President Bush signed the CAN-SPAM Act of 2003 into law yesterday, giving e-mail marketers a big victory after six years of wrangling over federal regulation of commercial e-mail.
The federal law, passed overwhelmingly in Congress this month, takes effect Jan. 1, creating a single national standard to regulate commercial e-mail in place of the patchwork of laws in more than 35 states.
CAN-SPAM requires marketers to remove customers from their lists when requested and bans common spamming practices such as false headers and harvesting e-mail addresses. Commercial e-mailers must include a physical address in messages, along with a truthful subject line and notice that the message is an ad. The law calls for, but does require, the creation of a do-not-e-mail registry by the Federal Trade Commission.
The Direct Marketing Association, Association of National Advertisers and American Association of Advertising Agencies praised the bill for establishing a national standard and providing stronger enforcement tools. They objected to the do-not-e-mail registry, which the groups said spammers would ignore.
The DMA's support of the CAN-SPAM Act was critical in building support for national legislation after six years of failed measures in Congress. It was influenced by the passage this fall of SB 186, a California law that would have banned unsolicited commercial e-mail in the state.
The federal bill blocks enactment of the California law, which marketers feared would lead to an avalanche of lawsuits from its provision for consumer lawsuits. CAN-SPAM, which lacks a private right of action, overrides state laws regulating e-mail, though it leaves in place anti-fraud measures.
Internet service providers, including AOL and Yahoo, cheered the bill, which gives ISPs more power to sue spammers using fraudulent techniques. Yahoo called the law “a victory for consumers and the Internet.”
Anti-spam groups panned the legislation's opt-out approach as ineffectual, particularly compared with laws in states like California.
“We don't regard this as an anti-spam bill at all,” said Jason Catlett, an anti-spam activist. “It's a ban on the states banning spam. We can expect spam to continue to grow substantially.”
E-mail service providers have advised clients to go beyond the letter of the law and conform to industry best practices for commercial e-mail, because spam filtering by ISPs is the biggest challenge facing e-mail marketing.
“If you want your e-mails delivered by the ISPs, you're going to have to adhere to a higher standard than CAN-SPAM,” Ken Hirschman, general counsel at Digital Impact, a San Mateo, CA, e-mail service provider, advised last week.
The FTC has a key role in enforcing the law and constructing the rules for commercial e-mailers. The bill requires the FTC to devise a plan to implement a do-not-e-mail registry, along with a timetable, in six months. The FTC is to detail its objections to maintaining the list, including concerns over security, privacy and technical feasibility.
In an online chat to discuss the bill, FTC chairman Timothy Muris repeated his reservations about the effectiveness of a registry.
“Because most spammers are not legitimate, the attractiveness of a do-not-spam registry is in doubt,” he said. “We will perform an objective study to see if the difficulties of a registry can be overcome so that consumers would benefit.”
Sen. Charles Schumer, D-NY, the registry's chief congressional supporter, has promised to ensure the FTC follows through to create it.
Muris also cast doubt on the FTC requiring an “ADV” label in the subject line of commercial e-mail. Under the federal law, the FTC is to study implementing such a label and report back in 18 months. Muris said the FTC found that just 2 percent of spam carried “ADV” labels, despite a number of state laws requiring them.