the secure:channel

Click here to read more about SpamStopsHere, the e-mail security company that brings you this blog.

Last Wednesday, the Federal Trade Commission released more proposed rules regarding the implementation of the CAN-SPAM Act of 2003. Only five years after the act was passed, and three years after the last provisions of this act were announced, the FTC is finally getting closer to defining the rules. 

When the CAN-SPAM Act was signed by the president in 2003, there were many provisions that still needed to be worked out. As a result, I subscribed to the Federal Register mailing list and every day I would look for any updates to the CAN-SPAM Act to be released. On April 19, 2004 when the Federal Trade Commission finally ruled on the “SEXUALLY-EXPLICIT” tag that all sexually explicit commercial e-mail messages must have to comply with the CAN-SPAM Act, I was probably one of the first ones in the industry to find out about the decision on what this tag would be. The same day,  SpamStopsHere created an optional filter that users could subscribe to for e-mail messages that contained this tag. All users were subscribed to this filter by default.

In January of 2005, the FTC clarified what defines the primary purpose of an e-mail message, providing methods to determine whether an e-mail to someone you have an existing business relationship with is really a transactional or relationship e-mail or whether it should be considered primarily commercial in purpose.

It’s been years since then, and updates to the law have been super slow. I continue to wait for the FTC to release the method that will be used to label e-mail messages with a ”Clear and conspicuous identification that the message is an advertisement or solicitation”. It’s been theorized that the “ADV:” tag will be used, as it was originally propsed by the Internet Engineering Task Force awhile before CAN-SPAM.

On May 12, 2008 we finally got some more rules on implementing the CAN-SPAM Act last week though, and I missed it. I’d stopped reading the Federal Register, giving up on the FTC to make these decisions any time soon. Here it is a week later, and I had to read about it in the news. The four rule provisions are interesting ones:

(1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the act’s opt-out requirements; (3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the act’s requirement that a commercial e-mail display a “valid physical postal address”; and (4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.

The most significant change I see is the first one. The unsubscribe links that make you log in to edit your e-mail preferences will now be illegal. I always found those completely annoying, and I always recommend against senders using them. It’s also interesting to note that a U.S. Post Office box will be considered a valid mailing address. It seems that some of the early court decisions had actually ruled the other way, and it’s great that the FTC has clarified this. They seem to indicate that PMBs, or Private Mail Boxes are still not allowed.

Another interesting thing in the rulings is related to whether an “invite a friend” or “e-mail a friend” link falls under the requirements of the CAN-SPAM Act. The rules now clarify that if you compensate someone with anything of perceived value in exchange for using the “e-mail a friend” form, or if you even entice use of it, that usage falls under the CAN-SPAM Act. As a result, any e-mail from an “e-mail a friend” form likely needs to include a mailing address and an unsubscribe method, and shouldn’t be generated to those who have previously unsubscribed.

Of course, you should consult your attorney, as I can’t provide legal advice. These are only my recommendations, and I’m still waiting for that label to identify all commercial e-mail. I hope that the FTC decides on that sometime this century.