Spam Laws and Entertainment

109Q.01   Background

One of the goals of any entertainment oriented website is to encourage individuals to view the site.  Websites generally earn income by selling products or services, charging for subscriptions or advertising.  No matter what approach is used, the more “eyeballs” the better.  Therefore, one of, if not the primary, goal of any entertainment website is to attract viewers.

One way to attract viewers is by sending promotional emails to customers and potential customers.  However, if the email is unsolicited, or, even if consented to, if the recipient believes it is unsolicited or if the recipient otherwise does not want it, the sender risks serious adverse consequences which may include:

(1)       Alienation of customers and potential customers irritated by the email;

(2)       Blocking of all email from the sender either by the recipient or by the recipient’s use of certain types of software and services that block out all email from a sender’s address; and

(3)       Violating applicable law including incurring substantial civil and/or even criminal penalties.

109Q.02         Alienation of Customers and Potential Customers

Most recipients of spam hate receiving it and a significant percentage of recipients of email will in effect “boycott” any vendor that sends them unsolicited email.  Unfortunately, many spammers will weigh this fact against the fact that a significant portion of the population (according to some reports, as high as eight (8%) percent) will, on at least some occasions, purchase products or services in which they are interested from a vendor they learn about from spam.  Still, the likely alienation of customers and potential customers should be enough, without more, to dissuade most owners of entertainment websites from trying to attract viewers by using unsolicited email.

109Q.03         Blocking of Emails

Email recipients can take steps to block a substantial percentage of email sent to them by spammers.  One option, available to most recipients of email, is to intentionally block all email from a particular email address or from an entire domain.  There are two (2) major drawbacks to this approach.  First, many times the spammers use the return email addresses of other innocent parties. This practice, called spoofing, is illegal and even criminal, but does make it impossible for any recipient to be sure that they are blocking email from the address of the spammer as opposed to the address of an innocent third party.  Second, this approach is reactive, as opposed to proactive, in that the recipient must first receive the unwanted email before being able to block future email from that same address.

There are also software programs, such as the “SafetyBar” software available at http://www.spamnet.com/, that are community based and use algorithms to redirect email received that purportedly constitutes spam into a spam folder.  Such software does not rely on the purported return address to determine whether an email is spam.  Instead the software blocks emails based on whether a certain number of its over 1 million users report that they have seen the email and that it is spam.  If the email is confirmed as spam, then it is sent to the spam folders of all users of the software (the users can always view the software and elect to receive email from that source).  Then, using proprietary algorithms, emails from the same source, which, as addressed above, may not be the same as the purported return address on the email, are also blocked.

Additionally, many business users run all of their email through outside spam and virus blocking services such as the service available from AppRiver at http://www.appriver.com/ and Postini at http://www.postini.com/.  With these services the user routes all email to a particular domain through the spam and virus blocking service of the third party provider.  The advantage of these third party services is that the email is blocked before it ever reaches the user’s computer and so the services are much better for users who also view their email with BlackBerries, cell phones and other wireless devices.  Products like SafetyBar work only on the computer on which the software resides and so are no help for blocking spam to BlackBerries and similar devices.

The problem for the owner of a website is that if the owner sends out mass emails not wanted by the recipients, with widespread use of the above described software and/or services, all emails from that owner may be blocked.  In that situation a customer who, by signing up, is supposed to receive  an email,  may never receive it and, if they do not check to see what is blocked, may never know they did not receive it.

109Q.04         Anti-Spam Laws

Prior to January 1, 2004 there was no federal law prohibiting spam.  However, 29 states had enacted laws prohibiting unsolicited email.  There was variation among these statutes.  The most restrictive statutes were Delaware’s (prohibited all unsolicited bulk commercial email) and California’s (prohibited all unsolicited commercial email).  Other states included one or more of the following four prohibitions on commercial and/or bulk email:

(1)       Must not include false or missing routing information, misleading subject line and/or use another’s domain name;

(2)       Must not include sexually explicit material;

(3)       Must include “ADV” or “ADV ADLT” (or similar, but differing) language in the subject line (generally at the beginning); and/or

(4)       Must include an easy method to opt out from future emails.

One question many lawyers had was whether the Delaware and California laws were constitutional.  If constitutional, the law in these states would legally prohibit most unsolicited commercial email.  With respect to commercial speech that concerns lawful activity and is not misleading, the test of constitutionality is:

(1)       Is there a substantial governmental interest;

(2)       Does the law directly advance that governmental interest; and

(3)       Is there a reasonable fit between the purpose of the restriction and the scope of the restriction?

The Delaware and California statutes did meet the first two tests.  There is a substantial governmental interest in reducing unsolicited commercial email in that there is now so much of it that it slows down the Internet and most people hate receiving it.  A prohibition on unsolicited commercial email advances that interest since, if spammers are prohibited from sending unsolicited commercial email to Delaware and California, their citizens would, at least theoretically, not receive any.

The interesting question is whether or not the third test is met.  Is there a reasonable relation between the objective being achieved and the scope of the restriction?  There are certain other, less drastic, ways to reduce unsolicited commercial email such as requiring “ADV” in the subject line.  With “ADV” in the subject line any individual or ISP could screen out the email.  Proponents of the Delaware law would probably argue that the constitutionality of the Delaware law is supported by the cases holding that the federal anti-fax statute, which prohibits all unsolicited faxes, is constitutional.  However, there is no way for individual fax machine owners to screen out unwanted faxes while there is a way to screen out unsolicited commercial bulk email other than to bar all of it.

In any event the state laws only applied to unsolicited “commercial” email.  The reason is that under the “free speech” clause of the First Amendment to the U.S. Constitution any restriction of non-commercial speech must be narrowly tailored (in other words there is less room to go beyond what is necessary to advance the interest of concern).  So sending out a bulk email that contains primarily informative, literary or artistic content, even if it also contains a promotional or advertising element, would seemingly not have been barred under any state law.

All of the state statutes of which the author is aware defined “unsolicited” as having no pre-existing relationship.  So if there was a pre-existing relationship, these statutes would not apply.

Until January of 2004, there was no federal law expressly prohibiting spam.  Probably partially due to lobbying by bulk emailers who were operating in the United States and believed themselves to be vulnerable to lawsuits based on state anti-spam laws at the end of 2003 Congress enacted a federal anti-spam law that became effective as of January 1, 2004.  The bulk emailers who lobbied for passage probably preferred one anti-spam law that applied across the country and allowed mass emailings provided certain requirements were met as opposed to a large number of different, sometimes contradictory, laws that in a few states completely prohibited mass commercial emailings.  The Act is entitled:  “The Controlling the Assault of Non-Solicited Pornography and Marketing Act” and is referred to as the “CAN-SPAM Act of 2003.”  Most  sections of the Act are codified at 15 USC 7701 et. seq.  Important features of the CAN-SPAM Act include:

(1)       It only applies to “commercial electronic mail.”  “Commercial electronic mail” is defined as “electronic mail . . . the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).”  The Federal Trade Commission was assigned the task of enacting regulations for determining “the primary purpose of an electronic mail message.”  One reason the Act was written to apply only to “commercial email” was to reduce the likelihood of a court finding that the Act violates the free speech clause of the first amendment.  The term “commercial email” is ambiguous.  However, an email newsletter with primarily informative or entertainment content concerning computers, the Internet, news, sports,  political or other matters sent out by an entity that promotes nothing or includes ads and/or solicitations which are placed deep in the newsletter and from multiple sources would not, in the opinion of the author, be within the scope of the CAN-SPAM Act.  On the other hand, an email from an entertainment website inviting recipients to try out the site would certainly be within the scope.  Whether an emailed newsletter from a business, such as a law firm, that provides goods and services but does not distribute, in either a printed or electronic format, publications as its main business is within the scope of the CAN-SPAM Act can be a close question.  The author believes that if the newsletter consisted primarily of informative material, it would not be considered “commercial” and therefore not subject to the requirements of the Act.

(2)       The Act “supersedes any statute, regulation or rule of a State or political subdivision of a State that … regulates or restricts the use of electronic mail to send commercial messages, except to the extent that such statute, regulation, or rule prohibits falsity or deception [or laws that are not specifically focused on electronic mail such as state trespass, contract or tort law or state laws that relate to acts of fraud or computer crime].”

(3)       The law does not prohibit the sending of commercial email messages, but instead prohibits certain activities in conjunction with sending out such electronic mail.

(4)       Unlike the state laws, although an exemption may be introduced by regulation, the Federal law does not exempt email just because there is a prior relationship between the parties except that it does provide an exception from requirements not related to deception as to the source of the email to the extent the email is a follow-up to a previous transaction such as related to warranty rights.  It is important to note that this exemption does not, by definition, apply if the email contains advertising or a solicitation.

(5)       Unlike as was the case under state law, obtaining a consent only exempts a spammer from being required to clearly and conspicuously indicate that a commercial email is an advertisement or solicitation (See “7(g)” below).  The state law prohibitions only applied to email that was “unsolicited.”

(6)       The following constitute criminal violations:

(a)      Assessing a computer without authorization and sending out multiple commercial email messages from such computer (some of the worst spammers have been using computers of unaware consumers with fixed connections to the Internet such as over cable modems or DSL to send out their commercial email);

(b)      Deceiving recipients of email as to the source of the email message (this would cover one of the most insidious, but common, practices whereby spammers “spoof” the email domain name of an unknowing website owner misleading all email recipients into believing that that innocent website owner sent the spam thereby harming the reputation of the website owner).

(7)       The following constitute civil violations:

(a)       The above criminal violations can also be the basis for civil claims;

(b)       Inclusion of deceptive subject headings;

(c)        Failure to include a functioning return electronic mail address;

(d)       Failing to clearly provide an opportunity to decline further communications via email;

(e)       Continuing to send email ten (10) days after being requested to stop;

(f)         Failing to provide a valid physical postal address of the sender; and

(g)  Failing to clearly and conspicuously indicate that the message is an advertisement or solicitation.

(8)       Any sexually oriented email must contain a warning in the subject heading.

(9)       The prohibitions apply to any person that “initiates” a commercial electronic mail message which includes both originating or transmitting the message and procuring the origination or transmission of the message.  So a website owner that hires a bulk emailer to send out the emails can be liable for all the above violations.

(10)     A supplier of products or services to an affiliate (an entity in which the supplier holds a greater than 50% controlling or economic interest) or to an unrelated third party when the supplier has actual knowledge of a violation is required to take reasonable actions to prevent the transmission of or detect and report to the Federal Trade Commission the sending of commercial email with misleading information in the header of the email regarding the sender of the email.

(11)     Enforcement of criminal penalties is handled by the United States Department of Justice.  The right to enforce civil penalties is vested in the Federal Trade Commission except for bulk emailers which are regulated by specific agencies such as member banks of the Federal Reserve System, brokers and dealers under the Securities & Exchange Commission and insurance companies under state insurance commissioners, with respect to which enforcement of civil penalties is vested in such other agencies.  There are no private rights of action.  Attorney Generals of various states can file actions on behalf of the citizens of those states.  For certain violations, application service providers may file actions to recover damages to them.

(12)     Penalties and liabilities include:

(a)       For a criminal violation – fines up to $500,000 for organizations and $250,000 for individuals and imprisonment for up to 5 years and forfeiture of all gross proceeds obtained as a result of the offense and of any equipment, and/or software used to commit or facilitate the offense;

(b)       For a civil violation –

(i)         If subject to enforcement by specific agencies such as the Securities & Exchange Commission, penalties are set by the statute specific to regulation of those agencies; otherwise, penalties are set under the Federal Trade Commission Act and include penalties of up to $11,000 per violation.

(ii)        Enforcement by states – the attorney general of any state may file a civil action on behalf of residents of the state denominated as an action “as parens patriae” – the courts are unclear as to whether that money is kept by the state or provided to the citizens –  equal to the greater of $250 per email to each recipient in the state or the amount of actual damages proved.  The court may triple the award and also award attorney fees.

(c)        Internet Access Services – have the right to file actions to enjoin actual losses and collect up to $100 per email per recipient.

The FTC reports on its website (www.ftc.gov/spam) that it has already filed actions for violations of the Anti-Spam Act, although the descriptions of cases on the website indicate that the initial actions are against spammers that are involved in some sort of deception as opposed to other types of violations such as failures to indicate that the spam is an advertisement or promotion.

Various state cases have held that the sending of large volumes of unsolicited email to the customers of particular internet service providers, after being notified not to do that, can constitute trespass under state law because of the damage to the computers of the internet service providers.

For additional information about anti-spam laws see Professor David Sorkin’s excellent website at http://www.spamlaws.com/ and the Federal Trade Commission’s website concerning its anti-spam activities at www.ftc.gov/spam.

109Q.05         Foreign Anti-Spam Laws

Although beyond the scope of this Chapter, the sending of promotional email to residents of many countries outside the United States, including countries that are members of the European Union and Canada, is restricted by the laws of those countries.

109Q.06         Conclusions

To avoid alienating customers, being added to numerous block lists and violating applicable law, choices for website owners are:

(1)       Not to use email to promote the website;

(2)       Send email only to visitors to the website that have consented to the sending of email to them, or have otherwise consented to receiving email at seminars, trade shows and the like, not to exceed the scope of such consents and comply with the provisions of the CAN-SPAM Act that apply even when a consent has been obtained; or

(3)       Include an ad in established well-received email publications such as emails sent daily by the New York Times, the emails sent weekly by email services such as the Leebow Letter published by 300incredible.com (see http://www.300incredible.com/), or the CNET newsletter available at (http://www.seenet.com/).

Because of the uncertainty about what constitutes “commercial electronic mail” the undersigned is currently cautioning clients against sending “educational” emails that are apparently sent for the purpose of drawing potential customers to a website except in strict compliance with the CAN-SPAM Act.  Although a very strong argument can be made that if informative and where directly promotional material is only a minor part of such emails and placed toward the end, such emails are not covered by the CAN-SPAM Act, unless and until it is made clear by applicable regulations or case decisions that such emails are not covered, the potential exposure is too great to justify sending those materials out except in compliance.  Additionally, no matter how valuable the newsletters may be, many recipients will block further emails from such address which could interfere with later communications.

Even if the bulk email your client is planning to send out is in compliance with federal law, it is also necessary for your client to comply with the terms of use of its own internet service provider.    Also, if the volume of email being sent out is sufficiently large, your client may receive a notice to stop sending to customers of a particular ISP and, if not stopped, there are cases that would indicate that action could be considered trespass.

© 2006 LexisNexis and Rob Hassett, All rights reserved.