Do You Need to Worry About CAN-SPAM Lawsuits?

Email Marketing


Disclaimer: This blog post is for general information purposes only and does not constitute legal advice. The opinions presented in this blog do not necessarily reflect the opinions of Marketo.

Unfortunately, I don’t really need to introduce the idea of spam to you. No, not the (beloved by some) canned meat product, but the clutter of unwanted, unsolicited, and unnecessary emails that pretty much anyone with an email address has experienced. As a consumer, you have probably received your fair share of spam messages, but as a marketer, you’re probably interested in the dangers that spam and spam laws can pose to your marketing activities and business. Aside from affecting your email deliverability, sending emails that are classified as spam can get you in serious legal trouble.

To combat spam and protect consumer privacy, anti-spam laws for email marketing have been rolled out in numerous countries over the past 10-15 years, such as CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing Act) in the US, CASL in Canada, and the Privacy and Electronic Communications Regulations in the UK. You might think that these laws don’t apply to you because you’re not a spammer, but these laws are intended to govern the way that marketers communicate by email generally and may cover some aspects of email marketing that you didn’t realize were “spam” under the law.

This blog will explore CAN-SPAM—how it works, what it means for marketers, the consequences of violating it, and where it may be headed in the future.

How CAN-SPAM Works, and What it Requires

CAN-SPAM is the US anti-spam law that sets out rules for commercial email messages, including guidelines for contacting email recipients, email content, and penalties. It applies to all commercial emails, including business-to-business messages.

To quickly recap CAN-SPAM, the main takeaways for marketers are:

  • No false or misleading header information.
  • No deceptive or misleading subject lines. If your email is for marketing purposes, you can’t make your subject line deceptively personal, such as “Uncle Bill is sick!” Your subject line should be an accurate reflection of the content of the email.
  • Identify your message as an advertisement.
  • Tell your recipients where you are located (include a valid postal address).
  • Include information about how your email recipients can opt out.
  • Promptly honor opt-out requests (for CAN-SPAM, this is within 10 days of receiving the opt-out request).
  • If someone else is sending marketing emails for you, monitor what they are doing and ensure they follow CAN-SPAM’s rules.

As long as you comply with these requirements, there shouldn’t be any issues, right? Wrong. 

What if you or one of your employees make a mistake or overlooks a misleading aspect of an email? It’s important for organizations to consider and understand what could happen on the off chance that they do get it wrong and someone decides to pursue it in court, especially when each individual email violating CAN-SPAM Act is subject to penalties of up to $16,000.

Who Can Sue Under CAN-SPAM?

When it comes to who would actually bring legal action against you in a CAN-SPAM lawsuit, your assumption might be that it’s the customer. But it’s actually the Federal Trade Commission, state attorneys general, or in some cases the internet service provider (ISP) of the customer. The ability of an ISP to bring a lawsuit, however, hinges on them being a provider of “internet access services” and them being adversely affected by a violation of CAN-SPAM. For most consumers, this is not a useful route for them to go down to bring a lawsuit.

Your customers may be able to take action under some state laws, but many state laws dealing with spam are explicitly preempted by CAN-SPAM (which means that CAN-SPAM essentially overrules them).

How Successful Have Lawsuits Been in the Past?

CAN-SPAM has been described by numerous commentators, namely the University of Chicago School of Law, as “weak,” and it may, in many respects, not be as effective as it should be at stopping spam. However, there have been successful lawsuits in the past against those who violated CAN-SPAM, and the law will most likely be strengthened in future. Let’s take a look at a few examples of lawsuits and how they played out in the courts:

A number of anti-spam cases have been brought to trial in the past few years. One of these cases was a major San Francisco IT support company, who was fined $900,000 in 2006 for sending emails with false or misleading headers. They also didn’t identify their message as an advertisement, inform recipients that they could opt-out, and process any opt-out messages that they received. Even worse, some of their messages were disguised as personal messages to try to trick the recipients into opening them. It’s like they didn’t read the CAN-SPAM requirements at all!

In another case, a pharmaceutical manufacturer was fined as much as $2.5 million for using false and misleading headers, misleading subject lines, and not including opt-out mechanisms. CAN-SPAM fines are certainly nothing to sniff at.

However, a 2013 case brought by the group Spam Arrest, a company that provides anti-spam services by blocking senders until they verify themselves, highlighted a few of the issues prosecutors and claimants face when trying to stop spam. The verification process for Spam Arrest involved senders being sent a link to a verification page, where they could click a “verify” button and agree to a two-paragraph “Sender Agreement”. The Sender Agreement stated that by clicking the “verify” button, they agreed to the Sender Agreement, which stated that email senders must not send “unsolicited commercial e-mail.” Their lawsuit faced a number of barriers to success, a number of which related to the validity of the Sender Agreement.

First, the court found that Spam Arrest had not properly ensured that senders had actually agreed to the Sender Agreement, as the “verify” button was not sufficiently linked with the Sender Agreement. They also found that even if the Sender Agreement had been properly agreed to, Spam Arrest could not verify that any employees of the marketing companies had sufficient legal authority to enter into that Agreement on behalf of their business. Finally, the Court found that the burden was on Spam Arrest to prove that the marketers had sent “unsolicited commercial e-mail” and didn’t have consent to send the email. This is a high bar to pass for those fighting against spam.

The anti-spam lawsuits that have succeeded haven’t really stemmed the tide of spam. “To date, the CAN-SPAM Act has had no substantial impact on the flow of spam,” stated the president and CEO of email security firm Postini, Shinya Akamine. “In the four months after CAN-SPAM went into effect [2003], spam increased from 78-83% of the messages processed by Postini.” And, despite the FTC expounding the effectiveness of CAN-SPAM, even years later, it does not seem to have much impact on how spammers act.

Will the Law Change in the Near Future?


Spam Example

As you can see, in a general sense, CAN-SPAM hasn’t been very effective, which means that customers tend to ‘over ignore’ emails because they are used to receiving an abundance of spam. But changes in the law can help CAN-SPAM become more effective, which is good news for legitimate marketers and bad news for ‘real’ spammers.

One example of improvements that will be made to spam legislation in the near future is cross-border cooperation. Anti-spam laws in the US and EU are both subject to the weakness that they cannot prevent cross-border spam. However, Australia, Korea, and the UK have already signed a Memorandum of Understanding to cooperate on fighting against spam. The Trans-Pacific Partnership (TPP) also includes requirements for signatories to maintain anti-spam legislation. If more of these agreements are put in place, cross-border spam will be more tightly controlled and legitimate marketers benefit from tighter regulations, as their customers will see less spam coming and will be more likely to trust and open emails.

CAN-SPAM compliance is important and it’s fairly easy to comply with because the rules are relatively simple. However, even if you make a mistake, the likelihood that a lawsuit will make its way to you is small, as individual consumers cannot bring claims. But if you’re sending out emails that violate CAN-SPAM, it’s possible that you could face a lawsuit from the FTC. And, many of the CAN-SPAM lawsuits have succeeded, despite CAN-SPAM’s many weaknesses. The law is likely to become more severe in future rather than weakened, so it’s best to put compliance measures in place now.

How have spam laws affected your best practices? Share your experience in the comments section below.