Definitions and Implementation Under the CAN-SPAM Act, 29654-29680 [E8-11394]

Agencies

• FEDERAL TRADE COMMISSION

[Federal Register Volume 73, Number 99 (Wednesday, May 21, 2008)]
[Rules and Regulations]
[Pages 29654-29680]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-11394]



[[Page 29653]]

-----------------------------------------------------------------------

Part IV





Federal Trade Commission





-----------------------------------------------------------------------



16 CFR Part 316



Definitions and Implementation Under the CAN-SPAM Act; Final Rule

Federal Register / Vol. 73, No. 99 / Wednesday, May 21, 2008 / Rules 
and Regulations

[[Page 29654]]


-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION

16 CFR Part 316

[Project No. R411008]
RIN 3084-AA96


Definitions and Implementation Under the CAN-SPAM Act

AGENCY: Federal Trade Commission.

ACTION: Final Rule.

-----------------------------------------------------------------------

SUMMARY: In this document, the Federal Trade Commission (``FTC'' or 
``Commission'') issues its Statement of Basis and Purpose and final 
Discretionary Rule (``final Rule'') pursuant to section 7711(a) of the 
Controlling the Assault of Non-Solicited Pornography and Marketing Act 
of 2003 (``CAN-SPAM'' or ``the Act''), which gives the FTC 
discretionary authority to ``issue regulations to implement the 
provisions of [the] Act.''

EFFECTIVE DATE: The provisions of the final Rule will become effective 
on July 7, 2008.

ADDRESSES: Requests for copies of the provisions of the Statement of 
Basis and Purpose and final Rule should be sent to: Public Records 
Branch, Room 130, Federal Trade Commission, 600 Pennsylvania Avenue, 
N.W., Washington, DC 20580. Copies of these documents are also 
available at the Commission's Website: https://www.ftc.gov.

FOR FURTHER INFORMATION CONTACT: Janis Claire Kestenbaum, (202) 326-
2798, and Sana Coleman Chriss, (202) 326-2249, Division of Marketing 
Practices, Bureau of Consumer Protection, Federal Trade Commission, 600 
Pennsylvania Avenue, N.W., Washington, DC 20580.

SUPPLEMENTARY INFORMATION: The final Rule: (1) Adds a definition of the 
term ``person''; (2) modifies the term ``sender'' in those instances 
where a single email message contains advertisements for the products, 
services, or websites of multiple entities; (3) clarifies that a sender 
may comply with section 7704(a)(5)(A)(iii) of the Act by including in a 
commercial email message a post office box or private mailbox 
established pursuant to United States Postal Service regulations; and 
(4) clarifies that to submit a valid opt-out request, a recipient 
cannot be required to pay a fee, provide information other than his or 
her email address and opt-out preferences, or take any steps other than 
sending a reply email message or visiting a single page on an Internet 
website. This Statement of Basis and Purpose also explains the 
Commission's rationale for not adopting other proposals contained in 
the Commission's May 12, 2005 Notice of Proposed Rulemaking 
(``NPRM''),\1\ and addresses the application of CAN-SPAM to forward-to-
a-``friend'' emails and certain other categories of email messages 
identified in the NPRM.
---------------------------------------------------------------------------

    \1\ 70 FR 25426.
---------------------------------------------------------------------------

STATEMENT OF BASIS AND PURPOSE

I. BACKGROUND

A. CAN-SPAM Act of 2003

    On December 16, 2003, the President signed into law the CAN-SPAM 
Act.\2\ The Act, which took effect on January 1, 2004, imposes a series 
of new requirements on the use of commercial electronic mail 
(``email'') messages. In addition, the Act gives federal civil and 
criminal enforcement authorities new tools to combat commercial email 
that is unwanted by the recipient and/or deceptive. The Act also allows 
state attorneys general to enforce its civil provisions, and creates a 
private right of action for providers of Internet access service.
---------------------------------------------------------------------------

    \2\ 15 U.S.C. 7701-7713.
---------------------------------------------------------------------------

    In enacting the CAN-SPAM Act, Congress made the following 
determinations of public policy, set forth in section 7701(b) of the 
Act: (1) there is a substantial government interest in regulation of 
commercial email on a nationwide basis; (2) senders of commercial email 
should not mislead recipients as to the source or content of such mail; 
and (3) recipients of commercial email have a right to decline to 
receive additional commercial electronic mail from the same source.
    Based on these policy determinations, Congress, in sections 7704(a) 
and (b) of the CAN-SPAM Act, outlawed certain commercial email acts and 
practices. Section 7704(a)(1) of the Act prohibits transmission of any 
email that contains false or misleading header or ``from'' line 
information. Section 7704(a)(2) prohibits the transmission of 
commercial email messages with false or misleading subject headings. 
Section 7704(a)(3) requires that a commercial email message contain a 
functioning return email address or similar Internet-based mechanism 
for recipients to use to ``opt out'' of receiving future commercial 
email messages. Section 7704(a)(4) prohibits the sender, or others 
acting on the sender's behalf, from initiating a commercial email to a 
recipient more than ten business days after the recipient has opted 
out. Section 7704(a)(5) prohibits the initiation of a commercial email 
message unless it contains three disclosures: (1) clear and conspicuous 
identification that the message is an advertisement or solicitation; 
(2) clear and conspicuous notice of the opportunity to decline to 
receive further commercial email messages from the sender; and (3) a 
valid physical postal address of the sender. And section 7704(b) 
specifies four ``aggravated violations'' -- practices that compound the 
available statutory damages when alleged and proven in combination with 
certain other CAN-SPAM violations.\3\
---------------------------------------------------------------------------

    \3\ 15 U.S.C. 7704(b). The four such practices set forth in the 
statute are: address harvesting; dictionary attacks; automated 
creation of multiple email accounts; and relaying or retransmitting 
through unauthorized access to a protected computer or network. The 
Act's provisions relating to enforcement by state attorneys general 
and providers of Internet access service create the possibility of 
increased statutory damages if a court finds a defendant has engaged 
in one of the practices specified in section 7704(b) while also 
violating section 7704(a). Specifically, sections 7706(f)(3)(C) and 
(g)(3)(C) permit a court to increase a statutory damages award up to 
three times the amount that would have been granted without the 
commission of an aggravated violation. Sections 7706(f)(3)(C) and 
(g)(3)(C) also provide for this heightened statutory damages 
calculation when a court finds that the defendant's violations of 
section 7704(a) were committed ``willfully and knowingly.''
---------------------------------------------------------------------------

    The Act authorizes the Commission to enforce violations of the Act 
in the same manner as an FTC trade regulation rule.\4\ Section 7706(f) 
authorizes the attorneys general of the states to enforce compliance 
with certain provisions of section 7704(a) of the Act by initiating 
enforcement actions in federal court, after serving prior written 
notice upon the Commission when feasible.\5\ CAN-SPAM also authorizes 
providers of Internet access service to bring a federal court action 
for violations of certain provisions of sections 7704(a), (b), and 
(d).\6\
---------------------------------------------------------------------------

    \4\ Sections 7706(a) and (c) of the CAN-SPAM Act provide that a 
violation of the Act shall be treated as a violation of a rule 
issued under section 18(a)(1)(B) of the FTC Act, 15 U.S.C. 
57a(a)(1)(B).
    \5\ 15 U.S.C. 7706(f). Specifically, the state attorneys general 
may bring enforcement actions for violations of section 7704(a)(1), 
7704(a)(2), or 7704(d). The states may also bring an action against 
any person who engages in a pattern or practice that violates 
section 7704(a)(3), (4), or (5).
    \6\ 15 U.S.C. 7706(g). Section 7704(d) of the Act requires 
warning labels on commercial email messages containing sexually 
oriented material. 15 U.S.C. 7704(d). In April, 2004, the Commission 
promulgated its final rule regarding such labels. See 69 FR 21024 
(Apr. 19, 2004); 16 CFR 316.4.
---------------------------------------------------------------------------

B. Notice of Proposed Rulemaking

    In its May 12, 2005 NPRM, the Commission proposed rule provisions 
on five topics: (1) defining the term ``person,'' a term used 
throughout the Act, but not defined; (2) modifying the definition of 
``sender'' to make it easier to determine which of multiple parties

[[Page 29655]]

advertising in a single email message must have its valid physical 
postal address included in the message and is responsible for honoring 
``opt-out'' requests; (3) clarifying that Post Office boxes and private 
mailboxes established pursuant to United States Postal Service 
regulations constitute ``valid physical postal addresses'' within the 
meaning of the Act; (4) shortening from ten days to three days the time 
a sender may take before honoring a recipient's opt-out request; and 
(5) clarifying that to submit a valid opt-out request, a recipient 
cannot be required to pay a fee, provide information other than his or 
her email address and opt-out preferences, or take any steps other than 
sending a reply email message or visiting a single page on an Internet 
website.\7\
---------------------------------------------------------------------------

    \7\ Prior to the NPRM, the Commission issued an Advance Notice 
of Proposed Rulemaking (``ANPR''), 69 FR 11776 (Mar. 11, 2004), 
soliciting comments on a number of issues raised by CAN-SPAM, 
including the interpretation of the term ``primary purpose,'' which 
the Commission addressed in a final Rule issued on January 19, 2005, 
codified at 16 CFR 316.3. In addition, the ANPR requested comment on 
the definitions of ``transactional or relationship message'' and 
``valid physical postal address,'' the application of the Act to 
both multiple-marketer and forward-to-a-``friend'' emails, the 
sufficiency of the ten-business-day opt-out period that had been set 
by the Act, the potential addition of new aggravated violations, and 
implementation of the Act's provisions generally. (Two issues 
addressed in the NPRM and in this Statement of Basis and Purpose -- 
the definition of ``person'' and the prohibition on charging a fee 
or imposing other requirements on recipients who wish to opt-out -- 
were not addressed in the ANPR.) The ANPR also solicited comment on 
questions related to four Commission reports required to be 
submitted to Congress. The Commission received over 13,500 comments 
in response to the ANPR.
---------------------------------------------------------------------------

    In response to this NPRM, the Commission received 152 comments from 
email marketers and their associations, email recipients, and other 
interested parties.\8\ Based upon the entire record in this proceeding 
and the Commission's law enforcement experience, the Commission hereby 
adopts final Rule provisions that are very similar, but not identical, 
to the proposed Rule provisions. As discussed in detail below, the 
adopted provisions are based upon the recommendations of commenters to 
make certain modifications in the proposed provisions, as well as the 
Commission's anti-spam law enforcement experience. Commenters' 
recommendations that the Commission has declined to adopt in its final 
Rule are also identified, along with the Commission's reasons for 
rejecting them.

II. DISCUSSION OF THE FINAL RULE
---------------------------------------------------------------------------

    \8\ Approximately 93 of these comments were submitted by 
industry representatives, 56 were submitted by consumers, and 3 were 
submitted by privacy groups. Appendix A is a list of the commenters 
and the acronyms used to identify each commenter who submitted a 
comment in response to the NPRM. These comments are available on the 
Commission's website at the following address: https://www.ftc.gov/
os/comments/canspam3/index.shtm.
---------------------------------------------------------------------------

A. Section 316.2 -- Definitions

    Section 316.12,\9\ one of the Rule provisions previously adopted 
under CAN-SPAM, defines thirteen terms by reference to the 
corresponding sections of the Act that define those terms.\10\ The NPRM 
proposed modification of the previously-adopted definition of 
``sender'' by adding a proviso to cover multiple sender scenarios. The 
NPRM also proposed adding definitions of ``person'' and ``valid 
physical postal address.'' All other definitions were to remain as 
adopted. While the NPRM did not propose any changes to the Act's 
definition of ``transactional or relationship message,'' it posed a 
series of questions about the interpretation and potential expansion of 
this definition, and similarly requested comment on the application of 
the Act's definitions of ``sender'' and ``initiate'' to forward-to-a-
``friend'' email campaigns.
---------------------------------------------------------------------------

    \9\ Because the final Rule contains several new provisions, the 
numbering of the Rule's subsections has changed. All cites to the 
Rule in this Statement of Basis and Purpose are to the new, 
renumbered Rule provisions, unless otherwise stated.
    \10\ The Commission adopted these definitions in the Adult 
Labeling Rulemaking proceeding under section 7704(d) of CAN-SPAM, 
which required the Commission to prescribe a mark to be included in 
commercial email containing sexually oriented material. 69 FR 21024 
(Apr. 19, 2004). A fourteenth term, ``character,'' not defined in 
CAN-SPAM, was also defined in the Adult Labeling Rule. 16 CFR 
316.2(b).
---------------------------------------------------------------------------

1. Section 316.2(h) -- Definition of ``Person''

    In the NPRM,\11\ the Commission proposed adding a definition of 
``person,'' a term used throughout the Act,\12\ pursuant to its 
authority to ``issue regulations to implement the provisions of this 
Act.''\13\ Under the definition proposed in the NPRM, which is 
identical to the definition contained in the Telemarketing Sales Rule, 
16 CFR 310.2, the term ``person'' would mean ``an individual, group, 
unincorporated association, limited or general partnership, 
corporation, or other business entity.''
---------------------------------------------------------------------------

    \11\ NPRM, 70 FR at 25428.
    \12\ See, e.g., 15 U.S.C. 7702(8), (9), (12), (15) & (16); 
7704(a)(1), (2) & (3).
    \13\ 15 U.S.C. 7711(a).
---------------------------------------------------------------------------

    Seven of the eight commenters that addressed this issue supported 
the addition of the Commission's proposed definition of ``person,'' 
opining that it would clarify the types of entities to which the Act 
applies.\14\ The sole objection came from the Society for Human 
Resources Management (``SHRM''), which argued that unincorporated 
nonprofit associations should be excluded from the definition of 
``person'' and, therefore, wholly exempt from CAN-SPAM.\15\ SHRM argued 
that, without such an exemption, the risk of liability under the Act 
could discourage the organization's members from volunteering to serve 
in a leadership capacity.
---------------------------------------------------------------------------

    \14\ See Discover; Empire; ESPC; FNB; KeySpan; NAR; Metz. 
Adknowledge also advocated modifying the definition of ``person,'' 
but, at bottom, its argument appears to relate to liability in the 
context of a multi-marketer email. The Commission thus has 
considered Adknowledge's comment in connection with the definition 
of ``sender,'' below. See infra Part II.A.2.
    \15\ See also ABA (noting that its comments on the ANPR asked 
the Commission to clarify that the term ``person'' should exclude 
associations and other tax-exempt nonprofit organizations with 
respect to their email sent in pursuit of their tax-exempt nonprofit 
purposes).
---------------------------------------------------------------------------

    Having considered the comments, the Commission adopts without 
modification the definition of ``person'' in the proposed Rule. The 
Commission believes that the addition of this definition will advance 
the implementation of the Act by clarifying that the term ``person'' is 
broadly construed and is not limited to a natural person. The 
Commission rejects the argument that there should be a blanket 
exemption for all messages sent by unincorporated nonprofit entities. 
As we have previously observed, CAN--SPAM does not set up a dichotomy 
between ``commercial'' and ``nonprofit'' messages.\16\ Accordingly, 
when nonprofit organizations send emails the primary purpose of which 
is the advertisement or promotion of a commercial product or service, 
recipients are entitled to the Act's protections. In any event, as 
discussed below, see infra Part II.A.3.j., messages from an association 
to its members will often be ``transactional or relationship messages'' 
under section 7702(17) of the Act and thus not required to include a 
functioning Internet-based mechanism for consumers to use to opt out of 
receiving future commercial messages.\17\
---------------------------------------------------------------------------

    \16\ 69 FR 50091, 50100 (Aug. 13, 2004).
    \17\ Section 7706(d) makes clear that the Commission has only 
the same jurisdiction and power under the Act as it has under the 
FTC Act, 15 U.S.C. 41, et seq. Consequently, the FTC lacks 
jurisdiction to enforce CAN-SPAM against any entity that is not 
``organized to carry on business for its own profit or that of its 
members.'' 15 U.S.C. 44. States and providers of Internet access 
service can bring CAN-SPAM actions against nonprofits, however.
---------------------------------------------------------------------------

2. Section 316.2(m) -- Definition of ``Sender''

    Section 7702(16)(A) of CAN-SPAM defines ``sender'' as ``a person 
who initiates [a commercial electronic mail]

[[Page 29656]]

message and whose product, service, or Internet web site is advertised 
or promoted by the message.''\18\ In the NPRM, the Commission proposed 
amending the definition of ``sender'' to address concerns identified in 
the ANPR comments about the application of CAN-SPAM's definition of 
``sender'' to scenarios where multiple marketers use a single email 
message ---- for example, where a commercial email from an airline also 
contains advertisements or promotions for a hotel chain and a car 
rental company. The Commission received almost 60 comments in response 
to this proposal, many of which suggested modifications to the proposed 
Rule provision. After consideration of these comments, the Commission 
has modified the definition of ``sender'' as proposed in the NPRM. The 
final Rule provides that multiple ``senders'' of a commercial email, 
under certain conditions, may identify one among them as the ``sender'' 
who will be deemed the sole ``sender'' of the message (the ``designated 
sender''). Thus, under the final Rule, the designated sender, but not 
the other marketers using the same email message, must honor opt-out 
requests made by recipients of the message.\19\ Moreover, under the 
final Rule, the physical address of the designated sender, but not the 
addresses of the other marketers using the same email message, must 
appear in the message.
---------------------------------------------------------------------------

    \18\ 15 U.S.C. 7702(16)(A). The Commission incorporated by 
reference into the CAN-SPAM rules this definition of ``sender'' in 
its primary purpose rulemaking. 16 CFR 316.2(l); 70 FR at 3127.
    \19\ Under the final Rule, where a commercial email is sent by 
multiple ``senders'' who designate one ``sender'' to be responsible 
for honoring opt-out requests, the other marketers using the single 
email message still will be ``initiators'' of the email message and 
therefore responsible for complying with CAN-SPAM's requirements 
concerning ``initiators'': 15 U.S.C. 7704(a)(1), 15 U.S.C. 
7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 
16 CFR 316.4.
---------------------------------------------------------------------------

a. Background

    As discussed in the ANPR, the Act itself does not specifically 
address multiple-marketer emails. Rather, under the Act, if multiple 
senders using a single email message meet the definition of ``sender,'' 
each would need to provide an opt-out mechanism, a valid physical 
postal address for each sender would have to appear in the message, and 
each would be responsible for honoring an opt-out request by a 
recipient.\20\ The ANPR sought comment on ``whether it would further 
the purposes of CAN--SPAM or assist the efforts of companies and 
individuals seeking to comply with the Act if the Commission were to 
adopt rule provisions clarifying the obligations of multiple senders 
under the Act.''\21\
---------------------------------------------------------------------------

    \20\ The ``sender'' is required by the Act to honor opt-out 
requests. 15 U.S.C. 7704(a)(4)(A)(i). Additionally, the ``sender's'' 
physical postal address must be included in the message. 15 U.S.C. 
7704(a)(5)(A)(iii).
    \21\ 69 FR at 11778.
---------------------------------------------------------------------------

    Commenters responding to the ANPR claimed that implementation of 
the Act may be impeded in multiple marketer scenarios because marketers 
and consumers will encounter certain difficulties under a regime that 
holds more than one party responsible as the sender of a single email. 
First, commenters claimed that consumer confusion would result from 
multiple opt-out mechanisms and valid physical postal addresses in a 
single email message.\22\ Second, some ANPR commenters predicted that 
rigid application of CAN-SPAM's sender definition would likely chill 
electronic commerce and destroy the type of joint marketing 
arrangements that are common in industry.\23\ According to these 
commenters, marketers would have to develop mechanisms for receiving 
suppression lists (lists of email addresses of consumers who previously 
had opted-out of receiving messages from a sender) from every marketer 
or co-marketer with which they deal, and for comparing their own 
mailing lists against multiple suppression lists.\24\ In addition, a 
marketer would have to develop processes for managing multiple opt-
outs, i.e., ensuring that the consumer can opt out from each marketer 
and that all opt-outs sent to the marketer are forwarded to the 
marketers from whom the consumer no longer wishes to receive commercial 
email. These commenters argued that existing CAN-SPAM treatment of 
multiple senders in a single email is needlessly complex and results in 
unnecessary administrative costs and delays for legitimate email 
marketers because of the need to maintain and effectuate multiple 
suppression lists.\25\ Third, commenters stated that a requirement to 
check names against multiple lists would necessitate passing lists back 
and forth among several parties, increasing the risk that consumers' 
private information may be shared with inappropriate entities or 
exposed to hackers. Moreover, these commenters opined that multiple 
suppression lists could force a business to divulge customer names to 
list owners and other marketers, even when the business has promised to 
protect that information under its privacy policy.\26\
---------------------------------------------------------------------------

    \22\ 70 FR at 25429 (citing comments by American Bankers 
Association; DMA; ERA; IAC; MPAA; Microsoft; PMA; Time Warner).
    \23\ Id. (citing comments by NAA; Time Warner).
    \24\ Id. (citing comments by American Bankers Association; DMA; 
ERA; IAC; MPAA; Microsoft; PMA; Time Warner).
    \25\ Id. (citing comments by American Bankers Association; DMA; 
ERA; MPAA; Microsoft).
    \26\ Id. (citing comments by American Bankers Association; ASTA; 
ACB; DMA; IAC; MPA; Microsoft; Time Warner). ANPR commenters 
identified a fourth problem in some situations, such as newsletters. 
Commenters stated that a requirement that each separate marketer in 
a single email message be treated as a separate sender would run 
counter to consumer expectations -- consumers would expect to opt 
out of the email list of the person with whom the consumer had a 
relationship, not from a marketer in the newsletter. Id. (citing 
comments by ABM; DMA; Microsoft; Midway; Time Warner).
---------------------------------------------------------------------------

    For these reasons, many commenters responding to the ANPR urged 
that the Act's ``sender'' definition be modified to provide that when 
more than one company's products or services are advertised or promoted 
in a single email message, only one among them be responsible as the 
sender of a message for purposes of the Act.
    Based upon these comments, in the NPRM, the Commission proposed 
adding a proviso to the definition of ``sender'' to allow multiple 
sellers advertising in a single email message to designate one among 
them as the single ``sender'' of the message for purposes of the Act. 
Under the NPRM's proposed proviso, only one of multiple persons whose 
products or services are advertised or promoted in an email message 
would have been the ``sender'' if that person: (A) initiated the 
message and otherwise met the Act's definition of ``sender,'' and (B) 
was the only person who: (1) ``controls the content of such message,'' 
(2) ``determines the electronic mail addresses to which such message is 
sent,'' or (3) ``is identified in the `from' line as the sender of the 
message.'' Under the proposed Rule, if more than one person meeting the 
Act's definition of ``sender'' were to satisfy one of these three 
criteria, then each such person who satisfied the definition would have 
been considered a sender for purposes of CAN-SPAM compliance 
obligations.\27\
---------------------------------------------------------------------------

    \27\ A hypothetical example illustrated the NPRM ``sender'' 
definition proposal. If X, Y, and Z are sellers who satisfy the 
Act's ``sender'' definition, and they designate X to be the single 
``sender'' under the Commission's proposal, among the three sellers, 
only X may control the message's content, control its recipient 
list, or appear in its ``from'' line. X need not satisfy all three 
of these criteria, but no other seller may satisfy any of them. The 
sellers may use third parties to be responsible for any criteria not 
satisfied by X. For example, if X appears in the ``from'' line, the 
sellers may use third parties -- but not Y or Z -- to control the 
message's content and recipient list. 70 FR at 25428.

---------------------------------------------------------------------------

[[Page 29657]]

b. The Final Rule

    Based upon the comments responding to the NPRM proposal, the 
Commission believes that modification of the proposed Rule's definition 
of ``sender'' as it relates to multi-marketer emails is necessary. The 
final Rule drops the proposed ``controls the content'' and ``determines 
the electronic mail addresses to which such message is sent'' elements, 
adds compliance with the core provisions of CAN-SPAM as an element, 
makes the elements conjunctive rather than disjunctive, and makes the 
element requiring identification of the person in the ``from'' line 
mandatory. The Commission believes that these modifications will meet 
the concerns of marketers while still preserving CAN-SPAM opt-out 
protections.
    Thus, under the final Rule, multiple marketers can designate as a 
single ``sender,'' for purposes of compliance with the Act, a person 
who: (A) meets the Act's definition of ``sender,'' i.e., such person 
initiates a commercial electronic mail message in which it advertises 
or promotes its own goods, services, or Internet website; (B) is 
identified uniquely in the ``from'' line of the message; and (C) is in 
compliance with 15 U.S.C. 7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 
7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 CFR 316.4.\28\ In 16 
CFR 316.2(m), the final Rule thus states:
---------------------------------------------------------------------------

    \28\ These provisions, as explained below, apply to initiators 
of commercial emails and require that the email message may not 
contain false or misleading transmission information or a deceptive 
subject heading; but must contain a valid postal address, a working 
opt-out link, and proper identification of the message's commercial 
or sexually explicit nature.
---------------------------------------------------------------------------

 The definition of the term ``sender'' is the same as the definition of 
that term in the CAN-SPAM Act, 15 U.S.C. 7702(16), provided that, when 
more than one person's products, services, or Internet website are 
advertised or promoted in a single electronic mail message, each such 
person who is within the Act's definition will be deemed to be a 
``sender,'' except that, only one person will be deemed to be the 
``sender'' of that message if such person: (A) is within the Act's 
definition of ``sender''; (B) is identified in the ``from'' line as the 
sole sender of the message; and (C) is in compliance with 15 U.S.C. 
7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 
7704(a)(5)(A), and 16 CFR 316.4.
    The Commission makes this clarification pursuant to its 
discretionary rulemaking authority to ``issue regulations to implement 
the provisions of this Act.''\29\
---------------------------------------------------------------------------

    \29\ 15 U.S.C. 7711(a). Like the proposed Rule, this final Rule 
does not eliminate the possibility that a message may have more than 
one ``sender.'' However, marketers can use the criteria set forth in 
the proviso to establish a single sender and reduce CAN-SPAM's 
compliance burdens. If marketers fail to structure the message to 
avoid multiple senders under the sender definition, then each sender 
is obligated to comply with CAN-SPAM requirements for senders, 
notably, to provide its physical postal address and to honor any 
opt-out requests.
---------------------------------------------------------------------------

    The definition of ``sender'' in the final Rule provides marketers 
flexibility to structure their messages in a way that alleviates 
redundant obligations for the various marketers in a single email while 
ensuring that recipients of such messages receive the benefit of CAN-
SPAM's core opt-out protections. Specifically, the final Rule makes it 
more practicable than the proposed Rule for multiple marketers 
promoting their products in a single email to designate a single entity 
as the ``sender'' under the Act because the marketers' decision as to 
which of them will appear in the ``from'' line resolves the question of 
which will be considered a ``sender'' under the Act and will be charged 
with the resulting responsibilities. The final Rule eliminates the 
complex fact determination of who ``controls'' the content and the 
element of who ``determines the electronic mail addresses to which such 
message is sent.'' By placing the focus on the ``from'' line, the best 
point of reference for consumers, the modification in the final Rule 
more directly conforms to consumers' expectations as to the identity of 
the entity responsible for sending them a multi-marketer email.
    An example illustrates how the final Rule's ``sender'' definition 
applies in the multi-marketer email context. Suppose A, B, and C have 
goods advertised or promoted in a single email message and that each is 
an initiator under the Act. If A's name appears in the ``from'' line of 
the message, A is considered the ``sender'' under the final Rule. While 
B and C promote their goods, services, or Internet website in the 
message, may control portions or all of the content of the message, and 
may supply email addresses for A to use to address the message, neither 
B nor C would be considered ``senders,'' unless A did not comply with 
the listed requirements that apply to ``initiators,'' namely 15 U.S.C. 
7704(a)(1), 15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 
7704(a)(5)(A), and 16 CFR 316.4. It would be clear to a consumer that 
an opt-out request would be sent to A, the one person identified in the 
``from'' line.
    The comments and the FTC's law enforcement experience suggest that 
a provision, such as the final Rule's sender definition, that allows 
multiple senders flexibility in determining who will be the sole 
``sender'' raises the possibility of abuse by illegitimate marketers. 
As discussed below, this concern is addressed in part by the addition 
of certain initiator provisions to the proviso: 15 U.S.C. 7704(a)(1), 
15 U.S.C. 7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 
7704(a)(5)(A), and 16 CFR 316.4. If the designated sender is not in 
compliance with the initiator provisions, then all marketers in the 
message will be liable as senders.

c. Comments on the NPRM's Definition of ``Sender''

    Commenters who addressed the proposed definition of sender were 
nearly unanimous in supporting a ``sender'' definition that would 
enable marketers to designate a single ``sender'' when multiple 
marketers use a commercial email message. Reiterating ANPR comments, 
several commenters noted that such a rule provision would avoid 
``daunting compliance challenges'' for email marketers, such as the 
heavy burden of cross-checking the opt-out lists of all the individual 
marketers with the designated sender's opt-out list.\30\ Likewise, 
commenters supported the NPRM's proposed Rule because it would enable 
recipients to determine the party responsible for honoring opt-out 
requests.\31\ Others noted with approval that designating a single 
sender would eliminate confusion for consumers who otherwise would face 
multiple opt-out links and postal addresses.\32\ Finally, other 
commenters opined that the proposed Rule would promote protection of 
consumer privacy.\33\
---------------------------------------------------------------------------

    \30\ See, e.g., ATAA; Charter; DoubleClick; ERA; ESPC; FNB; IAC; 
ICC; IPPC; Mattel; Microsoft; NAR; NEPA; NetCoalition; NNA. As the 
ERA summarized it, ``[D]esignating a single sender will enhance 
accuracy and compliance efforts, streamline the opt-out process for 
consumers and sellers/marketers, and avoid confusion by, among other 
things, avoiding cluttered or repetitious information in messages or 
multiple suppression lists. It also helps address privacy concerns 
that may attend to sharing consumer suppression data.''
    \31\ See, e.g., Mattel; NAFCU.
    \32\ See ATAA (it would be ``difficult to format messages in a 
way that makes them compelling and understandable to recipients'' 
because of the welter of opt-out links and postal addresses); ERA; 
ESPC.
    \33\ See ERA; NetCoalition.
---------------------------------------------------------------------------

    In contrast to the almost unanimous support for a multi-marketer 
proviso, however, few commenters supported the definition of ``sender'' 
as proposed in the NPRM without change.\34\ Many commenters raised 
concerns about the workability and clarity of the proposal,

[[Page 29658]]

as well as its consistency with consumer expectations. Most commenters 
urged the Commission to modify or clarify the criteria articulated in 
the proposed Rule. Such comments concerned four issues. The first three 
issues relate to the three listed criteria in the NPRM's proposed 
proviso: (1) the significance of the person identified in the ``from'' 
line; (2) the meaning of ``controls the content of the message'' and 
the structure of the proviso; and (3) the meaning of ``determines the 
electronic mail addresses'' to which a message is sent. A fourth 
category of comments addressed what it means to ``advertise'' or 
``promote'' a product, service, or website under the Act, which is 
related to the question posed in the NPRM about whether ``list owners'' 
can be ``senders'' under the Rule and thus be required (or allowed) to 
process opt-out requests in lieu of other marketers who promote a 
product, service, or website in the email.\35\
---------------------------------------------------------------------------

    \34\ See, e.g., ARDA; Empire; Mattel; NAFCU; NAR; NNA; SHRM; 
Wahmpreneur.
    \35\ At least one commenter suggested, without further detail, 
that the sender in a multi-marketer email should be the ``entity 
that controls the sampling, distribution, and opt-out registry.'' 
CMOR. Another commenter suggested determination of a sender in a 
multi-marketer email with a ``single, dominant marketer'' test. 
Bigfoot.
    The Direct Marketing Association (``DMA'') advocated formal 
adoption by the Commission of the Staff Letter of March 8, 2005, 
which opined on a specific fact pattern involving, among other 
things, multiple marketers who send commercial email messages to 
persons who had provided affirmative consent to receive multi-
marketer commercial email messages. The Commission declines to adopt 
the Staff Letter. The final Rule will govern multi-marketer message 
sender liability.
---------------------------------------------------------------------------

(i) ``From'' Line

    Many commenters favored looking to the ``from'' line of the message 
in order to determine who, under the Act, is the ``sender'' of a multi-
marketer message. Commenters urged that this element is most critical 
for recipient expectations\36\ and would be easy to use as a way to 
designate a single sender.\37\ Some commenters argued that the other 
two proposed elements should be deleted.\38\ A few commenters also 
requested that the Commission provide additional guidance on which non-
deceptive names can be used in the ``from'' line, including a company's 
brands and service names.\39\
---------------------------------------------------------------------------

    \36\ See, e.g., Bigfoot; Charter; DoubleClick; KeySpan; MBNA; 
Nextel; OPA; SHRM.
    \37\ See Charter; DoubleClick; Nextel; Reed.
    \38\ See DoubleClick; KeySpan.
    \39\ See, e.g., MBNA; SIIA.
---------------------------------------------------------------------------

(ii) ``Controls the Content''

    Most commenters voiced concerns about the ``controls the content'' 
element of the proposed proviso and its likely effect. Many of these 
commenters found this criterion vague and urged the Commission to 
provide additional guidance concerning what it means to ``control'' the 
content of commercial email.\40\ Many advocated eliminating this factor 
altogether,\41\ and others urged various ways to modify it.\42\ Two 
primary themes emerged from the comments: (1) several parties may 
exercise some degree of ``control'' over content, and (2) ``control'' 
in this context is a vague and ill-defined concept. Commenters 
explained that in joint marketing arrangements, it is standard industry 
practice for each marketer to exercise control over the use of its own 
trademarks, branding, legal disclosures, and advertising copy.\43\ 
Commenters further explained that in highly regulated industries, such 
as life insurance, securities, pharmaceuticals, and alcoholic 
beverages, marketers may be required to include certain text and legal 
disclosures.\44\ Some commenters also stated that, in addition to 
controlling their own trademarks and disclosures, marketers sometimes 
influence the content of other parts of a message without 
``controlling'' it, or may suggest advertising text without making the 
final decision about the advertising content.\45\ To protect their 
brand reputations, commenters explained that they need to be able to 
review and approve the advertising content of other marketers.\46\
---------------------------------------------------------------------------

    \40\ See, e.g., ACB; ACLI; Associations; BOA; CBA; Charter; DLA; 
DMA; Discover; ERA; ESPC; FNBO; HSBC; IAC; Mastercard; Microsoft; 
MPA; MPAA; NAA; NAIFA; NBCEP; NEPA; NetCoalition; PMA; SIIA; Time 
Warner.
    \41\ See Associations; ATAA; Charter; DoubleClick; Keyspan; 
MasterCard; NAIFA; SIIA; Wells Fargo. Similarly, other commenters 
suggested that the proposed Rule be modified to allow more than one 
marketer to control the content of the message, while still allowing 
one of the marketers to be designated as the sender. See CBA; DMA; 
MPA; NBCEP; NetCoalition; NRF.
    \42\ See e.g., Adknowledge; ICC; MPA.
    \43\ See Reed; DoubleClick; Time Warner; MasterCard; Microsoft; 
Bigfoot; HSBC; MPAA; OPA.
    \44\ See, e.g., ACLI; BF; HSBC; IPPC; MPAA; OPA; SIA.
    \45\ See, e.g., BF; Visa.
    \46\ See, e.g., Associations; ERA; HSBC; MasterCard; MPA; 
NetCoalition; Nextel; NRF; OPA; PMA.
---------------------------------------------------------------------------

    A number of commenters opined that, without clarification, under a 
literal application of the proposed Rule, essentially all marketers 
would be deemed to ``control'' the content of a multi-marketer email, 
thereby preventing the designation of a single sender and defeating the 
purpose of the proposed Rule.\47\ Conversely, according to commenters, 
a standard that forced marketers to cede all control of the content of 
messages to one marketer among several using a single email message 
would greatly disrupt standard industry practices.\48\
---------------------------------------------------------------------------

    \47\ See ATA; DoubleClick; HSBC; IAC; IPPC; Mastercard; Time 
Warner.
    \48\ See e.g., NAA; TimeWarner.
---------------------------------------------------------------------------

    To alleviate these perceived problems, a number of commenters 
suggested that the Commission eliminate the ``controls the content'' 
element, because they believed that the proposed Rule could operate 
effectively in its absence.\49\ Others suggested that the Commission 
clarify that ``control'' means control of the ``primary'' or 
``overall'' content of the message, but does not mean either control by 
a company over its own advertisement\50\ or the practice of reviewing 
and approving the advertising content of other marketers.\51\ These 
commenters asked the Commission to clarify that ``control'' should 
refer to control over what content will be distributed in the email 
message as a whole and not control over the design, content, or 
placement of a particular advertisement in a multi-marketer 
message.\52\ Other commenters advocated that ``control'' of the content 
of the message should mean the ultimate ability to determine whether 
and when the message is transmitted.\53\
---------------------------------------------------------------------------

    \49\ See NAIFA; SIIA.
    \50\ See, e.g., ACB; Adknowledge; Associations; ATAA; CBA; 
Charter; Discover; DMA; Experian; FNB; IAC; ICC; KeySpan; Microsoft; 
MPAA; NAIFA; NBCEP; NEPA; NetCoalition; NRF; OPA; Reed; SIIA; Time 
Warner; Wells Fargo.
    \51\ See, e.g., ERA; HSBC; MasterCard; MPA; Nextel; PMA.
    \52\ See ACB; BoA; Discover; ERA; ESPC; Experian; HSBC; IAC; 
ICC; Mastercard; Microsoft; MPA; MPAA; NAA; PMA; Visa.
    \53\ See, e.g., BigFoot; SIIA.
---------------------------------------------------------------------------

    In a similar vein, some commenters felt that the structure of the 
proviso as proposed in the NPRM would have limited the ability of 
legitimate marketers to co-promote their products without any 
corresponding benefit to consumers.\54\ Commenters pointed out that 
there are circumstances when one entity provides the email addresses to 
which a message is to be sent and one or more other entities control 
the content of the message. Under the proposal in the NPRM, all 
entities would be considered senders because the proposed Rule's 
definitional requirements allowing one sender to be designated could 
not be met.\55\ These commenters asked that the final Rule be made more 
flexible to accommodate the variety of marketing agreements commonly 
used in the industry.\56\
---------------------------------------------------------------------------

    \54\ See Bigfoot; CBA; DMA; DoubleClick; ESPC; MPAA; NBCEP; 
NetCoalition; NRF; SIIA; Wells Fargo.
    \55\ See DMA; SIIA.
    \56\ See, e.g., MPAA.

---------------------------------------------------------------------------

[[Page 29659]]

(iii) ``Determines the Electronic Mail Addresses to Which Such Message 
is Sent''

    Few commenters discussed the third element of the proposed proviso 
for the definition of ``sender'': that the sender be the party that 
determines the email addresses to which such message is sent. Some 
commenters objected to this element of the definition because, they 
contend, entities in joint marketing campaigns may want to contribute 
or recommend some email addresses without being considered the primary 
``sender.''\57\
---------------------------------------------------------------------------

    \57\ See, e.g., KeySpan; Reed; SIA. Several commenters also 
requested clarification of what constitutes ``determines'' and 
suggested that merely providing criteria for targeting recipients 
(such as demographic characteristics) should not qualify as 
``determining'' the email addresses. See DoubleClick; KeySpan; 
MasterCard; Unsub. As discussed below, this element has been 
removed, and thus these requests for clarification need not be 
addressed.
---------------------------------------------------------------------------

(iv) ``Promote''

    Finally, a few commenters suggested that the Commission define 
broadly the term ``promote'' in the Act's definition of sender. They 
argued that a person ``advertises'' or ``promotes'' the person's 
``product, service, or Internet website'' by appearing in the ``from'' 
line of the message or simply by having the person's name referenced in 
the email.\58\ Under this interpretation, they argued, more persons 
could qualify as designated ``senders'' under the proviso.
---------------------------------------------------------------------------

    \58\ See, e.g., Adknowledge; ESPC; Unsub.
---------------------------------------------------------------------------

d. Response to Comments on the Definition of ``Sender'' and Explanation 
of the Final Rule's Definition of ``Sender''

    Having considered the comments on the proposed definition of 
``sender,'' the Commission adopts a modified version as its final Rule. 
These modifications mitigate the concerns of marketers raised in the 
comments, recognize the benefits afforded by advertising by multiple 
entities in a single email, conform more closely to the expectations of 
email recipients, and continue to provide the CAN-SPAM protections 
contemplated by Congress. In summary, as discussed below, the 
Commission retains the ``from'' line element in the proviso as a 
mandatory element, drops the ``controls the content'' and ``determines 
the electronic mail addresses to which the message is sent'' elements, 
and adds a requirement that the designated sender be in compliance with 
certain provisions of the Act and Rules that apply to initiators.
    In response to comments regarding the ``from'' line, the Commission 
found persuasive the suggestions that the ``sender'' of a multi-
marketer email should be the person identified in the ``from'' line of 
the message. The Commission agrees that a rule that uses the ``from'' 
line as the sole determinant of the sender in a multi-marketer email 
would be straightforward for marketers to follow and is the single most 
helpful element of an email to enable recipients to identify the sender 
of the email.\59\ A designated ``sender'' for purposes of a multi-
marketer email must, in addition to meeting the other requirements 
listed below, include its non-deceptive name, trade name, product, or 
service in the ``from'' line of the email.\60\
---------------------------------------------------------------------------

    \59\ See Charter (stating that the ``from'' line criterion 
``specifically accords with consumer expectations.'').
    \60\ In response to commenters seeking further guidance about 
whether a company's non-deceptive product or service names can be 
used in the ``from'' line, the Commission responds as follows. CAN-
SPAM provides that ``a `from' line . . . that accurately identifies 
any person who initiated the message shall not be considered 
materially false or misleading.'' 15 U.S.C. 7704(a)(1)(B). The 
Commission believes that this does not mean that the ``from'' line 
necessarily must contain the initiator's formal or full legal name, 
but it does mean that it must give the recipient enough information 
to know who is sending the message. Email senders should consider 
their messages from their recipients' perspective. If a reasonable 
recipient would be confused by the ``from'' line identifier, the 
sender is not providing sufficient information. See NPRM, 70 FR at 
25431 (further discussing this issue).
---------------------------------------------------------------------------

    And, under the final Rule, the designated sender must be 
``identified in the `from' line as the sole sender of the message'' -- 
if two or more senders appear in the ``from'' line, the multi-marketer 
proviso would not be met.
    On the second issue identified by commenters, the Commission has 
deleted the ``controls the content of such message'' element from the 
proviso. Comments urging its removal were persuasive, and comments that 
advocated clarification rather than removal revealed that retaining 
this element would not serve to assist recipients in identifying or 
confirming the sender of a multi-marketer message. By its nature, a 
multi-marketer message promotes more than one company's content, and 
thus more than one company controls its content in at least some 
way.\61\ Modifying the criterion to require ``overall'' control of the 
content would simply add further nuance and complication and make 
enforcement difficult. Deleting this criterion will make the proviso 
more practicable for legitimate marketers to designate a single 
``sender'' while preserving for email recipients the protections of 
CAN-SPAM.\62\ Under the final Rule, therefore, a non-designated sender 
under the multi-marketer proviso will not have ``sender'' liability 
just because it controls its own advertising copy, including its 
trademarks and legal disclosures, or reviews other marketers' content 
to ensure the absence of objectionable material in proximity to its own 
brand.
---------------------------------------------------------------------------

    \61\ See IAC.
    \62\ See, e.g., Charter (``the Commission's proposed definition 
is inadequate and unworkable''); DoubleClick; Keyspan; MasterCard; 
NAIFA; SIIA.
---------------------------------------------------------------------------

    The Commission has deleted the third element discussed by 
commenters that required that the designated ``sender'' of a multi-
marketer email determine the email address to which such message will 
be sent. The NPRM rationale for this element was to ensure that the 
designated sender had the ability to process opt-out requests. The 
Commission is now convinced that requiring the designated sender to 
determine recipient email addresses would serve little, if any, 
purpose. Under the Act, as a sender, the designated sender already must 
check to make sure that none of the email recipients appears on its 
opt-out list. In a multi-marketer email, if the designated sender 
receives a list of proposed email addresses from a non-designated 
sender, the designated sender must scrub that list against its own opt-
out list before sending the message to the addresses on that list.
    On the fourth and final issue raised by commenters, the Commission 
declines to make any additional changes to the definition of ``sender'' 
proposed by the NPRM. Some commenters suggested that the FTC define 
broadly the phrase ``advertised or promoted'' in the Act's definition 
of ``sender,'' so that more entities could qualify as ``senders'' under 
the multi-marketer proviso. The Commission believes that the definition 
of a ``sender'' should be based on consumer expectations. If a 
reasonable consumer would not believe that a person's product, service, 
or website were ``advertised or promoted'' in the message, then that 
person does not qualify as a ``sender.'' The Commission believes that 
the meaning of ``advertised or promoted'' is clear and broadly 
understood.\63\
---------------------------------------------------------------------------

    \63\ By analogy, another definition in the Act, that of a 
``commercial electronic mail message,'' states that
    [t]he inclusion of a reference to a commercial entity or a link 
to the web site of a commercial entity in an electronic mail message 
does not, by itself, cause such message to be treated as a 
commercial electronic mail message for purposes of this chapter if 
the contents or circumstances of the message indicate a primary 
purpose other than commercial advertisement or promotion of a 
commercial product or service.
    15 U.S.C. 7702(2)(D).


---------------------------------------------------------------------------

[[Page 29660]]

    Lastly, based on its law enforcement experience, the Commission 
recognizes that illegitimate marketers may attempt to use the proviso 
to escape liability under CAN-SPAM. Both CAN-SPAM's definition of 
``initiator'' and the final Rule's revised definition of ``sender'' 
substantially reduce the likelihood of such abuse.\64\ First, marketers 
in a single email message who are not designated senders are still 
``initiators'' under CAN-SPAM and liable under any of the provisions 
that apply to initiators, such as the prohibition against use of 
deceptive headers and subject lines and the requirement to include an 
opt-out link.\65\ Second, the final Rule's definition of ``sender'' 
requires that the designated ``sender'' be in compliance with certain 
initiator provisions of the Act: 15 U.S.C. 7704(a)(1), 15 U.S.C. 
7704(a)(2), 15 U.S.C. 7704(a)(3)(A)(i), 15 U.S.C. 7704(a)(5)(A), and 16 
CFR 316.4.\66\ The proviso states that if the designated sender does 
not comply with these five ``initiator'' responsibilities, all the 
marketers will be liable as senders (and not just initiators) under the 
Act because the proviso will not apply. By requiring the designated 
sender to comply with these provisions of law, the other marketers 
using a single email message must ensure that the entity that is the 
designated ``sender'' complies with the Act and the Commission's rules. 
Otherwise, the other marketers using the email risk losing the 
protections provided by the proviso and each will be a ``sender'' of 
the message. The final Rule, therefore, provides senders of multi-
marketer emails a method of reducing the burdens associated with 
multiple opt-out links and postal addresses while guarding against 
possible abuse. Nonetheless, if the Commission finds such abuse through 
the operation of the proviso, it will reconsider whether the final Rule 
is justified under the Act.\67\
---------------------------------------------------------------------------

    \64\ At least one commenter suggested that the proviso could be 
subject to abuse. See Adknowledge (suggesting that to avoid abusive 
practices, the proposed regulation explicitly should state that a 
``person'' must be a ``bona fide business entity'' because 
``spammers continually change the name of the originating entity 
along with header or other information, or consider a mere email 
address list as a `business entity.''').
    \65\ See, e.g., FTC v. Phoenix Avatar, 2004-2 Trade Cas. (CCH) ] 
74,507 (N.D. Ill. Jul. 30, 2004) (order granting preliminary 
injunction); FTC v. Opt-in Global, No. 05-cv-1502 (N.D. Cal. filed 
Apr. 12, 2005) (final order entered Apr. 6, 2006); FTC v. Dugger, 
No. CV-06-0078 (D. Ariz. filed Jan. 9, 2006) (final order entered 
Jul. 31, 2006).
    \66\ Section 7704(a)(1) of the Act prohibits initiation of an 
email that contains false or misleading transmission information, 
and section 7704(a)(2) prohibits initiation of an email with a 
deceptive subject heading. Section 7704(a)(3)(A)(i) requires an 
initiator to include a ``functioning return electronic mail address 
or other Internet-based mechanism, clearly and conspicuously 
displayed, that a recipient may use to submit . . . a reply 
electronic mail message or other form of Internet-based 
communication requesting not to receive future commercial electronic 
mail messages from [the] sender [responsible for the initial 
commercial message].'' Section 7704(a)(5)(A) of the Act requires 
that an initiator ``provide clear and conspicuous identification 
that the message is an advertisement or solicitation, clear and 
conspicuous notice of the opportunity . . . to decline to receive 
further commercial electronic mail messages from the sender, and a 
valid physical postal address of the sender.'' Finally, 16 CFR 
316.4, the Sexually Explicit Labeling Rule, imposes certain 
requirements on a message that includes sexually oriented material, 
including the 19 characters ``SEXUALLY EXPLICIT: '' at the beginning 
of the subject header of the message.
    \67\ Of course, it should be noted that the proviso in no way 
relieves non-designated senders of liability for ensuring that their 
own advertising complies with the FTC Act.
---------------------------------------------------------------------------

e. List Owners

    In the NPRM, the Commission asked whether under CAN-SPAM, third-
party list providers who do nothing more than provide a list of names 
to whom others send commercial emails could be required to honor opt-
out requests.\68\ Specifically, the NPRM asked whether such list 
providers could satisfy the statutory definition of sender, i.e., a 
person that both initiates a message and advertises its product, 
service, or website in the message.
---------------------------------------------------------------------------

    \68\ 70 FR at 25450.
---------------------------------------------------------------------------

    Some commenters opposed extending opt-out responsibilities to 
third-party list providers because it would be contrary to 
congressional intent, difficult to implement and monitor, and would 
impose administrative costs and complexity for legitimate list 
providers and email marketers.\69\ Although the NPRM asked about list 
owners who have no other involvement in the message besides providing a 
list of names to others, commenters discussed other list rental 
arrangements in which both the marketer and the list owner have some 
degree of control over the content of the message.\70\ In those cases, 
list owners typically do not have control over the specific creative 
content within an advertisement, but they can approve or disapprove an 
advertisement for delivery to email addresses on their lists.
---------------------------------------------------------------------------

    \69\ See FNB; Jumpstart; Lashback; Schnell; SIA (list providers 
play a role ``similar to that of a telephone directory service,'' 
are neither ``advertising or promoting their products and 
services,'' nor ``initiating the email,'' and accordingly ``do not 
come within the definition of `sender' under the CAN-SPAM Act.'').
    \70\ See, e.g., Unsub.
---------------------------------------------------------------------------

    On the other hand, two commenters argued in favor of extending opt-
out obligations to third-party list providers.\71\ Some of these 
commenters thought the Commission should clarify that in such 
situations the list owner exercises fundamental ``control'' of the 
content of the message for purposes of the then-proposed regulatory 
definition of ``sender.''\72\ Other commenters urged the Commission to 
adopt the position that a list owner would be considered a sender if 
the list owner ``advertises or promotes'' its services merely by being 
referenced in the ``from'' line or in the message itself, thereby 
making it responsible for the opt-out function and other CAN-SPAM 
compliance.\73\
---------------------------------------------------------------------------

    \71\ See Adknowledge; EPIC.
    \72\ See, e.g., ESPC.
    \73\ See, e.g., Adknowledge; Baker; ESPC; cf. Microsoft (arguing 
that it should constitute a deceptive trade practice for a list 
owner to fail to identify itself and the role that it plays in 
sending the message, that its identification would be considered 
advertising or promoting its services, and thus that the list owner 
would meet the definition of ``sender'' and have CAN-SPAM 
liability); Adknowledge (proposing that the Commission make it 
``mandatory for list owners to advertise or promote themselves in 
each email message they transmit'').
---------------------------------------------------------------------------

    Because of the variety of situations in which a list owner might be 
involved in a commercial email, and because none of the commenters 
provided a workable mechanism for all of these situations, the 
Commission is persuaded that amending the rules under CAN-SPAM to 
create a specific provision for list owners is not feasible.
    The Commission finds that a list owner must honor opt-out requests 
only if it qualifies as the ``sender'' of a commercial email (i.e., it 
is an initiator and its ``product, service, or Internet web site'' are 
``advertised or promoted'' in the email). And, if it does qualify as a 
``sender,'' it may avail itself of the multi-marketer proviso added to 
the definition of sender in the final Rule.

f. Safe Harbor for Email Messages Sent By Affiliates

    In the NPRM, the Commission asked whether it should adopt a ``safe 
harbor'' with respect to opt-out and other obligations for a sender 
whose product, service, or website is advertised by affiliates or other 
third parties. Moreover, the Commission sought guidance on the criteria 
for a safe harbor.\74\
---------------------------------------------------------------------------

    \74\ 70 FR at 25450.
---------------------------------------------------------------------------

    Although the Act does not provide a definition of ``affiliate,'' 
the Commission noted in the NPRM that ``affiliates'' are induced to 
send commercial email messages by sellers seeking to drive traffic to 
their websites, and that sellers generally pay affiliates based on the 
number of individuals who, directed by the affiliates, ultimately visit 
the seller's

[[Page 29661]]

website and/or purchase the seller's product or service.\75\
---------------------------------------------------------------------------

    \75\ 70 FR at 25428 n.23. According to IAC, in a typical 
affiliate program, a marketer enters an arrangement with an 
affiliate to pay the affiliate for referrals to its website. The 
affiliate can employ a variety of methods to direct consumers to the 
marketer's website, including email messages. The affiliate sends 
email messages containing an advertisement promoting the marketer's 
goods or services and a hypertext link to visit the marketer's 
website directly from the email message (either as a direct link or 
through the affiliate's link, which redirects the recipient to the 
marketer's website). If a recipient of the email uses this link to 
visit the marketer's website, the marketer logs the visit as 
attributable to the affiliate's email. Depending on the arrangement 
between the marketer and the affiliate, the marketer will pay the 
affiliate a prescribed amount either for the visit (also known as a 
``click through'') or for a completed sale, or both. IAC states in 
its comments that it has thousands of affiliates. For Expedia, one 
of IAC's websites, however, the majority of the sales from the 
affiliate program are generated by a relatively small number of 
productive affiliates.
---------------------------------------------------------------------------

    Before turning to the issue of whether a safe harbor is appropriate 
to shield marketers from liability for CAN-SPAM violations of 
affiliates, two preliminary questions m