SPAM: Your Affiliates Can Put You Out of Business

A funny thing happened on the way to enactment of the new federal spam law known as “CAN-SPAM.” While for the first time it established nationwide rules to follow in using commercial email, it actually did much more. Somewhere along the legislative process the ISPs decided they wanted not only to address the requirements for sending commercial email, but also to enact language making the merchant benefactor responsible for spam, regardless of knowledge. Their lobbyists went to work and got the relief they wanted by way of CAN-SPAM.

One Cannot Blame the ISPs

The ISPs found themselves in a difficult position and were justifiably frustrated by a pervasive use of the plea of ignorance by merchants. “The sending of illegal spam by our affiliate marketer was unauthorized and not condoned, and therefore we have no responsibility for the actions of our independent contractor,” the merchant (through his lawyer) would say. Prior to the enactment of CAN-SPAM such a defense virtually precluded an ISP, or anyone else for that matter, from prosecuting a successful civil or criminal case against a website/ merchant. No longer is that the case.

The Federal Trade Commission has recently filed a major lawsuit against a merchant based upon third party spamming, seized its assets without notice and effectively shut down the business, all at the very beginning of the case. The FBI and Department of Justice are conducting raids and building criminal cases partially in reliance upon this expanded notion of liability. Earthlink, AOL and Microsoft are filing large civil lawsuits against merchants stemming from the actions of affiliates. In an environment in which a relatively small-time alleged spammer was hit with a $1 billion judgment by a federal court in Iowa, and a spammer operating out of a house received nine years in prison in Virginia, this expanded notion of responsibility carries with it huge implications.

These legal actions are being brought against employees, shareholders, executives and even board members, often with little consideration given to the extent of personal involvement in the management of the affiliate program. What’s more, courts have already held that spam judgments are not dischargeable in Chapter 7 bankruptcy, so a civil judgment could follow a defendant for a lifetime.

What Then, Can a Merchant Do?

Perhaps it is best to start out with what actions will not work standing alone. Not having an affiliate agreement will not work. Having an affiliate agreement that requires CAN-SPAM compliance will not work. Having an affiliate agreement that prohibits all email solicitations will not work. Taking steps so that one is unaware of any illegal spamming will not work. Creating multiple layers of vendors between a merchant and the spammer will not work. All of these common tactics used by many merchants to reap the benefits of commercial email simply don’t qualify as protection any more.

If a merchant uses a third party to market its services and prohibits any commercial email at all in a binding and welldrafted contract, and follows up that policy with a practice of conducting reasonable due diligence, then the merchant is most likely going to avoid liability, although this is not guaranteed as it relates to governmental prosecution. After implementing such a policy, and developing due diligence procedures in selecting vendors and monitoring vendor compliance, the prudent merchant will publicize its policies and practices to the world on its website.

If, on the other hand, a merchant realizes that commercial email is a powerful and highly profitable marketing technique, and wants to authorize third parties to send commercial email, there is little that can be done to avoid any possibility of civil or criminal exposure. But the exposure can be minimized and managed to the point that the reward may outweigh the risk. A prudent merchant will use a well-drafted contract, binding upon each affiliate/vendor. The merchant will develop and conduct extensive due diligence prior to accepting an affiliate, understand the exact source of the emails (affiliates often outsource some aspects of emailing to third parties), and clear each source through due diligence. The merchant should design and implement a serious compliance program to make sure spamming is identified immediately and proactively addressed in a formal process, educate its affiliate managers and executives concerning CAN-SPAM mailing requirements, and document all of these steps throughout.

The information in this article is not intended to be legal advice. Always consult your attorney when faced with legal issues.