recipient may use to submit an opt-out request, but
does not require requests submitted in other ways be honored within the
given time period.\204\
---------------------------------------------------------------------------
\203\ See, e.g., ESPC; BMO; IPPC; KeyCorp; MBNA.
\204\ 15 U.S.C. 7704(a)(4)(A).
---------------------------------------------------------------------------
Another concern cited by commenters in support of a longer time
period was that unavoidable technical errors occurring during the ten-
business-day window could prolong the opt-out process.\205\ While this
may be a valid concern, the Act already contemplates such unavoidable
technical anomalies. Specifically, section 7704(a)(3)(c) of the Act
states that an electronic return address or other mechanism used for
processing opt-out requests does not fail to satisfy the opt-out
requirement if it ``is unexpectedly and temporarily unable to receive
messages or process requests due to a technical problem beyond the
control of the sender if the problem is corrected within a reasonable
time period.'' \206\ The Commission, accordingly, believes it
unnecessary to extend the opt-out period to account for technical
errors.
---------------------------------------------------------------------------
\205\ See, e.g., AeA.
\206\ 15 U.S.C. 7704(a)(3)(C).
---------------------------------------------------------------------------
Finally, some commenters expressed concern that if the Commission
adopts an interpretation that a commercial mail message can have more
than one sender, ten business days is not a sufficient time to process
opt-out requests.\207\ These commenters argued that under a ``multiple-
sender'' scenario, opt-out requests would need to be communicated to
each sender of any given commercial message, a process which could take
longer than ten business days to complete. As noted above, the proposed
modification of the ``sender'' definition would allow multiple
advertisers in a single commercial e-mail message to establish a single
``sender'' for purposes of CAN-SPAM compliance. Therefore, the
Commission is not inclined to extend the length of time a sender has to
honor opt-out requests to address this concern.
---------------------------------------------------------------------------
\207\ See, e.g., NetCoalition; Bankers; Chamber.
---------------------------------------------------------------------------
c. Comments Suggesting That the Deadline for Effectuating an Opt-Out
Request Should Be Less Than Ten Business Days
Several commenters urged the Commission to set a deadline of less
than ten business days to effectuate an opt-out request, because doing
so would better protect the privacy interests of e-mail recipients and
because the Act's ten-business-day time frame is unnecessarily
generous, given the advanced state of technology used to process opt-
out requests. Specifically, some commenters expressed concerns that
under the current ten-business-day time frame, senders would legally be
allowed to ``mail-bomb'' recipients for ten business days during the
opt-out period.\208\ As one commenter put it, ``Ten days still gives a
commercial spammer a LOT of time to send junk.'' \209\ These concerns
were not supported by factual evidence that such practices actually
occur, or that these practices would be eliminated by a shorter
processing period. The Commission is including questions in Part VII to
learn more about the volume of e-mail received from a particular sender
after a recipient has submitted an opt-out request to that sender.
---------------------------------------------------------------------------
\208\ See, e.g., Giambra; Go Daddy.
\209\ Vandenberg (emphasis in original).
---------------------------------------------------------------------------
Several commenters stated that many senders already have the
ability to process opt-out requests in far fewer than ten business
days, and that many do so immediately upon receipt of such a
request.\210\ Go Daddy, a domain name registrar, indicated that it
currently honors opt-out requests within seconds, and accordingly,
recommended that the Commission shorten the opt-out period.\211\ This
view was supported by several other commenters who noted that opt-out
requests received via an opt-out hyperlink can be added to a
suppression list immediately.\212\ Still other commenters pointed to
currently available mailing list software which will process opt-out
requests almost immediately, with delays of only
[[Page 25444]]
minutes, or even seconds.\213\ Additionally, the Commission is aware of
companies that have designed, or are developing, products geared
specifically towards complying with this aspect of the CAN-SPAM Act,
and which claim to be able to provide fully automated opt-out
processing within minutes. Given that such products are in development,
it seems likely that the market will yield additional competing
technologies in the near future.
---------------------------------------------------------------------------
\210\ See, e.g., RDS; NFCU; NetCoalition; ValueClick.
\211\ Go Daddy (``There are very little costs associated with
deleting a person's e-mail address from a database, since mailing
lists are almost always electronically automated.'').
\212\ See, e.g., MBNA.
\213\ Satchell; K. Kreuger.
---------------------------------------------------------------------------
2. Commission Proposal Regarding the Appropriate Deadline for
Effectuating an Opt-Out Request
Having considered the comments, the Commission believes that while
the record does not demonstrate whether fears of ``mail-bombing''
during an opt-out period are well-founded, the fact that many
commenters already are able to process opt-out requests virtually
instantaneously supports the conclusion that the opt-out period can and
should be shortened. The purpose of the opt-out provision in the Can-
SPAM Act is to protect recipients from unwanted commercial e-mail.
Given that the record suggests that nearly instantaneous processing of
a recipient's request not to receive future e-mail messages can be
accomplished without an undue burden,\214\ the Commission believes that
shortening the opt-out period to three business days is appropriate.
This furthers the key policy objective underlying Can-SPAM to afford e-
mail recipients maximal privacy consistent with reasonable compliance
costs. The three-business-day window allows for adequate time for
processing, even by those entities whose business practices or
technology may not allow for instant removal of e-mail addresses
submitted in opt-out requests. This proposed provision will also ensure
that law enforcement officials need not allege or prove a defendant's
state of mind when seeking a cease and desist order or injunctive
relief to enforce compliance with 316.4(a).
---------------------------------------------------------------------------
\214\ See, e.g., Go Daddy.
---------------------------------------------------------------------------
3. Commenters' Suggestions Regarding Expiration of Opt-Out Requests
Several commenters noted that the Act does not indicate how long a
recipient's opt-out request should remain in effect. Therefore, several
commenters were concerned that senders would be required to maintain
opt-out lists indefinitely.\215\ Commenters argued that without
limiting the duration of opt-out requests, suppression lists could grow
without limit. Several commenters noted that individuals frequently
change their e-mail addresses, or that e-mail addresses often become
inactive from non-use, and argued that without putting a cap on the
duration of opt-out lists, senders would be required to maintain lists
with a potentially large percentage of inaccurate, out-of-date, or
inactive e-mail addresses.\216\ Therefore, commenters urged the
Commission to limit how long opt-out requests remain in effect, and
suggested a limit of two to three years.\217\
---------------------------------------------------------------------------
\215\ See, e.g., Wells Fargo; Experian; Coalition.
\216\ Piper.
\217\ CBA; DMA.
---------------------------------------------------------------------------
The Commission has carefully considered these comments, and notes
that in the somewhat similar context of the National Do Not Call
Registry, the duration of a person's registration is five years, or
until the registrant changes his or her telephone number, or determines
to take the number off the Registry.\218\ In addition, other means
exist to minimize the outmoded entries in the Registry--specifically,
the existence of relevant databases makes it possible for the
Registry's administrator periodically to purge defunct or changed
telephone numbers from the Registry. In this way, the process of
``scrubbing'' a call list is limited so that it is no more expensive or
time-consuming for industry than is necessary. The Commission is not
aware of any similar databases that are available for e-mail marketers
to purge defunct e-mail addresses from their distributions lists. On
the other hand, the fact that an e-mail marketer's suppression list is
likely to have far fewer entries than the 91 million numbers on the
National Do Not Call Registry makes the prospect of ``scrubbing'' far
less daunting, and tends to vitiate the argument for an expiration of
opt-out requests after a certain period of time. Finally, Congress
chose neither to impose such a time limit nor to specifically authorize
the Commission to do so at this time. In view of all these
considerations, the Commission has determined not to propose such a
time limit. Nevertheless, the Commission is receptive to submissions of
information or data that would show that a provision placing a limit on
the duration of an opt-out request would be useful in implementing the
provisions of the Act under section 7711(a).
---------------------------------------------------------------------------
\218\ 68 FR 4640 (Jan. 29, 2003).
---------------------------------------------------------------------------
C. Section 316.5--Prohibition on Charging a Fee or Imposing Other
Requirements on Recipients Who Wish To Opt Out
Proposed 316.5 broadly prohibits the imposition of any fee, any
requirement to provide personally identifying information (beyond one's
e-mail address), or any other obligation as a condition for accepting
or honoring a recipient's opt-out request. This issue was not addressed
in the ANPR, but the Commission now believes it necessary, based on its
observation that some senders of commercial e-mail may be encumbering
recipients' Can-SPAM opt-out rights with such requirements. The
Commission believes that such requirements are entirely inconsistent
with the explicit Congressional policy and purposes embodied in the
Act.
Section 7704(a)(3)(A) of the Act prohibits any person from
initiating ``a commercial electronic mail message that does not contain
a functioning return electronic mail address or other Internet-based
mechanism, clearly and conspicuously displayed, that a recipient may
use to submit * * * a reply electronic mail message or other form of
Internet-based communication requesting not to receive future
commercial electronic mail messages from [the] sender * * * \219\
Section 7704(a)(3)(B) of the Act allows those who initiate commercial
e-mail messages to comply with section 7704(a)(3)(A) ``by providing the
recipient a list or menu from which the recipient may choose the
specific types of commercial electronic mail messages the recipient
wants to receive or does not want to receive from the sender, if the
list or menu includes an option under which the recipient may choose
not to receive any commercial electronic mail messages from the
sender.'' \220\ Section 7704(a)(4), among other things, directs
senders, and those acting on a sender's behalf, to honor recipients'
opt-out preferences within ten business days of receipt of those
preferences.\221\
---------------------------------------------------------------------------
\219\ 15 U.S.C. 7704(a)(3)(A).
\220\ 15 U.S.C. 7704(a)(3)(B).
\221\ See 15 U.S.C. 7704(a)(4)(A). As was explained above, the
Commission is proposing to shorten the amount of time senders, and
those acting on the sender's behalf, have to honor recipients' opt-
out request to three business days. See proposed 16 CFR 316.4.
---------------------------------------------------------------------------
Can-SPAM requires clear and conspicuous display of the mandatory
opt-out mechanism, but imposes no further explicit requirements
regarding the manner in which initiators of commercial e-mail comply
with these provisions. Nevertheless, the whole thrust of the Act is to
ensure recipients can opt out of receiving subsequent
[[Page 25445]]
commercial messages from any sender. Indeed, the sole purpose of the
Act's opt-out provisions is to protect recipients' privacy from senders
of unwanted commercial e-mail; it would be a complete subversion of
this privacy protection to allow senders to compel recipients to
disclose personally identifying information as the price of opting out.
Accordingly, the Commission believes that an e-mail recipient's ability
to submit an opt-out request should not be encumbered by any extraneous
requirements.
Proposed 316.5 provides: ``Neither a sender nor any person acting
on behalf of a sender may require that any recipient pay any fee,
provide any information other than the recipient's electronic mail
address and opt-out preferences, or take any other steps except sending
a reply electronic mail message or visiting a single Internet web page,
in order to: (a) Use a return electronic mail address or other
Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a
request not to receive future commercial electronic mail messages from
a sender; or (b) have such a request honored as required by 15 U.S.C.
7704(a)(3)(B) and (a)(4).''
The Commission intends that this proposed provision apply to all
parties involved in processing recipients' opt-out requests: senders of
commercial e-mail, those who initiate commercial e-mail, and any third
parties that provide assistance to senders in receiving and honoring
recipients' opt-out requests. As was explained above, this proposal
prohibits these parties from charging a fee to submit an opt-out
request, from collecting any information about a recipient other than
his or her e-mail address and opt-out preferences,\222\ and from
requiring recipients to visit more than one Web page to submit an opt-
out request.
---------------------------------------------------------------------------
\222\ The concept of opt-out preferences is introduced in
section 7704(a)(3)(B). Pursuant to that provision, people who
initiate commercial e-mail messages may ask recipients to specify
which types of commercial e-mail they do and do not want from a
sender.
---------------------------------------------------------------------------
CAN-SPAM's legislative history supports this proposed regulation.
Congressman W. J. (Billy) Tauzin stated that ``We intend that senders
of commercial e-mail provide a convenient, clear and simple way for
consumers to opt-out of commercial e-mail.'' \223\ The Commission's
proposal furthers this intent. An opt-out mechanism that requires a
fee, unnecessary disclosure of personal information, or access to
multiple Web pages would be inconsistent with the demand for a
``convenient, clear and simple'' opt-out mechanism.\224\ This proposal
also responds to the concerns of the commenter who argued against
burdensome opt-out procedures.\225\
---------------------------------------------------------------------------
\223\ Hon. W. J. (Billy) Tauzin, Cong. Rec. E74 (Jan. 28, 2004)
(Extension of remarks).
\224\ The findings Congress incorporated in the Act reflect
concern about the costs that spam imposes on unwilling recipients:
``The receipt of unsolicited commercial electronic mail may result
in costs to recipients who cannot refuse to accept such mail and who
incur costs for the storage of such mail, or for the time spent
accessing, reviewing, and discarding such mail, or for both.'' 15
U.S.C. 7701(a)(3) (emphasis supplied). This concern supports the
Commission's proposal to prohibit charging or otherwise encumbering
the opt-out rights that the Act creates.
\225\ See O'Connor.
---------------------------------------------------------------------------
As noted above, the Commission is aware that some e-mail marketers
are attempting to use the CAN-SPAM opt-out mechanism as an opportunity
to collect information about recipients or to subject them to sales
pitches before an opt-out request is completed. Conceivably, some e-
mail marketers could even attempt to charge recipients a fee for
accepting or honoring their opt-out requests. All of these encumbrances
are unacceptable, and, pursuant to section 7711 of the Act, which
authorizes the Commission to ``issue regulations to implement the
provisions of [the] Act,'' \226\ the Commission proposes a rule
provision that would prohibit these encumbrances.
---------------------------------------------------------------------------
\226\ 15 U.S.C. 7711.
---------------------------------------------------------------------------
The prohibitions proposed in this rule provision are not intended
to impose any new burden on e-mail marketers beyond those already
imposed by CAN-SPAM. Nothing on the record suggests a need or
justification for e-mail senders to charge recipients a fee to process
opt-out requests. Moreover, there appears to be no reason why an e-mail
sender would need to collect any information about a recipient other
than his or her e-mail address and opt-out preferences in order to
process that opt-out request because, according to CAN-SPAM, opt-out
requests are specific to a recipient's e-mail address, not his or her
name. Finally, the Commission believes that e-mail senders should be
able to get all the opt-out information they need from a recipient--
namely, the recipient's e-mail address and opt-out preferences--in a
single Web page. Requiring a recipient to visit multiple Web pages
would frustrate recipients' ability to exercise their opt-out rights
under CAN-SPAM, and that is clearly contrary to congressional intent.
In Part VII below, the Commission asks questions requesting information
regarding this proposed rule provision.
D. Section 7704(c)(2)--Aggravated Violations Relating to Commercial E-
mail
Committing an aggravated violation along with a violation of
section 7704(a) could subject a defendant to triple damages in a CAN-
SPAM enforcement action by a state or an ISP.\227\ Section 7704(b) of
the Act lists four practices which are to be considered ``aggravated
violations.'' \228\ According to a Senate Committee Report on an
earlier version of the Act, designating specific practices as
``aggravated'' violations is intended to ``apply to those who violate
the provisions of the bill while employing certain problematic
techniques used to either generate recipient e-mail addresses, or
remove or mask the true identity of the sender.'' \229\
---------------------------------------------------------------------------
\227\ 15 U.S.C. 7706(f)(3)(C), (g)(3)(C).
\228\ The four practices are: (1) automated e-mail address
harvesting; (2) dictionary attacks; (3) automated creation of
multiple e-mail accounts; and (4) relay or retransmission of a
commercial e-mail message through unauthorized access.
\229\ S. Rep. No. 108-102, at 6.
---------------------------------------------------------------------------
Section 7704(c)(2) of the Act authorizes the Commission to specify
activities or practices--in addition to the four already enumerated in
the statute--as aggravated violations if the Commission determines that
``those activities or practices are contributing substantially to the
proliferation of commercial electronic mail messages that are unlawful
under section 7704(a) of the Act.'' (Emphasis supplied.) Some
commenters suggested additional practices that warrant designation as
``aggravated violations.'' After reviewing the comments, the Commission
is not inclined to expand the list of aggravated violations because the
practices cited by commenters are either already prohibited by the Act,
or implicate persons other than those who violate section 7704(a) of
the Act and who are therefore beyond the reach of section 7704(c)(2).
These proposals are discussed immediately below. Two proposals
addressed individually below, regarding manual e-mail address
harvesting and exchange of open proxy lists, are not illegal.
Nevertheless, the Commission is not inclined to create new aggravated
violations regarding these practices.
1. Commenters' Proposals Regarding Aggravated Violations
Numerous commenters recommended that the Commission designate as
aggravated violations practices that already are prohibited by other
provisions of the CAN-SPAM Act,
[[Page 25446]]
including ``spoofing,'' \230\ obscuring the origin of an e-mail
message, falsifying header information, using non-functional opt-out
addresses, and transferring e-mail addresses of persons who have opted-
out.\231\ Because all of these practices are already prohibited by the
Act,\232\ designating them as aggravated violations is unnecessary and
would neither give greater protection to consumers nor provide a
significant new tool to law enforcement. Some commenters urged the
Commission to prohibit inaccurate ``Whois'' information.\233\ For
example, Microsoft, among others, urged that registering a domain name
with false or misleading information be added as an aggravated
violation.\234\ The Commission believes this is already prohibited by
the Act. See 15 U.S.C. 7704(a)(1)(A) (prohibiting initiation of any e-
mail message that includes an originating e-mail address or a domain
name that ``was obtained by means of false or fraudulent pretenses or
representations'').\235\
---------------------------------------------------------------------------
\230\ ``Spoofing'' is defined as disguising an e-mail to make it
appear to come from an address from which it actually did not
originate, such as placing another user's address in the ``from'' or
``reply-to'' lines. See FTC v. GM Funding, Inc., SACV 02-1026 (C.D.
Cal. filed Nov. 6, 2002).
\231\ Richardson (obscuring origin of e-mail); Csorba (forged
headers; invalid opt-out); Calvert (non-functional opt-out); Freese
(non-functioning opt-out); Safell (spoofing); Innovation (false
identification of sender); NetCoalition (deceptive header
information); KALRES (mailing after opt-out request); EDC (automated
harvesting); Moerlien; St. Saveur; O'Connor; Rospenda; ClickZ;
Jensen; Mead; B. Krueger; Discover (transferring e-mail addresses).
\232\ See section 7704(a)(1)(C) (prohibiting header information
that ``fails to identify accurately a protected computer used to
initiate the message because the person initiating the message
knowingly uses another protected computer to relay or retransmit the
message for purposes of disguising its origin''); section 7704(a)(3)
(prohibiting initiation of an e-mail message that does not include a
functioning opt-out mechanism); and section 7704(a)(4)(A)(iv)
(prohibiting the sale, lease, exchange, transfer, or release of the
e-mail address of any person who has opted-out).
\233\ ``Whois'' is an Internet program that allows users to
query a database of people and other Internet entities, such as
domains, networks, and hosts. ``Whois'' databases are maintained
generally by the registrars. ``Whois'' data includes the
registrant's company name, address, phone number, and e-mail
address.
\234\ Microsoft; St. Sauveur. See also Truth (suggesting ways
that accurate Whois information can be used to prevent fraudulent
credit card transactions). The Commission has provided testimony to
the U.S. House of Representatives Judiciary Committee; Subcommittee
on Courts, The Internet, and Intellectual Property regarding the
critical importance of accurate Whois information to the integrity
of the Internet. See Accuracy of ``WHOIS'' Internet Database
Essential to Law Enforcement, FTC Tells Congress, May 22, 2002,
available at http://www.ftc.gov/opa/2002/05/whois.htm.
\235\ See FTC v. Global Net Solutions, Inc., et al., CV-S-05-
0002-PMP (LRL) (D. Nev. filed Jan. 3, 2005) (alleging that, among
other things, the defendants violated 15 U.S.C. 7704(a)(1) of CAN-
SPAM by initiating commercial e-mail containing an originating e-
mail address that was obtained through false representations to the
e-mail service provider).
---------------------------------------------------------------------------
A number of commenters suggested that the Commission consider
including as an aggravated violation intentionally crafting the content
of e-mail messages specifically to evade spam filters.\236\ Some
commenters mentioned in particular the technique of ``hashbusting,''
where random characters or words are intentionally inserted into the
body and/or subject line of the e-mail.\237\ Such techniques often go
hand-in-hand with other stratagems for hiding the true identity of the
sender.\238\
---------------------------------------------------------------------------
\236\ St. Saveur; Danko; ClickZ; Lunde; NetCoalition.
\237\ The technique of inserting sometimes strangely eloquent
nonsense is favored by spammers as an effective way of defeating
spam filters that convert e-mail into ``hashes'' (where characters
in words are converted into numbers) (see, e.g., http://razor.sourceforge.net) or spam filters that use Bayesian statistical
analysis (see, e.g., http://spamassassin.org). Computer programs,
also known as ``Chomskybots,'' can automatically generate such
paragraphs.
\238\ See National Do Not E-mail Registry, A Report To Congress,
FTC, June 2004, at 8 (spammers use many techniques to hide
including: spoofing, open relays, open proxies, and zombie drones).
Available at http://www.ftc.gov/reports/dneregistry/report.pdf.
---------------------------------------------------------------------------
The Commission's view is that hashbusting in the subject line would
likely be covered under section 7704(a)(2) of the Act, which prohibits
the initiation of any commercial e-mail message where the initiator of
that message ``has actual knowledge, or knowledge fairly implied on the
basis of objective circumstances, that a subject heading of the message
would be likely to mislead a recipient, acting reasonably under the
circumstances, about a material fact regarding the contents or subject
matter of the message.'' Hashbusting is prohibited under this section
because using random characters and meaningless words in a message's
subject line can prevent recipients from determining a message's
purpose.
The Commission shares the concerns of commenters about hashbusting
and like techniques in the body of commercial e-mail messages, the
apparent purpose of which is to mislead recipients and frustrate their
efforts to filter out unwanted messages. Nevertheless, adding as an
aggravated violation the crafting of the content of commercial e-mail
messages to evade spam filters appears to be unworkable. Drawing a
bright line to distinguish permissible content from content that would
violate the Act is fraught with practical difficulties and potentially
presents difficult First Amendment issues. Nevertheless, the Commission
includes questions in Part VII of this NPRM to solicit further data
regarding the prevalence of inserting obfuscating content into
commercial e-mail solely to evade spam filters, and to seek views as to
whether, as a practical matter, a bright-line guide could be drawn.
A number of commenters complained about various practices that
cause annoyance for them in using their computers and requested that
such practices be included as aggravated violations. The practices
commenters mentioned most often were distributing viruses,\239\
hijacking browsers (in other words, manipulating a computer user's
ability to navigate the Internet), and using pop-up
advertisements.\240\ Section 7704(a)(1)(C) already prohibits knowingly
using a protected computer to relay or retransmit a commercial or
``transactional or relationship'' message for purposes of disguising
the message's origin.\241\ Thus, using a computer virus to route
messages through someone else's computer is unlawful when doing so
disguises a message's origin. Also, CAN-SPAM only reaches e-mail
messages that satisfy the Act's definitions of ``commercial electronic
mail message'' or ``transactional or relationship message.'' At this
time, it is not clear that a message that does no more than distribute
a computer virus would satisfy either of these definitions and thus be
regulated by CAN-SPAM. Pop-ups and Web browser highjacking are
doubtless annoying to consumers, but, based on the record compiled thus
[[Page 25447]]
far in this proceeding, these specific practices do not appear to be
contributing substantially to the proliferation of commercial e-mail
messages that are prohibited under section 7704(a) of the Act. Where
appropriate, however, the Commission will challenge these practices
under section 5 of the FTC Act.\242\
---------------------------------------------------------------------------
\239\ A ``virus'' is a program or piece of code that is loaded
onto one's computer without one's knowledge and runs against one's
wishes. Computer viruses can replicate themselves and will quickly
use all available computer memory. Some viruses are capable of
transmitting themselves across networks and bypassing security
systems. See, e.g., http://www.webopedia.com/TERM/V/virus.html.
Computer viruses comprise a class of ``malicious code'' that can
include Trojan horses and worms. A ``Trojan horse'' is a destructive
program that masquerades as a benign application. Unlike viruses,
Trojan horses do not replicate themselves but can be just as
destructive. One of the most insidious types of Trojan horse is a
program that claims to rid your computer of viruses but instead
introduces viruses onto your computer. See, e.g., http://www.webopedia.com/TERM/w/worm.html. A worm is a special type of
virus that can replicate itself and use memory, but cannot attach
itself to other programs. See, e.g., http://www.webopedia.com/TERM/T/Trojan_horse.html.
\240\ Richardson; St. Saveur; Keef; ClickZ; Rospenda; Keogh; K.
Krueger; Vowles; Maat; B. Krueger.
\241\ 15 U.S.C. 7704(a)(1)(C). Moreover, section
7704(b)(1)(A)(3) provides: ``It is unlawful for any person knowingly
to relay or retransmit a commercial electronic mail message that is
unlawful under [section 7704(a)] from a protected computer or
computer network that such person has accessed without
authorization.'' 15 U.S.C. 7704(b(1)(A)(3).
\242\ The Commission has alleged, inter alia, that in some
instances, pop-ups and Web browser hijacking (a/k/a mouse trapping)
may interfere with a user's computer. See, e.g., FTC v. D Squared
Solutions LLC, No. 03-CV-3108 (D. Md. 2003) (pop-ups unfairly
interfered with computer use); FTC v. Carlos Pereira, No. 99-1367-A
(E.D. Va. 1999) (manipulating normal functioning of Web browser is
unfair).
---------------------------------------------------------------------------
2. Manual E-mail Address Harvesting
A coalition of four domain name registrars requested that the
Commission consider adding as an aggravated violation the manual
harvesting of e-mail addresses.\243\ The Act itself designates the
automated harvesting of e-mail addresses as an aggravated violation.
The record amassed to date does not document that manual e-mail address
harvesting is a practice that meets the standard specified in CAN-SPAM
to be designated as an aggravated violation--i.e, there is insufficient
evidence that it contributes substantially to the proliferation of
unlawful commercial e-mail messages. Therefore, the Commission has not
adopted this suggestion, but includes questions in Part VII of this
NPRM to solicit further data regarding the prevalence of this practice
and to determine whether the manual harvesting of e-mail addresses is
contributing substantially to the proliferation of commercial e-mail
messages that are prohibited under section 7704(a) of the Act.
---------------------------------------------------------------------------
\243\ Register.
---------------------------------------------------------------------------
3. Open Proxy Lists
Open proxy lists, which are readily available for purchase on the
Internet,\244\ provide the Internet Protocol address and/or the fully
qualified domain name of any computer through which e-mail messages can
be routed. Microsoft proposed that the Commission consider adding the
sale of such lists as an aggravated violation:
\244\ See, e.g., http://www.openproxies.com. Some Web sites
offer a small quantity of ``free'' open proxies but those open
proxies have limited value to spammers. For example, the cited Web
site offers ten free, but slow, open proxies. A slow open proxy has
marginal value to someone who wants to send bulk e-mail because slow
connections use too many computer resources. To obtain a list of
quality fast open proxies, one must pay a monthly fee.
---------------------------------------------------------------------------
Although the CAN-SPAM Act prohibits the practice of relaying
spam through open proxies, drones, or other protected computers, it
does not prohibit the means by which spammers can obtain information
about these computers. A regulation that prohibits the sale [of
lists of such devices] would be a natural analog to Section
[7704](b)(1)(A), which creates an aggravated violation for persons
who ``assist in the transmission'' of spam through the sale or
distribution of harvested e-mail addresses.\245\
\245\ Microsoft.
---------------------------------------------------------------------------
Although the Commission believes that Microsoft has a good point,
and that this practice serves no legitimate purpose and materially
advances the proliferation of spam, the Commission so far has no
information showing that the sellers of open proxy lists are the same
individuals engaged in sending spam, and violating section 7704(a). If
they are not, it would be of dubious value to make the sale of open
proxy lists an aggravated violation because an aggravated violation
only comes into play in situations where a defendant also is violating
section 7704(a). Furthermore, the Commission believes that to use an
open proxy list may already be an aggravated violation under the Act.
Section 7704(b)(3) of the Act states, ``It is unlawful for any person
knowingly to relay or retransmit a commercial electronic mail message
that is unlawful under subsection (a) from a protected computer or
computer network that such person has accessed without authorization.''
\246\ As stated above, the purpose of an open proxy is to relay e-mail
through a third party's server (a proxy server) so that the recipient
cannot trace the sender of the e-mail. Such proxies are almost always
accessed without the authorization of the proxy's system
administrator.\247\ Nevertheless, the Commission seeks additional
information on the sale of open proxy lists to determine whether such
sales ``are contributing substantially to the proliferation of
commercial electronic mail messages that are unlawful under [section
7704(a) of the Act].'' \248\ Specifically, the Commission seeks comment
on whether prohibiting such sales would give a useful new tool to law
enforcement to target unlawful commercial e-mail.
---------------------------------------------------------------------------
\246\ 15 U.S.C. 7704(b)(3).
\247\ See http://www.lurhq.com/proxies.html (most proxies are
not supposed to be public).
\248\ 15 U.S.C. 7704(c)(2).
---------------------------------------------------------------------------
III. Invitation To Comment
All persons are hereby given notice of the opportunity to submit
written data, views, facts, and arguments addressing the issues raised
by this NPRM. All comments should be filed as prescribed in the
ADDRESSES section above, and must be received by June 27, 2005.
IV. Communications by Outside Parties to Commissioners or Their
Advisors
Written communications and summaries or transcripts of oral
communications respecting the merits of this proceeding from any
outside party to any Commissioner or Commissioner's advisor will be
placed on the public record. See 16 CFR 1.26(b)(5).
V. Paperwork Reduction Act
In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C.
3506) (``PRA''), the Commission has reviewed the proposed Rule. The
proposed Rule does not impose any recordkeeping, reporting, or
disclosure requirements or otherwise constitute a ``collection of
information'' as it is defined in the regulations implementing the PRA.
See 5 CFR 1320.3(c).
VI. Regulatory Flexibility Act
The Regulatory Flexibility Act (``RFA''), 5 U.S.C. 601-612,
requires an agency to provide an Initial Regulatory Flexibility
Analysis (``IRFA'') with a proposed rule and a Final Regulatory
Flexibility Analysis (``FRFA'') with the final rule, if any, unless the
agency certifies that the rule will not have a significant economic
impact on a substantial number of small entities. See 5 U.S.C. 603-605.
The Commission requested comment in the ANPR regarding whether CAN-
SPAM regulations would have a significant economic impact on a
substantial number of small entities. Although the Commission received
very few responsive comments, the Commission has determined that it is
appropriate to publish an IRFA in order to inquire into the impact of
the proposed Rule on small entities. Therefore, the Commission has
prepared the following analysis.
A. Reasons for the Proposed Rule
The proposed Rule is advanced pursuant to the Commission's mandate
under the CAN-SPAM Act, 15 U.S.C. 7701-7713. The Act seeks to ensure
that senders of commercial e-mail not mislead recipients as to the
source or content of such messages, and to ensure that recipients of
commercial e-mail have a right to decline to receive additional
commercial e-mail from a particular source. In that regard, section
7702(2)(C) of the Act requires the Commission to issue regulations
defining the relevant criteria to facilitate the determination of
whether the primary purpose of an electronic mail message is to
advertise or promote a product or service, and is therefore
[[Page 25448]]
commercial.\249\ The Act also authorizes the Commission, at its
discretion and subject to certain conditions, to promulgate regulations
expanding or contracting the categories of ``transactional or
relationship messages''; \250\ modifying the ten-business-day period
prescribed in the Act for effectuating a recipient's opt-out request;
\251\ and specifying additional activities or practices as ``aggravated
violations.'' \252\ The Act also authorizes the Commission to ``issue
regulations to implement the provisions of [the] Act.'' \253\
---------------------------------------------------------------------------
\249\ On January 19, 2005, the Commission published a Federal
Register Notice promulgating Rule provisions addressing the
statutory mandate to establish criteria for determining the primary
purpose of an e-mail message. See 16 CFR 316.3.
\250\ 15 U.S.C. 7702(17)(B).
\251\ 15 U.S.C. 7704(c)(1)(A)-(C).
\252\ 15 U.S.C. 7704(c)(2).
\253\ 15 U.S.C. 7711(a).
---------------------------------------------------------------------------
B. Statement of Objectives and Legal Basis
The objective of the proposed Rule is to implement the CAN-SPAM
Act, 15 U.S.C. 7701-7713. The proposed Rule provisions introduced in
this NPRM add a definition of the term ``person''; limit the definition
of ``sender''; clarify that Post Office boxes and private mailboxes
established pursuant to United States Postal Service regulations are
``valid physical postal addresses''; shorten the time a sender has to
effectuate a recipient's opt-out request; and clarify that a recipient
may not be required to pay a fee, provide information other than his or
her e-mail address and opt-out preferences, or take any steps other
than sending a reply e-mail message or visiting a single Internet Web
page to submit a valid opt-out request. The legal basis for the
proposed Rule is the CAN-SPAM Act, 15 U.S.C. 7701-7713.\254\
---------------------------------------------------------------------------
\254\ Specifically, the authority to modify the ten-business-day
period prescribed in the Act for honoring a recipient's opt-out
request is 15 U.S.C. 7704(c)(1)(A)-(C). The Act also grants the
Commission broad authority to ``issue regulations to implement the
provisions of [the] Act.'' 15 U.S.C. 7711(a).
---------------------------------------------------------------------------
C. Description of Small Entities To Which the Proposed Rule Will Apply
The proposed Rule, which incorporates by reference many of the
definitions of the CAN-SPAM Act, applies to ``senders'' of ``commercial
electronic mail messages'' and, to a lesser extent, to ``senders'' of
``transactional or relationship messages.'' \255\ Under the Act, and
the proposed Rule, a ``sender'' is ``a person who initiates [a
commercial electronic mail message] and whose product, service, or
Internet Web site is advertised or promoted by the message.'' \256\ To
``initiate'' a message, one must ``originate or transmit such message
or * * * procure the origination or transmission of such message.''
\257\ The Act does not consider ``routine conveyance'' (defined as
``the transmission, routing, relaying, handling, or storing through an
automatic technical process, of an electronic mail message for which
another person has identified the recipients or provided the recipient
addresses'') to be initiation.\258\
---------------------------------------------------------------------------
\255\ One provision, section 7704(a)(1), which prohibits false
or misleading transmission information, applies equally to
``commercial electronic mail messages'' and ``transactional or
relationship messages''; otherwise, CAN-SPAM's prohibitions and
requirements cover only ``commercial electronic mail messages.''
\256\ 15 U.S.C. 7702(16)(A); Proposed Rule 316.2(m).
\257\ 15 U.S.C. 7702(9).
\258\ 15 U.S.C. 7702(9), (15).
---------------------------------------------------------------------------
Any company, regardless of industry or size, that sends commercial
e-mail messages or transactional or relationship messages would be
subject to the proposed Rule. This would include entities that use e-
mail to advertise or promote their goods, services, or Web sites, as
well as entities that originate or transmit such messages. Therefore,
numerous small entities across almost every industry could be subject
to the proposed Rule. For the majority of entities subject to the
proposed Rule, a small business is defined by the Small Business
Administration as one whose average annual receipts do not exceed $6
million or who has fewer than 500 employees.\259\
Although it is impossible to identify every industry that sends
commercial e-mail messages or transactional or relationship messages,
some surveys suggest that an ever-increasing number are using the
Internet. A recent Harris Interactive poll, for example, found that
about seventy percent of small businesses have an online presence, or
plan to have one by 2005.\260\ A 2001 study by the National Federation
of Independent Business found that, at that time, fifty-seven percent
of all small employers used the Internet for business-related
activities.\261\ While these statistics do not quantify the number of
small businesses that send commercial e-mail messages or transactional
or relationship messages, they suggest that many small businesses are
using the Internet in some capacity. The Commission is aware of at
least one survey that suggests that eighty-five percent of small
businesses surveyed communicate with existing customers via e-mail, and
sixty-seven percent of small businesses communicate with potential
buyers via e-mail.\262\
---------------------------------------------------------------------------
\259\ These numbers represent the size standards for most retail
and service industries ($6 million total receipts) and manufacturing
industries (500 employees). A list of the SBA's size standards for
all industries can be found at http://www.sba.gov/size/summary-whatis.html. SBA's comment estimates that there are 22.9 million
small businesses in the U.S.
\260\ See http://www.ecommercetimes.com/story/35004.htm.
\261\ See http://www.nfib.com/object/2937298.html.
\262\ See Electronic Commerce News, Mar. 15, 2004, ``Gearing Up
for Next Front in the War on Spam.'' SBA studies similarly show that
eighty-three percent of small businesses use e-mail.
---------------------------------------------------------------------------
Given the paucity of data concerning the number of small businesses
that send commercial e-mail messages or transactional or relationship
messages, it is not possible to determine precisely how many small
businesses would be subject to the proposed Rule. Accordingly, the
Commission believes that a precise estimate of the number of small
entities subject to the proposed Rule is not currently feasible, and
specifically requests information or comment on this issue.
D. Projected Reporting, Recordkeeping, and Other Compliance
Requirements
The proposed Rule would not impose any specific reporting,
recordkeeping, or disclosure requirements within the meaning of the
Paperwork Reduction Act. Because the CAN-SPAM Act establishes a
comprehensive regulatory scheme for commercial and transactional or
relationship e-mail messages, and because the Act is enforceable by the
FTC as though it were an FTC Trade Regulation Rule, the proposed Rule
primarily clarifies the scope of certain definitions within the Act.
Specifically, the proposed Rule defines one new term, ``person'';
limits the definition of ``sender''; and clarifies that Post Office
boxes and private mailboxes established pursuant to United States
Postal Service regulations are ``valid physical postal addresses.'' The
proposed Rule also clarifies that a recipient may not be required to
pay a fee, provide information other than his or her e-mail address and
opt-out preferences, or take any steps other than sending a reply e-
mail message or visiting a single Internet Web page to submit a valid
opt-out request. Only one provision of the proposed Rule imposes
substantive compliance obligations, and the Commission does not believe
that that provision is likely to impose a substantial impact on
significant numbers of small entities. The proposed Rule would require
senders to honor recipients' opt-out requests within three
[[Page 25449]]
business days rather than the ten business days that the Act would
otherwise allow.\263\ The Commission anticipates that, in some cases,
senders of commercial e-mail may need to purchase software, use an
appropriate e-mail service provider, or adopt other business practices
or policies to ensure that recipients' opt-out requests are honored. As
discussed earlier, comments suggest that software for this purpose is
commercially available, is widely used already, and can process opt-out
requests instantaneously.\264\ If so, the proposal to allow three
business days rather than ten for processing opt-out requests would not
seem to increase or otherwise adversely affect such compliance costs.
Moreover, because the Commission believes legitimate senders may be
honoring their recipients' opt-out requests within the proposed three-
business-day time frame, the Commission questions whether the proposed
Rule imposes any compliance costs beyond those already incurred in the
ordinary course of business. The Commission seeks comment and
information on software, labor, professional, or other relevant
compliance cost issues, if any.
---------------------------------------------------------------------------
\263\ 15 U.S.C. 7704(a)(4).
\264\ See generally Part II.B.1.c. above. For example, Go Daddy
stated: ``There are very little costs associated with deleting a
person's e-mail address from a database, since mailing lists are
almost always electronically automated.'' See also RDS; NFCU;
NetCoalition; ValueClick (indicating that opt-out requests are
already being processed quickly).
---------------------------------------------------------------------------
E. Identification of Other Duplicative, Overlapping, or Conflicting
Federal Rules
The FTC has not identified any other federal statutes, rules, or
policies that would conflict with the proposed Rule's provisions,
which, as noted above, add a definition of the term ``person''; limit
the definition of ``sender''; clarify that Post Office boxes and
private mailboxes established pursuant to United States Postal Service
regulations are ``valid physical postal addresses''; shorten the time a
sender has to honor a recipient's opt-out request; and clarify that a
recipient may not be required to pay a fee, provide information other
than his or her e-mail address and opt-out preferences, or take any
steps other than sending a reply e-mail message or visiting a single
Internet Web page to submit a valid opt-out request.
The FTC seeks comment and information about any statutes or rules
that may conflict with the proposed requirements, as well as any other
state, local, or industry rules or policies that may overlap or
conflict with the requirements of the proposed Rule.
F. Discussion of Significant Alternatives
As discussed above, the CAN-SPAM Act primarily seeks to ensure that
senders of commercial e-mail not mislead recipients as to the source or
content of such messages, and to ensure that recipients of commercial
e-mail have a right to decline to receive additional commercial e-mail
from a particular source. The Act, not the proposed Rule, imposes these
obligations. The Commission nonetheless has considered and is proposing
to adopt clarifications of the statutory definitions suggested in
comments by the SBA and other entities advocating on behalf of small
business interests, particularly the definitions of ``sender'' and
``valid physical postal address.'' Although the definitions do not
impose any compliance burden, the proposed clarifications should help
avoid legal or other costs that could otherwise result from
uncertainty, if any, about what the proposed Rule covers or requires.
As already noted, the Commission is inviting comment on these proposed
definitions, including any alternatives that might help further explain
or articulate their meaning and scope, consistent with the Act's
definitions of those terms. In addition, as explained earlier, the
Commission has also considered alternatives to the compliance
requirements for receiving and honoring recipients' opt-out requests in
deciding to propose: (1) A three-business-day period for honoring opt-
out requests rather than the maximum ten-business-day period otherwise
allowed under the Act; and (2) a prohibition on e-mail senders' ability
to collect a fee, require submission of information other than a
recipient's e-mail address and opt-out preferences, or require a
recipient to take any steps other than sending a reply e-mail message
or visiting a single Internet Web page to submit a valid opt-out
request. The Commission believes the proposed alternatives are more
likely to protect recipients from unwanted commercial e-mail and, thus,
would more fully effectuate the purposes of the Act. Moreover, as noted
earlier, the Commission believes the proposed alternatives will not
substantially increase compliance costs because of the availability of
commercial software that can process opt-out requests well within the
proposed compliance period for businesses that send e-mail on their own
behalf, and for e-mail service providers who send bulk e-mail on behalf
of others, and because the Commission is only proposing to prohibit the
extraneous encumbrance of a recipient's ability to submit an opt-out
request. Nevertheless, the FTC seeks comment on significant
alternatives, if any, to the proposed compliance period and the
proposed governance of how opt-out requests are submitted that would
further minimize any compliance costs, consistent with the purposes of
the CAN-SPAM Act.
VII. Questions for Comment on the Proposed Rule
The Commission seeks comment on various aspects of the proposed
Rule. Without limiting the scope of issues on which it seeks comment,
the Commission is particularly interested in receiving comments on the
questions that follow. In responding to these questions, include
detailed, factual supporting information whenever possible.
A. General Questions for Comment
Please provide comment, including relevant data, statistics, or any
other evidence, on each proposed change to the Rule. Regarding each
proposed provision commented on, please include answers to the
following questions:
1. What is the effect (including any benefits and costs), if any,
on consumers?
2. What is the impact (including any benefits and costs), if any,
on individual firms that must comply with the Rule?
3. What is the impact (including any benefits and costs), if any,
on industry?
4. What changes, if any, should be made to the proposed Rule to
minimize any cost to industry or consumers?
5. How would each suggested change affect the benefits that might
be provided by the proposed Rule to consumers or industry?
6. How would the proposed Rule affect small business entities with
respect to costs, profitability, competitiveness, and employment?
B. Questions on Proposed Specific Provisions
In response to each of the following questions, please provide: (1)
detailed comment, including data, statistics, and other evidence,
regarding the issue referred to in the question; (2) comment as to
whether the proposals do or do not provide an adequate solution to the
issues they were intended to address, and why; and (3) suggestions for
changes that might better maximize consumer protections or minimize the
burden on industry.
[[Page 25450]]
1. Section 316.2--Definitions
a. Does the proposed definition of ``person'' clarify those
individuals and entities that are covered by the Rule and the Act?
Should the proposed definition be modified? If so, how?
b. Does the proposed definition of ``sender'' clarify who will be
responsible for complying with the CAN-SPAM Act when a single e-mail
contains content promoting or advertising the products, services, or
Web sites of multiple parties? Should the proposed definition be
modified? If so, how? Do the proposed criteria provide adequate
guidance to establish who is the sender when there are multiple
advertisers?
c. Should opt-out obligations be extended to third-party list
providers who do nothing more than provide a list of names to whom
others send commercial e-mails? If so, how could this be accomplished,
given the statutory language which defines ``sender'' in terms of an
entity that both initiates a message and advertises its product,
service, or Internet web site in the message?
d. Should the Commission adopt a ``safe harbor'' with respect to
opt-out and other obligations for companies whose products or services
are advertised by affiliates or other third parties? If not, why not?
If so, what would be appropriate criteria for such a safe harbor?
e. Does the proposed definition of ``valid physical postal
address'' clarify what will suffice under the Act's requirement that a
sender include such an address in a commercial e-mail? Should the
proposed definition be modified? If so, how?
f. Should CAN-SPAM apply to e-mail messages sent to members of
online groups? What types of online groups exist? How are they formed?
Does formation typically address the use of unsolicited commercial e-
mail with respect to the group? How are e-mail messages transmitted or
posted to an online group? Should members be able to opt out of
unwanted commercial messages while continuing to receive messages
relating to the subject matter of the group? Does this analysis change
depending on whether the message is sent by a group member or a source
outside the group? Does this analysis change depending on whether the
message is unrelated to the subject matter of the online group? Does
this analysis change if the online group has a moderator who decides
which messages to forward to the group?
2. Section 316.2(o)--``Transactional or Relationship Message''
a. If an e-mail message contains only a legally mandated notice,
should this message be considered a transactional or relationship
message? Which, if any, of the existing categories of transactional or
relationship message would such a message likely fit into? If such a
message were considered not to have a transactional or relationship
purpose, would it be exempt from regulation under the Act?
b. Should debt collection e-mails be considered ``commercial''? Or,
should debt collection e-mails be considered transactional or
relationship messages that complete a commercial transaction that the
recipient has previously agreed to enter into with the sender? Such an
interpretation assumes that the entity with whom the recipient
transacted business is the entity sending the collection e-mail, or
that the term ``sender'' can be interpreted to encompass a third party
acting on behalf of one who would otherwise qualify as a sender. Can a
third-party debt collector be considered a ``sender''?
c. Are there any messages that fall outside of the reach of the
proposed Rule that should not? If so, how might this be remedied?
d. Can a ``commercial transaction'' under section 7702(17)(A)(i)
exist even in the absence of an exchange of consideration?
e. If the primary purpose of an e-mail message is to facilitate,
complete, or confirm a commercial transaction that the recipient has
previously agreed to enter into with the sender, it is a transactional
or relationship message under section 7702(17)(A)(i). Should messages
from affiliated third parties that purport to be acting on behalf of
another entity (the one with whom the recipient transacted) be
considered transactional or relationship messages under this provision?
f. Under what, if any, circumstances should an e-mail message sent
to effectuate or complete a negotiation be considered a ``transactional
or relationship message'' under section 7702(17)(A)(i)?
g. Is it appropriate to classify messages offering employee
discounts or other similar messages as transactional or relationship
messages that ``provide information directly related to an employment
relationship''? Is a relevant factor the employer's provision of the e-
mail address to which such messages are sent to the employee? For
example, should all messages sent from an employer to an employee at
the employer-provided e-mail address be considered transactional or
relationship under section 7702(17)(A)(iv)?
h. The Commission believes that an e-mail message sent on behalf of
a third party, even with the permission of an employer, is not
``transactional or relationship.'' Is there any such scenario in which
the e-mail message at issue could be considered ``transactional or
relationship''? If so, explain.
i. For purposes of section 7702(17)(A)(iv) of the Act, should
``provid[ing] information directly related to an employment
relationship'' include providing information related to such a
relationship after an offer of employment is tendered?
j. Where a recipient has entered into a transaction with a sender
that entitles the recipient to receive future newsletters or other
electronically delivered content, should e-mail messages the primary
purpose of which is to deliver such products or services be deemed
transactional or relationship messages?
k. Should the Commission modify the Act's definition of
``transactional or relationship message'' to include what some
commenters call ``business relationship messages,'' which are
individualized messages that are sent from one employee of a company to
an individual recipient (or a small number of recipients)? If so, what
changes in e-mail technology and practices warrant this, and is such a
modification necessary to accomplish the purposes of the Act?
l. The Commission believes that e-mail messages from an association
or other membership entity to its membership are likely ``transactional
or relationship'' in nature, pursuant to section 7702(17)(A)(v). Should
messages from such senders to lapsed members also be considered
``transactional or relationship'' under that section? Should such
messages to lapsed members be considered ``commercial'' when they
advertise or promote the membership entity?
3. ``Forward-To-A-Friend'' E-mail Messages
a. Does the Commission's discussion in this NPRM of the Act's
definitions of ``initiate,'' ``procure,'' and ``sender'' provide
sufficient guidance to industry and consumers? Does the Commission's
explication of the term ``induce'' provide sufficient guidance to
industry and consumers? Does the Commission's discussion of ``routine
conveyance'' provide sufficient guidance to industry and consumers?
Does the Commission's interpretation of any of these terms impose any
undue burdens on industry or consumers?
[[Page 25451]]
b. Are there other forwarding mechanisms not discussed in this
notice that should be considered ``routine conveyance''? Are there
other forwarding mechanisms that should not be considered ``routine
conveyance''?
c. Does the Commission's reading of ``procure'' to mean something
that entails either payment of consideration or some explicit
affirmative action or statement designed to elicit the initiation of a
commercial e-mail message provide sufficient guidance to industry and
consumers? Why or why not?
d. Are there circumstances in which a seller could offer
consideration to a person to forward a commercial e-mail that should be
included within the ``routine conveyance'' exception?
e. Does the Commission's position on ``routine conveyance'' provide
industry with sufficient guidance concerning Web-based forwarding
mechanisms? Does it impose any undue burdens on industry or consumers?
4. Section 316.4--Prohibition Against Failure To Honor Opt-Out Requests
Within Three Business Days of Receipt
a. Is three business days an appropriate deadline for effectuating
an opt-out request? If not, what time frame would be more appropriate?
Does the Commission's proposal that multiple advertisers in a single
commercial e-mail message may arrange to have only one of those
advertisers be the ``sender'' affect what time frame would be
appropriate? If so, how?
b. Are some commenters' concerns warranted that under the original
ten-business-day provision senders would be permitted to bombard a
recipient with e-mail for ten business days following his or her opt-
out request? Why or why not? Is this a commonly-occurring practice? If
so, what is the evidence supporting this? Providing as much detail as
possible, explain whether recipients continue to receive commercial e-
mail from a particular sender after submitting an opt-out to that
sender. For example, are recipients who submit opt-out requests
targeted for receipt of additional commercial e-mail? How likely are
recipients to continue to receive additional commercial e-mail from a
particular sender within ten business days after submission of an opt-
out request? How likely after ten business days?
c. Some commenters indicated that there are several software
products on the market that can effectuate opt-out requests almost
immediately. Are such products widely or currently used by e-mail
senders? Are these products affordable for small entities? What are the
costs and benefits of using such products?
d. What specific technical procedures are required to suppress a
person's e-mail address from a sender's directory or distribution list?
What are the specific time requirements and costs associated with those
procedures? What, if any, manual procedures are required to suppress a
person's e-mail address from a sender's directory or distribution list?
What, if any, costs are associated with the manual suppression of e-
mail addresses? How do such costs compare with costs associated with
electronic processing? What, if any, circumstances would require manual
processing of opt-out requests? How prevalent is the use of manual
procedures to suppress people's e-mail addresses from a sender's
directory or list? What are the characteristics of senders that use
manual procedures to process opt-out requests? What are the
characteristics of senders that use electronic procedures to process
opt-out requests? Do small entities process opt-out requests manually
or electronically?
e. In marketing agreements involving the use of third parties, what
typically is the role of each third party in processing an opt-out
request? For example, who typically receives the opt-out request and
how? If the opt-out request must be transferred to a third party, how
is that transfer accomplished, and how long does such a transfer
typically take? Once an opt-out request is received by the third party,
what procedures are involved in effectuating the opt-out request, and
how long do such procedures typically take?
f. Should there be time limits on the duration of opt-out requests?
Why or why not? Does the CAN-SPAM Act give the Commission authority to
limit the time opt-out requests remain in effect? If so, how?
g. Is an e-mail marketer's suppression list likely to have far
fewer entries than the 84 million numbers on the National Do Not Call
Registry? How many recipients receive an e-mail marketer's messages in
a typical e-mail marketing campaign? How many of those recipients
submit opt-out requests?
5. Section 316.5--Receipt of Requests Not To Receive Future Commercial
E-mail Messages From a Sender
a. What are the costs to senders and benefits to recipients of
proposed 316.5?
b. Does the Commission's proposal regulating how recipients submit
opt-out requests accomplish the goal of removing all extraneous
encumbrances that could interfere with a recipient's ability to submit
an opt-out request? Do any e-mail senders deprive recipients of any
benefit when they submit an opt-out request? Should depriving
recipients of a benefit when they opt out be added to the list of
encumbrances prohibited by this proposal?
c. Should the Commission's proposal regulating how recipients
submit opt-out requests be changed in any way?
6. Aggravated Violations Relating to Commercial E-mail
a. What data are available that would demonstrate that the manual
harvesting of e-mail addresses is contributing substantially to the
proliferation of commercial e-mail messages that are prohibited under
section 7704(a) of the Act? Are there legitimate uses of manual
harvesting that should be preserved?
b. What evidence is there that the sellers of open proxy lists also
engage in sending e-mail messages that are prohibited under section
7704(a) of the Act? Are there any legitimate purposes for selling or
distributing for consideration open proxy lists? Are there any
circumstances in which an open proxy would be used by a third party
with permission of the proxy's operator?
c. Are there practices that contribute substantially to the
proliferation of unlawful commercial e-mail messages and are not
already prohibited by the Act? For example, is harvesting e-mail
addresses from peer-to-peer networks already prohibited by the Act? Is
that practice contributing substantially to the proliferation of
unlawful commercial e-mail messages? Is harvesting e-mail addresses
from newsgroups and other similar online forums already prohibited by
the Act? Is that practice contributing substantially to the
proliferation of unlawful commercial e-mail messages?
7. Renumbering Provisions of the Sexually Explicit Labeling Rule and
Integration of Those Provisions Into The Proposed CAN-SPAM Rule
a. Is the Commission's proposal to renumber and integrate into the
Proposed CAN-SPAM Rule the provisions of the previously-adopted
Sexually Explicit Labeling Rule a good solution? If not, why not? What
other approach would be better? Why?
VIII. Proposed Rule
List of Subjects in 16 CFR Part 316
Advertising, Computer technology, Electronic mail, Internet, Trade
practices.
Accordingly, for the reasons set forth in the preamble, the
Commission proposes to amend title 16, chapter 1,
[[Page 25452]]
subchapter C of the Code of Federal Regulations as follows:
1. Revise part 316 to read as follows:
PART 316--CAN-SPAM RULE
Sec.
316.1 Scope.
316.2 Definitions.
316.3 Primary purpose.
316.4 Prohibition against failure to honor an opt-out request within
three business days of receipt.
316.5 Prohibition on charging a fee or imposing other requirements
on recipients who wish to opt out.
316.6 Requirement to place warning labels on commercial electronic
mail that contains sexually oriented material.
316.7 Severability.
Authority: 15 U.S.C. 7701-7713.
Sec. 316.1 Scope.
This part implements the Controlling the Assault of Non-Solicited
Pornography and Marketing Act of 2003 (``CAN-SPAM Act''), 15 U.S.C.
7701-7713.
Sec. 316.2 Definitions.
(a) The definition of the term ``affirmative consent'' is the same
as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(1).
(b) ``Character'' means an element of the American Standard Code
for Information Interchange (``ASCII'') character set.
(c) The definition of the term ``commercial electronic mail
message'' is the same as the definition of that term in the CAN-SPAM
Act, 15 U.S.C. 7702(2).
(d) The definition of the term ``electronic mail address'' is the
same as the definition of that term in the CAN-SPAM Act, 15 U.S.C.
7702(5).
(e) The definition of the term ``electronic mail message'' is the
same as the definition of that term in the CAN-SPAM Act, 15 U.S.C.
7702(6).
(f) The definition of the term ``initiate'' is the same as the
definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(9).
(g) The definition of the term ``Internet'' is the same as the
definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(10).
(h) ``Person'' means any individual, group, unincorporated
association, limited or general partnership, corporation, or other
business entity.
(i) The definition of the term ``procure'' is the same as the
definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(12).
(j) The definition of the term ``protected computer'' is the same
as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(13).
(k) The definition of the term ``recipient'' is the same as the
definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(14).
(l) The definition of the term ``routine conveyance'' is the same
as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(15).
(m) The definition of the term ``sender'' is the same as the
definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(16),
provided that, when more than one person's products or services are
advertised or promoted in a single electronic mail message, each such
person who is within the Act's definition will be deemed to be a
``sender,'' except that, if only one such person both is within the
Act's definition and meets one or more of the criteria set forth below,
only that person will be deemed to be the ``sender'' of that message:
(1) The person controls the content of such message;
(2) The person determines the electronic mail addresses to which
such message is sent; or
(3) The person is identified in the ``from'' line as the sender of
the message.
(n) The definition of the term ``sexually oriented material'' is
the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C.
7704(d)(4).
(o) The definition of the term ``transactional or relationship
messages'' is the same as the definition of that term in the CAN-SPAM
Act, 15 U.S.C. 7702(17).
(p) ``Valid physical postal address'' means the sender's current
street address, a Post Office box the sender has registered with the
United States Postal Service, or a private mailbox the sender has
registered with a commercial mail receiving agency that is established
pursuant to United States Postal Service regulations.
Sec. 316.3 Primary purpose.
(a) In applying the term ``commercial electronic mail message''
defined in the CAN-SPAM Act, 15 U.S.C. 7702(2), the ``primary purpose''
of an electronic mail message shall be deemed to be commercial based on
the criteria in paragraphs (a)(1) through (3) and (b) of this
section:\1\
---------------------------------------------------------------------------
\1\ The Commission does not intend for these criteria to treat
as a ``commercial electronic mail message'' anything that is not
commercial speech.
---------------------------------------------------------------------------
(1) If an electronic mail message consists exclusively of the
commercial advertisement or promotion of a commercial product or
service, then the ``primary purpose'' of the message shall be deemed to
be commercial.
(2) If an electronic mail message contains both the commercial
advertisement or promotion of a commercial product or service as well
as transactional or relationship content as set forth in paragraph (c)
of this section, then the ``primary purpose'' of the message shall be
deemed to be commercial if:
(i) A recipient reasonably interpreting the subject line of the
electronic mail message would likely conclude that the message contains
the commercial advertisement or promotion of a commercial product or
service; or
(ii) The electronic mail message's transactional or relationship
content as set forth in paragraph (c) of this section does not appear,
in whole or in substantial part, at the beginning of the body of the
message.
(3) If an electronic mail message contains both the commercial
advertisement or promotion of a commercial product or service as well
as other content that is not transactional or relationship content as
set forth in paragraph (c) of this section, then the ``primary
purpose'' of the message shall be deemed to be commercial if:
(i) A recipient reasonably interpreting the subject line of the
electronic mail message would likely conclude that the message contains
the commercial advertisement or promotion of a commercial product or
service; or
(ii) A recipient reasonably interpreting the body of the message
would likely conclude that the primary purpose of the message is the
commercial advertisement or promotion of a commercial product or
service. Factors illustrative of those relevant to this interpretation
include the placement of content that is the commercial advertisement
or promotion of a commercial product or service, in whole or in
substantial part, at the beginning of the body of the message; the
proportion of the message dedicated to such content; and how color,
graphics, type size, and style are used to highlight commercial
content.
(b) In applying the term ``transactional or relationship message''
defined in the CAN-SPAM Act, 15 U.S.C. 7702(17), the ``primary
purpose'' of an electronic mail message shall be deemed to be
transactional or relationship if the electronic mail message consists
exclusively of transactional or relationship content as set forth in
paragraph (c) of this section.
(c) Transactional or relationship content of e-mail messages under
the CAN-SPAM Act is content:
(1) To facilitate, complete, or confirm a commercial transaction
that the
[[Page 25453]]
recipient has previously agreed to enter into with the sender;
(2) To provide warranty information, product recall information, or
safety or security information with respect to a commercial product or
service used or purchased by the recipient;
(3) With respect to a subscription, membership, account, loan, or
comparable ongoing commercial relationship involving the ongoing
purchase or use by the recipient of products or services offered by the
sender, to provide --
(i) Notification concerning a change in the terms or features;
(ii) Notification of a change in the recipient's standing or
status; or
(iii)At regular periodic intervals, account balance information or
other type of account statement;
(4) To provide information directly related to an employment
relationship or related benefit plan in which the recipient is
currently involved, participating, or enrolled; or
(5) To deliver goods or services, including product updates or
upgrades, that the recipient is entitled to receive under the terms of
a transaction that the recipient has previously agreed to enter into
with the sender.
Sec. 316.4 Prohibition against failure to honor an opt-out request
within three business days of receipt.
(a) If a recipient makes a request using a mechanism provided
pursuant to 15 U.S.C. 7704(a)(3) not to receive some or any commercial
electronic mail messages from a sender, and does not subsequently
provide affirmative consent to receive commercial electronic mail
messages from such sender, then it is a violation of 15 U.S.C.
7704(a)(4):
(1) For the sender to initiate the transmission to the recipient,
more than three business days after the receipt of such request, of a
commercial electronic mail message that falls within the scope of the
request;
(2) For any person acting on behalf of the sender to initiate the
transmission to the recipient, more than three business days after the
receipt of such request, of a commercial electronic mail message with
actual knowledge, or knowledge fairly implied on the basis of objective
circumstances, that such message falls within the scope of the request;
(3) For any person acting on behalf of the sender to assist in
initiating the transmission to the recipient, through the provision or
selection of addresses to which the message will be sent, of a
commercial electronic mail message with actual knowledge, or knowledge
fairly implied on the basis of objective circumstances, that such
message would violate clause (a) or (b); or
(4) For the sender, or any other person who knows that the
recipient has made such a request, to sell, lease, exchange, or
otherwise transfer or release the electronic mail address of the
recipient (including through any transaction or other transfer
involving mailing lists bearing the electronic mail address of the
recipient) for any purpose other than compliance with this Act or other
provision of law.
(b) In any proceeding or action pursuant to the CAN-SPAM Act or the
CAN-SPAM Rule to enforce compliance, through an order to cease and
desist or an injunction, with subsection (a), neither the Commission
nor the Federal Communications Commission nor the attorney general,
official, or agency of a State shall be required to allege or prove the
state of mind required by subsection (a).
Sec. 316.5 Prohibition on charging a fee or imposing other
requirements on recipients who wish to opt out.
Neither a sender nor any person acting on behalf of a sender may
require that any recipient pay any fee, provide any information other
than the recipient's electronic mail address and opt-out preferences,
or take any other steps except sending a reply electronic mail message
or visiting a single Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based
mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to
receive future commercial electronic mail messages from a sender; or
(b) Have such a request honored as required by 15 U.S.C.
7704(a)(3)(B) and (a)(4).
Sec. 316.6 Requirement to place warning labels on commercial
electronic mail that contains sexually oriented material.
(a) Any person who initiates, to a protected computer, the
transmission of a commercial electronic mail message that includes
sexually oriented material must:
(1) Exclude sexually oriented materials from the subject heading
for the electronic mail message and include in the subject heading the
phrase ``SEXUALLY-EXPLICIT:'' in capital letters as the first nineteen
(19) characters at the beginning of the subject line; \2\
---------------------------------------------------------------------------
\2\ The phrase ``SEXUALLY-EXPLICIT'' comprises 17 characters,
including the dash between the two words. The colon (:) and the
space following the phrase are the 18th and 19th characters.
---------------------------------------------------------------------------
(2) Provide that the content of the message that is initially
viewable by the recipient, when the message is opened by any recipient
and absent any further actions by the recipient, include only the
following information:
(i) The phrase ``SEXUALLY-EXPLICIT:'' in a clear and conspicuous
manner; \3\
---------------------------------------------------------------------------
\3\ This phrase consists of nineteen (19) characters and is
identical to the phrase required in 316.5(a)(1) of this Rule.
---------------------------------------------------------------------------
(ii) Clear and conspicuous identification that the message is an
advertisement or solicitation;
(iii) Clear and conspicuous notice of the opportunity of a
recipient to decline to receive further commercial electronic mail
messages from the sender;
(iv) A functioning return electronic mail address or other
Internet-based mechanism, clearly and conspicuously displayed, that--
(A) A recipient may use to submit, in a manner specified in the
message, a reply electronic mail message or other form of Internet-
based communication requesting not to receive future commercial
electronic mail messages from that sender at the electronic mail
address where the message was received; and
(B) Remains capable of receiving such messages or communications
for no less than 30 days after the transmission of the original
message;
(v) Clear and conspicuous display of a valid physical postal
address of the sender; and
(vi) Any needed instructions on how to access, or activate a
mechanism to access, the sexually oriented material, preceded by a
clear and conspicuous statement that to avoid viewing the sexually
oriented material, a recipient should delete the e-mail message without
following such instructions.
(b) Prior affirmative consent. Paragraph (a) of this section does
not apply to the transmission of an electronic mail message if the
recipient has given prior affirmative consent to receipt of the
message.
Sec. 316.7 Severability.
The provisions of this Rule are separate and severable from one
another. If any provision is stayed or determined to be invalid, it is
the Commission's intention that the remaining provisions shall continue
in effect.
By direction of the Commission, Commissioner Leibowitz not
participating.
Donald S. Clark,
Secretary.
Note: Appendix A is published for informational purposes only
and will not be codified in Title 16 of the Code of Federal
Regulations.
[[Page 25454]]
Appendix A--List of Commenters Cited in NPRM and Acronyms Assigned to Commenters
--------------------------------------------------------------------------------------------------------------------------------------------------------
Acronym Commenter
--------------------------------------------------------------------------------------------------------------------------------------------------------
AAOMS................................................. American Association of Oral and Maxillofacial Surgeons
AAR................................................... American Air Racing
ABA................................................... American Bar Association
ABM................................................... American Business Media
ACA................................................... ACA International
ACB................................................... America's Community Bankers
ACLI.................................................. American Council of Life Insurers
AeA................................................... American Electronics Association
AOC................................................... The Electronic Warfare and Information Operations Association
ASA................................................... American Staffing Association
ASAE.................................................. American Society of Association Executives
Aspects............................................... Aspects of Design
ASTA.................................................. American Society of Travel Agents, Inc.
AT&T.................................................. AT&T Corp.
AWWA.................................................. American Water Works Association
Bahr.................................................. Law Offices of Susan Bar
Bank.................................................. Bank of America Corp.
Bankers............................................... American Bankers Association
BMI................................................... Broadcast Music, Inc.
BMO................................................... BMO Financial Group
Calvert............................................... Thomas Calvert
CBA................................................... Consumer Bankers Association
Cendant............................................... Cendant Corp.
Chamber............................................... United States Chamber of Commerce
ClickZ................................................ ClickZ Network
CMOR.................................................. Council on Marketing and Opinion Research
Coalition............................................. National Business Coalition on E-Commerce and Privacy
Comerica.............................................. Comerica
Consumer.............................................. Consumer World
Countrywide........................................... Countrywide Financial Corp.
Csorba................................................ Frank Csorba
Danko................................................. Danko
Discover.............................................. Discover Bank
DMA................................................... Direct Marketing Association, Inc.
DoubleClick........................................... DoubleClick, Inc.
DSA................................................... Direct Selling Association
EDC................................................... EDC Computers, Inc.
Edgley................................................ John Edgley
EFF................................................... Electronic Frontier Foundation
ERA................................................... Electronic Retailing Association
ESPC.................................................. E-mail Service Provider Coalition
Experian.............................................. Experian Marketing Solutions
Ford.................................................. Ford
Ford Motor............................................ Ford Motor Company
Fredrikson............................................ Fredrikson & Byron, PA
Freese................................................ Bill Freese
Giambra............................................... Giambra
Gilbert............................................... Doug Gilbert
Go Daddy.............................................. Go Daddy Software, Inc.
Harte................................................. Harte-Hanks, Inc.
IAAMC................................................. International Association of Association Management Companies
IAC................................................... InterActive Corp.
IBAT.................................................. Independent Bankers Association of Texas
ICC................................................... Internet Commerce Coalition
ICFA.................................................. International Cemetery and Funeral Association
IFA................................................... International Franchise Association
ICOP.................................................. International Council of Online Professionals
Independent........................................... Independent Sector
Innovation............................................ Innovation Press
IPPC.................................................. International Pharmaceutical Privacy Consortium
Jaffe................................................. Andrew Jaffe
Jensen................................................ Roy Jensen
Justasmallthing.com................................... Justasmallthing.com
KALRES................................................ KALRES, Inc.
Keef.................................................. Carl Keef
Keogh................................................. Jill Keogh
KeyCorp............................................... KeyCorp
Krueger, B............................................ Brandt Krueger
Krueger, K............................................ Karl Krueger
KSUF.................................................. Kansas State University Foundation
Lenox................................................. Lenox, Inc.
Lunde................................................. Brian Lunde
[[Page 25455]]
M&F................................................... Morrison & Foerster LLP
Maat.................................................. Ayo Maat
Marzuola.............................................. Steven Marzuola
MasterCard............................................ MasterCard International Inc.
MBA................................................... Mortgage Bankers Association
MBNA.................................................. MBNA America Bank, N.A.
Mead.................................................. Bennett Mead
Mellon................................................ Mellon Financial Corp.
Microsoft............................................. Microsoft Corp.
Midway................................................ Midway Publishing Inc.
MIS................................................... Marketing Idea Shop
MMS................................................... MMS, Inc.
Moerlien.............................................. Charles Moerlien
MPA................................................... Magazine Publishers of America
MPAA.................................................. Motion Picture Association of America
NAA................................................... Newspaper Association of America
NADA.................................................. National Automobile Dealers Association
NAIFA................................................. National Association of Insurance and Financial Advisors
NAR................................................... National Association of Realtors
NCL................................................... National Consumers League
NEPA.................................................. Newsletter and Electronic Publishers Association
NetCoalition.......................................... NetCoalition
NFCU.................................................. Navy Federal Credit Unition
NNA................................................... National Newspaper Association
NRF................................................... National Retail Federation
O'Connor.............................................. Clint O'Connor
Oldaker............................................... Oldaker, Biden & Belair
OPA................................................... Online Publishers Association
P&G................................................... Proctor & Gamble
Piper................................................. Piper Rudnick LLP
Potocki............................................... Potocki
PMA................................................... Promotion Marketing Association
RDS................................................... RDS
Reed.................................................. Reed Elsevier, Inc.
Register.............................................. Register.com, BulkRegister, eNom, Network Solutions, Tucows
Richardson............................................ David Richardson
RMAS.................................................. Russell-Mellon Analytical Services
Rospenda.............................................. John Rospenda
RTCM.................................................. Radio Technical Commission for Maritime Services
Sachau................................................ Barb Sachau
Safell................................................ Jean Safell
Satchell.............................................. Stephen Satchell
SBA................................................... Office of Advocacy, U.S. Small Business Association
Shaw.................................................. Tom Shaw
SIA................................................... Securities Industry Association
SIIA.................................................. Software and Information Industry Association
Speer................................................. Speer
St. Saveur............................................ Joe St. Saveur
SVM................................................... SVM Corporate Marketing
Time Warner........................................... Time Warner
True.................................................. THISISTRUE.com
Truth................................................. Dawning Truth
UNC................................................... UNC General Alumni Association
United................................................ United Online
USTOA................................................. United States Tour Operators Association
ValueClick............................................ ValueClick, Inc.
Vandenberg............................................ Michael Vandenberg
Venable............................................... Venable LLP
Visa.................................................. Visa USA, Inc.
Vowles................................................ James Vowles
Wells Fargo........................................... Wells Fargo & Company
Weston................................................ Weston, Garrou & DeWitt
--------------------------------------------------------------------------------------------------------------------------------------------------------
[FR Doc. 05-9353 Filed 5-11-05; 8:45 am]
BILLING CODE 6750-01-P