What do the recently enacted Section 2307.64 of the Ohio Revised Code ("O.R.C.") and an ancient form of Japanese poetry have in common? Both are aimed at cutting back the ever-growing wave of unsolicited commercial e-mail ("UCE") -- or spam.
It should come as no surprise to anyone who has an e-mail account that an estimated 40 percent of all e-mail sent is spam, according to one provider of spam-filtering products, Brightmail. The reason for the proliferation of spam is fairly straightforward -- it is cheap and effective for the sender. One mass-messaging service charges only $100 for a 300,000-message campaign. The costs to recipients, however, are immeasurable. Spam drains computer resources and infrastructure and reduces productivity as employees are forced to spend time weeding out the spam from their legitimate business e-mails. In addition, there are the recovery costs resulting from hijacked mail servers and damages spam imposes on children (and their parents) who view salacious offers and objectionable content in their e-mail boxes. Ferris Research estimates that in the year 2003, these costs may exceed $10 billion.
In an attempt to shift the costs of spam onto senders, last year the Ohio state legislature added its own weapon to the spam-fighting arsenal -- O.R.C. Section 2307.64, bringing Ohio into line with 25 other states, including California, that already had anti-spam laws. Rather than providing for an outright ban of all unsolicited e-mail (which would likely violate the First Amendment of the U.S. Constitution), the new law, effective November 1, 2002, requires senders of unsolicited e-mail to "clearly and conspicuously" include in the body of the message:
- the sender’s name and complete street address and e-mail address;
- a notice informing recipients that they can "opt out" of receiving future e-mails from the sender; and
- a "detailed" and free procedure for opting out of future e-mails, which does not require the recipient to provide any information beyond his or her e-mail address.
Once a recipient has opted out, the law prohibits sending additional e-mails to that recipient. The law also in a sense codifies Internet service providers' ("ISP") terms and conditions by prohibiting the sending of e-mail advertisements in violation of an ISP’s policies as long as the sender had notice of those policies. Under the new law, intentionally falsifying routing information or the sender’s address is expressly prohibited and punishable as forgery.
Typical of most states’ statutes, the Ohio law exempts e-mail sent to recipients who have "a pre-existing business or personal relationship" with the sender. The law itself provides little guidance as to what constitutes a pre-existing relationship except to say that it would include "a transaction involving the free provision of information, goods or services requested by the recipient" during the five-year period before the receipt of the e-mail.
Violations of the Ohio law entitle individual recipients to recover $100 per e-mail (up to a total of $50,000) as damages, plus attorneys’ fees and costs. ISPs can recover additional damages if they can prove a "willful or knowing" violation, up to $500,000.
Now that Ohio has a law on its books dedicated to regulating spam, we should expect to see less of it in our in-boxes, right? Maybe not, according to Jeffrey Rohrs, Digital Marketing Strategist for Optiem, a full-service digital marketing company based in Cleveland, Ohio. Ohio’s new anti-spam law essentially "codifies what was already the standard practice of permission-based e-mail marketers, but those people are not [the source of] the problem," says Rohrs. The true problem spammers are often based outside of the United States. And while the statute on its face governs all e-mail received by Ohio recipients regardless of the location of the sender, as a practical matter, off-shore e-mailers may be difficult to identify. Knowing that judgments will be difficult to enforce, such spammers may not be deterred by the Ohio law.
Indeed, even an injunction and monetary damages of almost $2 million awarded under Virginia’s anti-spam statute were not enough to stop notorious spammer CN Productions and its President Jay Nelson, whom American Online called one of its "10 Most Wanted Spammers." Recently, after more than four years of pursuit and failed attempts to enforce the judgment, AOL obtained another award, this time almost $7 million (including $25,000 per day in statutory damages, a disgorgement of profits, and attorneys’ fees) against CN’s international spam ring that continued to send AOL subscribers pornographic spam after the court entered the original injunction forbidding the defendants from sending spam.
As illustrated in the AOL case, those who are interested in implementing a compliant, "permission-based" marketing campaign have to comply not only with the Ohio law, but also with the confusing patchwork of anti-spam laws created by the other 25 state laws that preceded the Ohio law. Many of these laws have sweeping jurisdictional provisions, which have been unsuccessfully challenged as running afoul of the constitution in both Washington and California. For example, CN Productions (an Illinois company) and its numerous international conspirators could be prosecuted under the Virginia anti-spam law simply because they sent e-mail to subscribers of AOL, thereby "using a computer network" in Virginia. Therefore, since even the most local of e-mail campaigns may be subject multiple states’ laws, the marketing approach with the lowest risk is to obtain recipients’ permission (for example, through an online registration form or warranty registration card) before sending them any e-mail advertisements, continually update opt-out lists, and honor opt-out requests. Otherwise, to minimize the legal risk inherent in non-permission-based e-mail marketing, marketers are advised to implement the following best practices, which take a lowest common denominator approach:
- Follow e-mail service provider’s unsolicited commercial e-mail policies and terms and conditions;
- Label advertisements with "ADV" in the subject line (or "Adult" if the message contains adult content);
- Ensure that all information in the text and header is accurate, including the e-mail’s point of origin;
- Ensure that the e-mail is sent with proper routing and transmission; and
- Include in the body of the message the sender’s name, address, and e-mail address and clear and conspicuous instructions for how to request to be removed from the mailing list, and remove all users who have opted out from all mailing lists used by the company.
Despite the fact that more than half of the states now have anti-spam laws and the United States Congress has for some time considered enacting a federal law, the solution to the spam dilemma will likely come "not through legislation, but through technology," Rohrs predicts. But not necessarily high technology, in the case of Habeas Inc. of Palo Alto, California. Habeas has devised an approach that uses Japanese haiku poetry and the Habeas trademark in the text of e-mail messages of its customers who have agreed to use only permission-based marketing. Habeas then asks ISPs not to block the messages that contain the poetry and trademark. Customers who use the haiku and trademark in messages to recipients who have not opted in are subject to lawsuits for copyright and trademark violations.
"Whether by legislation or technology, we need to be careful that our ‘solution’ to the spam problem doesn't throw out the baby with the bath water," Rohrs says. "E-mail remains the Internet's top-used application because of its low cost and universality. Any spam ‘solution’ that interferes with the ability of individuals and organizations to send permission-based messages (not unsolicited commercial e-mail or spam) is no solution at all," he adds.
Whether the solution lies in poetry or legislation remains to be seen. But even if O.R.C. Section 2307.64 does not provide legal relief, perhaps we can find some comic relief practicing spam haiku:
Spam fills my mailbox
Lawmakers promise relief
Don't open. Delete.
The content of this article does not constitute legal advice and should not be relied on in that way. Specific advice should be sought about your specific circumstances.