|
A Cryptome DVD is offered by Cryptome. Donate $25 for a DVD of the Cryptome 11.5-years archives of 43,000 files from June 1996 to January 2008 (~4.5 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. Archives include all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org. Cryptome offers with the Cryptome DVD an INSCOM DVD of about 18,000 pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985. No additional contribution required -- $25 for both. The DVDs will be sent anywhere worldwide without extra cost. |
21 May 2008
[Federal Register: May 21, 2008 (Volume 73, Number 99)][Rules and Regulations] [Page 29653-29680] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr21my08-16] [[Page 29653]] ----------------------------------------------------------------------- Part IV Federal Trade Commission ----------------------------------------------------------------------- 16 CFR Part 316 Definitions and Implementation Under the CAN-SPAM Act; Final Rule [[Page 29654]] ----------------------------------------------------------------------- FEDERAL TRADE COMMISSION 16 CFR Part 316 [Project No. R411008] RIN 3084-AA96 Definitions and Implementation Under the CAN-SPAM Act AGENCY: Federal Trade Commission. ACTION: Final Rule. ----------------------------------------------------------------------- SUMMARY: In this document, the Federal Trade Commission (``FTC'' or ``Commission'') issues its Statement of Basis and Purpose and final Discretionary Rule (``final Rule'') pursuant to section 7711(a) of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (``CAN-SPAM'' or ``the Act''), which gives the FTC discretionary authority to ``issue regulations to implement the provisions of [the] Act.'' EFFECTIVE DATE: The provisions of the final Rule will become effective on July 7, 2008. ADDRESSES: Requests for copies of the provisions of the Statement of Basis and Purpose and final Rule should be sent to: Public Records Branch, Room 130, Federal Trade Commission, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. Copies of these documents are also available at the Commission's Website: http://www.ftc.gov. FOR FURTHER INFORMATION CONTACT: Janis Claire Kestenbaum, (202) 326- 2798, and Sana Coleman Chriss, (202) 326-2249, Division of Marketing Practices, Bureau of Consumer Protection, Federal Trade Commission, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. SUPPLEMENTARY INFORMATION: The final Rule: (1) Adds a definition of the term ``person''; (2) modifies the term ``sender'' in those instances where a single email message contains advertisements for the products, services, or websites of multiple entities; (3) clarifies that a sender may comply with section 7704(a)(5)(A)(iii) of the Act by including in a commercial email message a post office box or private mailbox established pursuant to United States Postal Service regulations; and (4) clarifies that to submit a valid opt-out request, a recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single page on an Internet website. This Statement of Basis and Purpose also explains the Commission's rationale for not adopting other proposals contained in the Commission's May 12, 2005 Notice of Proposed Rulemaking (``NPRM''),\1\ and addresses the application of CAN-SPAM to forward-to- a-``friend'' emails and certain other categories of email messages identified in the NPRM. --------------------------------------------------------------------------- \1\ 70 FR 25426. --------------------------------------------------------------------------- STATEMENT OF BASIS AND PURPOSE I. BACKGROUND A. CAN-SPAM Act of 2003 On December 16, 2003, the President signed into law the CAN-SPAM Act.\2\ The Act, which took effect on January 1, 2004, imposes a series of new requirements on the use of commercial electronic mail (``email'') messages. In addition, the Act gives federal civil and criminal enforcement authorities new tools to combat commercial email that is unwanted by the recipient and/or deceptive. The Act also allows state attorneys general to enforce its civil provisions, and creates a private right of action for providers of Internet access service. --------------------------------------------------------------------------- \2\ 15 U.S.C. 7701-7713. --------------------------------------------------------------------------- In enacting the CAN-SPAM Act, Congress made the following determinations of public policy, set forth in section 7701(b) of the Act: (1) there is a substantial government interest in regulation of commercial email on a nationwide basis; (2) senders of commercial email should not mislead recipients as to the source or content of such mail; and (3) recipients of commercial email have a right to decline to receive additional commercial electronic mail from the same source. Based on these policy determinations, Congress, in sections 7704(a) and (b) of the CAN-SPAM Act, outlawed certain commercial email acts and practices. Section 7704(a)(1) of the Act prohibits transmission of any email that contains false or misleading header or ``from'' line information. Section 7704(a)(2) prohibits the transmission of commercial email messages with false or misleading subject headings. Section 7704(a)(3) requires that a commercial email message contain a functioning return email address or similar Internet-based mechanism for recipients to use to ``opt out'' of receiving future commercial email messages. Section 7704(a)(4) prohibits the sender, or others acting on the sender's behalf, from initiating a commercial email to a recipient more than ten business days after the recipient has opted out. Section 7704(a)(5) prohibits the initiation of a commercial email message unless it contains three disclosures: (1) clear and conspicuous identification that the message is an advertisement or solicitation; (2) clear and conspicuous notice of the opportunity to decline to receive further commercial email messages from the sender; and (3) a valid physical postal address of the sender. And section 7704(b) specifies four ``aggravated violations'' -- practices that compound the available statutory damages when alleged and proven in combination with certain other CAN-SPAM violations.\3\ --------------------------------------------------------------------------- \3\ 15 U.S.C. 7704(b). The four such practices set forth in the statute are: address harvesting; dictionary attacks; automated creation of multiple email accounts; and relaying or retransmitting through unauthorized access to a protected computer or network. The Act's provisions relating to enforcement by state attorneys general and providers of Internet access service create the possibility of increased statutory damages if a court finds a defendant has engaged in one of the practices specified in section 7704(b) while also violating section 7704(a). Specifically, sections 7706(f)(3)(C) and (g)(3)(C) permit a court to increase a statutory damages award up to three times the amount that would have been granted without the commission of an aggravated violation. Sections 7706(f)(3)(C) and (g)(3)(C) also provide for this heightened statutory damages calculation when a court finds that the defendant's violations of section 7704(a) were committed ``willfully and knowingly.'' --------------------------------------------------------------------------- The Act authorizes the Commission to enforce violations of the Act in the same manner as an FTC trade regulation rule.\4\ Section 7706(f) authorizes the attorneys general of the states to enforce compliance with certain provisions of section 7704(a) of the Act by initiating enforcement actions in federal court, after serving prior written notice upon the Commission when feasible.\5\ CAN-SPAM also authorizes providers of Internet access service to bring a federal court action for violations of certain provisions of sections 7704(a), (b), and (d).\6\ --------------------------------------------------------------------------- \4\ Sections 7706(a) and (c) of the CAN-SPAM Act provide that a violation of the Act shall be treated as a violation of a rule issued under section 18(a)(1)(B) of the FTC Act, 15 U.S.C. 57a(a)(1)(B). \5\ 15 U.S.C. 7706(f). Specifically, the state attorneys general may bring enforcement actions for violations of section 7704(a)(1), 7704(a)(2), or 7704(d). The states may also bring an action against any person who engages in a pattern or practice that violates section 7704(a)(3), (4), or (5). \6\ 15 U.S.C. 7706(g). Section 7704(d) of the Act requires warning labels on commercial email messages containing sexually oriented material. 15 U.S.C. 7704(d). In April, 2004, the Commission promulgated its final rule regarding such labels. See 69 FR 21024 (Apr. 19, 2004); 16 CFR 316.4. --------------------------------------------------------------------------- B. Notice of Proposed Rulemaking In its May 12, 2005 NPRM, the Commission proposed rule provisions on five topics: (1) defining the term ``person,'' a term used throughout the Act, but not defined; (2) modifying the definition of ``sender'' to make it easier to determine which of multiple parties [[Page 29655]] advertising in a single email message must have its valid physical postal address included in the message and is responsible for honoring ``opt-out'' requests; (3) clarifying that Post Office boxes and private mailboxes established pursuant to United States Postal Service regulations constitute ``valid physical postal addresses'' within the meaning of the Act; (4) shortening from ten days to three days the time a sender may take before honoring a recipient's opt-out request; and (5) clarifying that to submit a valid opt-out request, a recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single page on an Internet website.\7\ --------------------------------------------------------------------------- \7\ Prior to the NPRM, the Commission issued an Advance Notice of Proposed Rulemaking (``ANPR''), 69 FR 11776 (Mar. 11, 2004), soliciting comments on a number of issues raised by CAN-SPAM, including the interpretation of the term ``primary purpose,'' which the Commission addressed in a final Rule issued on January 19, 2005, codified at 16 CFR 316.3. In addition, the ANPR requested comment on the definitions of ``transactional or relationship message'' and ``valid physical postal address,'' the application of the Act to both multiple-marketer and forward-to-a-``friend'' emails, the sufficiency of the ten-business-day opt-out period that had been set by the Act, the potential addition of new aggravated violations, and implementation of the Act's provisions generally. (Two issues addressed in the NPRM and in this Statement of Basis and Purpose -- the definition of ``person'' and the prohibition on charging a fee or imposing other requirements on recipients who wish to opt-out -- were not addressed in the ANPR.) The ANPR also solicited comment on questions related to four Commission reports required to be submitted to Congress. The Commission received over 13,500 comments in response to the ANPR. --------------------------------------------------------------------------- In response to this NPRM, the Commission received 152 comments from email marketers and their associations, email recipients, and other interested parties.\8\ Based upon the entire record in this proceeding and the Commission's law enforcement experience, the Commission hereby adopts final Rule provisions that are very similar, but not identical, to the proposed Rule provisions. As discussed in detail below, the adopted provisions are based upon the recommendations of commenters to make certain modifications in the proposed provisions, as well as the Commission's anti-spam law enforcement experience. Commenters' recommendations that the Commission has declined to adopt in its final Rule are also identified, along with the Commission's reasons for rejecting them. II. DISCUSSION OF THE FINAL RULE --------------------------------------------------------------------------- \8\ Approximately 93 of these comments were submitted by industry representatives, 56 were submitted by consumers, and 3 were submitted by privacy groups. Appendix A is a list of the commenters and the acronyms used to identify each commenter who submitted a comment in response to the NPRM. These comments are available on the Commission's website at the following address: http://www.ftc.gov/ os/comments/canspam3/index.shtm. --------------------------------------------------------------------------- A. Section 316.2 -- Definitions Section 316.12,\9\ one of the Rule provisions previously adopted under CAN-SPAM, defines thirteen terms by reference to the corresponding sections of the Act that define those terms.\10\ The NPRM proposed modification of the previously-adopted definition of ``sender'' by adding a proviso to cover multiple sender scenarios. The NPRM also proposed adding definitions of ``person'' and ``valid physical postal address.'' All other definitions were to remain as adopted. While the NPRM did not propose any changes to the Act's definition of ``transactional or relationship message,'' it posed a series of questions about the interpretation and potential expansion of this definition, and similarly requested comment on the application of the Act's definitions of ``sender'' and ``initiate'' to forward-to-a- ``friend'' email campaigns. --------------------------------------------------------------------------- \9\ Because the final Rule contains several new provisions, the numbering of the Rule's subsections has changed. All cites to the Rule in this Statement of Basis and Purpose are to the new, renumbered Rule provisions, unless otherwise stated. \10\ The Commission adopted these definitions in the Adult Labeling Rulemaking proceeding under section 7704(d) of CAN-SPAM, which required the Commission to prescribe a mark to be included in commercial email containing sexually oriented material. 69 FR 21024 (Apr. 19, 2004). A fourteenth term, ``character,'' not defined in CAN-SPAM, was also defined in the Adult Labeling Rule. 16 CFR 316.2(b). --------------------------------------------------------------------------- 1. Section 316.2(h) -- Definition of ``Person'' In the NPRM,\11\ the Commission proposed adding a definition of ``person,'' a term used throughout the Act,\12\ pursuant to its authority to ``issue regulations to implement the provisions of this Act.''\13\ Under the definition proposed in the NPRM, which is identical to the definition contained in the Telemarketing Sales Rule, 16 CFR 310.2, the term ``person'' would mean ``an individual, group, unincorporated association, limited or general partnership, corporation, or other business entity.'' --------------------------------------------------------------------------- \11\ NPRM, 70 FR at 25428. \12\ See, e.g., 15 U.S.C. 7702(8), (9), (12), (15) & (16); 7704(a)(1), (2) & (3). \13\ 15 U.S.C. 7711(a). --------------------------------------------------------------------------- Seven of the eight commenters that addressed this issue supported the addition of the Commission's proposed definition of ``person,'' opining that it would clarify the types of entities to which the Act applies.\14\ The sole objection came from the Society for Human Resources Management (``SHRM''), which argued that unincorporated nonprofit associations should be excluded from the definition of ``person'' and, therefore, wholly exempt from CAN-SPAM.\15\ SHRM argued that, without such an exemption, the risk of liability under the Act could discourage the organization's members from volunteering to serve in a leadership capacity. --------------------------------------------------------------------------- \14\ See Discover; Empire; ESPC; FNB; KeySpan; NAR; Metz. Adknowledge also advocated modifying the definition of ``person,'' but, at bottom, its argument appears to relate to liability in the context of a multi-marketer email. The Commission thus has considered Adknowledge's comment in connection with the definition of ``sender,'' below. See infra Part II.A.2. \15\ See also ABA (noting that its comments on the ANPR asked the Commission to clarify that the term ``person'' should exclude associations and other tax-exempt nonprofit organizations with respect to their email sent in pursuit of their tax-exempt nonprofit purposes). --------------------------------------------------------------------------- Having considered the comments, the Commission adopts without modification the definition of ``person'' in the proposed Rule. The Commission believes that the addition of this definition will advance the implementation of the Act by clarifying that the term ``person'' is broadly construed and is not limited to a natural person. The Commission rejects the argument that there should be a blanket exemption for all messages sent by unincorporated nonprofit entities. As we have previously observed, CAN--SPAM does not set up a dichotomy between ``commercial'' and ``nonprofit'' messages.\16\ Accordingly, when nonprofit organizations send emails the primary purpose of which is the advertisement or promotion of a commercial product or service, recipients are entitled to the Act's protections. In any event, as discussed below, see infra Part II.A.3.j., messages from an association to its members will often be ``transactional or relationship messages'' under section 7702(17) of the Act and thus not required to include a functioning Internet-based mechanism for consumers to use to opt out of receiving future commercial messages.\17\ --------------------------------------------------------------------------- \16\ 69 FR 50091, 50100 (Aug. 13, 2004). \17\ Section 7706(d) makes clear that the Commission has only the same jurisdiction and power under the Act as it has under the FTC Act, 15 U.S.C. 41, et seq. Consequently, the FTC lacks jurisdiction to enforce CAN-SPAM against any entity that is not ``organized to carry on business for its own profit or that of its members.'' 15 U.S.C. 44. States and providers of Internet access service can bring CAN-SPAM actions against nonprofits, however. --------------------------------------------------------------------------- 2. Section 316.2(m) -- Definition of ``Sender'' Section 7702(16)(A) of CAN-SPAM defines ``sender'' as ``a person who initiates [a commercial electronic mail] [[Page 29656]] message and whose product, service, or Internet web site is advertised or promoted by the message.''\18\ In the NPRM, the Commission proposed amending the definition of ``sender'' to address concerns identified in the ANPR comments about the application of CAN-SPAM's definition of ``sender'' to scenarios where multiple marketers use a single email message ---- for example, where a commercial email from an airline also contains advertisements or promotions for a hotel chain and a car rental company. The Commission received almost 60 comments in response to this proposal, many of which suggested modifications to the proposed Rule provision. After consideration of these comments, the Commission has modified the definition of ``sender'' as proposed in the NPRM. The final Rule provides that multiple ``senders'' of a commercial email, under certain conditions, may identify one among them as the ``sender'' who will be deemed the sole ``sender'' of the message (the ``designated sender''). Thus, under the final Rule, the designated sender, but not the other marketers using the same email message, must honor opt-out requests made by recipients of the message.\19\ Moreover, under the final Rule, the physical address of the designated sender, but not the addresses of the other marketers using the same email message, must appear in the message. --------------------------------------------------------------------------- \18\ 15 U.S.C. 7702(16)(A). The Commission incorporated by reference into the CAN-SPAM rules this definition of ``sender'' in its primary purpose rulemaking. 16 CFR 316.2(l); 70 FR at 3127. \19\ Under the final Rule, where a commercial email is sent by multiple ``senders'' who designate one ``sender'' to be responsible for honoring opt-out requests, the other marketers using the single email message still will be ``initiators'' of the email message and therefore responsible for complying with CAN-SPAM's requirements concerning ``initiators'': 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. --------------------------------------------------------------------------- a. Background As discussed in the ANPR, the Act itself does not specifically address multiple-marketer emails. Rather, under the Act, if multiple senders using a single email message meet the definition of ``sender,'' each would need to provide an opt-out mechanism, a valid physical postal address for each sender would have to appear in the message, and each would be responsible for honoring an opt-out request by a recipient.\20\ The ANPR sought comment on ``whether it would further the purposes of CAN--SPAM or assist the efforts of companies and individuals seeking to comply with the Act if the Commission were to adopt rule provisions clarifying the obligations of multiple senders under the Act.''\21\ --------------------------------------------------------------------------- \20\ The ``sender'' is required by the Act to honor opt-out requests. 15 U.S.C. 7704(a)(4)(A)(i). Additionally, the ``sender's'' physical postal address must be included in the message. 15 U.S.C. 7704(a)(5)(A)(iii). \21\ 69 FR at 11778. --------------------------------------------------------------------------- Commenters responding to the ANPR claimed that implementation of the Act may be impeded in multiple marketer scenarios because marketers and consumers will encounter certain difficulties under a regime that holds more than one party responsible as the sender of a single email. First, commenters claimed that consumer confusion would result from multiple opt-out mechanisms and valid physical postal addresses in a single email message.\22\ Second, some ANPR commenters predicted that rigid application of CAN-SPAM's sender definition would likely chill electronic commerce and destroy the type of joint marketing arrangements that are common in industry.\23\ According to these commenters, marketers would have to develop mechanisms for receiving suppression lists (lists of email addresses of consumers who previously had opted-out of receiving messages from a sender) from every marketer or co-marketer with which they deal, and for comparing their own mailing lists against multiple suppression lists.\24\ In addition, a marketer would have to develop processes for managing multiple opt- outs, i.e., ensuring that the consumer can opt out from each marketer and that all opt-outs sent to the marketer are forwarded to the marketers from whom the consumer no longer wishes to receive commercial email. These commenters argued that existing CAN-SPAM treatment of multiple senders in a single email is needlessly complex and results in unnecessary administrative costs and delays for legitimate email marketers because of the need to maintain and effectuate multiple suppression lists.\25\ Third, commenters stated that a requirement to check names against multiple lists would necessitate passing lists back and forth among several parties, increasing the risk that consumers' private information may be shared with inappropriate entities or exposed to hackers. Moreover, these commenters opined that multiple suppression lists could force a business to divulge customer names to list owners and other marketers, even when the business has promised to protect that information under its privacy policy.\26\ --------------------------------------------------------------------------- \22\ 70 FR at 25429 (citing comments by American Bankers Association; DMA; ERA; IAC; MPAA; Microsoft; PMA; Time Warner). \23\ Id. (citing comments by NAA; Time Warner). \24\ Id. (citing comments by American Bankers Association; DMA; ERA; IAC; MPAA; Microsoft; PMA; Time Warner). \25\ Id. (citing comments by American Bankers Association; DMA; ERA; MPAA; Microsoft). \26\ Id. (citing comments by American Bankers Association; ASTA; ACB; DMA; IAC; MPA; Microsoft; Time Warner). ANPR commenters identified a fourth problem in some situations, such as newsletters. Commenters stated that a requirement that each separate marketer in a single email message be treated as a separate sender would run counter to consumer expectations -- consumers would expect to opt out of the email list of the person with whom the consumer had a relationship, not from a marketer in the newsletter. Id. (citing comments by ABM; DMA; Microsoft; Midway; Time Warner). --------------------------------------------------------------------------- For these reasons, many commenters responding to the ANPR urged that the Act's ``sender'' definition be modified to provide that when more than one company's products or services are advertised or promoted in a single email message, only one among them be responsible as the sender of a message for purposes of the Act. Based upon these comments, in the NPRM, the Commission proposed adding a proviso to the definition of ``sender'' to allow multiple sellers advertising in a single email message to designate one among them as the single ``sender'' of the message for purposes of the Act. Under the NPRM's proposed proviso, only one of multiple persons whose products or services are advertised or promoted in an email message would have been the ``sender'' if that person: (A) initiated the message and otherwise met the Act's definition of ``sender,'' and (B) was the only person who: (1) ``controls the content of such message,'' (2) ``determines the electronic mail addresses to which such message is sent,'' or (3) ``is identified in the `from' line as the sender of the message.'' Under the proposed Rule, if more than one person meeting the Act's definition of ``sender'' were to satisfy one of these three criteria, then each such person who satisfied the definition would have been considered a sender for purposes of CAN-SPAM compliance obligations.\27\ --------------------------------------------------------------------------- \27\ A hypothetical example illustrated the NPRM ``sender'' definition proposal. If X, Y, and Z are sellers who satisfy the Act's ``sender'' definition, and they designate X to be the single ``sender'' under the Commission's proposal, among the three sellers, only X may control the message's content, control its recipient list, or appear in its ``from'' line. X need not satisfy all three of these criteria, but no other seller may satisfy any of them. The sellers may use third parties to be responsible for any criteria not satisfied by X. For example, if X appears in the ``from'' line, the sellers may use third parties -- but not Y or Z -- to control the message's content and recipient list. 70 FR at 25428. --------------------------------------------------------------------------- [[Page 29657]] b. The Final Rule Based upon the comments responding to the NPRM proposal, the Commission believes that modification of the proposed Rule's definition of ``sender'' as it relates to multi-marketer emails is necessary. The final Rule drops the proposed ``controls the content'' and ``determines the electronic mail addresses to which such message is sent'' elements, adds compliance with the core provisions of CAN-SPAM as an element, makes the elements conjunctive rather than disjunctive, and makes the element requiring identification of the person in the ``from'' line mandatory. The Commission believes that these modifications will meet the concerns of marketers while still preserving CAN-SPAM opt-out protections. Thus, under the final Rule, multiple marketers can designate as a single ``sender,'' for purposes of compliance with the Act, a person who: (A) meets the Act's definition of ``sender,'' i.e., such person initiates a commercial electronic mail message in which it advertises or promotes its own goods, services, or Internet website; (B) is identified uniquely in the ``from'' line of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4.\28\ In 16 CFR 316.2(m), the final Rule thus states: --------------------------------------------------------------------------- \28\ These provisions, as explained below, apply to initiators of commercial emails and require that the email message may not contain false or misleading transmission information or a deceptive subject heading; but must contain a valid postal address, a working opt-out link, and proper identification of the message's commercial or sexually explicit nature. --------------------------------------------------------------------------- The definition of the term ``sender'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(16), provided that, when more than one person's products, services, or Internet website are advertised or promoted in a single electronic mail message, each such person who is within the Act's definition will be deemed to be a ``sender,'' except that, only one person will be deemed to be the ``sender'' of that message if such person: (A) is within the Act's definition of ``sender''; (B) is identified in the ``from'' line as the sole sender of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. The Commission makes this clarification pursuant to its discretionary rulemaking authority to ``issue regulations to implement the provisions of this Act.''\29\ --------------------------------------------------------------------------- \29\ 15 U.S.C. 7711(a). Like the proposed Rule, this final Rule does not eliminate the possibility that a message may have more than one ``sender.'' However, marketers can use the criteria set forth in the proviso to establish a single sender and reduce CAN-SPAM's compliance burdens. If marketers fail to structure the message to avoid multiple senders under the sender definition, then each sender is obligated to comply with CAN-SPAM requirements for senders, notably, to provide its physical postal address and to honor any opt-out requests. --------------------------------------------------------------------------- The definition of ``sender'' in the final Rule provides marketers flexibility to structure their messages in a way that alleviates redundant obligations for the various marketers in a single email while ensuring that recipients of such messages receive the benefit of CAN- SPAM's core opt-out protections. Specifically, the final Rule makes it more practicable than the proposed Rule for multiple marketers promoting their products in a single email to designate a single entity as the ``sender'' under the Act because the marketers' decision as to which of them will appear in the ``from'' line resolves the question of which will be considered a ``sender'' under the Act and will be charged with the resulting responsibilities. The final Rule eliminates the complex fact determination of who ``controls'' the content and the element of who ``determines the electronic mail addresses to which such message is sent.'' By placing the focus on the ``from'' line, the best point of reference for consumers, the modification in the final Rule more directly conforms to consumers' expectations as to the identity of the entity responsible for sending them a multi-marketer email. An example illustrates how the final Rule's ``sender'' definition applies in the multi-marketer email context. Suppose A, B, and C have goods advertised or promoted in a single email message and that each is an initiator under the Act. If A's name appears in the ``from'' line of the message, A is considered the ``sender'' under the final Rule. While B and C promote their goods, services, or Internet website in the message, may control portions or all of the content of the message, and may supply email addresses for A to use to address the message, neither B nor C would be considered ``senders,'' unless A did not comply with the listed requirements that apply to ``initiators,'' namely 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. It would be clear to a consumer that an opt-out request would be sent to A, the one person identified in the ``from'' line. The comments and the FTC's law enforcement experience suggest that a provision, such as the final Rule's sender definition, that allows multiple senders flexibility in determining who will be the sole ``sender'' raises the possibility of abuse by illegitimate marketers. As discussed below, this concern is addressed in part by the addition of certain initiator provisions to the proviso: 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. If the designated sender is not in compliance with the initiator provisions, then all marketers in the message will be liable as senders. c. Comments on the NPRM's Definition of ``Sender'' Commenters who addressed the proposed definition of sender were nearly unanimous in supporting a ``sender'' definition that would enable marketers to designate a single ``sender'' when multiple marketers use a commercial email message. Reiterating ANPR comments, several commenters noted that such a rule provision would avoid ``daunting compliance challenges'' for email marketers, such as the heavy burden of cross-checking the opt-out lists of all the individual marketers with the designated sender's opt-out list.\30\ Likewise, commenters supported the NPRM's proposed Rule because it would enable recipients to determine the party responsible for honoring opt-out requests.\31\ Others noted with approval that designating a single sender would eliminate confusion for consumers who otherwise would face multiple opt-out links and postal addresses.\32\ Finally, other commenters opined that the proposed Rule would promote protection of consumer privacy.\33\ --------------------------------------------------------------------------- \30\ See, e.g., ATAA; Charter; DoubleClick; ERA; ESPC; FNB; IAC; ICC; IPPC; Mattel; Microsoft; NAR; NEPA; NetCoalition; NNA. As the ERA summarized it, ``[D]esignating a single sender will enhance accuracy and compliance efforts, streamline the opt-out process for consumers and sellers/marketers, and avoid confusion by, among other things, avoiding cluttered or repetitious information in messages or multiple suppression lists. It also helps address privacy concerns that may attend to sharing consumer suppression data.'' \31\ See, e.g., Mattel; NAFCU. \32\ See ATAA (it would be ``difficult to format messages in a way that makes them compelling and understandable to recipients'' because of the welter of opt-out links and postal addresses); ERA; ESPC. \33\ See ERA; NetCoalition. --------------------------------------------------------------------------- In contrast to the almost unanimous support for a multi-marketer proviso, however, few commenters supported the definition of ``sender'' as proposed in the NPRM without change.\34\ Many commenters raised concerns about the workability and clarity of the proposal, [[Page 29658]] as well as its consistency with consumer expectations. Most commenters urged the Commission to modify or clarify the criteria articulated in the proposed Rule. Such comments concerned four issues. The first three issues relate to the three listed criteria in the NPRM's proposed proviso: (1) the significance of the person identified in the ``from'' line; (2) the meaning of ``controls the content of the message'' and the structure of the proviso; and (3) the meaning of ``determines the electronic mail addresses'' to which a message is sent. A fourth category of comments addressed what it means to ``advertise'' or ``promote'' a product, service, or website under the Act, which is related to the question posed in the NPRM about whether ``list owners'' can be ``senders'' under the Rule and thus be required (or allowed) to process opt-out requests in lieu of other marketers who promote a product, service, or website in the email.\35\ --------------------------------------------------------------------------- \34\ See, e.g., ARDA; Empire; Mattel; NAFCU; NAR; NNA; SHRM; Wahmpreneur. \35\ At least one commenter suggested, without further detail, that the sender in a multi-marketer email should be the ``entity that controls the sampling, distribution, and opt-out registry.'' CMOR. Another commenter suggested determination of a sender in a multi-marketer email with a ``single, dominant marketer'' test. Bigfoot. The Direct Marketing Association (``DMA'') advocated formal adoption by the Commission of the Staff Letter of March 8, 2005, which opined on a specific fact pattern involving, among other things, multiple marketers who send commercial email messages to persons who had provided affirmative consent to receive multi- marketer commercial email messages. The Commission declines to adopt the Staff Letter. The final Rule will govern multi-marketer message sender liability. --------------------------------------------------------------------------- (i) ``From'' Line Many commenters favored looking to the ``from'' line of the message in order to determine who, under the Act, is the ``sender'' of a multi- marketer message. Commenters urged that this element is most critical for recipient expectations\36\ and would be easy to use as a way to designate a single sender.\37\ Some commenters argued that the other two proposed elements should be deleted.\38\ A few commenters also requested that the Commission provide additional guidance on which non- deceptive names can be used in the ``from'' line, including a company's brands and service names.\39\ --------------------------------------------------------------------------- \36\ See, e.g., Bigfoot; Charter; DoubleClick; KeySpan; MBNA; Nextel; OPA; SHRM. \37\ See Charter; DoubleClick; Nextel; Reed. \38\ See DoubleClick; KeySpan. \39\ See, e.g., MBNA; SIIA. --------------------------------------------------------------------------- (ii) ``Controls the Content'' Most commenters voiced concerns about the ``controls the content'' element of the proposed proviso and its likely effect. Many of these commenters found this criterion vague and urged the Commission to provide additional guidance concerning what it means to ``control'' the content of commercial email.\40\ Many advocated eliminating this factor altogether,\41\ and others urged various ways to modify it.\42\ Two primary themes emerged from the comments: (1) several parties may exercise some degree of ``control'' over content, and (2) ``control'' in this context is a vague and ill-defined concept. Commenters explained that in joint marketing arrangements, it is standard industry practice for each marketer to exercise control over the use of its own trademarks, branding, legal disclosures, and advertising copy.\43\ Commenters further explained that in highly regulated industries, such as life insurance, securities, pharmaceuticals, and alcoholic beverages, marketers may be required to include certain text and legal disclosures.\44\ Some commenters also stated that, in addition to controlling their own trademarks and disclosures, marketers sometimes influence the content of other parts of a message without ``controlling'' it, or may suggest advertising text without making the final decision about the advertising content.\45\ To protect their brand reputations, commenters explained that they need to be able to review and approve the advertising content of other marketers.\46\ --------------------------------------------------------------------------- \40\ See, e.g., ACB; ACLI; Associations; BOA; CBA; Charter; DLA; DMA; Discover; ERA; ESPC; FNBO; HSBC; IAC; Mastercard; Microsoft; MPA; MPAA; NAA; NAIFA; NBCEP; NEPA; NetCoalition; PMA; SIIA; Time Warner. \41\ See Associations; ATAA; Charter; DoubleClick; Keyspan; MasterCard; NAIFA; SIIA; Wells Fargo. Similarly, other commenters suggested that the proposed Rule be modified to allow more than one marketer to control the content of the message, while still allowing one of the marketers to be designated as the sender. See CBA; DMA; MPA; NBCEP; NetCoalition; NRF. \42\ See e.g., Adknowledge; ICC; MPA. \43\ See Reed; DoubleClick; Time Warner; MasterCard; Microsoft; Bigfoot; HSBC; MPAA; OPA. \44\ See, e.g., ACLI; BF; HSBC; IPPC; MPAA; OPA; SIA. \45\ See, e.g., BF; Visa. \46\ See, e.g., Associations; ERA; HSBC; MasterCard; MPA; NetCoalition; Nextel; NRF; OPA; PMA. --------------------------------------------------------------------------- A number of commenters opined that, without clarification, under a literal application of the proposed Rule, essentially all marketers would be deemed to ``control'' the content of a multi-marketer email, thereby preventing the designation of a single sender and defeating the purpose of the proposed Rule.\47\ Conversely, according to commenters, a standard that forced marketers to cede all control of the content of messages to one marketer among several using a single email message would greatly disrupt standard industry practices.\48\ --------------------------------------------------------------------------- \47\ See ATA; DoubleClick; HSBC; IAC; IPPC; Mastercard; Time Warner. \48\ See e.g., NAA; TimeWarner. --------------------------------------------------------------------------- To alleviate these perceived problems, a number of commenters suggested that the Commission eliminate the ``controls the content'' element, because they believed that the proposed Rule could operate effectively in its absence.\49\ Others suggested that the Commission clarify that ``control'' means control of the ``primary'' or ``overall'' content of the message, but does not mean either control by a company over its own advertisement\50\ or the practice of reviewing and approving the advertising content of other marketers.\51\ These commenters asked the Commission to clarify that ``control'' should refer to control over what content will be distributed in the email message as a whole and not control over the design, content, or placement of a particular advertisement in a multi-marketer message.\52\ Other commenters advocated that ``control'' of the content of the message should mean the ultimate ability to determine whether and when the message is transmitted.\53\ --------------------------------------------------------------------------- \49\ See NAIFA; SIIA. \50\ See, e.g., ACB; Adknowledge; Associations; ATAA; CBA; Charter; Discover; DMA; Experian; FNB; IAC; ICC; KeySpan; Microsoft; MPAA; NAIFA; NBCEP; NEPA; NetCoalition; NRF; OPA; Reed; SIIA; Time Warner; Wells Fargo. \51\ See, e.g., ERA; HSBC; MasterCard; MPA; Nextel; PMA. \52\ See ACB; BoA; Discover; ERA; ESPC; Experian; HSBC; IAC; ICC; Mastercard; Microsoft; MPA; MPAA; NAA; PMA; Visa. \53\ See, e.g., BigFoot; SIIA. --------------------------------------------------------------------------- In a similar vein, some commenters felt that the structure of the proviso as proposed in the NPRM would have limited the ability of legitimate marketers to co-promote their products without any corresponding benefit to consumers.\54\ Commenters pointed out that there are circumstances when one entity provides the email addresses to which a message is to be sent and one or more other entities control the content of the message. Under the proposal in the NPRM, all entities would be considered senders because the proposed Rule's definitional requirements allowing one sender to be designated could not be met.\55\ These commenters asked that the final Rule be made more flexible to accommodate the variety of marketing agreements commonly used in the industry.\56\ --------------------------------------------------------------------------- \54\ See Bigfoot; CBA; DMA; DoubleClick; ESPC; MPAA; NBCEP; NetCoalition; NRF; SIIA; Wells Fargo. \55\ See DMA; SIIA. \56\ See, e.g., MPAA. --------------------------------------------------------------------------- [[Page 29659]] (iii) ``Determines the Electronic Mail Addresses to Which Such Message is Sent'' Few commenters discussed the third element of the proposed proviso for the definition of ``sender'': that the sender be the party that determines the email addresses to which such message is sent. Some commenters objected to this element of the definition because, they contend, entities in joint marketing campaigns may want to contribute or recommend some email addresses without being considered the primary ``sender.''\57\ --------------------------------------------------------------------------- \57\ See, e.g., KeySpan; Reed; SIA. Several commenters also requested clarification of what constitutes ``determines'' and suggested that merely providing criteria for targeting recipients (such as demographic characteristics) should not qualify as ``determining'' the email addresses. See DoubleClick; KeySpan; MasterCard; Unsub. As discussed below, this element has been removed, and thus these requests for clarification need not be addressed. --------------------------------------------------------------------------- (iv) ``Promote'' Finally, a few commenters suggested that the Commission define broadly the term ``promote'' in the Act's definition of sender. They argued that a person ``advertises'' or ``promotes'' the person's ``product, service, or Internet website'' by appearing in the ``from'' line of the message or simply by having the person's name referenced in the email.\58\ Under this interpretation, they argued, more persons could qualify as designated ``senders'' under the proviso. --------------------------------------------------------------------------- \58\ See, e.g., Adknowledge; ESPC; Unsub. --------------------------------------------------------------------------- d. Response to Comments on the Definition of ``Sender'' and Explanation of the Final Rule's Definition of ``Sender'' Having considered the comments on the proposed definition of ``sender,'' the Commission adopts a modified version as its final Rule. These modifications mitigate the concerns of marketers raised in the comments, recognize the benefits afforded by advertising by multiple entities in a single email, conform more closely to the expectations of email recipients, and continue to provide the CAN-SPAM protections contemplated by Congress. In summary, as discussed below, the Commission retains the ``from'' line element in the proviso as a mandatory element, drops the ``controls the content'' and ``determines the electronic mail addresses to which the message is sent'' elements, and adds a requirement that the designated sender be in compliance with certain provisions of the Act and Rules that apply to initiators. In response to comments regarding the ``from'' line, the Commission found persuasive the suggestions that the ``sender'' of a multi- marketer email should be the person identified in the ``from'' line of the message. The Commission agrees that a rule that uses the ``from'' line as the sole determinant of the sender in a multi-marketer email would be straightforward for marketers to follow and is the single most helpful element of an email to enable recipients to identify the sender of the email.\59\ A designated ``sender'' for purposes of a multi- marketer email must, in addition to meeting the other requirements listed below, include its non-deceptive name, trade name, product, or service in the ``from'' line of the email.\60\ --------------------------------------------------------------------------- \59\ See Charter (stating that the ``from'' line criterion ``specifically accords with consumer expectations.''). \60\ In response to commenters seeking further guidance about whether a company's non-deceptive product or service names can be used in the ``from'' line, the Commission responds as follows. CAN- SPAM provides that ``a `from' line . . . that accurately identifies any person who initiated the message shall not be considered materially false or misleading.'' 15 U.S.C. 7704(a)(1)(B). The Commission believes that this does not mean that the ``from'' line necessarily must contain the initiator's formal or full legal name, but it does mean that it must give the recipient enough information to know who is sending the message. Email senders should consider their messages from their recipients' perspective. If a reasonable recipient would be confused by the ``from'' line identifier, the sender is not providing sufficient information. See NPRM, 70 FR at 25431 (further discussing this issue). --------------------------------------------------------------------------- And, under the final Rule, the designated sender must be ``identified in the `from' line as the sole sender of the message'' -- if two or more senders appear in the ``from'' line, the multi-marketer proviso would not be met. On the second issue identified by commenters, the Commission has deleted the ``controls the content of such message'' element from the proviso. Comments urging its removal were persuasive, and comments that advocated clarification rather than removal revealed that retaining this element would not serve to assist recipients in identifying or confirming the sender of a multi-marketer message. By its nature, a multi-marketer message promotes more than one company's content, and thus more than one company controls its content in at least some way.\61\ Modifying the criterion to require ``overall'' control of the content would simply add further nuance and complication and make enforcement difficult. Deleting this criterion will make the proviso more practicable for legitimate marketers to designate a single ``sender'' while preserving for email recipients the protections of CAN-SPAM.\62\ Under the final Rule, therefore, a non-designated sender under the multi-marketer proviso will not have ``sender'' liability just because it controls its own advertising copy, including its trademarks and legal disclosures, or reviews other marketers' content to ensure the absence of objectionable material in proximity to its own brand. --------------------------------------------------------------------------- \61\ See IAC. \62\ See, e.g., Charter (``the Commission's proposed definition is inadequate and unworkable''); DoubleClick; Keyspan; MasterCard; NAIFA; SIIA. --------------------------------------------------------------------------- The Commission has deleted the third element discussed by commenters that required that the designated ``sender'' of a multi- marketer email determine the email address to which such message will be sent. The NPRM rationale for this element was to ensure that the designated sender had the ability to process opt-out requests. The Commission is now convinced that requiring the designated sender to determine recipient email addresses would serve little, if any, purpose. Under the Act, as a sender, the designated sender already must check to make sure that none of the email recipients appears on its opt-out list. In a multi-marketer email, if the designated sender receives a list of proposed email addresses from a non-designated sender, the designated sender must scrub that list against its own opt- out list before sending the message to the addresses on that list. On the fourth and final issue raised by commenters, the Commission declines to make any additional changes to the definition of ``sender'' proposed by the NPRM. Some commenters suggested that the FTC define broadly the phrase ``advertised or promoted'' in the Act's definition of ``sender,'' so that more entities could qualify as ``senders'' under the multi-marketer proviso. The Commission believes that the definition of a ``sender'' should be based on consumer expectations. If a reasonable consumer would not believe that a person's product, service, or website were ``advertised or promoted'' in the message, then that person does not qualify as a ``sender.'' The Commission believes that the meaning of ``advertised or promoted'' is clear and broadly understood.\63\ --------------------------------------------------------------------------- \63\ By analogy, another definition in the Act, that of a ``commercial electronic mail message,'' states that [t]he inclusion of a reference to a commercial entity or a link to the web site of a commercial entity in an electronic mail message does not, by itself, cause such message to be treated as a commercial electronic mail message for purposes of this chapter if the contents or circumstances of the message indicate a primary purpose other than commercial advertisement or promotion of a commercial product or service. 15 U.S.C. 7702(2)(D). --------------------------------------------------------------------------- [[Page 29660]] Lastly, based on its law enforcement experience, the Commission recognizes that illegitimate marketers may attempt to use the proviso to escape liability under CAN-SPAM. Both CAN-SPAM's definition of ``initiator'' and the final Rule's revised definition of ``sender'' substantially reduce the likelihood of such abuse.\64\ First, marketers in a single email message who are not designated senders are still ``initiators'' under CAN-SPAM and liable under any of the provisions that apply to initiators, such as the prohibition against use of deceptive headers and subject lines and the requirement to include an opt-out link.\65\ Second, the final Rule's definition of ``sender'' requires that the designated ``sender'' be in compliance with certain initiator provisions of the Act: 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4.\66\ The proviso states that if the designated sender does not comply with these five ``initiator'' responsibilities, all the marketers will be liable as senders (and not just initiators) under the Act because the proviso will not apply. By requiring the designated sender to comply with these provisions of law, the other marketers using a single email message must ensure that the entity that is the designated ``sender'' complies with the Act and the Commission's rules. Otherwise, the other marketers using the email risk losing the protections provided by the proviso and each will be a ``sender'' of the message. The final Rule, therefore, provides senders of multi- marketer emails a method of reducing the burdens associated with multiple opt-out links and postal addresses while guarding against possible abuse. Nonetheless, if the Commission finds such abuse through the operation of the proviso, it will reconsider whether the final Rule is justified under the Act.\67\ --------------------------------------------------------------------------- \64\ At least one commenter suggested that the proviso could be subject to abuse. See Adknowledge (suggesting that to avoid abusive practices, the proposed regulation explicitly should state that a ``person'' must be a ``bona fide business entity'' because ``spammers continually change the name of the originating entity along with header or other information, or consider a mere email address list as a `business entity.'''). \65\ See, e.g., FTC v. Phoenix Avatar, 2004-2 Trade Cas. (CCH) ] 74,507 (N.D. Ill. Jul. 30, 2004) (order granting preliminary injunction); FTC v. Opt-in Global, No. 05-cv-1502 (N.D. Cal. filed Apr. 12, 2005) (final order entered Apr. 6, 2006); FTC v. Dugger, No. CV-06-0078 (D. Ariz. filed Jan. 9, 2006) (final order entered Jul. 31, 2006). \66\ Section 7704(a)(1) of the Act prohibits initiation of an email that contains false or misleading transmission information, and section 7704(a)(2) prohibits initiation of an email with a deceptive subject heading. Section 7704(a)(3)(A)(i) requires an initiator to include a ``functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed, that a recipient may use to submit . . . a reply electronic mail message or other form of Internet-based communication requesting not to receive future commercial electronic mail messages from [the] sender [responsible for the initial commercial message].'' Section 7704(a)(5)(A) of the Act requires that an initiator ``provide clear and conspicuous identification that the message is an advertisement or solicitation, clear and conspicuous notice of the opportunity . . . to decline to receive further commercial electronic mail messages from the sender, and a valid physical postal address of the sender.'' Finally, 16 CFR 316.4, the Sexually Explicit Labeling Rule, imposes certain requirements on a message that includes sexually oriented material, including the 19 characters ``SEXUALLY EXPLICIT: '' at the beginning of the subject header of the message. \67\ Of course, it should be noted that the proviso in no way relieves non-designated senders of liability for ensuring that their own advertising complies with the FTC Act. --------------------------------------------------------------------------- e. List Owners In the NPRM, the Commission asked whether under CAN-SPAM, third- party list providers who do nothing more than provide a list of names to whom others send commercial emails could be required to honor opt- out requests.\68\ Specifically, the NPRM asked whether such list providers could satisfy the statutory definition of sender, i.e., a person that both initiates a message and advertises its product, service, or website in the message. --------------------------------------------------------------------------- \68\ 70 FR at 25450. --------------------------------------------------------------------------- Some commenters opposed extending opt-out responsibilities to third-party list providers because it would be contrary to congressional intent, difficult to implement and monitor, and would impose administrative costs and complexity for legitimate list providers and email marketers.\69\ Although the NPRM asked about list owners who have no other involvement in the message besides providing a list of names to others, commenters discussed other list rental arrangements in which both the marketer and the list owner have some degree of control over the content of the message.\70\ In those cases, list owners typically do not have control over the specific creative content within an advertisement, but they can approve or disapprove an advertisement for delivery to email addresses on their lists. --------------------------------------------------------------------------- \69\ See FNB; Jumpstart; Lashback; Schnell; SIA (list providers play a role ``similar to that of a telephone directory service,'' are neither ``advertising or promoting their products and services,'' nor ``initiating the email,'' and accordingly ``do not come within the definition of `sender' under the CAN-SPAM Act.''). \70\ See, e.g., Unsub. --------------------------------------------------------------------------- On the other hand, two commenters argued in favor of extending opt- out obligations to third-party list providers.\71\ Some of these commenters thought the Commission should clarify that in such situations the list owner exercises fundamental ``control'' of the content of the message for purposes of the then-proposed regulatory definition of ``sender.''\72\ Other commenters urged the Commission to adopt the position that a list owner would be considered a sender if the list owner ``advertises or promotes'' its services merely by being referenced in the ``from'' line or in the message itself, thereby making it responsible for the opt-out function and other CAN-SPAM compliance.\73\ --------------------------------------------------------------------------- \71\ See Adknowledge; EPIC. \72\ See, e.g., ESPC. \73\ See, e.g., Adknowledge; Baker; ESPC; cf. Microsoft (arguing that it should constitute a deceptive trade practice for a list owner to fail to identify itself and the role that it plays in sending the message, that its identification would be considered advertising or promoting its services, and thus that the list owner would meet the definition of ``sender'' and have CAN-SPAM liability); Adknowledge (proposing that the Commission make it ``mandatory for list owners to advertise or promote themselves in each email message they transmit''). --------------------------------------------------------------------------- Because of the variety of situations in which a list owner might be involved in a commercial email, and because none of the commenters provided a workable mechanism for all of these situations, the Commission is persuaded that amending the rules under CAN-SPAM to create a specific provision for list owners is not feasible. The Commission finds that a list owner must honor opt-out requests only if it qualifies as the ``sender'' of a commercial email (i.e., it is an initiator and its ``product, service, or Internet web site'' are ``advertised or promoted'' in the email). And, if it does qualify as a ``sender,'' it may avail itself of the multi-marketer proviso added to the definition of sender in the final Rule. f. Safe Harbor for Email Messages Sent By Affiliates In the NPRM, the Commission asked whether it should adopt a ``safe harbor'' with respect to opt-out and other obligations for a sender whose product, service, or website is advertised by affiliates or other third parties. Moreover, the Commission sought guidance on the criteria for a safe harbor.\74\ --------------------------------------------------------------------------- \74\ 70 FR at 25450. --------------------------------------------------------------------------- Although the Act does not provide a definition of ``affiliate,'' the Commission noted in the NPRM that ``affiliates'' are induced to send commercial email messages by sellers seeking to drive traffic to their websites, and that sellers generally pay affiliates based on the number of individuals who, directed by the affiliates, ultimately visit the seller's [[Page 29661]] website and/or purchase the seller's product or service.\75\ --------------------------------------------------------------------------- \75\ 70 FR at 25428 n.23. According to IAC, in a typical affiliate program, a marketer enters an arrangement with an affiliate to pay the affiliate for referrals to its website. The affiliate can employ a variety of methods to direct consumers to the marketer's website, including email messages. The affiliate sends email messages containing an advertisement promoting the marketer's goods or services and a hypertext link to visit the marketer's website directly from the email message (either as a direct link or through the affiliate's link, which redirects the recipient to the marketer's website). If a recipient of the email uses this link to visit the marketer's website, the marketer logs the visit as attributable to the affiliate's email. Depending on the arrangement between the marketer and the affiliate, the marketer will pay the affiliate a prescribed amount either for the visit (also known as a ``click through'') or for a completed sale, or both. IAC states in its comments that it has thousands of affiliates. For Expedia, one of IAC's websites, however, the majority of the sales from the affiliate program are generated by a relatively small number of productive affiliates. --------------------------------------------------------------------------- Before turning to the issue of whether a safe harbor is appropriate to shield marketers from liability for CAN-SPAM violations of affiliates, two preliminary questions must be considered. First, is the marketer who uses an affiliate an ``initiator'' under the final Rule? Second, in scenarios where a marketer uses an affiliate, what is the impact of the final Rule on the status of both the marketer and the affiliate as ``senders''? With regard to whether a marketer that uses affiliates is an ``initiator,'' under the Act, a person is an ``initiator'' if the person originates, transmits, or ``procure[s] the origination or transmission of'' a message.\76\ In the typical affiliate marketing scenario, the affiliate originates and transmits the message, and is therefore an initiator. The marketer, however, does not originate or transmit the message, but does ``procure'' the origination of the message. The Act defines ``procure'' as ``intentionally to pay or provide other consideration to, or induce, another person to initiate[]a message on one's behalf.''\77\ A few commenters argued that a marketer does not actually ``initiate'' an email message if it does not provide consideration to an affiliate for each message, because it provides consideration to the affiliate for visits to its website or completed sales made as a result of the affiliate's email messages.\78\ According to this argument, in these circumstances, the marketer pays consideration for the referral, but not for the message itself. --------------------------------------------------------------------------- \76\ 15 U.S.C. 7702(9). \77\ 15 U.S.C. 7702(12) (emphasis added). \78\ See IAC (arguing that affiliates are not ``hired'' to do anything, but are ``simply paid a small fee for referrals,'' and that the affiliate emails are ``created and transmitted entirely at the discretion of the affiliate.''); Unsub (arguing that the payment structure does not differ from a company renting a mailing list from a third party). --------------------------------------------------------------------------- The Commission believes that this interpretation is too narrow. By agreeing in advance to pay an affiliate for sales to persons who come to a marketer's website as a result of an affiliate's referral, a seller or marketer creates an inducement for the affiliate to originate or transmit commercial email messages to the public. In the language of the Act, the seller induces another person -- the affiliate -- to initiate messages on the seller's behalf. With regard to the second question, in the typical affiliate program, the marketer is a ``sender'' because its product, service, or website is promoted in the email message, and the affiliate is only an ``initiator.'' It is only when the affiliate promotes its own product, service, or website along with that of the marketer that the affiliate is also a ``sender'' under the Act. In such a case, under the final Rule, the affiliate may serve as the designated sender, provided that it is listed in the ``from'' line of the message and is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. If, however, the affiliate promotes its own product, service, or website in addition to that of the marketer, but does not comply with the designated sender requirements in the final Rule, then both the affiliate and the marketer are liable as ``senders'' under the final Rule.\79\ --------------------------------------------------------------------------- \79\ In either case, both the affiliate and the marketer are ``initiators'' under the Act. --------------------------------------------------------------------------- A ``safe harbor'' would absolve a marketer of initiator liability (or of sender liability if the affiliate is not the designated sender under the final Rule) if the marketer takes prescribed steps to ensure that the affiliate complies with CAN-SPAM. Those who commented on this issue were split on whether the Commission should adopt a safe harbor for CAN-SPAM liability for marketers whose products are promoted by affiliates or other third parties. Those opposed to a safe harbor stated that it would allow marketers to circumvent CAN-SPAM requirements.\80\ Those in favor of a safe harbor stated that it would: (1) provide clarity to marketers that practice due diligence when selecting third-party email marketers; (2) encourage marketers to maintain reasonable practices and procedures to prevent violations of CAN-SPAM; and (3) effectuate congressional intent.\81\ --------------------------------------------------------------------------- \80\ See, e.g., Amin; Jumpstart; LashBack; Schaefer; Unsub; VFCU. \81\ See e.g., AeA; ARDA; ERA LashBack; MPAA; NADA. --------------------------------------------------------------------------- Many online businesses advocated the adoption of a safe harbor in principle,\82\ but only a fraction of those commenters suggested specific components to the safe harbor. Those suggestions included the following requirements: (1) that the contract between the marketer and the affiliate specifically require the affiliate to comply with CAN- SPAM;\83\ (2) that the affiliate periodically certify that it complies with CAN-SPAM;\84\ (3) that the marketer provide the affiliate with written guidelines on how to comply with CAN-SPAM;\85\ (4) that the marketer maintain additional reasonable procedures to determine whether the affiliates are complying with CAN-SPAM;\86\ (5) that a marketer comply with its privacy policy relating to the conduct of third parties sending email messages on its behalf;\87\ and (6) that a marketer have ``flexibility to determine what procedures are reasonable.''\88\ --------------------------------------------------------------------------- \82\ See ESPC (noting that it is ``generally supportive of safe harbor programs'' and ``would be very interested in further discussion of such programs''); SIIA (making a ``preliminary proposal''); Visa (``such a safe harbor could be based on examples demonstrating relationships that do not result in control of content or email addresses.''); Wahmpreneur (suggesting a safe harbor that would apply to permission-based marketing). \83\ See IAC. \84\ See id. \85\ See id. \86\ See id. \87\ See SIIA; ACLI. \88\ See IAC. --------------------------------------------------------------------------- After considering all the comments submitted and in the light of the changes to the Rule's definition of ``sender'' for multi-marketer messages as well as its law enforcement experience, the Commission has decided against creation at this time of a ``safe harbor'' for companies whose products, services, or website are advertised by affiliates or other third parties. First, the requisite criteria for a safe harbor have not been articulated clearly. Second, email marketing models continue to evolve, and there may not be enough transparency in email marketing to support a safe harbor. The Commission believes that the final Rule's definition of ``sender'' gives marketers the necessary flexibility to market their products using email on their own or in conjunction with other parties while at the same time preserving the protections afforded to consumers by CAN-SPAM. If, after marketers have had the opportunity to conduct business under the ``sender'' definition in the final Rule, concerns about the necessity of a safe harbor persist, the Commission can reconsider this issue. [[Page 29662]] g. Messages Sent to Members of Online Groups The NPRM asked whether CAN-SPAM should apply to email messages sent to members of online groups. According to ESPC, online groups are also known as discussion lists, list servs, mailing lists, and chat groups. They often constitute communities engaging in both commercial and non- commercial speech via email. Many such lists are volunteer efforts, but their messages sometimes include commercial content. Lists can be fee- based or free.\89\ --------------------------------------------------------------------------- \89\ See ESPC. --------------------------------------------------------------------------- Generally discussion groups are permission-based, that is, ``opt- in.'' Those lists that are free to join often include advertising in messages sent to subscribers, either with or without content relating to the purpose of the group. Depending on the type of discussion group, different individuals may be able to send messages to the entire group. In some groups, any member may send a message; in other groups, only the moderator or list owner may send messages; in still other groups, anyone may send a message, but the message must be approved by a moderator. It is rare for mailing list software to allow subscribers to choose the senders from whom they want to receive messages. In other words, they opt to receive all messages in the discussion group or none at all.\90\ --------------------------------------------------------------------------- \90\ See ESPC. --------------------------------------------------------------------------- Four commenters stated that they believe online groups should not be subject to CAN-SPAM.\91\ They felt that compliance with CAN-SPAM would be too burdensome for unpaid list moderators and might cause them to cease operations, potentially chilling free speech. ESPC argued that email service providers that host mailing list services generally are considered to be engaged in routine conveyance under the Act, taking them outside the definition of initiator under the Act. ESPC also argued that most moderators also would be engaging in routine conveyance when sending messages to the group on behalf of group members.\92\ --------------------------------------------------------------------------- \91\ See ESPC; NAEDA; PCIAA; Schnell. \92\ The Commission notes, however, that CAN-SPAM defines ``routine conveyance'' as requiring an ``automatic technical process.'' 15 U.S.C. 7702(15). Thus, if a list moderator is manually forwarding messages to the group on behalf of group members, the moderator would not be engaged in ``routine conveyance.'' See also infra Part II.A.5 (discussing ``routine conveyance'' in connection with forward-to-a-``friend'' emails). --------------------------------------------------------------------------- One commenter urged the Commission not to distinguish between email messages sent to members of groups and email messages sent to recipients who are not members of groups. That commenter stated that an exception from CAN-SPAM would give an unfair advantage to the operators of online groups without compelling justification, and would create an incentive for ``group'' status that would likely be exploited by aggressive marketers.\93\ --------------------------------------------------------------------------- \93\ See Jumpstart. --------------------------------------------------------------------------- The Commission believes that CAN-SPAM compliance is not unduly burdensome for online groups. Of course, in some cases, the primary purpose of emails sent by and to online groups will not be commercial, and thus the Act will not apply.\94\ However, for those messages with a primary purpose that is commercial, group members should be entitled to the benefits of CAN-SPAM's opt-out provisions. Indeed, best practices in the industry already require group members to opt into listservs and provide straightforward mechanisms for opting out.\95\ The Commission, therefore, has determined not to exempt online groups from CAN-SPAM at this time, but may reconsider the issue in the future should circumstances warrant. --------------------------------------------------------------------------- \94\ Most of the Act's requirements apply to an email only if it is a ``commercial electronic mail message,'' which is defined as an email ``the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet web site operated for a commercial purpose).'' 15 U.S.C. 7702(2)(A). See also 16 CFR 316.3 (primary purpose rule). \95\ See ESPC. --------------------------------------------------------------------------- 3. Section 316.2(o)--Definition of ``Transactional or Relationship Message'' CAN-SPAM designates five broad categories of emails as ``transactional or relationship messages.''\96\ The Act excludes these messages from its definition of ``commercial electronic mail message,''\97\ and thus relieves them from most of the Act's requirements and prohibitions.\98\ In the NPRM, the Commission proposed no modification to Rule 316.2(n), which incorporates the Act's definition of ``transactional or relationship message'' by reference. Under the Act, the Commission can expand or contract the definition of ``transactional or relationship message'' only if two conditions are met: (1) such modification is necessary to accommodate changes in email technology or practices; and (2) such modification is necessary to ``accomplish the purposes of [the Act].''\99\ None of the 50 comments submitted on this issue demonstrated that an expansion or contraction of the ``transactional or relationship message'' categories were necessary to accommodate changes in email technology of practices. Accordingly, the final Rule leaves the statutory definition unaltered.\100\ The NPRM also invited comment on a series of questions concerning the application of the existing categories of ``transactional or relationship messages'' to certain types of messages. The Commission has carefully reviewed these comments and discusses its views on these issues below. --------------------------------------------------------------------------- \96\ Section 7702(17)(A) of the Act defines a ``transactional or relationship message'' as ``an electronic mail message the primary purpose of which is -- (i)to facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender; (ii)to provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient; (iii) to provide -- (I)notification concerning a change in the terms and features of; (II)notification of a change in the recipient's standing or status with respect to; or (III) at regular periodic intervals, account balance information or other type of account statement with respect to, a subscription, membership, account,loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender; (iv)to provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or (v)to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.'' \97\ See supra n.94. \98\ Section 7704(a)(1)'s prohibition on false or misleading transmission information applies equally to ``commercial electronic mail messages'' and ``transactional or relationship messages.'' Otherwise, CAN-SPAM's prohibitions and requirements cover only ``commercial electronic mail messages.'' \99\ 15 U.S.C. 7702(17)(B). \100\ The NPRM asked whether there are any types of messages that erroneously fall outside of the reach of the proposed Rule, and, if so, how such a shortcoming should be remedied. 70 FR at 25450. No commenters identified any such categories of messages. See, e.g., Discover (stating that it was aware of no messages that fall outside the Rule that should be covered by it). Accordingly, the Commission adopts no modification of the definition of ``transactional or relationship message'' to accommodate any such categories of messages. --------------------------------------------------------------------------- a. Legally Mandated Notices In the NPRM, the Commission asked whether an email message that contains only a ``legally mandated notice'' -- i.e., communications mandated by state or federal law -- should be considered a ``transactional or relationship message.''\101\ Commenters identified messages mandated by the Truth in Lending Act, the Gramm-Leach-Bliley [[Page 29663]] Act, and the USA PATRIOT Act as well as messages concerning billing errors and changes in terms or account features as examples of legally mandated notices.\102\ --------------------------------------------------------------------------- \101\ 70 FR at 25450. \102\ See, e.g., ACA; CBA; FNB; NRF. --------------------------------------------------------------------------- All 13 commenters that addressed this issue opposed classifying messages that solely contained legally mandated notices as ``commercial electronic mail messages.''\103\ Commenters were divided on whether such messages should be exempt from the Act,\104\ categorized under a new definition of ``transactional or relationship message,''\105\ or classified under one of the existing, statutory categories of transactional or relationship emails, such as messages to facilitate a commercial transaction that the parties have entered into (section 7702(17)(A)(i))\106\ or messages to provide notification regarding a change in the terms and features of an account (section 7702(17)(A)(iii)).\107\ --------------------------------------------------------------------------- \103\ See FNB; KeySpan; Schnell; Wells Fargo; ESPC; BOA; ACA; DoubleClick, NRF, HSBC; CBA; Discover; PCIAA. \104\ See Discover; ESPC (arguing that legally mandated notices are either exempt from the Act or transactional or relationship in nature, depending on the content and context of the message in question); FNB; KeySpan (arguing that legally mandated notices should either be exempt from the Act or that the Commission should create a new transactional or relationship category for legally required notes); PCIAA (same); MPAA (arguing that messages containing legally mandated notices are not ``commercial electronic mail messages'' provided that their commercial content does not exceed the amount reasonably believed by the sender to be required to meet the legal requirement prompting the message); Schnell (``[A]n e-mail message containing only a legally mandated notice should have no standing in CAN-SPAM at all, other than perhaps a routine conveyance. It is not a commercial e-mail message, and is not a transactional or relationship message.''). \105\ See DoubleClick; KeySpan; NRF. \106\ See HSBC (arguing that such an email facilitates the commercial transaction into which the parties have entered). \107\ See ACA; CBA; Wells Fargo; BOA. --------------------------------------------------------------------------- The Commission declines either to expand the definition of ``transactional or relationship message'' to include legally mandated notices or to make a blanket determination that such messages fall under one of the existing categories of transactional or relationship emails. Despite the unanimity of opinion expressed in the comments that such notices should not be treated as commercial in nature, none of the commenters demonstrated that expansion of the definition of ``transactional or relationship message'' to include legally mandated notices was necessary to accommodate changes in email technology or practices and to accomplish the purposes of the Act.\108\ That said, the Commission believes that, in most cases, the types of legally mandated notices described by the commenters likely would be categorized as transactional or relationship messages. Such determinations, however, must be made on a case-by-case basis depending on the specific content and context of such messages. Moreover, if a message providing a non-commercial legally mandated notice also includes commercial content, it should be evaluated under the Commission's primary purpose criteria as a dual purpose message.\109\ --------------------------------------------------------------------------- \108\ KeySpan addressed the statutory standard by arguing that ``[i]t has become common practice for senders to email legally required notices to individuals who purchased the sender's products or services online.'' The Commission, however, is not persuaded that this is a ``change'' in email practices that has evolved since the passage of the Act. \109\ 16 CFR 316.3; see also NPRM, 70 FR at 25438. --------------------------------------------------------------------------- b. Debt Collection Emails In the NPRM, the Commission invited comment on the Act's application to debt collection email messages, including messages sent by a third party on behalf of the seller from whom the recipient purchased goods or services rather than by the seller itself.\110\ Nearly all of the 15 commenters that addressed this issue urged that debt collection emails by a seller from whom the consumer made a purchase should be considered transactional or relationship in nature.\111\ Most of these commenters also stated that the same conclusion should apply to emails sent by third-party debt collectors.\112\ --------------------------------------------------------------------------- \110\ NPRM, 70 FR at 25450. \111\ See NADA; Schnell; FNB; ESPC; DMA; NCTA; NNA; Charter; HSBC; CUNA; KeySpan; PCIAA; VFCU. But see Discover (arguing that all debt collection emails should be exempt from regulation under CAN- SPAM); ACA (arguing that ``at most'' debt collection emails should be regulated as ``transactional or relationship messages''). \112\ See, e.g., DMA; ESPC; FNB; NCTA. But see Schnell (arguing that debt collection emails from a third party should be considered commercial); Charter (arguing that debt collection messages sent by third-party debt collectors would be neither ``commercial'' nor ``transactional or relationship'' messages and thus would fall outside the scope of CAN-SPAM). --------------------------------------------------------------------------- The Commission declines to modify the definition of ``transactional or relationship messages'' to include an express provision addressing debt collection emails because there is no evidence in the record that such a modification is necessary to accommodate new email technology or practices. Such a modification is also unwarranted because debt collection messages will usually qualify as ``transactional or relationship messages'' under the existing definition of the term. The primary purpose of debt collection emails is not the ``advertisement or promotion of a commercial product or service,'' and, therefore, they generally would not be ``commercial electronic mail messages'' under section 7702(2)(A) of CAN-SPAM.\113\ Rather, debt collection emails from a seller from whom the consumers made a purchase are best understood as ``complet[ing] . . . a commercial transaction that the email recipient has previously agreed to enter into with the sender,'' and thus are ``transactional or relationship messages'' under section 7702(17)(A)(i). Morever, the Commission agrees with the overwhelming majority of commenters that the ``sender'' with whom the ``recipient has previously agreed to enter into'' a commercial transaction can be interpreted to encompass a third party acting on behalf of a seller from whom the consumer made a purchase.\114\Thus, an email from a third party collecting on behalf of a seller likely is a ``transactional or relationship message.'' --------------------------------------------------------------------------- \113\ Cf. Telemarketing Sales Rule, 68 FR 4580, 4664 n.1020 (Jan. 29, 2003) (``[D]ebt collection . . . activities are not covered by the [Telemarketing Sales Rule, 16 CFR 310] because they are not `telemarketing' -- i.e., they are not calls made `to induce the purchase of goods or services.'''). If a debt collection email also contains material advertising or promoting a commercial product, service, or website, then it must be analyzed as a dual purpose message under Rule 316.3. \114\ Debt collection emails also must comply with other applicable federal and state laws. Significantly, the Fair Debt Collection Practices Act, 15 U.S.C. 1601, et seq. (``FDCPA''), imposes limitations on debt collectors' communications with consumers and third parties. Compliance with CAN-SPAM in no way excuses a debt collector from complying with the FDCPA and other statutes and regulations affecting communications regarding debt collection. --------------------------------------------------------------------------- c. Copyright Infringement Notices and Market Research Two business organizations urged the Commission to clarify that messages containing copyright infringement notices or marketing and opinion research surveys are neither commercial nor transactional or relationship in nature and thus are exempt from the Act.\115\ One of these commenters further asserted that an email containing a copyright infringement notice that also provided information on how to obtain a legitimate, licensed version of the copyrighted material in question would not fall within the scope of the Act.\116\ In the NPRM, the Commission acknowledged that there may be messages that are neither ``commercial electronic mail messages'' nor ``transactional or relationship messages'' as defined by the Act, and thus are not [[Page 29664]] addressed in CAN-SPAM.\117\ As a general matter, the Commission agrees that if a sender has had no previous dealings with the recipient -- thus lacking the predicate for a message to be deemed ``transactional'' -- and that sender's messages contain only a copyright infringement notice, the messages also are not primarily commercial in purpose and thus are not subject to the requirements and prohibitions of CAN-SPAM. Nevertheless, where a copyright infringement notice also contains information on how to obtain licensed versions of copyrighted materials, evaluation under the Primary Purpose Rule provisions governing dual purpose messages may lead to the conclusion that such messages are covered by CAN-SPAM.\118\ Likewise, emails containing true opinion and research surveys may fall outside the scope of the Act, but to the extent that any such message seeks to advertise or promote a brand, a company, or a product or service to the recipient, it also may be primarily commercial in purpose, and therefore subject to the Act's requirements and prohibitions. --------------------------------------------------------------------------- \115\ See BSA (copyright infringement notices); SIA (research and opinion surveys). \116\ See BSA. \117\ NPRM, 70 FR at 25433 n.85. \118\ 16 CFR 316.3. --------------------------------------------------------------------------- d. Transactions that Do Not Involve an Exchange of Consideration The NPRM invited comment on the Act's application to messages sent pursuant to a relationship in which no consideration passes, such as messages from a ``free'' Internet service (such as Evite or Shutterfly). No commenters provided any evidence of changes in email practices or technology that would warrant modifying the definition of ``transactional or relationship message'' specifically to address such messages. Indeed, as explained in the NPRM, even without a Rule change, the existing definition of ``transactional or relationship message'' includes two categories that could include messages sent pursuant to a relationship in which there has been no exchange of consideration: section 7702(17)(A)(i), under which an electronic mail message the primary purpose of which is to ``facilitate, complete, or confirm a commercial transaction [emphasis added] that the recipient has previously agreed to enter into with the sender'' is deemed transactional or relationship in nature; and section 7702(17)(A)(v), which provides that an email the primary purpose of which is ``to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction [emphasis added] that the recipient has previously agreed to enter into with the sender'' also qualifies as transactional or relationship in nature. In the NPRM, the Commission explained that it believed an email from a free Internet service to someone who has registered with the service would be considered a message ``to deliver goods or services * * * that the recipient is entitled to receive under the terms of a transaction'' under section 7702(17)(A)(v) rather than a ``commercial transaction'' under section 7702(17)(A)(i) (emphasis added), but sought comment on this question.\119\ --------------------------------------------------------------------------- \119\ NPRM, 70 FR at 25434. --------------------------------------------------------------------------- Ten of the 13 commenters that addressed this issue took the position that an email message that is primarily for the purpose of facilitating, completing, or confirming a commercial transaction with the sender previously agreed to by the recipient is ``transactional'' under section 7702(17)(A)(i), even when the transaction at issue involves no exchange of consideration.\120\ A few of these commenters argued further that, in any event, many ``free'' Internet services do involve an exchange of consideration; these commenters contended that agreeing to receive commercial email or to view advertising, for example, constitutes consideration.\121\ Three commenters argued that a ``commercial transaction'' under section 7702(17)(A)(i) must involve an exchange of consideration.\122\ --------------------------------------------------------------------------- \120\ See Discover; Jumpstart; Mattel; NFCU; NAR; NetCoalition; SIA; Schnell; United; VFCU. \121\ See Jumpstart; United. One commenter also suggested that to protect consumers, trial memberships and other situations where consideration is not paid until a later time should be considered commercial. See Schnell. \122\ See ABM; NADA; PCIAA. --------------------------------------------------------------------------- The Commission continues to believe that in many cases it is unnecessary to reach the question of whether registration with a ``free'' Internet service constitutes a ``commercial transaction'' under section 7702(17)(A)(i) (emphasis added), because it is likely a ``transaction'' under section 7702(17)(A)(v). That said, having reviewed the comments, the Commission has been persuaded that the term ``commercial transaction'' in section 7702(17)(A)(i) can encompass situations in which there has been no exchange of consideration between the sender and the recipient.\123\ This is consistent with the Commission's interpretation of the term ``commercial electronic mail message,'' which, as defined in section 7707(2), includes an email the primary purpose of which is the advertisement or promotion of a commercial product or service that is free and does not involve the exchange of consideration so long as it is a ``commercial product or service (including content on an Internet website operated for a commercial purpose).'' Many free Internet services are undoubtedly engaged in ``commerce'' and offer consumers goods or services that are ``commercial'' in nature whether or not they involve an exchange of consideration.\124\ --------------------------------------------------------------------------- \123\ The NPRM stated that the Commission ``believe[d] that the modifier `commercial' has been deliberately omitted from [section 7702(17)(A)(v)] of CAN--SPAM to accommodate just the sort of scenario that IAC and Microsoft raise,'' i.e., emails from free Internet services, like Evite, to their members. 70 FR at 25434. Upon further reflection, the Commission has concluded that a transaction between a free Internet website, such as Evite, and its members -- e.g., the transaction that occurs when a consumer registers at the website -- can reasonably constitute a ``commercial transaction.'' \124\ As the Commission noted in the Primary Purpose Rulemaking, 70 FR at 3113, the Random House College Dictionary defines ``commercial'' as ``of, pertaining to, or characteristic of commerce; engaged in commerce.'' It defines ``commerce'' as ``an interchange of goods or commodities, especially on a large scale; trade; business.'' Random House College Dictionary 270 (Rev. ed. unabridged 1980). Likewise, the term ``commerce'' as defined in section 4 of the FTC Act, 15 U.S.C. Sec. 44, is broadly construed to include services that are provided without charge where they include commercial advertising. See, e.g., Ford Motor Co. v. FTC, 120 F.2d 175, 183 (6th Cir. 1971) (``Interstate commerce includes intercourse for the purpose of trade which results in the passage of property, persons or messages from within one state to within another state. All of those things which stimulate or decrease the flow of commerce, although not directly in its stream, are essential adjuncts thereto . . . . The use of advertising as an aid to the production and distribution of goods has been recognized so long as to require only passing notice.''). --------------------------------------------------------------------------- e. Affiliated Third Parties Acting on Behalf of a Person With Whom the Recipient Has Previously Entered Into a Commercial Transaction The NPRM invited comment concerning the application of the Act to messages sent by affiliated third parties that are acting on behalf of an entity with whom a consumer has transacted business. All but one of the dozen commenters addressing this issue argued that messages ``to facilitate, complete, or confirm a commercial transaction to which the recipient has previously agreed'' are generally ``transactional or relationship messages'' under section 7702(17)(A)(i) regardless of whether the messages were transmitted by the entity with whom the consumer transacted business or an affiliated third party acting on the business's behalf.\125\ --------------------------------------------------------------------------- \125\ See NAEDA; Wahmpreneur; FNB; Wells Fargo; ESPC; NAFCU; NAIFA; CBA; Discover; PCIAA; SIA. But see Schnell (arguing against application of section 7702(17)(A)(i) to affiliated third parties). --------------------------------------------------------------------------- [[Page 29665]] Because there is no evidence of changes in email technology or practices that would warrant amending the Rule expressly to address messages sent by affiliated third parties that are acting on behalf of an entity with whom the recipient has done business, the Commission does not make any modifications to the Rule concerning such messages. In addition, the Commission notes that the examples provided by commenters (e.g., travel agents, insurance agents) are fairly straightforward examples of types of messages that would likely qualify as a ``transactional or relationship message'' under section 7702(17)(A)(i).\126\ The Commission, however, does not interpret this provision as necessarily covering every email message sent by an affiliated third party. For example, if an affiliated third party were to market its own product, service, or Internet website in an email message in which the affiliated third party is also facilitating or completing a transaction on behalf of another vendor, then that message would contain both commercial and transactional content, thus triggering analysis of the primary purpose of the dual purpose message. --------------------------------------------------------------------------- \126\ See NAIFA; NAIDA; FNB; IAC (comments submitted in response to ANPR); Wahmpreneur. For example, if a consumer purchases an airline ticket on a travel website like Orbitz, a subsequent message from Orbitz or the airline (or both) ``to facilitate, complete, or confirm'' the message will be a ``transactional or relationship message'' (or a dual purpose message if there is additional content in the email). Likewise, an email from an insurance agent to a customer can qualify as transactional or relationship in nature notwithstanding the fact the customer paid the premium to the insurer, not its agent. --------------------------------------------------------------------------- f. Messages Sent to Effectuate or Complete a Negotiation In the NPRM, the Commission asked under what circumstances an email sent to effectuate or complete a negotiation should be considered a ``transactional or relationship message'' under section 7702(17)(A)(i).\127\ Twelve of the 13 commenters addressing this issue agreed that such messages should be deemed transactional or relationship messages or should fall outside the scope of the Act.\128\ --------------------------------------------------------------------------- \127\ NPRM, 70 FR at 25434, 25450. \128\ See NADA; ARDA; FNB; Wells Fargo; BOA; Cendant; SIA; SIIA; CBA; MPAA; KeySpan; Discover. See also Schnell (emails to effectuate or complete a negotiation should be deemed transactional or relationship only if the recipient has a reasonable expectation that such a negotiation will occur via email). --------------------------------------------------------------------------- The Commission declines to alter the definition of ``transactional or relationship message'' to address communications for the purpose of effectuating or completing a negotiation because of the lack of any evidence in the record that such a modification would be necessary to accommodate changes in email technology or practices and to further the purposes of the Act. However, even without such a modification, the Commission continues to believe that, as it stated in the NPRM, to the extent that negotiation may be considered a ``commercial transaction'' that a recipient has previously agreed to enter into, such messages likely would be considered transactional or relationship under section 7702(17)(A)(i) if they were sent to facilitate or complete the negotiation.\129\ The Commission, however, does not interpret the term ``transactional or relationship message'' to include an initial unsolicited message that proposes a transaction and attempts to launch a negotiation by offering goods or services. Likewise, after a party has terminated a negotiation, an email from the other party seeking to restart the negotiations would not be a ``transactional or relationship message.'' --------------------------------------------------------------------------- \129\ NPRM, 70 FR at 25434. --------------------------------------------------------------------------- g. Messages in the Employment Context In the NPRM, the Commission sought comment on the Act's application to several types of emails that arise in the employment context. Due to the lack of evidence in the record that would satisfy the statutory standard for modifying the definition of ``transactional or relationship message,'' the Commission does not adopt any provision in the final Rule concerning such messages. (i) Messages Concerning Employee Discounts or Similar Messages The NPRM asked whether it is appropriate to classify emails from employers offering employee discounts or similar messages as communications that ``provide information directly related to an employment relationship'' under section 7702(17)(A)(iv).\130\ In addition, the Commission asked whether it was relevant whether the employee's email address to which the message was sent had been assigned to the employee by the employer.\131\ All 20 commenters that addressed this issue argued either that such messages should be considered ``transactional or relationship messages'' under section 7702(17)(A)(iv)\132\ or that they are neither ``commercial'' nor ``transactional or relationship'' messages and thus fall outside the scope of the Act.\133\ A consistent theme in the comments was that an employer should be free to send whatever information it wants to an email address that the employer owns and assigns to an employee.\134\ In such circumstances, these commenters argued, the employer is both the ``sender'' and the ``recipient'' under the Act. --------------------------------------------------------------------------- \130\ Id. at 25436, 25450. \131\ Id. at 25450. \132\ See Associations; NNA; CBA; NRF; NADA; FNB; MPA; SIIA; Coalition; MPAA; KeySpan; Wells Fargo; BOA; ASTA; DoubleClick; Nextel. \133\ See AeA; Discover; PCIAA; Schnell. \134\ See, e.g., CBA (``The conclusion must be that an employer can send whatever message it desires to an e-mail account that the employer owns and assigns the employee.''); NRF (``[If] the company provides the e-mail account to the employee primarily for the employer's benefit, [then] the employer should be free to utilize its own proprietary network to send information to its employees.''). --------------------------------------------------------------------------- The comments persuade the Commission that section 7702(17)(A)(iv) should be interpreted to encompass messages that offer employee discounts from employers to email accounts they have provided to their employees. Moreover, there is nothing in the legislative history suggesting that such emails were of concern to Congress in enacting CAN-SPAM. Further, it seems unlikely that employers would inundate their employees' workplace email accounts with offers of employee discounts and the like and thereby divert their employees' attention from their job responsibilities.\135\ Thus, because the definition of ``transactional or relationship message'' is broad enough to encompass emails from employers to their employees offering discounts, it is unnecessary to modify the definition to address such messages. --------------------------------------------------------------------------- \135\ The Commission, however, rejects the argument of some commenters that employees should not be deemed ``recipients'' under the Act of such messages sent by their employers to their employer- provided email addresses. See, e.g., BOA; CBA; Coalition; DoubleClick; DMA; MPA; Wells Fargo. The Act broadly defines the ``recipient'' as an ``authorized user of the electronic mail address to which the message was sent or delivered'' and does not require ownership of the email address. 15 U.S.C. 7702(14) (emphasis added). Consequently, employees are ``recipients'' of messages delivered to their workplace email accounts, whether such emails were sent by their employers or another person. --------------------------------------------------------------------------- (ii) Messages From a Third Party on Behalf of the Recipient's Employer In the NPRM, the Commission asked whether an email that ``provide[s] information directly related to an employment relationship or related benefit plan in which the recipient is currently involved'' and that would be a ``transactional or relationship message'' under section 7702(17)(A)(iv) if it were sent by the recipient's employer would retain its transactional or relationship character if sent by a third party acting on the employer's behalf. Most of the handful of commenters that addressed this [[Page 29666]] question agreed with the Commission's view that messages sent by a third party on behalf of an employer should be considered transactional or relationship in nature.\136\ The Commission reiterates its interpretation of section 7702(17)(A)(iv) as being sufficiently broad to allow an employer to retain a third party as its agent to send a message to its employees that would otherwise fit within the confines of a ``transactional or relationship message.''\137\ Thus, because the definition of ``transactional or relationship message'' is broad enough to include a message sent by the third-party agent of an employer to its employees, provided the message would be considered transactional or relationship in nature if sent by the employer itself, there is no need to modify the definition of ``transactional or relationship message'' to address such messages. --------------------------------------------------------------------------- \136\ See KeySpan; FNB; MPAA; PCIAA. But see Schnell (``commercial messages to employees of a given employer that come from third parties should not be considered transactional or relationship messages, and should be considered commercial under CAN-SPAM''). \137\ Nevertheless, the Commission's interpretation does have its limits. For example, if a third party were to market to a client company's employees the third party's own goods and services on its own behalf, rather than on behalf of the client, those messages would not be deemed ``transactional or relationship messages'' under section 7702(17)(A)(iv). --------------------------------------------------------------------------- (iii) Messages Sent After an Offer of Employment is Tendered In the NPRM, the Commission asked whether, for purposes of section 7702(17)(A)(iv) of the Act, providing information directly related to an employment relationship should include providing information related to such a relationship after an offer of employment is tendered, but prior to the recipient's acceptance of the job offer.\138\ The several commenters that addressed the issue believed that such messages provide ``information directly related to an employment relationship'' and thus are transactional and relationship in nature.\139\ None of the commenters argued that prospective employees would be subject to unwanted commercial email messages from their prospective employers between the time an offer of employment is made and the time it is either accepted or rejected. --------------------------------------------------------------------------- \138\ NPRM, 70 FR at 25436, 25450. \139\ See FNB; KeySpan; Discover; MPAA. --------------------------------------------------------------------------- As an initial matter, the Commission notes that, where the primary purpose of an email from an employer to a prospective employee is something other than the promotion or advertisement of a commercial product or service, the message would not be subject to CAN-SPAM's requirements for commercial email messages.\140\ Where, for example, a message provides only information about a prospective employee's salary and job responsibilities and does not advertise or promote a commercial product or service, it is not a ``commercial electronic mail message'' under the Act. Rather, an email sent to a prospective employee who has received a bona fide offer of employment after actively seeking such employment would be considered information ``directly related to an employment relationship or related benefit plan'' under section 7702(17)(A)(iv), provided the email concerned only the prospective employment relationship.\141\ To the extent, however, that such messages included both information about the job offer and an advertisement or promotion of a commercial product or service, e.g., an effort to induce the job applicant to purchase the employer's goods or services, then the message would be analyzed as a dual purpose message under the Primary Purpose provisions of the Commission's CAN-SPAM Rules.\142\ --------------------------------------------------------------------------- \140\ 15 U.S.C. 7702(2). \141\ One commenter argued that section 7702(17)(A)(iv)'s exemption for employment-related emails ``does not go far enough'' and that the final Rule should exempt ``e-mails regarding current or prospective job openings that are sent to individuals who are not currently employed by the sender, and who are not charged any fees or other consideration in connection with any current or prospective job.'' ASA. As noted above, if such emails do not advertise or promote a product or service, they are not commercial email messages and thus they fall outside the Act. \142\ 16 CFR 316.3. --------------------------------------------------------------------------- h. Electronic Newsletter Subscriptions and Other Content that a Recipient is Entitled to Receive as a Result of a Prior Transaction with the Sender The NPRM asked ``where a recipient has entered into a transaction with the sender that entitles the recipient to receive future newsletters or other electronically delivered content, should email messages the primary purpose of which is to deliver such products or services be deemed transactional or relationship messages?''\143\ The commenters that addressed this issue generally believed such emails were ``transactional or relationship messages'' under section 7702(17)(A)(v).\144\ Several commenters thought the Commission's ``primary purpose'' rule already addressed the issue and supported the position that transmission of a periodical delivered via email ``falls within one of the `transactional or relationship message' categories.''\145\ In addition, three commenters stressed that it is irrelevant whether electronic newsletters or other content provided via subscription are entirely commercial in nature (e.g., a catalog), so long as the content conforms to the consumer's reasonable expectations about the material he or she has requested.\146\ --------------------------------------------------------------------------- \143\ NPRM, 70 FR at 25450. \144\ See NADA; NAEDA; Wahmpreneur; ICC; MPAA; KeySpan; PCIAA; United; IPPC; Jumpstart; NEPA; TimeWarner; DoubleClick; Mattel. See also NFCU (electronic newsletters sent to a sender's members should be entirely exempt from CAN-SPAM); Discover (arguing that primary purpose of a newsletter delivered by email should be determined on a case-by-case basis); Schnell (opining that consumer request for electronic newsletter or other content is not determinative under CAN-SPAM); Sonnenschein (advocating a distinction between the ``bona fide transaction [in which a consumer] sign[s] up for a service or subscrib[es] to receive emails, coupons, or electronic newsletters and the mere provision of affirmative consent to receive commercial emails''). \145\ See DoubleClick; MPAA; FNB. \146\ See NEPA; ICC; Sonnenschein. --------------------------------------------------------------------------- The comments do not establish the statutory prerequisite to modifying the definition of ``transactional or relationship message'' expressly to address electronic newsletters and other content sent pursuant to a subscription. Specifically, there is no showing that such a modification is necessary to accommodate changes in email technology or practices and to accomplish the goals of the Act. Moreover, the Commission believes that the existing definition of ``transactional or relationship message'' already adequately addresses such emails. In view of the comments received on this issue, the Commission continues to believe, as it stated in the Primary Purpose Rulemaking, that when a recipient subscribes to a periodical delivered via email, transmission of that periodical to that recipient falls within section 7702(17)(A)(v), which includes ``goods or services . . . that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender,'' provided the periodical consists exclusively of informational content or combines informational and commercial content.\147\ On the other hand, when a sender delivers an unsolicited newsletter or other periodical via email, and there is no subscription, the situation is materially [[Page 29667]] different for purposes of CAN-SPAM than when such content is delivered with the consent of the recipient. In such a scenario, the emails likely would not be ``transactional or relationship messages'' within the meaning of the Act. --------------------------------------------------------------------------- \147\ See NPRM, 70 FR at 3118. Likewise, the Commission continues to believe that, as it explained in the Primary Purpose Rulemaking, ``if an email consists exclusively of commercial content (such as a catalog or other content that is purely an advertisement or promotion), then the email would be a single-purpose commercial message. This is because delivery of such advertising or promotional content would not constitute the `delivery of goods or services * * * that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender,' under section 7702(17)(A)(v).'' Id. at 3118 n.91. --------------------------------------------------------------------------- i. ``Business Relationship'' Messages The NPRM asked whether the Commission should expand the Act's definition of ``transactional or relationship message'' to include what some commenters call ``business relationship messages,'' which are individualized messages sent from one employee of a company to an individual recipient (or a small number of recipients) at another business.\148\ Or, as one commenter described this type of message ``one-to-one e-mail that is sent by employees in the business-to- business context.''\149\ The nine commenters who addressed the issue of ``business relationship'' messages all supported expanding the definition of ``transactional or relationship message'' to include this type of email. Commenters did not claim that business relationship messages are ``commercial electronic mail messages'' under the Act, but, rather, opined that if such messages were deemed ``commercial electronic messages,'' they would face significant administrative and technological burdens, because business email systems are not designed to scrub each email sent by each employee against the business's CAN- SPAM opt-out list.\150\ In addition, commenters argued that such a requirement would interfere with legitimate practices that are critical to business relationships and operations.\151\ To avoid any such potential problems, the commenters urged the Commission to add a new category of ``transactional or relationship message'' to cover business relationship messages. --------------------------------------------------------------------------- \148\ Id. at 25438 n.137, 25450. For the most part, commenters described ``business relationship messages'' as arising in the context of business-to-business communications, rather than communications with individual consumers. See, e.g., BOA (``For example, in the first mortgage business, e-mails are sent to brokers to inform them up-to-the minute information about current mortgage rates.''); CBA (``in the context of the equipment leasing industry, it is typical for lenders to e-mail equipment vendors a rate sheet that describes the amount of interest a lender would charge on a given piece of equipment''); Reed (``For example, our ad sales personnel routinely contact current advertisers about upcoming issues of publications.''). But see Cendant (interpreting ``business relationship messages'' to encompass messages from a business to individual consumers with whom the sender has an existing business relationship). \149\ See CBA. \150\ See, e.g., BOA; CBA; Wells Fargo; MPAA. \151\ See BOA; CBA; Cendant; ESPC; ICC; KeySpan; MPAA; Reed; Wells Fargo. --------------------------------------------------------------------------- None of the commenters, however, demonstrated changes in email technology or practices that would warrant an express carve-out for business relationship messages. For example, there is no evidence that the technological burdens that the commenters cite as a basis for creating the exemption did not exist when the Act was passed in 2003. There is, therefore, an insufficient evidentiary basis to modify the definition of ``transactional or relationship message'' under the statutory standard. Thus, the Commission declines to add a ``business relationship message'' category to the definition of ``transactional or relationship.'' In any event, the commenters' concerns about the impact of the Act on the ability of one of their employees to send emails to a small number of employees at another company with which they have a preexisting relationship may be overblown. For example, to the extent an employee at one company provides affirmative consent to receive emails from an employee of another company, or from that company in general, such consent overrides any prior opt-out request.\152\ Consequently, when affirmative consent has been given, there is no need to ``scrub'' the email against the business's CAN-SPAM opt-out list. Nevertheless, the recipient can always opt out of receiving future emails from the sender, notwithstanding his or her prior affirmative consent. As the Commission has previously observed, affirmative consent to receive commercial emails from a sender does not eliminate the sender's obligation to provide a functioning Internet-based mechanism to opt out of receiving future emails or any of the sender's other obligations under CAN-SPAM. --------------------------------------------------------------------------- \152\ 15 U.S.C. 7704(a)(4)(B). --------------------------------------------------------------------------- j. Messages from an Association to its Membership In the NPRM, the Commission stated that it believes that email messages from an association or membership entity to its members are likely ``transactional or relationship messages'' under section 7702(17)(A)(v).\153\ The Commission inquired whether messages from such senders to lapsed members should also be considered transactional or relationship under section 7702(17)(A)(v), and whether messages to lapsed members should be considered commercial electronic messages when they advertise or promote the membership entity.\154\ The seven commenters that addressed this question argued that email messages to lapsed members should be considered ``transactional or relationship messages,''\155\ but most recommended limiting the amount of time that such email messages may be sent to former members.\156\ --------------------------------------------------------------------------- \153\ NPRM, 70 FR at 25450. \154\ Id. \155\ See NAEDA; Independent; NAFCU; CUNA; Cendant; PCIAA; SIIA. In addition, some commenters, while not responding to the NPRM's inquiry about lapsed members, addressed the question of the Act's regulation of communications from an association to its current members. See, e.g., Metz; SHRM; ABM; ARTBA; NAR; ACA; ASAE. As the Commission explained in the NPRM, 70 FR at 25438, and reiterates here, messages from an association to its membership are likely transactional or relationship in nature. The Commission continues to believe, however, that there is no basis to expand the existing definition of ``transactional or relationship'' to create an express exemption for such communications. \156\ See NAEDA (arguing that messages to former members should be allowed and considered transactional or relationship messages for a specific amount of time e.g., 180 days); Independent (arguing that messages to former members are still ``transactional or relationship messages'' rather than ``commercial'' messages for 12 months after membership lapses); Cendant (membership entity should be able to contact members for 18 months after last transaction); CUNA (arguing that contact may be made for a reasonable amount of time); PCIAA (stating that, consistent with the Do-Not-Call Rules, an email message to a lapsed member should be considered a ``transactional or relationship message'' for 90 days after the membership has lapsed); VFCU (arguing that email messages to lapsed members should still be considered transactional or relationship in nature if the purpose is related to administrative matters). See also SIIA (arguing against a ``per se approach'' concerning an association's communications with lapsed members). --------------------------------------------------------------------------- Under the existing definition of ``transactional or relationship message'' the Commission believes that where a recipient is no longer a member of an organization, it is unlikely that messages from the organization fall within any of the categories of ``transactional or relationship messages.''\157\ For example, a message that advertises or promotes the sale of a new or renewed membership would be a ``commercial electronic mail message'' (or a dual purpose message to the extent it also includes non-commercial content). However, the Commission declines to modify the definition of ``transactional or relationship message'' to include such emails. None of the commenters offered any evidence that either such modification is necessary to accommodate changes in email [[Page 29668]] practices or technology or to accomplish the purposes of the Act, and thus the statutory standard for amending the definition of ``transactional or relationship message'' is not satisfied. --------------------------------------------------------------------------- \157\ There are, of course, exceptions; for example, an email from a membership organization to a lapsed member to obtain payment of a debt would be a ``transactional or relationship'' message under section 7702(17)(a)(i), just as a debt collection email from non- membership entity would be transactional and relationship in nature, as discussed above. See supra Part II.A.3.b. --------------------------------------------------------------------------- 4. Section 316.2(p) -- Definition of ``Valid Physical Postal Address'' Proposed Rule 316.2(p) clarified that a sender may comply with section 7704(a)(5)(A)(iii) of the Act -- which requires inclusion in any commercial email message of the sender's ``valid physical postal address'' -- by including in any commercial email message any of the following: (1) the sender's current street address; (2) a Post Office box the sender has registered with the United States Postal Service; or (3) a private mailbox the sender has registered with a commercial mail receiving agency (``CMRA'') that is established pursuant to United States Postal Service regulations. A substantial majority of commenters supported the proposed definition. In consideration of these comments, the Commission adopts as a final Rule a modified version of the definition proposed in the NPRM. This modified definition allows for the use of Post Office or private mailboxes, but clarifies that a sender must ``accurately'' register such mailboxes pursuant to postal regulations to be considered a ``valid physical postal address'' under the Act. Comments addressing the proposed definition are discussed in detail below. In response to the NPRM, the Commission received 25 comments addressing the definition of ``valid physical postal address.'' Of these, 18 commenters supported the definition as proposed. Specifically, supporters noted that the proposed definition appropriately recognized that many legitimate businesses, large and small alike, use Post Office boxes or private mailboxes, and that allowing commercial email messages to disclose such a P.O. box or private mailbox would provide flexibility and security to email marketers without compromising law enforcement efforts.\158\ Other commenters, including small businesses and independent contractors, supported the proposed definition because it recognizes the privacy and security concerns of individuals who work from home or are fearful of publishing their street address for other reasons.\159\ --------------------------------------------------------------------------- \158\ See, e.g., ACLI; ACB; DMA; DoubleClick; NNA; SIA. \159\ See Discover; Independent; NAR. --------------------------------------------------------------------------- Two additional commenters supported the Commission's proposal that P.O. boxes and private mailboxes be included under the definition of ``valid physical postal address,'' but objected to the additional requirement that the sender be registered with the United States Postal Service (``USPS''). Specifically, HSBC Bank Nevada (``HSBC'') and MasterCard suggested that the definition be modified to allow for any address to which mail is delivered for a particular sender, whether or not that sender is registered with the USPS.\160\ HSBC noted that several affiliated companies often will receive mail at the same P.O. box, yet not all such companies may be registered to use that box with the USPS, as the proposed definition would require.\161\ HSBC and MasterCard argued that their proposed modifications would achieve the purposes of the Act by providing consumers with a mechanism to contact senders other than by email.\162\ The approach suggested by MasterCard and HSBC, however, does not take into account the other important purpose of the valid physical postal address provision -- that law enforcement authorities be able to identify a sender using a given address, which would be difficult if not impossible without registration of all mailbox users with the USPS.\163\ --------------------------------------------------------------------------- \160\ See HSBC; MasterCard. \161\ See HSBC. \162\ See HSBC; MasterCard. \163\ Under USPS regulations, federal, state, or local government agencies may obtain postal and private mailbox registrant information from the USPS upon written certification that such information is required to perform the agency's duties. 39 CFR 265.6(d)(4) & (d)(9). This is one avenue that law enforcement can pursue in order to identify a sender that fails to comply with CAN- SPAM. --------------------------------------------------------------------------- Furthermore, USPS regulations require that anyone registering an individual P.O. box identify the names of all persons authorized to receive mail at such address, and to provide two forms of identification for each listed person.\164\ Similarly, with respect to ``organization'' P.O. boxes or private mailboxes where the applicant is a ``firm,'' USPS regulations require any of the organization's members or employees who receive mail at such mailbox to be listed on the requisite postal form.\165\ Thus, USPS regulations specifically require that anyone receiving mail at a given address be registered with the USPS. --------------------------------------------------------------------------- \164\ See Domestic Mail Manual (``DMM'') 508.4.3.1(b) (other adult persons who receive mail in the post office box of an individual box customer must be listed on Form 1093 and must present two items of valid identification to the post office). \165\ See DMM 508.4.3.1(c) (requiring an organization's employees or members who receive mail at the organization's postal box to be listed on Form 1093; each person must have verifiable identification and present this identification to the Postal Service upon request) and PS Form 1583 (if applicant is a firm, applicant must provide the name of each person whose mail is to be delivered). --------------------------------------------------------------------------- Only five commenters opposed the Commission's proposed definition of ``valid physical postal address.'' Three of these commenters felt that P.O. boxes and private mailboxes should not be included in the proposed definition because they are often used in fraud schemes as a way to shield their owners from identification.\166\ The Commission previously addressed this argument in the NPRM, noting that ```[a]n individual or entity seeking to evade identification can just as easily use inaccurate street addresses' as hide behind a Post Office box or private mailbox.''\167\ No commenters provided any information to refute this statement. --------------------------------------------------------------------------- \166\ See CUNA; NFCU; Sowell. \167\ NPRM, 70 FR at 25439 (quoting SIIA). --------------------------------------------------------------------------- One consumer commenter opposing the proposed definition suggested that P.O. boxes have proven insufficient as a means of contacting senders that fail to honor opt-out requests.\168\ The Commission, however, has no evidence to suggest that certain senders are difficult to contact because of the fact that those senders have provided P.O. boxes or private mailboxes as their contact addresses. It is more likely the case that such senders are unscrupulous and have either provided a false or nonexistent address as a means of evading identification, or simply do not respond to consumer inquiries. In such instances, the Commission sees no added benefit to requiring that senders provide a street address, which could just as easily be falsified or simply disregarded. --------------------------------------------------------------------------- \168\ See Kapecki. --------------------------------------------------------------------------- Finally, ACUTA suggested that the Commission assess and evaluate the relevant postal regulations to ensure that they adequately protect the interests of consumers and law enforcement.\169\ Such evaluation, however, goes beyond the scope of this rulemaking proceeding -- especially when the Commission has no basis upon which to question the effectiveness of the USPS regulations. --------------------------------------------------------------------------- \169\ See ACUTA. --------------------------------------------------------------------------- In consideration of all of these comments, the Commission adopts a modified definition of ``valid physical postal address.'' In the final Rule, the Commission has modified slightly the definition of ``valid physical postal address'' to clarify that a sender must ``accurately'' register a P.O. box or private mailbox in compliance with these regulations. For example, if a sender provides a P.O. box or private mailbox address in its commercial email message and is not accurately identified [[Page 29669]] on the applicable postal form, fails to provide two forms of valid identification if required,\170\ or otherwise fails to comply with applicable USPS regulations, such address would not be considered a ``valid physical postal address'' for purposes of the Act. Accordingly, the Commission adopts final Rule 316.2(p), which provides that a ```valid physical postal address' means the sender's current street address, a Post Office box the sender has accurately registered with the United States Postal Service, or a private mailbox the sender has accurately registered with a commercial mail receiving agency that is established pursuant to United States Postal Service regulations.'' (Emphasis added.) --------------------------------------------------------------------------- \170\ See, e.g., DMM 508.1.9.2(a) (requiring applicants of private mailboxes to furnish two forms of valid identification). --------------------------------------------------------------------------- 5. Applicability of the Act to Forward-to-a-``Friend'' Email Marketing Campaigns In the NPRM, the Commission sought comment on CAN-SPAM's impact on forward-to-a-``friend'' email -- a type of commercial email that can take a variety of forms. In its most basic form, a person (the ``forwarder'') receives a commercial email message from a seller and forwards the email message to another person (the ``recipient''). Other scenarios include those in which a seller's web page enables visitors to the seller's website to provide the email address of a person to whom the seller should send a commercial email. Due to the myriad forms of forward-to-a-``friend'' email, CAN- SPAM's applicability to such messages is a highly fact specific inquiry. As explained below, the central question in this analysis often will be whether the seller has ``procured'' the origination or transmission of the forwarded message. a. Background In the NPRM, the Commission discussed the interplay of multiple definitions in CAN-SPAM and their relevance in analyzing the Act's applicability to forward-to-a-``friend'' emails. The Commission began its analysis by examining CAN-SPAM's definition of ``sender'' which the Act defines to mean ``a person who initiates [a commercial electronic mail] message and whose product, service, or Internet web site is advertised or promoted by the message.''\171\ Thus, to be a ``sender,'' a seller must be both an ``initiator'' of the message and have its product, service, or Internet website advertised or promoted by the message. --------------------------------------------------------------------------- \171\ 15 U.S.C. 7702(16)(A). --------------------------------------------------------------------------- A forward-to-a-``friend'' email will ordinarily advertise a seller's product, service, or website. Thus, the NPRM focused on whether a seller would meet CAN-SPAM's definition of ``initiate.'' The Act defines ``initiate'' to mean ``to originate or transmit such message or to procure the origination or transmission of such message, but shall not include actions that constitute routine conveyance of such message.''\172\ --------------------------------------------------------------------------- \172\ 15 U.S.C. 7702(9). --------------------------------------------------------------------------- In the NPRM, the Commission then examined the meaning of the term ``procure'' and concluded that a seller ``procures'' an email by either: (1) providing a forwarder with consideration (such as money, coupons, discounts, awards, additional entries in sweepstakes, or the like) in exchange for forwarding the message, or (2) intentionally inducing the initiation of a commercial email through an affirmative act or an explicit statement that is ``designed to urge another to forward the message.''\173\ Thus, the Commission opined that CAN-SPAM's inclusion of the word ``induce'' in the definition of ``procure,'' meant that a seller could ``procure'' the initiation of a message without offering to provide a forwarder with any consideration if it exhorted visitors to its website to forward a message.\174\ --------------------------------------------------------------------------- \173\ The NPRM indicated that to ``intentionally induce'' the initiation of a commercial email a ``seller must make an explicit statement that is designed to urge another to forward the message.'' 70 FR 25441. \174\ For instance, the Commission posited that a seller would induce a message (and therefore ``procure'' the initiation of a message) if, without offering to provide a forwarder with any consideration, its web-based forwarding mechanism urged visitors to ``Tell-A-Friend--Help spread the word by forwarding this message to friends! To share this message with a friend or colleague, click to the `Forward E-mail button.''' NPRM, 70 FR at 25441 n.178. --------------------------------------------------------------------------- Finally, the Commission concluded by stating that a seller who offered a web-based ``click-here-to-forward'' mechanism, but did not exhort visitors to forward a message or offer to pay or provide other consideration in exchange for forwarding the message, would be engaged in the ``routine conveyance'' of the message and therefore not be an ``initiator'' of the message.\175\ --------------------------------------------------------------------------- \175\ Id. at 25441-42. --------------------------------------------------------------------------- b. Comments Received in Response to the NPRM The Commission received more than forty comments concerning forward-to-a-``friend'' emails. Some of these comments asserted that: (1) forward-to-a-``friend'' messages are not ``commercial electronic mail messages''; (2) most marketers whose products, services, or website are promoted by a forward-to-a-``friend'' message are engaged in ``routine conveyance''; (3) the Commission's view of ``routine conveyance'' was unduly narrow; (4) forward-to-a-``friend'' emails sent through a seller's web-based mechanism should be treated the same as emails that the seller sends to a forwarder who then forwards the messages to a recipient; (5) making CAN-SPAM's applicability hinge on whether a seller offered to pay a forwarder consideration was contrary to the language and purpose of the Act; (6) sweeping forward-to-a- ``friend'' messages into CAN-SPAM would impose high compliance burdens for sellers. Each cluster of comments is elaborated upon below. First, some commenters opined that the most relevant inquiry in a forward-to-a-``friend'' scenario is whether the primary purpose of the forwarded message is ``commercial.'' If the message's primary purpose is not ``commercial'' (and it is not a ``transactional or relationship message''), CAN-SPAM does not apply.\176\ --------------------------------------------------------------------------- \176\ See CBA; DMA; HSBC; Wells Fargo. Section 316.3 of the Rule defines the ``primary purpose'' test for commercial email. 16 CFR 316.3. --------------------------------------------------------------------------- Second, a handful of commenters asserted that the key factor in determining whether a forward-to-a-``friend'' message is covered by the Act should be whether the seller is engaged in ``routine conveyance.''\177\ These commenters argued that under section 7702(9) of the Act, any person engaged in ``routine conveyance'' is necessarily not an ``initiator,'' and thus it is unnecessary to inquire whether it ``procured'' the message in question. --------------------------------------------------------------------------- \177\ See, e.g., Microsoft. --------------------------------------------------------------------------- Third, a number of commenters posited that the Commission's understanding of what constitutes ``routine conveyance'' was unduly narrow.\178\ Many commenters opined that all, or almost all, forward- to-a-``friend'' mechanisms constitute ``routine conveyance.''\179\ Some commenters argued that under the Act's definition of ``initiate,'' whether a company pays consideration or otherwise induces a person to forward an email is irrelevant to whether the company is engaged in ``routine [[Page 29670]] conveyance.''\180\ The majority of commenters, however, expressed the view that a company that offers consideration to a person to send or forward an email to another person is not engaged in ``routine conveyance'' under the Act.\181\ Within this group, commenters were divided as to whether the offer of de minimis consideration, such as coupons, sweepstakes entries, or points towards the purchase of a good or service, was sufficient to render a company ineligible for the ``routine conveyance'' exception.\182\ --------------------------------------------------------------------------- \178\ See, e.g., AeA; Charter; ePrize; ERA; Independent; MPA; Masterfoods; Mattel; Microsoft; OPA; PMA. \179\ See AeA; ePrize; ERA; MPAA; MPA; Masterfoods; Mattel; Microsoft; NCTA; NetCoalition; OPA; PMA; SIIA; Wells Fargo. But see Metz (``A company that sends a commercial e-mail and provides a website for forwarding that e-mail is not simply engaging in `routine conveyance'; the message that it is conveying is its own.''). \180\ See, e.g., ERA; ePrize; MPA; Microsoft (``a message may be induced or procured but still fall within the routine conveyance exception to the Act's definition of `initiate'''); NAIFA; PMA; SIIA. \181\ See ACLI; BOA; Charter; CBA; Discover; MasterCard; MPAA; NRF; NetCoalition; OPA; Time Warner. \182\ For comments arguing that a company could be engaged in routine conveyance notwithstanding its offer of sweepstakes entries, coupons, discounts, ``points'' and the like to persons for forwarding an email, see, e.g., AeA; ERA; FNB; Mattel; Coalition; PMA; RIAA (``[The] legislative history also casts doubt on whether Congress intended that the furnishing of merely nominal consideration - for instance, `points' to be accumulated toward the award of a free CD or music download - would be enough to qualify as `procuring' the forwarding of a commercial e-mail. Surely when one company `hires' another to carry out a commercial e-mail campaign, much more than nominal consideration would be involved.''). For comments expressing the view that an offer of sweepstakes entries, points, coupons, discounts and the like in exchange for forwarding a message would render a company ineligible for the routine conveyance exception, see, e.g., Charter; MPAA; NAA; NRF; OPA; Time Warner. --------------------------------------------------------------------------- Fourth, many commenters also stated that web-based mechanisms for forwarding emails should be treated no differently than the ``forward'' button on a typical email program.\183\ In these email programs, the ``sender'' of the email, according to the commenters, is the person forwarding the email. --------------------------------------------------------------------------- \183\ See, e.g., Charter; DMA. --------------------------------------------------------------------------- Fifth, many of the commenters noted that making the offer of consideration the standard for determining whether a forwarder ``procured'' the origination or transmission of a message or engaged in ``routine conveyance'' would both be contrary to Congress's intent in passing the CAN-SPAM Act,\184\ and unnecessary because there is no evidence to suggest that Congress or consumers viewed forward-to-a- ``friend'' messages as spam.\185\ --------------------------------------------------------------------------- \184\ See AeA; Associations; Charter; CBA; DoubleClick; MasterCard; Microsoft; NAIFA; NCTA; NetCoalition; PMA; RIAA; SIIA; Wells Fargo. \185\ See Masterfoods; Mattel; Visa. --------------------------------------------------------------------------- Finally, some commenters noted the compliance burdens that would result from the inclusion of forward-to-a-``friend'' emails in CAN- SPAM's regulatory regime. According to these commenters, once a person forwards an email using his or her own email program, the original ``sender'' loses the ability to control the email message's content and whether the message retains its compliance with CAN-SPAM.\186\ Commenters also stated that it was very difficult to check the names of recipients of forwarded messages against company opt-out lists.\187\ Moreover, some commenters who operate websites directed to children opined that if they were considered the ``sender'' of certain forwarded emails, they would have to honor opt-out requests and maintain opt-out lists, which might cause conflicts with the Children's Online Privacy Protection Rule.\188\ --------------------------------------------------------------------------- \186\ See Associations; BOA; Charter; CMOR; DMA; ERA; FNB; Jumpstart; MPAA; MPA; Coalition; NRF; NetCoalition; RIAA; Wahmpreneur. \187\ See AeA; Cendant; ePrize (there are substantial costs in building a software platform that would allow scrubbing of names before using forwarding mechanism); MPAA (``It is virtually impossible to meet the CAN-SPAM requirement that a company not send e-mail to someone who has already opted out from its lists for Forward to a Friend, because the company will never know the e-mail address of the recipient . . . . The company would need to put all such e-mail in a queue and then compare the recipient's e-mail address with its opt-out list, a complicated and laborious process.''); Masterfoods; Mattel; NRF; NetCoalition; Wahmpreneur. \188\ The Children's Online Privacy Protection Rule (``COPPA''), 16 CFR Part 312, establishes rules and guidelines to provide a more secure Internet experience for children and to protect them from unwanted invasions of privacy. As a result, operators of websites directed to children have to follow specific rules on what personal information may or may not be gathered from children. Section 312.5 of COPPA states: ``An operator [of a website] is required to obtain verifiable parental consent before any collection, use, and/or disclosure of personal information from children . . . .'' Two commenters, Masterfoods and Mattel, argued that the Commission's proposed application of ``induce'' would likely result in their being considered the ``sender'' of emails ``initiated'' through their websites. They therefore argued that, under the Commission's analysis in the NPRM, they would be required to maintain an opt-out list, which would undoubtedly contain personal information of children, and could thereby conflict with COPPA. --------------------------------------------------------------------------- c. Commission Statement on Forward-to-a-``Friend'' Emails Whether a seller or forwarder is a ``sender'' or ``initiator'' is a highly fact specific inquiry. Nonetheless, the application of the Act to a forward-to-a-``friend'' message likely often will turn on whether the seller has offered to pay or provide other consideration to the forwarder. Below, the Commission expands upon its discussion contained in the NPRM by discussing the liability of sellers in two common forms of forward-to-a-``friend'' emails: (1) those sent using a web-based forwarding mechanism and (2) those forwarded using the forwarder's own email program. The Commission then discusses the potential liability CAN-SPAM imposes on consumers who send forward-to-a-``friend'' emails. (i) Seller's Liability in the Context of a Forwarding Mechanism on a Seller's Website With a web-based mechanism, a seller's website includes a button that enables a visitor to the website to send an email advertising the seller's product, service, or website. When the visitor clicks on the button, the seller requests the recipient's email address and often additional information such as the visitor's name and email address. The seller may also enable the visitor to add text that will be included in the message sent to the recipient. Upon entering the information, the visitor must press a ``send'' button for the message to be sent. The message will be sent to the recipient via the seller's or seller's agent's email server. The starting point in analyzing CAN-SPAM's applicability to forward-to-a-``friend'' messages is the language of the Act. A seller is a ``sender'' if it ``initiates'' the message and its product, service, or Internet website is advertised or promoted in the message.\189\ Because the message sent using the seller's web-based mechanism will ordinarily advertise the seller's product, service, or website, the seller will be a ``sender'' if it ``initiates'' the message sent to the recipient. --------------------------------------------------------------------------- \189\ 15 U.S.C. 7702(16). --------------------------------------------------------------------------- CAN-SPAM defines ``initiate'' to mean ``to originate or transmit [a commercial email] or to procure the origination or transmission of such message, but shall not include actions that constitute routine conveyance of such message.''\190\ Thus, where a seller is involved solely in ``routine conveyance,'' the seller will be exempt from the responsibilities of an ``initiator'' or a ``sender'' under the Act. The Act defines ``routine conveyance'' to mean the ``transmission, routing, relaying, handling, or storing, through an automatic technical process, of an electronic mail message for which another person has identified the recipients or provided the recipient addresses.''\191\ The Act's legislative history explains that a company engages in ``routine conveyance'' when it ``simply plays a technical role in transmitting or routing a message and is not involved in coordinating the recipient addresses for the marketing appeal.''\192\ Thus, under the web-based [[Page 29671]] scenario described above, a seller that transmits a message through an automatic technical process to an email address provided by a forwarder, absent more, is engaged in ``routine conveyance'' and is exempt from liability under the Act. --------------------------------------------------------------------------- \190\ 15 U.S.C. 7702(9). \191\ 15 U.S.C. 7702(15). \192\ S. Rep. 108-102 at 15. The legislative history therefore makes clear that, if a seller retains the email address of the person to whom the message is being forwarded for a reason other than relaying the forwarded message (such as for use in future marketing efforts), the seller would not fall within the routine conveyance exemption. --------------------------------------------------------------------------- However, under the Act, ``routine conveyance'' is narrowly circumscribed. Where the seller goes beyond serving as a technical intermediary that transmits, routes, relays, handles, or stores the email, the seller will be liable as the ``initiator'' and ``sender'' of the message forwarded from its website. A seller who ``procures'' the origination or transmission of an email goes well beyond the technical role of transmitting or routing the message. CAN-SPAM defines ``procure'' to mean ``intentionally to pay or provide other consideration to, or induce another person to initiate [a commercial email] on one's behalf.''\193\ As explained in the NPRM, if a seller offers to ``pay or provide other consideration'' to a visitor to its website in exchange for forwarding a commercial message, the seller will have ``procured'' any such messages forwarded by the visitor.\194\ As noted in the NPRM, the term ``consideration'' is not defined in the Act, but is generally understood to mean ``something of value (such as an act, a forbearance, or a return promise) received by a promisor from a promisee.''\195\ This includes things of minimal value. Accordingly, a message has been ``procured'' if the seller offers money, coupons, discounts, awards, additional entries in a sweepstakes, or the like in exchange for forwarding a message.\196\ Even the offer to provide de minimis consideration takes the seller beyond the mere ``routine conveyance'' of the forwarded message and into the ``procurement'' of the forwarded message. --------------------------------------------------------------------------- \193\ 15 U.S.C. 7702(12). \194\ 70 FR at 25441. \195\ Black's Law Dictionary 300 (7th ed. 1999). \196\ NPRM, 70 FR at 25441 --------------------------------------------------------------------------- The definition of ``procure,'' however, does not merely cover those scenarios in which a seller offers to pay or provide other consideration to a forwarder. A seller who ``induces'' another person to initiate a commercial email will also fall within the definition of ``procure.'' The NPRM explained that ``to induce'' is much broader than ``to pay consideration.'' While CAN-SPAM does not define the term ``induce,'' in the NPRM, the Commission applied the word's common definition: ``to lead on to; to influence; to prevail on; to move by persuasion or influence.''\197\ The Commission then opined that ``to induce'' did not require the transfer of something of value.\198\ Rather, the Commission explained, ``one must do something that is designed to encourage or prompt the initiation of a commercial e- mail.''\199\ Thus, the Commission stated that, ``in order to `intentionally induce' the initiation of a commercial email, the sender must affirmatively act or make an explicit statement that is designed to urge another to forward the message.''\200\ In addition, the Commission stated that whether a seller ``induced'' a person to forward a message could hinge on the forcefulness of the language used by the seller.\201\ --------------------------------------------------------------------------- \197\ Id. \198\ Id. \199\ Id. \200\ Id. \201\ 70 FR at 25441 n.178. --------------------------------------------------------------------------- The Commission believes that this description of ``induce'' in the NPRM is unduly narrow and inconsistent with the statute's text and purpose. First, ``inducement'' need not take the form of an ``explicit statement'' or ``affirmative act'' specifically urging someone to send an email. The word ``induce'' in the definition of ``procure'' simply makes clear that a seller may ``procure'' the origination or transmission of a message even where it does not specifically pay or provide other consideration to someone for sending an email. For instance, where a seller offers to pay or provide consideration to someone in exchange for generating traffic to a website or for any form of referrals, and such offer results in the forwarding of the seller's email message, the seller will have ``induced,'' and therefore ``procured,'' the forwarding of the seller's email. Likewise, in an affiliate program where the seller does not directly offer to pay a sub-affiliate in exchange for generating web traffic or other referrals, the seller's offer to pay the affiliate for generating web traffic or other referrals will constitute ``inducement'' of emails sent by the sub-affiliate that advertise the seller's product, service, or website. Under each of these scenarios, the seller will have ``induced'' the forwarding of an email and will have gone well beyond routine conveyance. However, CAN-SPAM's applicability should not rest on the specificity or forcefulness of the language used by the seller, notwithstanding the suggestion to the contrary in the NPRM.\202\ Accordingly, a seller's use of language exhorting consumers to forward a message does not, absent more, subject the seller to ``sender'' liability under the Act. --------------------------------------------------------------------------- \202\ Id. --------------------------------------------------------------------------- A seller, of course, is not prohibited from offering consideration to a visitor to its website in exchange for forwarding a commercial message, or otherwise inducing the visitor to do so. If it does, however, it will not be engaged in mere ``routine conveyance'' and must therefore comply with CAN-SPAM's requirements for a ``sender.'' For instance, the seller will need to ensure that it does not forward a message to a recipient who has previously made an opt-out request and will need to include in the message an opt-out mechanism. (ii) Seller's Liability for Email Forwarded Using a Consumer's Email Program In the most basic forward-to-a-``friend'' scenario, a seller sends a commercial email to a consumer who then, using his or her own email program, forwards the message to a recipient.\203\ Typically, the seller will have no liability under CAN-SPAM for the original recipient's forwarding of an email. It is only where the seller ``initiates'' the forwarding of the message that it will be deemed the ``sender'' of the forwarded message under the Act.\204\ Again, the starting point is the language of the Act, which defines ``initiate'' as ``to originate or transmit [a commercial email] or to procure the origination or transmission of such message, but shall not include actions that constitute routine conveyance of such message.''\205\ In contrast to the web-based scenario discussed above, the ``routine conveyance'' exemption has no applicability when a consumer forwards a message using his or her own email program, because the seller would not be involved in the transmission, routing, relaying, or storage of the forwarded message. Nor is the seller ``originating'' or ``transmitting'' the message in this scenario. The inquiry thus turns on whether the seller has ``procured'' the forwarded message. The principles guiding the determination of whether the seller has ``procured'' the forwarded message are the same here as when the forwarding occurs through the seller's website. Accordingly, if the seller ``pays or provides other consideration'' to someone in exchange for forwarding the commercial message, the seller will have ``procured'' the forwarding of the [[Page 29672]] email.\206\ For the reasons explained above, this is true regardless of the amount of the consideration offered; offering de minimis consideration in the form of coupons, discounts, sweepstakes entries and the like in exchange for forwarding a commercial email constitutes ``procurement'' of the forwarded message. Likewise, if the seller ``induces'' the forwarding of the message -- such as by offering payment in exchange for generating traffic to a website -- it will be an ``initiator,'' and thus also the ``sender,'' of the forwarded message. In such a circumstance, the seller will be obligated to comply with CAN-SPAM's requirements for a ``sender,'' such as ensuring that the forwarded message contains a functioning opt-out mechanism and ensuring that email is not forwarded to someone who has already opted out of receiving commercial emails from the seller.\207\ --------------------------------------------------------------------------- \203\ We assume for purposes of this analysis that the email promotes or advertises the seller's product, service, or website. \204\ 15 U.S.C. 7702(9). \205\ Id. \206\ 15 U.S.C. 7702(12). \207\ As noted above, a number of commenters argued that complying with the Act's requirements when a consumer uses his or her own email program to forward the seller's email is impracticable for the seller. See Associations; BOA; Charter; CMOR; DMA; ERA; FNB; Jumpstart; MPAA; MPA; Coalition; NRF; NetCoalition; RIAA; Wahmpreneur. However, it is our understanding that marketing campaigns in which consideration is offered to consumers in exchange for forwarding an email typically rely on the seller's web-based forwarding mechanism. In such circumstances, there is no reason the seller cannot fully comply with CAN-SPAM. --------------------------------------------------------------------------- (iii) Liability of a Consumer-Forwarder The NPRM did not discuss the potential liability of a consumer who forwards a commercial message via a seller's web-based mechanism or using his or her own email program. Such a consumer-forwarder would be an ``initiator'' under CAN-SPAM regardless of whether the seller ``procured'' the message because, as explained above, the definition of ``initiate'' includes the ``origination'' of a message and the consumer-forwarder would be the ``originator'' of the message. Thus, while a seller who provided a web-based forwarding mechanism (and did not ``procure'' the message) would be exempt from ``initiator'' or ``seller'' liability where it was engaged in ``routine conveyance,'' the consumer-forwarder still would be an ``initiator.'' Likewise, a consumer who forwarded a message using his or her own email program (and the message was not ``procured'' by the seller) would be an ``initiator'' of the message, while the seller would not be. Thus, the Act's terms result in an anomaly: a seller in such situations would be exempt from liability under CAN-SPAM, but the consumer-forwarder would be required to comply with CAN-SPAM's ``initiator'' obligations. In other words, as ``initiators,'' ordinary consumers who, without being offered any consideration or inducement, forward a commercial message using either a seller's web-based forwarding mechanism or their own email program, would be required to provide recipients with a mechanism for opting out of receiving future commercial emails from the ``sender,'' a clear and conspicuous disclosure that the message is an advertisement or solicitation, a clear and conspicuous notice of the right to opt out of receiving commercial emails from the ``sender,'' and a clear and conspicuous disclosure of the ``sender's physical address.'' Yet, because the seller is not an ``initiator,'' there would be no ``sender'' of the message under the Act. The Commission believes that Congress did not intend to sweep into CAN-SPAM's regulatory scheme consumers who, without being offered any consideration or inducement for doing so, use a seller's web-based forwarding mechanism or their own email programs to send isolated commercial email messages to recipients. Indeed, as the Commission recognized in promulgating the Primary Purpose Rule, ``the repeated inclusion of the modifying word `commercial' in section 7702(2)(A) is not merely tautological, but evidences an intention to ensure that the CAN-SPAM regulatory scheme would not reach isolated email messages sent by individuals who are not engaged in commerce, but nevertheless seek to sell something to a friend, acquaintance, or other personal contact.''\208\ Hence, the Commission believes that under these facts, such a consumer-forwarder would not be swept into CAN-SPAM's regulatory scheme.\209\ --------------------------------------------------------------------------- \208\ 70 FR at 3113. \209\ For the same reason, even where consideration or inducement such as coupons, discounts, awards, additional entries in sweepstakes is provided to the consumer-forwarder, the consumer- forwarder is unlikely to be a target of enforcement (though the seller offering the consideration or other inducement might be), absent indicia that the consumer-forwarder is, in fact, acting akin to an affiliate marketer, for example. --------------------------------------------------------------------------- B. Section 316.4 -- Prohibition Against Failure to Effectuate An Opt- Out Request Within Ten Business Days of Receipt Section 7704(a)(4) of the Act prohibits senders from initiating the transmission of a commercial email message to a recipient more than ten business days after the senders have received the recipient's opt-out request. Section 7704(c)(1) gives the Commission authority to issue regulations modifying the ten-business-day period -- what is, in effect, a ``grace period'' -- for processing recipients' opt-out requests if the Commission determines that a different time frame would be more reasonable after taking into account ``(A) the purposes of [subsection 7704(a)]; (B) the interests of recipients of commercial electronic mail; and (C) the burdens imposed on senders of lawful commercial electronic mail.''\210\ Accordingly, in the ANPR, the Commission sought comment on the reasonableness of the ten-business-day grace period for processing opt-out requests and whether a shorter grace period would be more reasonable, in view of the three considerations enumerated in the statute and the relative costs and benefits. --------------------------------------------------------------------------- \210\ 15 U.S.C. 7704(c)(1). --------------------------------------------------------------------------- In consideration of the comments received in response to the ANPR, the NPRM proposed to shorten the time period for honoring an opt-out request from ten to three business days. The Commission also posed a number of questions in Part VII of the NPRM about the appropriate time to allow for processing an opt-out request, including questions about: technical procedures and cost implications associated with opt-out processing; the level of risk associated with ``mail bombing'' -- the bombardment of an email address with commercial email in the nine business days following an opt-out request, aggressive email targeting tactics; and the effect of third-party arrangements on the timing of opt-out processing. In response to the NPRM, the Commission received numerous comments opposing the proposed rule. Based on the Commission's analysis of the comments received in response to the NPRM, the Commission is persuaded that: (1) reducing the opt-out grace period from ten to three business days would not necessarily advance the privacy interests of consumers; (2) the time period for processing opt-out requests required by legitimate commercial emailers varies, and often exceeds three business days depending upon a number of factors, including the size of the business, the existence of third-party marketing agreements, and the maintenance of multiple email databases; and (3) neither the current record nor the Commission's experience reflects that email bombing of commercial email recipients is a wide-scale tactic deployed by lawful commercial emailers. Furthermore, the record does not reflect that shortening the opt-out grace period would [[Page 29673]] necessarily reduce any potential threat of email bombing. Accordingly, the Commission declines to adopt a final Rule that would reduce the statutory grace period from ten business days to three business days, but will continue to monitor whether commercial emailers are using abusive targeting tactics and/or failing to honor opt-out requests in a timely manner to determine whether regulatory or other action is required in the future. Likewise, as explained below, the Commission reaffirms its refusal to impose a limit on the duration of opt-out requests at this time. 1. The Appropriate Deadline for Effectuating an Opt-Out Request Approximately 100 commenters addressed the issue of whether the period for opt-out compliance should be reduced. The vast majority -- over 85 percent -- opposed reducing the time frame to less than ten business days.\211\ Many of these commenters argued that the need for coordination and synchronization of opt-out mechanisms requires a minimum of ten days.\212\ Some of these commenters also suggested that senders of email messages who are not now complying with the Act would not comply with the proposed change, but those who are attempting to comply would be burdened, with no gain in protection of consumers's privacy interests.\213\ --------------------------------------------------------------------------- \211\ See, e.g., CMOR; BrightWave; Swent; Footlocker; Intermark; Empire; SHRM; FNB; Wells Fargo; VCU; MPAA; ACB; Bigfoot; PMA; BOA; NetCoalition; Reed; DoubleClick; DMA; CBA; Time Warner; Coalition; NEPA; IAC.; Charter; Jumpstart; HSBC; ASAE; Comerica; Cendant; CUNA; KeySpan; MasterCard; Discover; Microsoft; PCIAA; Vertical; BD; Exact; ARTBA; ACUTA; Sprint (stating that it would have to devote at least 30,000 man hours, or in excess of $2 million, in order to modify its systems to accelerate the process of implementing opt-out requests); ABM (``Diversified Business Communications has concluded that imposition of a three-day opt-out requirement would reduce the effectiveness of its marketing and increase its cost by a minimum of $20,000 per year.''). \212\ See, e.g., ACUTA; BD; Experian. \213\ See, e.g., ERA; OPA; ATAA; ARDA; Charter; MPA; PMA. --------------------------------------------------------------------------- A number of commenters provided substantive descriptions of the time frames that are involved with processing opt-out requests and coordinating such efforts with third-party vendors. Commenters explained that the time necessary to process opt-out requests varies based on a number of factors, such as whether the sender itself collects opt-out requests and removes email addresses from its own marketing list or uses a third-party vendor for the entire process or for certain portions of the process.\214\ --------------------------------------------------------------------------- \214\ See, e.g., DMA. --------------------------------------------------------------------------- According to another commenter, some cable companies rely on third- party vendors to handle all email marketing, process opt-out requests, and manage suppression lists. ``The cable operator may be able to input a customer's opt-out request in one to two business days in its own internal database, but the third party vendor that provides a variety of targeted marketing and advertising services may take up to 8-10 business days to complete the processing.''\215\ --------------------------------------------------------------------------- \215\ See NCTA. --------------------------------------------------------------------------- A few commenters argued that delays also can result from concerns about privacy with respect to negotiating non-disclosure agreements and using hard copy media, such as CDs, to transmit their suppression files. As one commenter explained: We often see other situations that make the three-day period difficult at best, including large corporations with legacy databases that must plan for their marketing campaigns and use of suppression lists a week in advance, use of hard-copy media -- such as CDs -- to transmit the files via the postal service, and then the use by small businesses which only have access to low bandwidth connections. A three-day deadline could cause many advertisers, especially small or traditionally offline businesses, to abandon their e-mail acquisition efforts altogether in order to comply.\216\ --------------------------------------------------------------------------- \216\ See Experian. --------------------------------------------------------------------------- Finally, a few commenters pointed out that they offer not only Internet-based opt-out mechanisms but also opportunities to unsubscribe by telephone or other means, which can be very time-consuming.\217\ --------------------------------------------------------------------------- \217\ See, e.g., Masterfoods; Mattel; Jumpstart. With respect to these comments, the Commission notes that section 7704(a)(3)(A)(i) of the Act requires that a commercial email message contain a functioning return email address or other Internet-based mechanism that the recipient may use to submit an opt-out request, but does not require requests submitted in other ways to be honored within the given time period. See also NPRM, 70 FR at 25443. --------------------------------------------------------------------------- In terms of potential benefits to consumers from reducing the grace period to three business days, nearly all of the commenters argued that bombarding a recipient with email following an opt-out request is not a valid concern and that the potential risk of mail bombing would not, in any event, be mitigated by shortening the opt-out period to three days.\218\ --------------------------------------------------------------------------- \218\ See, e.g., CMOR; Verizon; LashBack; ACLI; ABM; FNB; ERA; ESPC; ARTBA; MPA (arguing that, if a marketer were involved in mail bombing, it could still do so under a three-business-day time frame); PMA; BOA; SIA; NRF; NetCoalition; Reed; DoubleClick; Associations; Time Warner; IAC; ICC; Nextel (asserting that no rational marketer would undertake mail bombing); Charter; HSBC; MasterCard; Discover; Microsoft; Nissan; Vertical; ExactTarget; Sprint. But see iPost (``[I]t has been demonstrated by the use of `honeypot' or `spamtrap' emailboxes that submitting opt-out requests does lead to targeting for receipt of additional commercial email . . . . The length of time that elapses following submission of the opt-out request has little bearing on this practice, which no responsible marketer would employ in any case.''). --------------------------------------------------------------------------- A few commenters argued either in favor of the proposed three-day time period,\219\ or recommended time periods of less than three days.\220\ These commenters, several of whom are individual consumers, generally believe that there are no technical obstacles to automatic or near-automatic opt-out processing. Other commenters suggested that five to seven days could represent a reasonable period of time to process an opt-out request.\221\ --------------------------------------------------------------------------- \219\ See Unsub; Rushing; Nelson; NAFCU. \220\ See Aurelius; Edge; Schaefer; Roberts; Pernetian; Amin. \221\ See, e.g., May (``Extending the time period to 5 days, but shortening from 7 [sic] days, would encompass 90% of the online population and is a reasonable time period to comply with opt-in requests.''); Clear (supporting a compromise of five or six days). --------------------------------------------------------------------------- Many small businesses, however, opined that compliance with a shorter time frame would pose a significant burden due to the technical support needed.\222\ For example, some small entities process opt-out requests manually or have only part-time staff. Given holidays and vacations, those entities do not believe they could process requests within three days.\223\ Small membership-based associations such as the American Road and Transportation Builders Association and SHRM also expressed concern about staffing issues. SHRM argued that it would be unreasonable to expect volunteers or even a single paid staff director to check for, and handle, opt-out requests several times per week to satisfy the proposed three-day rule. --------------------------------------------------------------------------- \222\ See, e.g., NADA; BrightWave; Ezines; ARDA; ABM; ASAE; NAMB (``NAMB believes that the proposed 3-business day time period has a disproportionate economic impact on all small business entities, which includes many mortgage brokers.''); MPA; NAR; NAA (indicating that a three-business-day period would be challenging for small newspapers); ASTA (``Nearly instantaneous processing' may be possible for some, but there is no record support for the proposition that it is possible for all, or even most, businesses, particularly small businesses.''). \223\ See, e.g., Sheu; Wiederhoeft; Intermark; ECFCU; SHRM; IS; ASAE; Comerica; IPPC; BD; ARTBA. --------------------------------------------------------------------------- Finally, a few commenters argued that ten business days is not sufficient time for processing opt-out requests and a longer time frame would be better.\224\ Some of these commenters pointed out that telemarketers have 31 days to process new listings on the National Do [[Page 29674]] Not Call Registry\225\ and that commercial email messages directed to certain mobile devices are prohibited if the wireless domain name referenced in the address has been posted on the Federal Communications Commission's (``FCC'') wireless domain list for at least 30 days.\226\ These commenters argued that, for consistency, 31 or 30 days should be allowed for processing opt-out requests.\227\ --------------------------------------------------------------------------- \224\ See, e.g., NNA; ACLI; NRF; ICC. \225\ 69 FR 16368 (Mar. 29, 2004). \226\ The FCC has issued a list of wireless domains to which commercial email messages cannot be directed without the addressee's express prior authorization or if other conditions are met. 47 CFR 64.3100(a) & (e). The thirty-day safe harbor does not apply if the person or entity initiating the message did so knowing the address was to a protected mobile service. 47 CFR 64.3100(a)(4); Rules and Regulations Implementing the Controlling the Assault Of Non- Solicited Pornography and Marketing Act of 2003, CG Docket No. 04- 53, Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, CG Docket No. 02-278, 19 FCC Rcd. 15927, 15969 (2004). \227\ See, e.g., Verizon; Intermark; NAR; SIIA; MCI; IAC. --------------------------------------------------------------------------- Having carefully considered the comments concerning the amount of time required to process and coordinate opt-out requests, along with the Commission's law enforcement experience, the Commission is persuaded that it should retain the ten-business-day grace period for honoring opt-out requests. The Commission is persuaded that its proposal in the NPRM to shorten the period to three business days could impose a substantial burden on legitimate commercial email marketers. In particular, the Commission is concerned that reducing the opt-out period could pose a significant challenge for small entities. In addition, the Commission believes that reducing the opt-out period would not necessarily advance the privacy interests of consumers. Neither the current record nor the Commission's law enforcement experience indicates that email bombing of commercial email recipients is a wide-scale tactic deployed by lawful commercial emailers, or that reducing the opt-out grace period would necessarily reduce any potential threat of email bombing. At the same time, the Commission rejects the argument that email marketers should have more than ten business days to process opt-out requests. The Commission finds that, based on the record, senders of commercial email are not unduly burdened by the ten-business-day grace period for honoring opt-out requests established by Congress.\228\ Indeed, in 2005, a Commission study revealed that nearly 90% of the top 100 etailers honored the ten-business-day opt-out time period,\229\ which suggests that, on balance, compliance is feasible for most senders of commercial email. Further, the Commission is not persuaded that the fact that telemarketers have 31 days to process new listings on the National Do Not Call Registry justifies extending the period for honoring CAN-SPAM opt-out requests to 31 days, in view of the difference in the structure and operation of email suppression lists as compared to the National Do Not Call Registry. --------------------------------------------------------------------------- \228\ See, e.g., DoubleClick; ACB; Cendant; iPost; Empire. See also NCL's comments in the ANPR (stating that ``We are unaware of any problems with the ten-business-day time period and would strongly oppose lengthening it.''). \229\ See ``Top Etailers' Compliance with CAN-SPAM's Opt-Out Provisions.'' Staff Report (July 2005), available at http:// www.ftc.gov/reports/optout05/050801optoutetailersrpt.pdf. This report explained that 89% of the top 100 etailers that sent commercial email during the study honored all three of the opt-out requests made by FTC staff. --------------------------------------------------------------------------- For all these reasons, the Commission declines to adopt proposed Rule 316.4, which would have reduced the statutory ten-business-day grace period for honoring opt-out requests.\230\ The grace period therefore remains ten business days. --------------------------------------------------------------------------- \230\ Proposed Rule 316.4(b) would have clarified that law enforcement officials are not required to allege or prove a defendant's state of mind to obtain a cease and desist order or an injunction to enforce compliance with proposed Rule 316.4(a), which pertains to the time period for honoring opt-out requests. Because the Commission declines to adopt Rule 316.4(a), proposed Rule 316.4(b) is no longer necessary. Moreover, the language of the Act itself is clear on this issue -- whenever a provision of the Act or the Commission's Rule contains a state-of-mind component, that requirement does not apply when a law enforcement official seeks a cease and desist order or an injunction. 15 U.S.C. 7706(e) & (f)(2). --------------------------------------------------------------------------- 2. Expiration of Opt-out Requests In the NPRM, the Commission declined to propose a time limit for how long an opt-out request will remain in effect, but indicated that it would consider submissions of information or data that would show whether such a time limit would be useful in implementing the provisions of the Act. The Commission noted that, in the somewhat similar context of the Do Not Call Registry, the Registry administrator is able routinely to purge defunct or changed telephone numbers from the Registry database, whereas email marketers do not appear to have similar capabilities for such purging.\231\ The Commission also stated that an email marketer's suppression list is likely to have far fewer entries than the then 91 million numbers\232\ on the Do Not Call Registry, making the prospect of ``scrubbing'' far less daunting, and potentially vitiating the argument that setting an expiration period for opt-out requests is required.\233\ --------------------------------------------------------------------------- \231\ 70 FR at 2544. The NPRM also stated that the duration of a person's registration on the Do Not Call Registry is five years or until the registrant changes his or her telephone number or takes the number off the Registry. Id. Congress has since enacted legislation which eliminates the expiration of listings on the Registry. See Do-Not-Call Improvement Act of 2007, Pub. L. No. 110- 188 (2008). \232\ As of June 2007, the Do Not Call Registry contained more than 145 million telephone numbers. \233\ 70 FR at 2544. --------------------------------------------------------------------------- Several commenters argued that the Commission should limit the length of time that requests should remain in effect. These commenters, however, were divided on what would be an appropriate time limit.\234\ Other commenters argued that the Commission should not impose a time limit on a consumer's opt-out request.\235\ --------------------------------------------------------------------------- \234\ See, e.g. , ARDA; Wells Fargo; BOA; NRF (all arguing for a two- to three-year time limit); CMOR; ABM; FNB; ERA; ESPC; ACB; Bigfoot; Visa (all arguing for a five-year or longer time limit). \235\ For example, DoubleClick argued that it did ``not believe that a consumer's choice should have an expiration date. If a consumer asks to be removed from a commercial email list and subsequently changes her/his mind, s/he can re-subscribe to that mailing list.'' Similarly, the Virginia Credit Union argued that it also believes that ``the opt-out request should be honored indefinitely until such time the consumer contacts the sender and requests otherwise.'' --------------------------------------------------------------------------- Various commenters submitted data to the Commission about the size of their suppression lists. That data showed that suppression list size varies, and it is not clear whether or in what instances suppression lists may exceed the Do Not Call Registry. While many suppression lists contain less than 100,000 addresses,\236\ ESPC states that the suppression lists of some companies exceed the Do Not Call Registry by over 10 million entries. One commenter noted that ``[f]rom a logistical perspective, many companies have large suppression lists that can exceed a million names.''\237\ Another commenter reported that its suppression list will likely have fewer than the number of entries that the National Do Not Call Registry contains.\238\ --------------------------------------------------------------------------- \236\ See ESPC (``The time and cost varies linearly based on the size of the lists involved. Both the size of the suppression list and the size of the active list affect the processing time and cost. Many senders' suppression lists contain less than 100,000 addresses, in which case the time and cost are fairly negligible.''). \237\ See DoubleClick. \238\ See FNB. --------------------------------------------------------------------------- In analyzing the data submitted by these commenters, the Commission finds that, at this time, there is insufficient evidence to show that email suppression list scrubbing is impeded by the lack of a time limit on opt-out requests, or that imposing a limit will be [[Page 29675]] useful in implementing the provisions of the Act under section 7711(a). Notably, Congress chose neither to impose such a time limit nor to specifically authorize the Commission to do so at this time. Consequently, the Commission declines to impose a time limit on the duration of an opt-out request. C. Proposed Rule 316.5 -- Prohibition on Charging a Fee or Imposing Other Requirements on Recipients Who Wish To Opt Out In the NPRM, the Commission proposed to prohibit the imposition, as a condition for accepting or honoring a recipient's opt-out request, of any fee, obligation to provide personally identifying information (beyond one's email address), or any other requirement.\239\ Several commenters agreed with the Commission's proposal to prohibit senders from charging a fee to opt out,\240\ but challenged the portion of the rule that would prevent the collection of additional personal information or require email recipients to interface with more than one Internet Web page to opt out from receiving future commercial email messages from the sender. These commenters cumulatively identified a host of factors -- the risk of typographical errors, computer security issues, online identity theft, and sabotage by competitors -- arguing for the necessity of collecting personal information or requiring multiple opt-out steps to verify the identity of the recipient.\241\ While the Commission recognizes that computer security and identity theft are serious problems facing online consumers, the Commission is not persuaded that imposing additional requirements on consumers who are attempting to opt out would do anything to minimize the risk of these problems. To the contrary, the Commission believes that requiring consumers to transmit additional personally identifying information would increase the risk of that information being intercepted by a hacker or rogue third party. --------------------------------------------------------------------------- \239\ As proposed and adopted here, Rule 316.5 provides: ``Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient's electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic message or visiting a single Internet web page, in order to: (a) use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or (b) have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).'' \240\ See, e.g., KeySpan; MasterCard; Metz; Empire; Wells Fargo; Coalition; BOA. \241\ See, e.g, Wells Fargo; Coalition; Experian; MPAA; AeA; Microsoft; Verizon; MasterCard. --------------------------------------------------------------------------- Other commenters explained that verifying the identity of a recipient would be important because their suppression lists are connected to consumer account information rather than consumer email addresses. For example, DMA argued that ``tracking by account information also makes it easier to honor opt-out requests for customers regardless of what they change their email address to.''\242\ The Commission does not find this argument persuasive, because, as the Commission stated in the NPRM, ``according to CAN-SPAM, opt-out requests are specific to a recipient's email address, not his or her name,'' and, in this case, certainly not to his or her account information.\243\ --------------------------------------------------------------------------- \242\ See also MPAA; Microsoft (both requesting the Commission to clarify that the use of passwords or other authentication information is permitted under the rule); ABA (stating that it would be beneficial to have ``member-recipients log on the entity's Website, edit the member's profile, and thereby directly express the member's complete opt-out preferences.''). \243\ NPRM, 70 FR at 25445. Similarly, for this reason, the Commission is not persuaded by those commenters arguing that senders should be able to require their member-recipients to update their member profiles in order to opt out from receiving commercial email messages. See, e.g., ABA; ATAA. --------------------------------------------------------------------------- At least one commenter argued in favor of allowing marketers an opportunity to ``display an advertisement or other incentive in order to remind the recipient of the value of the list subscription prior to their unsubscription.''\244\ The Commission reiterates its position stated in the NPRM that subjecting a recipient who wishes to opt out to sales pitches before the opt-out request is completed is an unacceptable encumbrance on a consumer's ability to opt out of receiving unwanted commercial email messages. --------------------------------------------------------------------------- \244\ See Experian. --------------------------------------------------------------------------- Accordingly, the Commission adopts final Rule 316.5, which prohibits the imposition of any fee, any requirement to provide personally identifying information (beyond one's email address), or any other obligation as a condition for accepting or honoring a recipient's opt-out request. D. Section 7704(c)(2) -- Aggravated Violations Related to Commercial Email The final Rule does not provide for any additional aggravated violations beyond those already specified in the Act. Committing an aggravated violation along with a violation of section 7704(a) could subject a defendant to triple damages in a CAN-SPAM enforcement action by a state attorney general or an ISP.\245\ Section 7704(b) of the Act lists four practices which are to be considered ``aggravated violations.''\246\ According to a Senate Committee Report on an earlier version of the Act, designating specific practices as ``aggravated'' violations is intended to ``apply to those who violate the provisions of the bill while employing certain problematic techniques used to either generate recipient email addresses, or remove or mask the true identity of the sender.''\247\ --------------------------------------------------------------------------- \245\ 15 U.S.C. 7706(f)(3)(C) & (g)(3)(C). \246\ The four practices are: (1) automated email address harvesting; (2) dictionary attacks; (3) automated creation of multiple email accounts; and (4) relay or retransmission of a commercial email message through unauthorized access. \247\ S. Rep. No. 108-102, at 8 (2003). --------------------------------------------------------------------------- Section 7704(c)(2) of the Act authorizes the Commission to specify activities or practices -- in addition to the four already enumerated in the statute -- as aggravated violations if the Commission determines that ``those activities or practices are contributing substantially to the proliferation of commercial electronic mail messages that are unlawful under [section 7704(a) of the Act].'' (Emphasis added.) In response to the Commission's request in the NPRM for comment on whether any specific practices were contributing substantially to the proliferation of email, the Commission received only five comments. Three of the commenters complained about various practices that either are already illegal under the Act or that the commenters believed should be made illegal, but did not provide any evidence that the practices were contributing substantially to the proliferation of commercial electronic mail messages that are unlawful under section 7704(a) of the Act, and, thus, should be deemed aggravated violations.\248\ --------------------------------------------------------------------------- \248\ See Nelson (email spoofing); Rubin (selling email addresses after opt-out; single seller using multiple domain names); Sowell (commercial email messages should have only one sender; email should indicate how the sender obtained the recipient's name or email address). --------------------------------------------------------------------------- The other two commenters expressed concern that lists of email addresses of consumers who have opted out from receiving email (known as ``suppression lists'') can be, and in some instances have been, misused by third parties to send unwanted email.\249\ Specifically, these commenters indicated that, in some cases, third parties have obtained unauthorized access to another company's suppression list, which the third parties have then used to send emails of their own. The record, [[Page 29676]] however, lacks evidence that this practice is widespread and is ``contributing substantially to the proliferation of commercial electronic mail messages that are unlawful under [section 7704(a) of the Act].\250\ Thus, there is an insufficient evidentiary basis for the Commission to designate this practice as an aggravated violation. In any event, depending on the facts, some of these practices may violate section 7704(a)(4)(A)(iv) of the Act. Under this provision, ``the sender or any other person that knows that the recipient has made [an opt-out request to the sender]'' may not ``sell, lease, exchange, or otherwise transfer or release the electronic mail address of the recipient (including through any transaction or other transfer involving mailing lists bearing the electronic address of the recipient) for any purpose other than compliance with this chapter or other provision of law.'' --------------------------------------------------------------------------- \249\ See LashBack (some companies allow third parties to access their suppression lists); Unsub (``many sellers . . . post a text version of their opt-out suppression lists on Blind Affiliate Networks, allowing easy access for any list owner who is a member'' of that network). \250\ 15 U.S.C. 7704(c)(2). --------------------------------------------------------------------------- III. PAPERWORK REDUCTION ACT In accordance with the Paperwork Reduction Act of 1995, 44 U.S.C. 3501-3520 (``PRA''), the Commission reviewed the proposed and final Rule. The final Rule does not impose any recordkeeping, reporting, or disclosure requirements and, thus, does not constitute a ``collection of information'' as defined in the regulations implementing the PRA.\251\ --------------------------------------------------------------------------- \251\ See 5 CFR 1320.3(c). --------------------------------------------------------------------------- IV. REGULATORY FLEXIBILITY ACT The NPRM included an initial regulatory flexibility analysis (``IRFA'') under the Regulatory Flexibility Act (``RFA''),\252\ even though the Commission did not expect that the proposed Rule would have a significant economic impact on a substantial number of small entities. In addition, the Commission invited public comment on the proposed Rule's effect on small entities to ensure that no significant impact would be overlooked.\253\ --------------------------------------------------------------------------- \252\ 5 U.S.C. 601-612. \253\ NPRM, 70 FR at 25447-49. --------------------------------------------------------------------------- This Final Regulatory Flexibility Analysis (``FRFA'') incorporates: the Commission's initial findings, as set forth in the May 12, 2005 NPRM; addresses the comments submitted in response to the IRFA notice; and describes the steps the Commission has taken in the final Rule to minimize its impact on small entities consistent with the objectives of the CAN-SPAM Act. A. Succinct Statement of the Need for, and Objectives of, the Final Rule The final Rule was created pursuant to the Commission's mandate under the CAN-SPAM Act. The Act authorizes the Commission, at its discretion and subject to certain conditions, to: promulgate regulations expanding or contracting the categories of ``transactional or relationship messages'';\254\ modify the ten-business-day period proscribed in the Act for effectuating a recipient's opt-out request;\255\ and specify additional activities or practices as ``aggravated violations.''\256\ The Act also authorizes the Commission to ``issue regulations to implement the provisions of [the] Act.''\257\ The final Rule modifies certain definitions of the Act, such as what constitutes a ``sender'' and a ``valid physical postal address''; adds a definition of ``person''; and clarifies other relevant provisions of the Act. --------------------------------------------------------------------------- \254\ 15 U.S.C. 7702(17)(B). \255\ 15 U.S.C. 7704(c)(1)(A)-(C). \256\ 15 U.S.C. 7704(c)(2). \257\ 15 U.S.C. 7711(a). --------------------------------------------------------------------------- B. Summary of Significant Issues Raised by the Public Comments in Response to the IRFA In the IRFA, the Commission sought comment regarding the impact of the proposed Rule and any alternatives the Commission should consider, with a specific focus on the effect of the proposed Rule on small entities. The public comments on the proposed Rule are discussed above throughout the Statement of Basis and Purpose, as are any changes that have been made in the final Rule. After reviewing the comments, including those that specifically addressed the impact of the Rule on small entities, the Commission does not believe that the final Rule will unduly burden entities that send commercial electronic mail messages or transactional or relationship mail messages. The majority of comments concerning the impact of the proposed Rule on small entities addressed the Commission's proposal to shorten the opt-out period from ten business days to three. As noted in Part II.B above, these commenters argued that a shortened time frame would impose undue administrative costs and burdens on small businesses.\258\ The Commission agrees that the final Rule must not be unduly burdensome to small businesses, and, while the record still lacks specific data describing the time and cost involved with processing opt-out requests for small businesses, the Commission finds that three business days would pose a challenge for some of these entities. In light of the concerns raised by the commenters, including small entities, the final Rule retains the opt-out period at ten business days. --------------------------------------------------------------------------- \258\ See, e.g., ABM; ARDA; BrightWave; Ezines; MPA; NAA; NADA; NAMB; NAR. --------------------------------------------------------------------------- C. Explanation as to Why No Estimate is Available as to the Number of Small Entities to Which the Final Rule Will Apply Determining a precise estimate of the number of small entities subject to the final Rule, or describing those entities, is not readily feasible for two reasons. First, there is insufficient publicly available data to determine the number and type of small entities currently using email in any commercial setting. As noted in the IRFA, the final Rule will apply to ```senders' of `commercial electronic mail messages,' and, to a lesser extent, to `senders' of `transactional or relationship messages.'''\259\ Thus, any company, regardless of industry or size, that sends commercial email messages or transactional or relationship messages would be subject to the final Rule. --------------------------------------------------------------------------- \259\ NPRM, 70 FR at 25448. --------------------------------------------------------------------------- In the IRFA, the Commission set forth the few sources of publicly available data to approximate the number of entities that send commercial email messages or transactional or relationship messages, noting that ``[g]iven the paucity of data concerning the number of small businesses that send commercial e-mail messages or transactional or relationship messages, it is not possible to determine precisely how many small businesses would be subject to the proposed Rule.''\260\ None of the comments provided information regarding the number of entities of any size that will be subject to the final Rule. --------------------------------------------------------------------------- \260\ Id. --------------------------------------------------------------------------- The second reason that determining a precise estimate of the number of small entities subject to the final Rule is not readily feasible is that the assessment of whether the primary purpose of an email message is ``commercial,'' ``transactional or relationship,'' or ``other'' turns on a number of factors that require factual analysis on a case- by-case basis. Thus, even if the number of entities that use email in commercial dealings were known, the extent to which the messages they send will be regulated by the final Rule depends upon the primary purpose of such messages, a determination which cannot be made absent factual analysis. [[Page 29677]] D. Description of the Projected Reporting, Recordkeeping, and Other Compliance Requirements of the Final Rule, Including an Estimate of the Classes of Small Entities that Will Be Subject to the Requirements of the Final Rule and the Type of Professional Skills that Will Be Necessary to Implement the Final Rule The final Rule does not itself impose any reporting, recordkeeping, or other disclosure requirements within the meaning of the Paperwork Reduction Act. The final Rule primarily: clarifies the scope of certain definitions within the CAN-SPAM Act, such as ``sender'' and ``valid physical postal address''; defines one new term, ``person''; and clarifies that a recipient may not be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any other steps other than sending a reply email message or visiting a single Internet Web page to submit an opt-out request. Any costs attributable to CAN-SPAM are the result of the substantive requirements of the Act itself -- such as the requirement that commercial email messages include an opt-out mechanism and certain disclosures -- not the Commission's interpretive final Rule. E. Discussion of Significant Alternatives the Commission Considered That Would Accomplish the Stated Objectives of the CAN-SPAM Act and That Would Minimize Any Significant Economic Impact of the Final Rule on Small Entities Through both the ANPR and the May 12, 2005 NPRM, the Commission sought to gather information regarding the economic impact of CAN- SPAM's requirements on all businesses, including small entities. The Commission requested public comment on whether the proposed Rule would unduly burden such entities that use email to send messages defined as ``commercial'' or ``transactional or relationship'' messages under the Act and the FTC's CAN-SPAM Rule; whether this burden is justified by offsetting benefits to consumers; what effect the proposed Rule would have on small entities that initiate messages the primary purpose of which are commercial or transactional or relationship; what costs would be incurred by small entities to ``implement and comply'' with the proposed Rule; and whether there were ways the proposed Rule could be modified to reduce the costs or burdens for small entities while still being consistent with the requirements of the Act. The Commission requested this information in an attempt to minimize the final Rule's burden on all businesses, including small entities. In drafting the final Rule, the Commission carefully considered and sought to mitigate the burdens placed on email marketers, both large and small alike. For example, because a shortened time frame for processing opt-out requests might place a significant burden on senders, including small businesses, the final Rule retains the original ten-business-day period set forth in the Act. Moreover, the final Rule's definition of ``valid physical postal address'' provides for the use of commercial and postal mailboxes in light of the concerns many small entities expressed with respect to disclosing their physical addresses in email messages. Finally, to the extent that small entities participate in sending multiple marketer messages, the final Rule's definition of ``sender'' minimizes the burden placed on such entities by permitting the designation of a single ``sender'' to comply with CAN-SPAM's disclosure and opt-out requirements. As explained earlier in this Statement of Basis and Purpose, the Commission has considered the comments and alternatives proposed by such commenters, and continues to believe that the final Rule will not create a significant economic impact on small entities or others who send or initiate commercial email messages or transactional or relationship messages. List of Subjects in 16 CFR Part 316 Advertising, Business and industry, Computer technology, Consumer protection, Labeling. 0 Accordingly, for the reasons set forth in the preamble above, the Commission amends title 16, CFR Chapter I by revising Part 316 to read as follows: PART 316--CAN-SPAM RULE Sec. 316.1 Scope. 316.2 Definitions. 316.3 Primary purpose. 316.4 Requirement to place warning labels on commercial electronic mail that contains sexually oriented material. 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out. 316.6 Severability. Authority: 15 U.S.C. 7701-7713. Sec. 316.1 Scope. This part implements the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (``CAN-SPAM Act''), 15 U.S.C. 7701-7713. Sec. 316.2 Definitions. (a) The definition of the term ``affirmative consent'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(1). (b) ``Character'' means an element of the American Standard Code for Information Interchange (``ASCII'') character set. (c) The definition of the term ``commercial electronic mail message'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(2). (d) The definition of the term ``electronic mail address'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(5). (e) The definition of the term ``electronic mail message'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(6). (f) The definition of the term ``initiate'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(9). (g) The definition of the term ``Internet'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(10). (h) ``Person'' means any individual, group, unincorporated association, limited or general partnership, corporation, or other business entity. (i) The definition of the term ``procure'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(12). (j) The definition of the term ``protected computer'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(13). (k) The definition of the term ``recipient'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(14). (l) The definition of the term ``routine conveyance'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(15). (m) The definition of the term ``sender'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(16), provided that, when more than one person's products, services, or Internet website are advertised or promoted in a single electronic mail message, each such person who is within the Act's definition will be deemed to be a ``sender,'' except that, only one person will be deemed to be the ``sender'' of that message if such person: (A) is within the Act's definition of ``sender''; (B) is identified in the ``from'' line as the sole sender of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. [[Page 29678]] 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. (n) The definition of the term ``sexually oriented material'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7704(d)(4). (o) The definition of the term ``transactional or relationship messages'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(17). (p) ``Valid physical postal address'' means the sender's current street address, a Post Office box the sender has accurately registered with the United States Postal Service, or a private mailbox the sender has accurately registered with a commercial mail receiving agency that is established pursuant to United States Postal Service regulations. Sec. 316.3 Primary purpose. (a) In applying the term ``commercial electronic mail message'' defined in the CAN-SPAM Act, 15 U.S.C. 7702(2), the ``primary purpose'' of an electronic mail message shall be deemed to be commercial based on the criteria in paragraphs (a)(1) through (3) and (b) of this section:\1\ --------------------------------------------------------------------------- \1\ The Commission does not intend for these criteria to treat as a ``commercial electronic mail message'' anything that is not commercial speech. --------------------------------------------------------------------------- (1) If an electronic mail message consists exclusively of the commercial advertisement or promotion of a commercial product or service, then the ``primary purpose'' of the message shall be deemed to be commercial. (2) If an electronic mail message contains both the commercial advertisement or promotion of a commercial product or service as well as transactional or relationship content as set forth in paragraph (c) of this section, then the ``primary purpose'' of the message shall be deemed to be commercial if: (i) A recipient reasonably interpreting the subject line of the electronic mail message would likely conclude that the message contains the commercial advertisement or promotion of a commercial product or service; or (ii) The electronic mail message's transactional or relationship content as set forth in paragraph (c) of this section does not appear, in whole or in substantial part, at the beginning of the body of the message. (3) If an electronic mail message contains both the commercial advertisement or promotion of a commercial product or service as well as other content that is not transactional or relationship content as set forth in paragraph (c) of this section, then the ``primary purpose'' of the message shall be deemed to be commercial if: (i) A recipient reasonably interpreting the subject line of the electronic mail message would likely conclude that the message contains the commercial advertisement or promotion of a commercial product or service; or (ii) A recipient reasonably interpreting the body of the message would likely conclude that the primary purpose of the message is the commercial advertisement or promotion of a commercial product or service. Factors illustrative of those relevant to this interpretation include the placement of content that is the commercial advertisement or promotion of a commercial product or service, in whole or in substantial part, at the beginning of the body of the message; the proportion of the message dedicated to such content; and how color, graphics, type size, and style are used to highlight commercial content. (b) In applying the term ``transactional or relationship message'' defined in the CAN-SPAM Act, 15 U.S.C. Sec. 7702(17), the ``primary purpose'' of an electronic mail message shall be deemed to be transactional or relationship if the electronic mail message consists exclusively of transactional or relationship content as set forth in paragraph (c) of this section. (c) Transactional or relationship content of email messages under the CAN-SPAM Act is content: (1) To facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender; (2) To provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient; (3) With respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender, to provide -- (i) Notification concerning a change in the terms or features; (ii) Notification of a change in the recipient's standing or status; or (iii) At regular periodic intervals, account balance information or other type of account statement; (4) To provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or (5) To deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender. Sec. 316.4 Requirement to place warning labels on commercial electronic mail that contains sexually oriented material. (a) Any person who initiates, to a protected computer, the transmission of a commercial electronic mail message that includes sexually oriented material must: (1) Exclude sexually oriented materials from the subject heading for the electronic mail message and include in the subject heading the phrase ``SEXUALLY-EXPLICIT: '' in capital letters as the first nineteen (19) characters at the beginning of the subject line;\2\ --------------------------------------------------------------------------- \2\ The phrase ``SEXUALLY-EXPLICIT'' comprises 17 characters, including the dash between the two words. The colon (:) and the space following the phrase are the 18\th\ and 19\th\ characters. --------------------------------------------------------------------------- (2) Provide that the content of the message that is initially viewable by the recipient, when the message is opened by any recipient and absent any further actions by the recipient, include only the following information: (i) The phrase ``SEXUALLY-EXPLICIT: '' in a clear and conspicuous manner;\3\ --------------------------------------------------------------------------- \3\ This phrase consists of nineteen (19) characters and is identical to the phrase required in 316.5(a)(1) of this Rule. --------------------------------------------------------------------------- (ii) Clear and conspicuous identification that the message is an advertisement or solicitation; (iii) Clear and conspicuous notice of the opportunity of a recipient to decline to receive further commercial electronic mail messages from the sender; (iv) A functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed, that (A) A recipient may use to submit, in a manner specified in the message, a reply electronic mail message or other form of Internet- based communication requesting not to receive future commercial electronic mail messages from that sender at the electronic mail address where the message was received; and (B) Remains capable of receiving such messages or communications for no less than 30 days after the transmission of the original message; (v) Clear and conspicuous display of a valid physical postal address of the sender; and (vi) Any needed instructions on how to access, or activate a mechanism to access, the sexually oriented material, preceded by a clear and conspicuous statement that to avoid viewing the sexually oriented material, a recipient [[Page 29679]] should delete the email message without following such instructions. (b)Prior affirmative consent. Paragraph (a) does not apply to the transmission of an electronic mail message if the recipient has given prior affirmative consent to receipt of the message. Sec. 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out. Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient's electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to: (a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or (b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4). Sec. 316.6 Severability. The provisions of this Part are separate and severable from one another. If any provision is stayed or determined to be invalid, it is the Commission's intention that the remaining provisions shall continue in effect. By direction of the Commission. Donald S. Clark Secretary Note: The following Appendix will not appear in the Code of Federal Regulations List of Commenters and Acronyms CAN-SPAM DISCRETIONARY RULEMAKING COMMENTS ------------------------------------------------------------------------ Acronym Commenter ------------------------------------------------------------------------ ABA American Bar Association ABM American Business Media ACA ACA International ACB America's Community Bankers ACLI American Council of Life Insurers ACUTA ACUTA, Inc. Adknowledge Adknowledge, Inc. AeA American Electronics Association Allen Bobby Allen Amin J. Amin aQuantive aQuantive, Inc. ARDA American Resort Development Association ARTBA American Road and Transportation Builders Association ASA American Staffing Association ASAE American Society of Association Executives Associations Direct Marketing Association et al. on behalf of American Advertising Federation, American Association of Advertising Agencies, American Bankers Association, American Council of Life Insurers, American Society of Association Executives, American Society of Travel Agents, Inc. -- Cruise Lines International Association, Association of National Advertisers, Consumer Bankers Association, Direct Marketing Association, Inc., Electronic Retailing Association, Email Service Provider Coalition, The Financial Services Roundtable, Information Technology Association of America, Interactive Travel Services Association, Internet Alliance, Internet Commerce Coalition, Magazine Publishers of America, National Business Coalition on E- Commerce and Privacy, National Retail Federation, NetCoalition, Network Advertising Initiative, Promotion Marketing Association, U.S. Chamber of Commerce ASTA American Society of Travel Agents, Inc. ATAA Air Transport Association of America Ault Russell Ault Aurelius Aurelius Baker Baker & Hostetler, LLP BD BD, Inc. Bigfoot Bigfoot Interactive BOA Bank of America Corporation BrightWave BrightWave Marketing, Inc. Brown Brown-Foreman Corporation BSA Business Software Alliance Buschner Arthur Buschner Cambridge Cambridge Electronics Laboratory Cantor Elaine Cantor CBA Consumer Bankers Association Cendant Cendant Cooperation Cha Brian Cha Charter Charter Communications, Inc. Christensen Keith Christensen Clark Patrick Clark Clear Luanne Clear Click Click Tactics, Inc. CMOR The Council for Marketing and Opinion Research Coalition National Business Coalition on E- Commerce and Privacy Comerica Comerica Incorporated CUNA Credit Union National Association Darling RWR Darling Dennis David Dennis Discover Discover Financial Services DMA Direct Marketing Association, Inc. DoubleClick DoubleClick, Inc. Edge Ronald D. Edge Edwards Edwards Ellenburg George M. Ellenburg Empire Empire Corporate FCU EPIC Electronic Privacy Information Center ePrize ePrize, LLC ERA Electronic Retailing Association ESPC Email Service Provider Coalition Exact ExactTarget, Inc. Experian Experian Marketing Solutions Ezines The Circle of Ezines FNB First National Bank of Omaha Footlocker Footlocker.com/Eastbay Goldbar Goldbar Enterprises, LLC Gorman Richard Gorman Gray Woodrow Gray HSBC HSBC Bank of Nevada IAC IAC/InterActiveCorp ICC Internet Commerce Coalition ICOP International Council of Online Professionals IMN iMake News, Inc. Independent Independent Sector Intermark Intermark Media iPost Bart Schaefer on behalf of iPost IPPC International Pharmaceutical Privacy Consortium Jarrell Lon Jarrell, Jr. Jumpstart Jumpstart Technologies, LLC Kapecki Jon Kapecki KeySpan KeySpan Energy Landesmann Mark Landesmann Lantow Lantow LashBack LashBack, LLC MasterCard MasterCard International Masterfoods Masterfoods USA Mattel Mattel, Inc. May William May MBNA MBNA America Bank, N.A. MCI MCI, Inc. Metz Seymour Metz Microsoft Microsoft Cooperation [[Page 29680]] Morris Ireeta Morris MPA Magazine Publishers of America MPAA Motion Picture Association of America NAA Newspaper Association of America NADA National Automobile Dealers Association NAEDA North American Equipment Dealers Association NAFCU National Association of Federal Credit Unions NAIFA National Association of Insurance and Financial Advisors NAMB National Association of Mortgage Brokers NAR National Association of Realtors NCTA National Cable and Telecommunications Association Nelson Nelson NEPA Newsletter and Electronic Publishers Association NetCoalition NetCoalition Nextel Nextel Communications, Inc. NFCU Navy Federal Credit Union Nissan Nissan North America, Inc. NNA National Newspaper Association NRF National Retail Federation OPA Online Publishers Association Oriez Charles Oriez PCIAA Property Casualty Insurers Association of America Pernetian Pernetian PMA Promotion Marketing Association, Inc. Reed Reed Elsevier, Inc. Return Return Path, Inc. RIAA Recording Industry Association of America Roberts Bart Roberts Rubin Kim Rubin Rushing Rushing Rushizky Paul Rushizky SAG Strategic Advisory Group Satchell Stephen Satchell Schaefer Mark Schaefer Schnell Ron Schnell Sheu Caroline Sheu Shires William Shires SHRM Society for Human Resource Management SIA Securities Industry Association SIIA Software Information Industry Association Sing Ah Sing-Bombard Slachetka Mike Slachetka Sonnenschein Sonnenschein Nath & Rosenthal, LLP Sowell Sean Sowell Sprint Sprint Corporation Subscriber SubscriberMail, LLC Swent Norm Swent Tietjens Richard Tietjens Time Warner Time Warner, Inc. Topica Topica Travaglini Anne Travaglini Unsub UnsubCentral UOL United Online VCU Virginia Credit Union VFCU Visions Federal Credit Union Verizon Verizon, Inc. Vertical Vertical Response, Inc. Visa Visa U.S.A., Inc. Wahmpreneur Wahmpreneur Publishing, Inc. Wells Fargo Wells Fargo & Company West Hal West Wiederhoeft Phyllis Wiederhoeft Wyle Ed Wyle ------------------------------------------------------------------------ [FR Doc. E8-11394 Filed 5-20-08: 8:45 am] BILLING CODE 6750-01-S