CAN-SPAM Changes Seen as Fair

The proposed changes to the CAN-SPAM Act the Federal Trade Commission (FTC) put forth last week are being welcomed by marketers, even though there are likely to be disagreements over some of the details.

With the Notice of Proposed Rulemaking (NPRM), the commission is seeking input on its plans to clarify the law for senders, and enhance protection for receivers. Notable changes include one that would clarify specifically who must comply with CAN-SPAM provisions for senders when multiple parties are involved, and another that would shorten the sender’s opt-out response period to 3 days.

“They put a ton of work into this,” said Elaine O’Gorman, VP strategy at Silverpop, an email service provider (ESP). “Even though the proposed rules are very brief, the amount of detail they went into in the NPRM explaining how they arrived at their proposed changes is incredibly helpful to marketers.”

The FTC even outlined its thought processes on some proposed changes it declined to add to the law, including broadening the definition of “transactional or relationship message;” applying CAN-SPAM to “forward-to-a-friend” campaigns; and adding more “aggravated violations.”

“There had been some talk of broadening the transactional relationship definition to include any previous business relationship. I agree with the FTC that this should not be the case,” O’Gorman said. “Just because you do business with someone once doesn’t give them the right to send you email for the rest of your natural life.”

The FTC also declined to provide an exemption to membership and alumni organizations, or to designate business-to-business email as universally transactional.

Most parties involved have lauded the FTC’s handling of the process of defining ambiguous concepts and clarifying the law.

“The FTC has been very thoughtful in reaching decisions. They’ve shown that they’re trying to get things right,” said Quinn Jalli, director of privacy and ISP relations at ESP Digital Impact.

The decision to allow senders to meet address requirement with a post office box is a huge win for everybody, according to Jalli. Any potential benefits of disallowing P.O. boxes are outweighed by the burden it would place on legitimate P.O box users, such as home-based businesses, who have a legitimate use for using one, he said.

“The FTC knows people are going to commit fraud, and they know that using a P.O. box might make that easier. But they also know that people who will lie to the post office will lie about everything else,” Jalli said.

One provision that might not gain such universal acceptance is narrowing the allowable timeframe to honor opt-out requests, from a current 10-day window to 3 days. While the time it takes to record an opt-out request is near-instantaneous for most organizations or ESPs, potential bottlenecks lie in intra-organizational processes that move request between departments or branches.

While legitimate organizations may have trouble adjusting to the 3-day window, the law’s targets, hard-core offenders, will continue spamming beyond any opt-out, limiting the value of shortening the compliance period, Jalli said.

“Spammers are really binary. Either they honor opt-out or they don’t. I’m confused about how much good will be accomplished by shortening the compliance period,” Jalli said. “Recipients aren’t going to see any fewer emails because of it.”

The FTC noted it has received several comments from senders saying it would be difficult for them to comply with a 3-day opt-out period because of the complexity of their processes. So far, none have supplied any supporting evidence.

“To me, that sounds like a wide open invitation for data,” O’Gorman said. “Some companies who are sending the most relevant email have the most complex systems. They’re the ones who may find it hard to meet the 3-day window.”

If the proposed rules becomes law, they could take effect immediately, or parts could be held for 30 days before taking effect. In either case, these changes are expected to be in place within the year, said Trevor Hughes, executive director of the E-mail Service Providers Coalition (ESPC).

“We have here an indication from the FTC that this is the direction they’re looking to go. I would counsel any email service organization to look at their processes and try to move toward a 3-day opt-out as soon as possible,” Hughes said.

After a little more than a year in place, most parties involved would agree CAN-SPAM has made an impact, said Anne Mitchell, president and CEO of the Institute for Spam & Internet Public Policy (ISIPP). How successful it’s been depends on who you ask and how you view it.

“Are users seeing less spam in their inboxes? Yes. Is less spam being sent? No. For the vast quantity of people — the end users — the law is working great,” Mitchell said. “It’s not the best law, and it’s not the worst law. It’s just a law that provides tools to fight spam. Ultimately it’s the people who will determine what the impact of this law will be. Anyone who is concerned about the way CAN-SPAM is working needs to get involved in the process.”