[Federal Register: May 21, 2008 (Volume 73, Number 99)] [Rules and Regulations] [Page 29653-29680] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr21my08-16] [[Page 29653]] ----------------------------------------------------------------------- Part IV Federal Trade Commission ----------------------------------------------------------------------- 16 CFR Part 316 Definitions and Implementation Under the CAN-SPAM Act; Final Rule [[Page 29654]] ----------------------------------------------------------------------- FEDERAL TRADE COMMISSION 16 CFR Part 316 [Project No. R411008] RIN 3084-AA96 Definitions and Implementation Under the CAN-SPAM Act AGENCY: Federal Trade Commission. ACTION: Final Rule. ----------------------------------------------------------------------- SUMMARY: In this document, the Federal Trade Commission (``FTC'' or ``Commission'') issues its Statement of Basis and Purpose and final Discretionary Rule (``final Rule'') pursuant to section 7711(a) of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (``CAN-SPAM'' or ``the Act''), which gives the FTC discretionary authority to ``issue regulations to implement the provisions of [the] Act.'' EFFECTIVE DATE: The provisions of the final Rule will become effective on July 7, 2008. ADDRESSES: Requests for copies of the provisions of the Statement of Basis and Purpose and final Rule should be sent to: Public Records Branch, Room 130, Federal Trade Commission, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. Copies of these documents are also available at the Commission's Website: http://www.ftc.gov. FOR FURTHER INFORMATION CONTACT: Janis Claire Kestenbaum, (202) 326- 2798, and Sana Coleman Chriss, (202) 326-2249, Division of Marketing Practices, Bureau of Consumer Protection, Federal Trade Commission, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. SUPPLEMENTARY INFORMATION: The final Rule: (1) Adds a definition of the term ``person''; (2) modifies the term ``sender'' in those instances where a single email message contains advertisements for the products, services, or websites of multiple entities; (3) clarifies that a sender may comply with section 7704(a)(5)(A)(iii) of the Act by including in a commercial email message a post office box or private mailbox established pursuant to United States Postal Service regulations; and (4) clarifies that to submit a valid opt-out request, a recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single page on an Internet website. This Statement of Basis and Purpose also explains the Commission's rationale for not adopting other proposals contained in the Commission's May 12, 2005 Notice of Proposed Rulemaking (``NPRM''),\1\ and addresses the application of CAN-SPAM to forward-to- a-``friend'' emails and certain other categories of email messages identified in the NPRM. --------------------------------------------------------------------------- \1\ 70 FR 25426. --------------------------------------------------------------------------- STATEMENT OF BASIS AND PURPOSE I. BACKGROUND A. CAN-SPAM Act of 2003 On December 16, 2003, the President signed into law the CAN-SPAM Act.\2\ The Act, which took effect on January 1, 2004, imposes a series of new requirements on the use of commercial electronic mail (``email'') messages. In addition, the Act gives federal civil and criminal enforcement authorities new tools to combat commercial email that is unwanted by the recipient and/or deceptive. The Act also allows state attorneys general to enforce its civil provisions, and creates a private right of action for providers of Internet access service. --------------------------------------------------------------------------- \2\ 15 U.S.C. 7701-7713. --------------------------------------------------------------------------- In enacting the CAN-SPAM Act, Congress made the following determinations of public policy, set forth in section 7701(b) of the Act: (1) there is a substantial government interest in regulation of commercial email on a nationwide basis; (2) senders of commercial email should not mislead recipients as to the source or content of such mail; and (3) recipients of commercial email have a right to decline to receive additional commercial electronic mail from the same source. Based on these policy determinations, Congress, in sections 7704(a) and (b) of the CAN-SPAM Act, outlawed certain commercial email acts and practices. Section 7704(a)(1) of the Act prohibits transmission of any email that contains false or misleading header or ``from'' line information. Section 7704(a)(2) prohibits the transmission of commercial email messages with false or misleading subject headings. Section 7704(a)(3) requires that a commercial email message contain a functioning return email address or similar Internet-based mechanism for recipients to use to ``opt out'' of receiving future commercial email messages. Section 7704(a)(4) prohibits the sender, or others acting on the sender's behalf, from initiating a commercial email to a recipient more than ten business days after the recipient has opted out. Section 7704(a)(5) prohibits the initiation of a commercial email message unless it contains three disclosures: (1) clear and conspicuous identification that the message is an advertisement or solicitation; (2) clear and conspicuous notice of the opportunity to decline to receive further commercial email messages from the sender; and (3) a valid physical postal address of the sender. And section 7704(b) specifies four ``aggravated violations'' -- practices that compound the available statutory damages when alleged and proven in combination with certain other CAN-SPAM violations.\3\ --------------------------------------------------------------------------- \3\ 15 U.S.C. 7704(b). The four such practices set forth in the statute are: address harvesting; dictionary attacks; automated creation of multiple email accounts; and relaying or retransmitting through unauthorized access to a protected computer or network. The Act's provisions relating to enforcement by state attorneys general and providers of Internet access service create the possibility of increased statutory damages if a court finds a defendant has engaged in one of the practices specified in section 7704(b) while also violating section 7704(a). Specifically, sections 7706(f)(3)(C) and (g)(3)(C) permit a court to increase a statutory damages award up to three times the amount that would have been granted without the commission of an aggravated violation. Sections 7706(f)(3)(C) and (g)(3)(C) also provide for this heightened statutory damages calculation when a court finds that the defendant's violations of section 7704(a) were committed ``willfully and knowingly.'' --------------------------------------------------------------------------- The Act authorizes the Commission to enforce violations of the Act in the same manner as an FTC trade regulation rule.\4\ Section 7706(f) authorizes the attorneys general of the states to enforce compliance with certain provisions of section 7704(a) of the Act by initiating enforcement actions in federal court, after serving prior written notice upon the Commission when feasible.\5\ CAN-SPAM also authorizes providers of Internet access service to bring a federal court action for violations of certain provisions of sections 7704(a), (b), and (d).\6\ --------------------------------------------------------------------------- \4\ Sections 7706(a) and (c) of the CAN-SPAM Act provide that a violation of the Act shall be treated as a violation of a rule issued under section 18(a)(1)(B) of the FTC Act, 15 U.S.C. 57a(a)(1)(B). \5\ 15 U.S.C. 7706(f). Specifically, the state attorneys general may bring enforcement actions for violations of section 7704(a)(1), 7704(a)(2), or 7704(d). The states may also bring an action against any person who engages in a pattern or practice that violates section 7704(a)(3), (4), or (5). \6\ 15 U.S.C. 7706(g). Section 7704(d) of the Act requires warning labels on commercial email messages containing sexually oriented material. 15 U.S.C. 7704(d). In April, 2004, the Commission promulgated its final rule regarding such labels. See 69 FR 21024 (Apr. 19, 2004); 16 CFR 316.4. --------------------------------------------------------------------------- B. Notice of Proposed Rulemaking In its May 12, 2005 NPRM, the Commission proposed rule provisions on five topics: (1) defining the term ``person,'' a term used throughout the Act, but not defined; (2) modifying the definition of ``sender'' to make it easier to determine which of multiple parties [[Page 29655]] advertising in a single email message must have its valid physical postal address included in the message and is responsible for honoring ``opt-out'' requests; (3) clarifying that Post Office boxes and private mailboxes established pursuant to United States Postal Service regulations constitute ``valid physical postal addresses'' within the meaning of the Act; (4) shortening from ten days to three days the time a sender may take before honoring a recipient's opt-out request; and (5) clarifying that to submit a valid opt-out request, a recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single page on an Internet website.\7\ --------------------------------------------------------------------------- \7\ Prior to the NPRM, the Commission issued an Advance Notice of Proposed Rulemaking (``ANPR''), 69 FR 11776 (Mar. 11, 2004), soliciting comments on a number of issues raised by CAN-SPAM, including the interpretation of the term ``primary purpose,'' which the Commission addressed in a final Rule issued on January 19, 2005, codified at 16 CFR 316.3. In addition, the ANPR requested comment on the definitions of ``transactional or relationship message'' and ``valid physical postal address,'' the application of the Act to both multiple-marketer and forward-to-a-``friend'' emails, the sufficiency of the ten-business-day opt-out period that had been set by the Act, the potential addition of new aggravated violations, and implementation of the Act's provisions generally. (Two issues addressed in the NPRM and in this Statement of Basis and Purpose -- the definition of ``person'' and the prohibition on charging a fee or imposing other requirements on recipients who wish to opt-out -- were not addressed in the ANPR.) The ANPR also solicited comment on questions related to four Commission reports required to be submitted to Congress. The Commission received over 13,500 comments in response to the ANPR. --------------------------------------------------------------------------- In response to this NPRM, the Commission received 152 comments from email marketers and their associations, email recipients, and other interested parties.\8\ Based upon the entire record in this proceeding and the Commission's law enforcement experience, the Commission hereby adopts final Rule provisions that are very similar, but not identical, to the proposed Rule provisions. As discussed in detail below, the adopted provisions are based upon the recommendations of commenters to make certain modifications in the proposed provisions, as well as the Commission's anti-spam law enforcement experience. Commenters' recommendations that the Commission has declined to adopt in its final Rule are also identified, along with the Commission's reasons for rejecting them. II. DISCUSSION OF THE FINAL RULE --------------------------------------------------------------------------- \8\ Approximately 93 of these comments were submitted by industry representatives, 56 were submitted by consumers, and 3 were submitted by privacy groups. Appendix A is a list of the commenters and the acronyms used to identify each commenter who submitted a comment in response to the NPRM. These comments are available on the Commission's website at the following address: http://www.ftc.gov/ os/comments/canspam3/index.shtm. --------------------------------------------------------------------------- A. Section 316.2 -- Definitions Section 316.12,\9\ one of the Rule provisions previously adopted under CAN-SPAM, defines thirteen terms by reference to the corresponding sections of the Act that define those terms.\10\ The NPRM proposed modification of the previously-adopted definition of ``sender'' by adding a proviso to cover multiple sender scenarios. The NPRM also proposed adding definitions of ``person'' and ``valid physical postal address.'' All other definitions were to remain as adopted. While the NPRM did not propose any changes to the Act's definition of ``transactional or relationship message,'' it posed a series of questions about the interpretation and potential expansion of this definition, and similarly requested comment on the application of the Act's definitions of ``sender'' and ``initiate'' to forward-to-a- ``friend'' email campaigns. --------------------------------------------------------------------------- \9\ Because the final Rule contains several new provisions, the numbering of the Rule's subsections has changed. All cites to the Rule in this Statement of Basis and Purpose are to the new, renumbered Rule provisions, unless otherwise stated. \10\ The Commission adopted these definitions in the Adult Labeling Rulemaking proceeding under section 7704(d) of CAN-SPAM, which required the Commission to prescribe a mark to be included in commercial email containing sexually oriented material. 69 FR 21024 (Apr. 19, 2004). A fourteenth term, ``character,'' not defined in CAN-SPAM, was also defined in the Adult Labeling Rule. 16 CFR 316.2(b). --------------------------------------------------------------------------- 1. Section 316.2(h) -- Definition of ``Person'' In the NPRM,\11\ the Commission proposed adding a definition of ``person,'' a term used throughout the Act,\12\ pursuant to its authority to ``issue regulations to implement the provisions of this Act.''\13\ Under the definition proposed in the NPRM, which is identical to the definition contained in the Telemarketing Sales Rule, 16 CFR 310.2, the term ``person'' would mean ``an individual, group, unincorporated association, limited or general partnership, corporation, or other business entity.'' --------------------------------------------------------------------------- \11\ NPRM, 70 FR at 25428. \12\ See, e.g., 15 U.S.C. 7702(8), (9), (12), (15) & (16); 7704(a)(1), (2) & (3). \13\ 15 U.S.C. 7711(a). --------------------------------------------------------------------------- Seven of the eight commenters that addressed this issue supported the addition of the Commission's proposed definition of ``person,'' opining that it would clarify the types of entities to which the Act applies.\14\ The sole objection came from the Society for Human Resources Management (``SHRM''), which argued that unincorporated nonprofit associations should be excluded from the definition of ``person'' and, therefore, wholly exempt from CAN-SPAM.\15\ SHRM argued that, without such an exemption, the risk of liability under the Act could discourage the organization's members from volunteering to serve in a leadership capacity. --------------------------------------------------------------------------- \14\ See Discover; Empire; ESPC; FNB; KeySpan; NAR; Metz. Adknowledge also advocated modifying the definition of ``person,'' but, at bottom, its argument appears to relate to liability in the context of a multi-marketer email. The Commission thus has considered Adknowledge's comment in connection with the definition of ``sender,'' below. See infra Part II.A.2. \15\ See also ABA (noting that its comments on the ANPR asked the Commission to clarify that the term ``person'' should exclude associations and other tax-exempt nonprofit organizations with respect to their email sent in pursuit of their tax-exempt nonprofit purposes). --------------------------------------------------------------------------- Having considered the comments, the Commission adopts without modification the definition of ``person'' in the proposed Rule. The Commission believes that the addition of this definition will advance the implementation of the Act by clarifying that the term ``person'' is broadly construed and is not limited to a natural person. The Commission rejects the argument that there should be a blanket exemption for all messages sent by unincorporated nonprofit entities. As we have previously observed, CAN--SPAM does not set up a dichotomy between ``commercial'' and ``nonprofit'' messages.\16\ Accordingly, when nonprofit organizations send emails the primary purpose of which is the advertisement or promotion of a commercial product or service, recipients are entitled to the Act's protections. In any event, as discussed below, see infra Part II.A.3.j., messages from an association to its members will often be ``transactional or relationship messages'' under section 7702(17) of the Act and thus not required to include a functioning Internet-based mechanism for consumers to use to opt out of receiving future commercial messages.\17\ --------------------------------------------------------------------------- \16\ 69 FR 50091, 50100 (Aug. 13, 2004). \17\ Section 7706(d) makes clear that the Commission has only the same jurisdiction and power under the Act as it has under the FTC Act, 15 U.S.C. 41, et seq. Consequently, the FTC lacks jurisdiction to enforce CAN-SPAM against any entity that is not ``organized to carry on business for its own profit or that of its members.'' 15 U.S.C. 44. States and providers of Internet access service can bring CAN-SPAM actions against nonprofits, however. --------------------------------------------------------------------------- 2. Section 316.2(m) -- Definition of ``Sender'' Section 7702(16)(A) of CAN-SPAM defines ``sender'' as ``a person who initiates [a commercial electronic mail] [[Page 29656]] message and whose product, service, or Internet web site is advertised or promoted by the message.''\18\ In the NPRM, the Commission proposed amending the definition of ``sender'' to address concerns identified in the ANPR comments about the application of CAN-SPAM's definition of ``sender'' to scenarios where multiple marketers use a single email message ---- for example, where a commercial email from an airline also contains advertisements or promotions for a hotel chain and a car rental company. The Commission received almost 60 comments in response to this proposal, many of which suggested modifications to the proposed Rule provision. After consideration of these comments, the Commission has modified the definition of ``sender'' as proposed in the NPRM. The final Rule provides that multiple ``senders'' of a commercial email, under certain conditions, may identify one among them as the ``sender'' who will be deemed the sole ``sender'' of the message (the ``designated sender''). Thus, under the final Rule, the designated sender, but not the other marketers using the same email message, must honor opt-out requests made by recipients of the message.\19\ Moreover, under the final Rule, the physical address of the designated sender, but not the addresses of the other marketers using the same email message, must appear in the message. --------------------------------------------------------------------------- \18\ 15 U.S.C. 7702(16)(A). The Commission incorporated by reference into the CAN-SPAM rules this definition of ``sender'' in its primary purpose rulemaking. 16 CFR 316.2(l); 70 FR at 3127. \19\ Under the final Rule, where a commercial email is sent by multiple ``senders'' who designate one ``sender'' to be responsible for honoring opt-out requests, the other marketers using the single email message still will be ``initiators'' of the email message and therefore responsible for complying with CAN-SPAM's requirements concerning ``initiators'': 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. --------------------------------------------------------------------------- a. Background As discussed in the ANPR, the Act itself does not specifically address multiple-marketer emails. Rather, under the Act, if multiple senders using a single email message meet the definition of ``sender,'' each would need to provide an opt-out mechanism, a valid physical postal address for each sender would have to appear in the message, and each would be responsible for honoring an opt-out request by a recipient.\20\ The ANPR sought comment on ``whether it would further the purposes of CAN--SPAM or assist the efforts of companies and individuals seeking to comply with the Act if the Commission were to adopt rule provisions clarifying the obligations of multiple senders under the Act.''\21\ --------------------------------------------------------------------------- \20\ The ``sender'' is required by the Act to honor opt-out requests. 15 U.S.C. 7704(a)(4)(A)(i). Additionally, the ``sender's'' physical postal address must be included in the message. 15 U.S.C. 7704(a)(5)(A)(iii). \21\ 69 FR at 11778. --------------------------------------------------------------------------- Commenters responding to the ANPR claimed that implementation of the Act may be impeded in multiple marketer scenarios because marketers and consumers will encounter certain difficulties under a regime that holds more than one party responsible as the sender of a single email. First, commenters claimed that consumer confusion would result from multiple opt-out mechanisms and valid physical postal addresses in a single email message.\22\ Second, some ANPR commenters predicted that rigid application of CAN-SPAM's sender definition would likely chill electronic commerce and destroy the type of joint marketing arrangements that are common in industry.\23\ According to these commenters, marketers would have to develop mechanisms for receiving suppression lists (lists of email addresses of consumers who previously had opted-out of receiving messages from a sender) from every marketer or co-marketer with which they deal, and for comparing their own mailing lists against multiple suppression lists.\24\ In addition, a marketer would have to develop processes for managing multiple opt- outs, i.e., ensuring that the consumer can opt out from each marketer and that all opt-outs sent to the marketer are forwarded to the marketers from whom the consumer no longer wishes to receive commercial email. These commenters argued that existing CAN-SPAM treatment of multiple senders in a single email is needlessly complex and results in unnecessary administrative costs and delays for legitimate email marketers because of the need to maintain and effectuate multiple suppression lists.\25\ Third, commenters stated that a requirement to check names against multiple lists would necessitate passing lists back and forth among several parties, increasing the risk that consumers' private information may be shared with inappropriate entities or exposed to hackers. Moreover, these commenters opined that multiple suppression lists could force a business to divulge customer names to list owners and other marketers, even when the business has promised to protect that information under its privacy policy.\26\ --------------------------------------------------------------------------- \22\ 70 FR at 25429 (citing comments by American Bankers Association; DMA; ERA; IAC; MPAA; Microsoft; PMA; Time Warner). \23\ Id. (citing comments by NAA; Time Warner). \24\ Id. (citing comments by American Bankers Association; DMA; ERA; IAC; MPAA; Microsoft; PMA; Time Warner). \25\ Id. (citing comments by American Bankers Association; DMA; ERA; MPAA; Microsoft). \26\ Id. (citing comments by American Bankers Association; ASTA; ACB; DMA; IAC; MPA; Microsoft; Time Warner). ANPR commenters identified a fourth problem in some situations, such as newsletters. Commenters stated that a requirement that each separate marketer in a single email message be treated as a separate sender would run counter to consumer expectations -- consumers would expect to opt out of the email list of the person with whom the consumer had a relationship, not from a marketer in the newsletter. Id. (citing comments by ABM; DMA; Microsoft; Midway; Time Warner). --------------------------------------------------------------------------- For these reasons, many commenters responding to the ANPR urged that the Act's ``sender'' definition be modified to provide that when more than one company's products or services are advertised or promoted in a single email message, only one among them be responsible as the sender of a message for purposes of the Act. Based upon these comments, in the NPRM, the Commission proposed adding a proviso to the definition of ``sender'' to allow multiple sellers advertising in a single email message to designate one among them as the single ``sender'' of the message for purposes of the Act. Under the NPRM's proposed proviso, only one of multiple persons whose products or services are advertised or promoted in an email message would have been the ``sender'' if that person: (A) initiated the message and otherwise met the Act's definition of ``sender,'' and (B) was the only person who: (1) ``controls the content of such message,'' (2) ``determines the electronic mail addresses to which such message is sent,'' or (3) ``is identified in the `from' line as the sender of the message.'' Under the proposed Rule, if more than one person meeting the Act's definition of ``sender'' were to satisfy one of these three criteria, then each such person who satisfied the definition would have been considered a sender for purposes of CAN-SPAM compliance obligations.\27\ --------------------------------------------------------------------------- \27\ A hypothetical example illustrated the NPRM ``sender'' definition proposal. If X, Y, and Z are sellers who satisfy the Act's ``sender'' definition, and they designate X to be the single ``sender'' under the Commission's proposal, among the three sellers, only X may control the message's content, control its recipient list, or appear in its ``from'' line. X need not satisfy all three of these criteria, but no other seller may satisfy any of them. The sellers may use third parties to be responsible for any criteria not satisfied by X. For example, if X appears in the ``from'' line, the sellers may use third parties -- but not Y or Z -- to control the message's content and recipient list. 70 FR at 25428. --------------------------------------------------------------------------- [[Page 29657]] b. The Final Rule Based upon the comments responding to the NPRM proposal, the Commission believes that modification of the proposed Rule's definition of ``sender'' as it relates to multi-marketer emails is necessary. The final Rule drops the proposed ``controls the content'' and ``determines the electronic mail addresses to which such message is sent'' elements, adds compliance with the core provisions of CAN-SPAM as an element, makes the elements conjunctive rather than disjunctive, and makes the element requiring identification of the person in the ``from'' line mandatory. The Commission believes that these modifications will meet the concerns of marketers while still preserving CAN-SPAM opt-out protections. Thus, under the final Rule, multiple marketers can designate as a single ``sender,'' for purposes of compliance with the Act, a person who: (A) meets the Act's definition of ``sender,'' i.e., such person initiates a commercial electronic mail message in which it advertises or promotes its own goods, services, or Internet website; (B) is identified uniquely in the ``from'' line of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4.\28\ In 16 CFR 316.2(m), the final Rule thus states: --------------------------------------------------------------------------- \28\ These provisions, as explained below, apply to initiators of commercial emails and require that the email message may not contain false or misleading transmission information or a deceptive subject heading; but must contain a valid postal address, a working opt-out link, and proper identification of the message's commercial or sexually explicit nature. --------------------------------------------------------------------------- The definition of the term ``sender'' is the same as the definition of that term in the CAN-SPAM Act, 15 U.S.C. 7702(16), provided that, when more than one person's products, services, or Internet website are advertised or promoted in a single electronic mail message, each such person who is within the Act's definition will be deemed to be a ``sender,'' except that, only one person will be deemed to be the ``sender'' of that message if such person: (A) is within the Act's definition of ``sender''; (B) is identified in the ``from'' line as the sole sender of the message; and (C) is in compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. The Commission makes this clarification pursuant to its discretionary rulemaking authority to ``issue regulations to implement the provisions of this Act.''\29\ --------------------------------------------------------------------------- \29\ 15 U.S.C. 7711(a). Like the proposed Rule, this final Rule does not eliminate the possibility that a message may have more than one ``sender.'' However, marketers can use the criteria set forth in the proviso to establish a single sender and reduce CAN-SPAM's compliance burdens. If marketers fail to structure the message to avoid multiple senders under the sender definition, then each sender is obligated to comply with CAN-SPAM requirements for senders, notably, to provide its physical postal address and to honor any opt-out requests. --------------------------------------------------------------------------- The definition of ``sender'' in the final Rule provides marketers flexibility to structure their messages in a way that alleviates redundant obligations for the various marketers in a single email while ensuring that recipients of such messages receive the benefit of CAN- SPAM's core opt-out protections. Specifically, the final Rule makes it more practicable than the proposed Rule for multiple marketers promoting their products in a single email to designate a single entity as the ``sender'' under the Act because the marketers' decision as to which of them will appear in the ``from'' line resolves the question of which will be considered a ``sender'' under the Act and will be charged with the resulting responsibilities. The final Rule eliminates the complex fact determination of who ``controls'' the content and the element of who ``determines the electronic mail addresses to which such message is sent.'' By placing the focus on the ``from'' line, the best point of reference for consumers, the modification in the final Rule more directly conforms to consumers' expectations as to the identity of the entity responsible for sending them a multi-marketer email. An example illustrates how the final Rule's ``sender'' definition applies in the multi-marketer email context. Suppose A, B, and C have goods advertised or promoted in a single email message and that each is an initiator under the Act. If A's name appears in the ``from'' line of the message, A is considered the ``sender'' under the final Rule. While B and C promote their goods, services, or Internet website in the message, may control portions or all of the content of the message, and may supply email addresses for A to use to address the message, neither B nor C would be considered ``senders,'' unless A did not comply with the listed requirements that apply to ``initiators,'' namely 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. It would be clear to a consumer that an opt-out request would be sent to A, the one person identified in the ``from'' line. The comments and the FTC's law enforcement experience suggest that a provision, such as the final Rule's sender definition, that allows multiple senders flexibility in determining who will be the sole ``sender'' raises the possibility of abuse by illegitimate marketers. As discussed below, this concern is addressed in part by the addition of certain initiator provisions to the proviso: 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4. If the designated sender is not in compliance with the initiator provisions, then all marketers in the message will be liable as senders. c. Comments on the NPRM's Definition of ``Sender'' Commenters who addressed the proposed definition of sender were nearly unanimous in supporting a ``sender'' definition that would enable marketers to designate a single ``sender'' when multiple marketers use a commercial email message. Reiterating ANPR comments, several commenters noted that such a rule provision would avoid ``daunting compliance challenges'' for email marketers, such as the heavy burden of cross-checking the opt-out lists of all the individual marketers with the designated sender's opt-out list.\30\ Likewise, commenters supported the NPRM's proposed Rule because it would enable recipients to determine the party responsible for honoring opt-out requests.\31\ Others noted with approval that designating a single sender would eliminate confusion for consumers who otherwise would face multiple opt-out links and postal addresses.\32\ Finally, other commenters opined that the proposed Rule would promote protection of consumer privacy.\33\ --------------------------------------------------------------------------- \30\ See, e.g., ATAA; Charter; DoubleClick; ERA; ESPC; FNB; IAC; ICC; IPPC; Mattel; Microsoft; NAR; NEPA; NetCoalition; NNA. As the ERA summarized it, ``[D]esignating a single sender will enhance accuracy and compliance efforts, streamline the opt-out process for consumers and sellers/marketers, and avoid confusion by, among other things, avoiding cluttered or repetitious information in messages or multiple suppression lists. It also helps address privacy concerns that may attend to sharing consumer suppression data.'' \31\ See, e.g., Mattel; NAFCU. \32\ See ATAA (it would be ``difficult to format messages in a way that makes them compelling and understandable to recipients'' because of the welter of opt-out links and postal addresses); ERA; ESPC. \33\ See ERA; NetCoalition. --------------------------------------------------------------------------- In contrast to the almost unanimous support for a multi-marketer proviso, however, few commenters supported the definition of ``sender'' as proposed in the NPRM without change.\34\ Many commenters raised concerns about the workability and clarity of the proposal, [[Page 29658]] as well as its consistency with consumer expectations. Most commenters urged the Commission to modify or clarify the criteria articulated in the proposed Rule. Such comments concerned four issues. The first three issues relate to the three listed criteria in the NPRM's proposed proviso: (1) the significance of the person identified in the ``from'' line; (2) the meaning of ``controls the content of the message'' and the structure of the proviso; and (3) the meaning of ``determines the electronic mail addresses'' to which a message is sent. A fourth category of comments addressed what it means to ``advertise'' or ``promote'' a product, service, or website under the Act, which is related to the question posed in the NPRM about whether ``list owners'' can be ``senders'' under the Rule and thus be required (or allowed) to process opt-out requests in lieu of other marketers who promote a product, service, or website in the email.\35\ --------------------------------------------------------------------------- \34\ See, e.g., ARDA; Empire; Mattel; NAFCU; NAR; NNA; SHRM; Wahmpreneur. \35\ At least one commenter suggested, without further detail, that the sender in a multi-marketer email should be the ``entity that controls the sampling, distribution, and opt-out registry.'' CMOR. Another commenter suggested determination of a sender in a multi-marketer email with a ``single, dominant marketer'' test. Bigfoot. The Direct Marketing Association (``DMA'') advocated formal adoption by the Commission of the Staff Letter of March 8, 2005, which opined on a specific fact pattern involving, among other things, multiple marketers who send commercial email messages to persons who had provided affirmative consent to receive multi- marketer commercial email messages. The Commission declines to adopt the Staff Letter. The final Rule will govern multi-marketer message sender liability. --------------------------------------------------------------------------- (i) ``From'' Line Many commenters favored looking to the ``from'' line of the message in order to determine who, under the Act, is the ``sender'' of a multi- marketer message. Commenters urged that this element is most critical for recipient expectations\36\ and would be easy to use as a way to designate a single sender.\37\ Some commenters argued that the other two proposed elements should be deleted.\38\ A few commenters also requested that the Commission provide additional guidance on which non- deceptive names can be used in the ``from'' line, including a company's brands and service names.\39\ --------------------------------------------------------------------------- \36\ See, e.g., Bigfoot; Charter; DoubleClick; KeySpan; MBNA; Nextel; OPA; SHRM. \37\ See Charter; DoubleClick; Nextel; Reed. \38\ See DoubleClick; KeySpan. \39\ See, e.g., MBNA; SIIA. --------------------------------------------------------------------------- (ii) ``Controls the Content'' Most commenters voiced concerns about the ``controls the content'' element of the proposed proviso and its likely effect. Many of these commenters found this criterion vague and urged the Commission to provide additional guidance concerning what it means to ``control'' the content of commercial email.\40\ Many advocated eliminating this factor altogether,\41\ and others urged various ways to modify it.\42\ Two primary themes emerged from the comments: (1) several parties may exercise some degree of ``control'' over content, and (2) ``control'' in this context is a vague and ill-defined concept. Commenters explained that in joint marketing arrangements, it is standard industry practice for each marketer to exercise control over the use of its own trademarks, branding, legal disclosures, and advertising copy.\43\ Commenters further explained that in highly regulated industries, such as life insurance, securities, pharmaceuticals, and alcoholic beverages, marketers may be required to include certain text and legal disclosures.\44\ Some commenters also stated that, in addition to controlling their own trademarks and disclosures, marketers sometimes influence the content of other parts of a message without ``controlling'' it, or may suggest advertising text without making the final decision about the advertising content.\45\ To protect their brand reputations, commenters explained that they need to be able to review and approve the advertising content of other marketers.\46\ --------------------------------------------------------------------------- \40\ See, e.g., ACB; ACLI; Associations; BOA; CBA; Charter; DLA; DMA; Discover; ERA; ESPC; FNBO; HSBC; IAC; Mastercard; Microsoft; MPA; MPAA; NAA; NAIFA; NBCEP; NEPA; NetCoalition; PMA; SIIA; Time Warner. \41\ See Associations; ATAA; Charter; DoubleClick; Keyspan; MasterCard; NAIFA; SIIA; Wells Fargo. Similarly, other commenters suggested that the proposed Rule be modified to allow more than one marketer to control the content of the message, while still allowing one of the marketers to be designated as the sender. See CBA; DMA; MPA; NBCEP; NetCoalition; NRF. \42\ See e.g., Adknowledge; ICC; MPA. \43\ See Reed; DoubleClick; Time Warner; MasterCard; Microsoft; Bigfoot; HSBC; MPAA; OPA. \44\ See, e.g., ACLI; BF; HSBC; IPPC; MPAA; OPA; SIA. \45\ See, e.g., BF; Visa. \46\ See, e.g., Associations; ERA; HSBC; MasterCard; MPA; NetCoalition; Nextel; NRF; OPA; PMA. --------------------------------------------------------------------------- A number of commenters opined that, without clarification, under a literal application of the proposed Rule, essentially all marketers would be deemed to ``control'' the content of a multi-marketer email, thereby preventing the designation of a single sender and defeating the purpose of the proposed Rule.\47\ Conversely, according to commenters, a standard that forced marketers to cede all control of the content of messages to one marketer among several using a single email message would greatly disrupt standard industry practices.\48\ --------------------------------------------------------------------------- \47\ See ATA; DoubleClick; HSBC; IAC; IPPC; Mastercard; Time Warner. \48\ See e.g., NAA; TimeWarner. --------------------------------------------------------------------------- To alleviate these perceived problems, a number of commenters suggested that the Commission eliminate the ``controls the content'' element, because they believed that the proposed Rule could operate effectively in its absence.\49\ Others suggested that the Commission clarify that ``control'' means control of the ``primary'' or ``overall'' content of the message, but does not mean either control by a company over its own advertisement\50\ or the practice of reviewing and approving the advertising content of other marketers.\51\ These commenters asked the Commission to clarify that ``control'' should refer to control over what content will be distributed in the email message as a whole and not control over the design, content, or placement of a particular advertisement in a multi-marketer message.\52\ Other commenters advocated that ``control'' of the content of the message should mean the ultimate ability to determine whether and when the message is transmitted.\53\ --------------------------------------------------------------------------- \49\ See NAIFA; SIIA. \50\ See, e.g., ACB; Adknowledge; Associations; ATAA; CBA; Charter; Discover; DMA; Experian; FNB; IAC; ICC; KeySpan; Microsoft; MPAA; NAIFA; NBCEP; NEPA; NetCoalition; NRF; OPA; Reed; SIIA; Time Warner; Wells Fargo. \51\ See, e.g., ERA; HSBC; MasterCard; MPA; Nextel; PMA. \52\ See ACB; BoA; Discover; ERA; ESPC; Experian; HSBC; IAC; ICC; Mastercard; Microsoft; MPA; MPAA; NAA; PMA; Visa. \53\ See, e.g., BigFoot; SIIA. --------------------------------------------------------------------------- In a similar vein, some commenters felt that the structure of the proviso as proposed in the NPRM would have limited the ability of legitimate marketers to co-promote their products without any corresponding benefit to consumers.\54\ Commenters pointed out that there are circumstances when one entity provides the email addresses to which a message is to be sent and one or more other entities control the content of the message. Under the proposal in the NPRM, all entities would be considered senders because the proposed Rule's definitional requirements allowing one sender to be designated could not be met.\55\ These commenters asked that the final Rule be made more flexible to accommodate the variety of marketing agreements commonly used in the industry.\56\ --------------------------------------------------------------------------- \54\ See Bigfoot; CBA; DMA; DoubleClick; ESPC; MPAA; NBCEP; NetCoalition; NRF; SIIA; Wells Fargo. \55\ See DMA; SIIA. \56\ See, e.g., MPAA. --------------------------------------------------------------------------- [[Page 29659]] (iii) ``Determines the Electronic Mail Addresses to Which Such Message is Sent'' Few commenters discussed the third element of the proposed proviso for the definition of ``sender'': that the sender be the party that determines the email addresses to which such message is sent. Some commenters objected to this element of the definition because, they contend, entities in joint marketing campaigns may want to contribute or recommend some email addresses without being considered the primary ``sender.''\57\ --------------------------------------------------------------------------- \57\ See, e.g., KeySpan; Reed; SIA. Several commenters also requested clarification of what constitutes ``determines'' and suggested that merely providing criteria for targeting recipients (such as demographic characteristics) should not qualify as ``determining'' the email addresses. See DoubleClick; KeySpan; MasterCard; Unsub. As discussed below, this element has been removed, and thus these requests for clarification need not be addressed. --------------------------------------------------------------------------- (iv) ``Promote'' Finally, a few commenters suggested that the Commission define broadly the term ``promote'' in the Act's definition of sender. They argued that a person ``advertises'' or ``promotes'' the person's ``product, service, or Internet website'' by appearing in the ``from'' line of the message or simply by having the person's name referenced in the email.\58\ Under this interpretation, they argued, more persons could qualify as designated ``senders'' under the proviso. --------------------------------------------------------------------------- \58\ See, e.g., Adknowledge; ESPC; Unsub. --------------------------------------------------------------------------- d. Response to Comments on the Definition of ``Sender'' and Explanation of the Final Rule's Definition of ``Sender'' Having considered the comments on the proposed definition of ``sender,'' the Commission adopts a modified version as its final Rule. These modifications mitigate the concerns of marketers raised in the comments, recognize the benefits afforded by advertising by multiple entities in a single email, conform more closely to the expectations of email recipients, and continue to provide the CAN-SPAM protections contemplated by Congress. In summary, as discussed below, the Commission retains the ``from'' line element in the proviso as a mandatory element, drops the ``controls the content'' and ``determines the electronic mail addresses to which the message is sent'' elements, and adds a requirement that the designated sender be in compliance with certain provisions of the Act and Rules that apply to initiators. In response to comments regarding the ``from'' line, the Commission found persuasive the suggestions that the ``sender'' of a multi- marketer email should be the person identified in the ``from'' line of the message. The Commission agrees that a rule that uses the ``from'' line as the sole determinant of the sender in a multi-marketer email would be straightforward for marketers to follow and is the single most helpful element of an email to enable recipients to identify the sender of the email.\59\ A designated ``sender'' for purposes of a multi- marketer email must, in addition to meeting the other requirements listed below, include its non-deceptive name, trade name, product, or service in the ``from'' line of the email.\60\ --------------------------------------------------------------------------- \59\ See Charter (stating that the ``from'' line criterion ``specifically accords with consumer expectations.''). \60\ In response to commenters seeking further guidance about whether a company's non-deceptive product or service names can be used in the ``from'' line, the Commission responds as follows. CAN- SPAM provides that ``a `from' line . . . that accurately identifies any person who initiated the message shall not be considered materially false or misleading.'' 15 U.S.C. 7704(a)(1)(B). The Commission believes that this does not mean that the ``from'' line necessarily must contain the initiator's formal or full legal name, but it does mean that it must give the recipient enough information to know who is sending the message. Email senders should consider their messages from their recipients' perspective. If a reasonable recipient would be confused by the ``from'' line identifier, the sender is not providing sufficient information. See NPRM, 70 FR at 25431 (further discussing this issue). --------------------------------------------------------------------------- And, under the final Rule, the designated sender must be ``identified in the `from' line as the sole sender of the message'' -- if two or more senders appear in the ``from'' line, the multi-marketer proviso would not be met. On the second issue identified by commenters, the Commission has deleted the ``controls the content of such message'' element from the proviso. Comments urging its removal were persuasive, and comments that advocated clarification rather than removal revealed that retaining this element would not serve to assist recipients in identifying or confirming the sender of a multi-marketer message. By its nature, a multi-marketer message promotes more than one company's content, and thus more than one company controls its content in at least some way.\61\ Modifying the criterion to require ``overall'' control of the content would simply add further nuance and complication and make enforcement difficult. Deleting this criterion will make the proviso more practicable for legitimate marketers to designate a single ``sender'' while preserving for email recipients the protections of CAN-SPAM.\62\ Under the final Rule, therefore, a non-designated sender under the multi-marketer proviso will not have ``sender'' liability just because it controls its own advertising copy, including its trademarks and legal disclosures, or reviews other marketers' content to ensure the absence of objectionable material in proximity to its own brand. --------------------------------------------------------------------------- \61\ See IAC. \62\ See, e.g., Charter (``the Commission's proposed definition is inadequate and unworkable''); DoubleClick; Keyspan; MasterCard; NAIFA; SIIA. --------------------------------------------------------------------------- The Commission has deleted the third element discussed by commenters that required that the designated ``sender'' of a multi- marketer email determine the email address to which such message will be sent. The NPRM rationale for this element was to ensure that the designated sender had the ability to process opt-out requests. The Commission is now convinced that requiring the designated sender to determine recipient email addresses would serve little, if any, purpose. Under the Act, as a sender, the designated sender already must check to make sure that none of the email recipients appears on its opt-out list. In a multi-marketer email, if the designated sender receives a list of proposed email addresses from a non-designated sender, the designated sender must scrub that list against its own opt- out list before sending the message to the addresses on that list. On the fourth and final issue raised by commenters, the Commission declines to make any additional changes to the definition of ``sender'' proposed by the NPRM. Some commenters suggested that the FTC define broadly the phrase ``advertised or promoted'' in the Act's definition of ``sender,'' so that more entities could qualify as ``senders'' under the multi-marketer proviso. The Commission believes that the definition of a ``sender'' should be based on consumer expectations. If a reasonable consumer would not believe that a person's product, service, or website were ``advertised or promoted'' in the message, then that person does not qualify as a ``sender.'' The Commission believes that the meaning of ``advertised or promoted'' is clear and broadly understood.\63\ --------------------------------------------------------------------------- \63\ By analogy, another definition in the Act, that of a ``commercial electronic mail message,'' states that [t]he inclusion of a reference to a commercial entity or a link to the web site of a commercial entity in an electronic mail message does not, by itself, cause such message to be treated as a commercial electronic mail message for purposes of this chapter if the contents or circumstances of the message indicate a primary purpose other than commercial advertisement or promotion of a commercial product or service. 15 U.S.C. 7702(2)(D). --------------------------------------------------------------------------- [[Page 29660]] Lastly, based on its law enforcement experience, the Commission recognizes that illegitimate marketers may attempt to use the proviso to escape liability under CAN-SPAM. Both CAN-SPAM's definition of ``initiator'' and the final Rule's revised definition of ``sender'' substantially reduce the likelihood of such abuse.\64\ First, marketers in a single email message who are not designated senders are still ``initiators'' under CAN-SPAM and liable under any of the provisions that apply to initiators, such as the prohibition against use of deceptive headers and subject lines and the requirement to include an opt-out link.\65\ Second, the final Rule's definition of ``sender'' requires that the designated ``sender'' be in compliance with certain initiator provisions of the Act: 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4.\66\ The proviso states that if the designated sender does not comply with these five ``initiator'' responsibilities, all the marketers will be liable as senders (and not just initiators) under the Act because the proviso will not apply. By requiring the designated sender to comply with these provisions of law, the other marketers using a single email message must ensure that the entity that is the designated ``sender'' complies with the Act and the Commission's rules. Otherwise, the other marketers using the email risk losing the protections provided by the proviso and each will be a ``sender'' of the message. The final Rule, therefore, provides senders of multi- marketer emails a method of reducing the burdens associated with multiple opt-out links and postal addresses while guarding against possible abuse. Nonetheless, if the Commission finds such abuse through the operation of the proviso, it will reconsider whether the final Rule is justified under the Act.\67\ --------------------------------------------------------------------------- \64\ At least one commenter suggested that the proviso could be subject to abuse. See Adknowledge (suggesting that to avoid abusive practices, the proposed regulation explicitly should state that a ``person'' must be a ``bona fide business entity'' because ``spammers continually change the name of the originating entity along with header or other information, or consider a mere email address list as a `business entity.'''). \65\ See, e.g., FTC v. Phoenix Avatar, 2004-2 Trade Cas. (CCH) ] 74,507 (N.D. Ill. Jul. 30, 2004) (order granting preliminary injunction); FTC v. Opt-in Global, No. 05-cv-1502 (N.D. Cal. filed Apr. 12, 2005) (final order entered Apr. 6, 2006); FTC v. Dugger, No. CV-06-0078 (D. Ariz. filed Jan. 9, 2006) (final order entered Jul. 31, 2006). \66\ Section 7704(a)(1) of the Act prohibits initiation of an email that contains false or misleading transmission information, and section 7704(a)(2) prohibits initiation of an email with a deceptive subject heading. Section 7704(a)(3)(A)(i) requires an initiator to include a ``functioning return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed, that a recipient may use to submit . . . a reply electronic mail message or other form of Internet-based communication requesting not to receive future commercial electronic mail messages from [the] sender [responsible for the initial commercial message].'' Section 7704(a)(5)(A) of the Act requires that an initiator ``provide clear and conspicuous identification that the message is an advertisement or solicitation, clear and conspicuous notice of the opportunity . . . to decline to receive further commercial electronic mail messages from the sender, and a valid physical postal address of the sender.'' Finally, 16 CFR 316.4, the Sexually Explicit Labeling Rule, imposes certain requirements on a message that includes sexually oriented material, including the 19 characters ``SEXUALLY EXPLICIT: '' at the beginning of the subject header of the message. \67\ Of course, it should be noted that the proviso in no way relieves non-designated senders of liability for ensuring that their own advertising complies with the FTC Act. --------------------------------------------------------------------------- e. List Owners In the NPRM, the Commission asked whether under CAN-SPAM, third- party list providers who do nothing more than provide a list of names to whom others send commercial emails could be required to honor opt- out requests.\68\ Specifically, the NPRM asked whether such list providers could satisfy the statutory definition of sender, i.e., a person that both initiates a message and advertises its product, service, or website in the message. --------------------------------------------------------------------------- \68\ 70 FR at 25450. --------------------------------------------------------------------------- Some commenters opposed extending opt-out responsibilities to third-party list providers because it would be contrary to congressional intent, difficult to implement and monitor, and would impose administrative costs and complexity for legitimate list providers and email marketers.\69\ Although the NPRM asked about list owners who have no other involvement in the message besides providing a list of names to others, commenters discussed other list rental arrangements in which both the marketer and the list owner have some degree of control over the content of the message.\70\ In those cases, list owners typically do not have control over the specific creative content within an advertisement, but they can approve or disapprove an advertisement for delivery to email addresses on their lists. --------------------------------------------------------------------------- \69\ See FNB; Jumpstart; Lashback; Schnell; SIA (list providers play a role ``similar to that of a telephone directory service,'' are neither ``advertising or promoting their products and services,'' nor ``initiating the email,'' and accordingly ``do not come within the definition of `sender' under the CAN-SPAM Act.''). \70\ See, e.g., Unsub. --------------------------------------------------------------------------- On the other hand, two commenters argued in favor of extending opt- out obligations to third-party list providers.\71\ Some of these commenters thought the Commission should clarify that in such situations the list owner exercises fundamental ``control'' of the content of the message for purposes of the then-proposed regulatory definition of ``sender.''\72\ Other commenters urged the Commission to adopt the position that a list owner would be considered a sender if the list owner ``advertises or promotes'' its services merely by being referenced in the ``from'' line or in the message itself, thereby making it responsible for the opt-out function and other CAN-SPAM compliance.\73\ --------------------------------------------------------------------------- \71\ See Adknowledge; EPIC. \72\ See, e.g., ESPC. \73\ See, e.g., Adknowledge; Baker; ESPC; cf. Microsoft (arguing that it should constitute a deceptive trade practice for a list owner to fail to identify itself and the role that it plays in sending the message, that its identification would be considered advertising or promoting its services, and thus that the list owner would meet the definition of ``sender'' and have CAN-SPAM liability); Adknowledge (proposing that the Commission make it ``mandatory for list owners to advertise or promote themselves in each email message they transmit''). --------------------------------------------------------------------------- Because of the variety of situations in which a list owner might be involved in a commercial email, and because none of the commenters provided a workable mechanism for all of these situations, the Commission is persuaded that amending the rules under CAN-SPAM to create a specific provision for list owners is not feasible. The Commission finds that a list owner must honor opt-out requests only if it qualifies as the ``sender'' of a commercial email (i.e., it is an initiator and its ``product, service, or Internet web site'' are ``advertised or promoted'' in the email). And, if it does qualify as a ``sender,'' it may avail itself of the multi-marketer proviso added to the definition of sender in the final Rule. f. Safe Harbor for Email Messages Sent By Affiliates In the NPRM, the Commission asked whether it should adopt a ``safe harbor'' with respect to opt-out and other obligations for a sender whose product, service, or website is advertised by affiliates or other third parties. Moreover, the Commission sought guidance on the criteria for a safe harbor.\74\ --------------------------------------------------------------------------- \74\ 70 FR at 25450. --------------------------------------------------------------------------- Although the Act does not provide a definition of ``affiliate,'' the Commission noted in the NPRM that ``affiliates'' are induced to send commercial email messages by sellers seeking to drive traffic to their websites, and that sellers generally pay affiliates based on the number of individuals who, directed by the affiliates, ultimately visit the seller's [[Page 29661]] website and/or purchase the seller's product or service.\75\ --------------------------------------------------------------------------- \75\ 70 FR at 25428 n.23. According to IAC, in a typical affiliate program, a marketer enters an arrangement with an affiliate to pay the affiliate for referrals to its website. The affiliate can employ a variety of methods to direct consumers to the marketer's website, including email messages. The affiliate sends email messages containing an advertisement promoting the marketer's goods or services and a hypertext link to visit the marketer's website directly from the email message (either as a direct link or through