CAN-SPAM Requirements: What Law Firms Need to Know

by | Law Firm Marketing Ethics

Image of a tablet with envelopes flowing away from it, representing the CAN-SPAM requirements for commercial digital communications that apply to law firms.

Many lawyers may be unaware of the legal limitations on marketing over the Internet even though federal law on the subject has been around more than a dozen years. The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 regulates all electronic commercial communications in the United States, and violations can result in hefty financial penalties. With digital marketing winning an ever increasing share of advertising, lawyers need to make sure they understand CAN-SPAM requirements and how to take full advantage of e-marketing while remaining compliant with the act.

How CAN-SPAM Requirements May Affect Your Law Firm

In 1997, Nevada passed legislation regarding spam, the first state to do so. In the following years, several other states followed suit.

Then, in 2003, Congress passed the CAN-SPAM Act. The federal law preempted the state laws and effectively standardized electronic commercial communication regulations across the country. However, states can still enact and enforce laws regarding fraud in online commercial communications.

Specifically, CAN-SPAM regulates how and to whom individuals and businesses, including law firms, may use electronic communications for commercial purposes. With considerable financial penalties for violations, lawyers absolutely must understand how the act applies to their law firms and what communications affected.

What Are the CAN-SPAM Requirements?

In the simplest terms, CAN-SPAM requires the following in online or digital commercial communications: honesty in stating who you are; honesty in the communication and the fact that it’s an advertisement; and an obvious, no-strings option to be removed from the list for future communications.

More specifically, the act imposes the following CAN-SPAM requirements on each commercial communication sent via electronic means:

  • Accurately state who the message is from;
  • Include a subject line that is accurate and without deception states the subject matter of the body of the message;
  • Include an actual physical address for the sender;
  • Clearly and in easy-to-read formatting label the communication as an advertisement or solicitation; and
  • Include a no-strings opt-out provision and process such requests within 10 days.

Law firms that understand the act’s details on these points shouldn’t have any trouble staying on the right side of CAN-SPAM.

Who Is Subject to CAN-SPAM?

CAN-SPAM applies to any individual or business that uses electronic communications for commercial or advertising purposes. In this regard, the act identifies two groups: initiators and senders.

Initiators under CAN-SPAM are those persons or businesses that originate or transmit a commercial communication using electronic means like e-mail or an online newsletter. The definition includes individuals or businesses doing so on behalf of another.

A sender under the act is the person or business whose products or services are advertised in the communication.

For example, if a law firm engages a digital marketing professional to send an electronic newsletter to clients and prospective clients, the law firm is likely an initiator, because it originates the newsletter, and a sender, because the firm’s services are the subject of the newsletter. The digital marketing company is an initiator because it procured the message for distribution on behalf of the law firm.

As the example shows, the act does not allow businesses to sidestep its requirements by using an intermediary for distribution.

Which Communications Does CAN-SPAM Cover?

As mentioned above, CAN-SPAM applies to commercial communications sent via electronic means. The act applies equally to individual messages and bulk communications and identifies three types of messages:

  • Commercial;
  • Transactional or relational; and
  • Messages that don’t fit the first two categories.

As the name implies, commercial communications advertise your services in some way or solicit business from others.

Transactional or relational communications, on the other hand, are those that discuss an existing or prior transaction, such as confirmation of a current or past purchase or payment or transmission of the product purchased.

Strictly commercial communications clearly fall under the act, whereas the act does not apply to communications that fall strictly into the other two categories. But what if commercial content is mixed with other content?

In the case of multipurpose communications, it’s likely that the main point of the message and the placement of each type of information will play a large role in whether the communication is ultimately determined to be commercial. An e-mail that starts by confirming an existing transaction and, as an afterthought, mentions the availability of other services briefly at the end is less likely to be considered a commercial communication under the act than a message that starts with hype about products or services and ends with a short statement of the client’s account.

Commercial Communications under CAN-SPAM Must Include a Means to Opt Out

Every communication that falls under CAN-SPAM must include an option for the recipient to opt out of receiving further commercial communications. The opportunity to opt out must be available for at least 30 days after you send your message, and opt-out requests must be processed within 10 days.

Additionally, the option to opt out cannot be contingent on other conduct by the recipient such as the payment of a fee, the sharing of additional information beyond the e-mail address, or visitation of another web page.

Further, opt-out requests never expire. Only if the recipient later opts in may you resume sending commercial communications to him or her.

CAN-SPAM requirements also strictly limit the use of the addresses received in opt-out requests. You may not sell or transfer them to another. Instead, you may only use them to comply with the act.

Steep Penalties for CAN-SPAM Violations

There is no private right of action for CAN-SPAM violations. Enforcement of the CAN-SPAM Act is primarily by the Federal Trade Commission (FTC). In addition, other federal agencies such as the Federal Communications Commission (FCC) and the Securities and Exchange Commission (SEC) may also enforce the act.

As mentioned above, the penalties for violations of CAN-SPAM can be steep. In the case of noncompliance, each separate e-mail constitutes a separate violation subject to a penalty of up to $16,000. For particularly egregious or repetitive violations, the per-e-mail penalty can be as high as $41,484. There is no cap on the total penalties. And additional penalties may be imposed for aggravated violations such as these:

  • Harvesting e-mail addresses from a proprietary online service or website;
  • Launching dictionary attacks, creating possible e-mail addresses by combining names, numbers, and letters;
  • Using automatic means such as scripts to create and/or use multiple e-mail accounts to send commercial e-mails; or
  • Spoofing, displaying a false IP address for the transmission or relay of commercial e-mail.

Internet service providers (ISPs) can also bring claims to enforce the provisions of the act, but with less severe consequences in some ways. ISPs can seek injunctive relief, but damages are limited to $25 to $100 per e-mail up to a maximum of $1 million. Statutory damages may be tripled for willful, knowing, or aggravated violations. And ISPs may seek attorney’s fees and costs.

State attorneys general may also bring claims to enforce the CAN-SPAM requirements. As with ISP enforcement, the potential penalties are lower than those federal agencies can seek. A state attorney general can seek injunctive relief as well as damages up to $250 per e-mail, with a $2 million cap, and attorney’s fees and costs. Damages may be multiplied times three for willful, knowing, or aggravated violations.

Where Do You Go to Learn More about CAN-SPAM Compliance?

As people turn increasingly to the web to find and investigate service providers, lawyers are likewise turning to digital media to reach current and potential clients. If you want to know more about CAN-SPAM requirements and how you can take full advantage of your digital communication options, contact the premier digital marketing specialists at TOPDOG Legal Marketing. You can reach us using our online contact form or calling (844) HEY-TDOG (439-8364) or (480) 744-7331.

Copyright © 2023 TOPDOG Legal Marketing, LLC.

Join Our Newsletter for Insider Info