Don’t Get Whammed for Spam

It is tough to think of a business that does not use email marketing in 2018, but did you know that you can be subject to penalties of more than $40,000 if you violate Federal “spam” regulations?  It’s true, and it’s unfortunately easy to make a mistake.  We’ll provide the basics in this email, but, if you have additional questions, you may want to reach out to the Federal Trade Commission ( or a lawyer.

Who and What Does CAN-SPAM Apply to?

Congress passed the CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act in 2003, and it applies to any email with a “primary purpose” of advertising or promoting a commercial product or service.  It doesn’t matter if you’re a nonprofit or a for-profit company; what matters is the character of the email you’re sending out.

But this law does not apply to all business-related emails.  Most of CAN-SPAM’s rules do not apply when you email people to complete a transaction or to update them on a transaction.  It also does not apply to emails you send where you are providing information about a product the customer has already purchased, such as a rebate or warranty.  Generally speaking, if you have a pre-existing relationship, and your email is furthering that relationship, the email is not a “commercial message.”  If that’s the case, then you still have to make sure that you are providing accurate and not misleading To/From or subject information, but the rest of the Act requirements do not apply.

What Do You Have to Do If You Send Commercial Emails?

If you do send commercial emails, then you need to comply with several rules, all of which are designed to make sure consumers are protected from false or misleading ads or from getting unwanted emails.

1. Use accurate To and From information.  These fields need to accurately identify where the email is coming from.  Don’t label the email as coming from “Grandma” or “Your Bank” in the hopes it will make someone open the email, unless that is accurate.
2. Don’t use deceptive subject lines.  Don’t send an email with the subject line “You’ve Won a Trip to the Bahamas” unless that is actually true, and the recipient should start packing her bags.  Writing a misleading subject line to try and get someone to open an email is illegal.
3. Identify the email as an ad.  This has to be “clear and conspicuous,” which means it should not be buried in tiny print no one could read or using language that isn’t obvious.
4. Include the address of the sender.  Your physical postal address must be included somewhere in the email.  This can be a P.O. Box.
5. Include a link or explanation of how a consumer can “opt out” of future emails.  You can’t make them pay to opt out.  You also can’t make them give you anything more than just their email address to opt out.  If you want to know why they are opting out, you can provide them with an optional survey to fill out, but they must not be required to fill it out in order to opt out.
6. Honor opt-out requests within 10 business days.
7. Don’t sell email addresses of anyone who opts out.  After someone has opted out of receiving emails from you, you can’t sell, lease or exchange their email address to another company, unless it’s to a company that will help you comply with CAN-SPAM.

CAN-SPAM Applies to Mobile Phones

In contrast with emails, a business cannot send a commercial message to a mobile phone unless that person explicitly “opts in” beforehand.  In order to get a customer to opt in, the sender must disclose their identity, the fact that the recipient agrees to receive mobile service commercial messages, the fact that the recipient may be charged by his/her wireless service provider, and the fact that the recipient can opt out at any time.

Each commercial message should give customers information about how they can opt out, and this information should be clear and conspicuous.  As with emails, any requests to opt out must be processed within 10 business days.

What Happens If You Break the Law?

Long story short, there can be big penalties if you violate the law.  Federal agencies, including the Federal Trade Commission and the Federal Communications Commission, can currently seek civil penalties up to $41,484 for each violation of the CAN-SPAM Act per email, as well as injunctions to stop it from happening again.  Criminal penalties may also be imposed if, for example, a company or person accesses someone else’s computer to send spam without permission, or harvests email addresses from the web to send spam or generates email addresses from random letters and numbers with the hope of hitting on a valid email address to send spam.

State attorney general offices can sue for the greater of either actual damages or $250 per email-not to exceed $2 million.  Willful and knowing violations can get triple damages, and the state can sue for attorneys’ fees.

We hope this article helps you avoid any penalties or lawsuits.  We are all about reducing risk.  



This article is not legal advice but should be considered as general guidance in the area of employment and corporate law. Bryan Dench, Amy Dieterich, Jordan Payne Hay, and Rebecca Webber are employment and labor law attorneys; others at the firm handle business and other matters. You can contact us at 207.784.3200. Skelton Taintor & Abbott is a full service law firm providing legal services to individuals, companies, and municipalities throughout Maine. It has been in operation since its founding in 1853.