EXECUTIVE SUMMARY

WITH THE ADVENT OF FEDERAL LAWS controlling spam e-mail, CPAs must exercise caution in their communications with clients and prospects. In so doing they can improve the look and effectiveness of their e-mail marketing programs. THE CAN-SPAM ACT OF 2003 INCLUDES civil and criminal penalties for predatory and abusive commercial e-mail practices. A commercial message is one intended to advertise or promote and is not related to a previous transaction between the two parties. AS E-MAIL SENDERS, CPAs MUST COMPLY WITH a variety of rules, including clearly identifying the message as an advertisement or solicitation and indicating the content in the subject heading. Firms also must provide a way for recipients to opt out and refuse future messages via a working return e-mail address that functions for 30 days after the firm sends the message. CPAs SHOULD CLEARLY UNDERSTAND how the firm gathers e-mail addresses. This will help it avoid using so-called aggravating techniques such as harvesting or randomly generating addresses. Firms that participate in co-op advertising programs should make sure these arrangements fully comply with the act’s requirements. TO ENSURE MESSAGES AREN’T BLOCKED AS SPAM, CPAs should ask companies they contact by e-mail to have their employees add the accounting firm’s address to their individual address books. By implementing this and other best practices, firms can use CAN-SPAM to improve e-mail and marketing communication efforts.

JOSEPH E. MORRISON, CPA, is an information systems audit and security consultant in Memphis. His e-mail address is Joseph.Morrison@MorrisonSystems.com.

PAs who use e-mail to market and develop their accounting practices may find themselves labeled “spammers” under a new federal law. The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM), which took effect January 1, 2004, regulates business e-mail. Unwary CPAs could run afoul of the act even though it’s designed to target the abuses, fraud and criminal activities of hard-core spammers. Fortunately, accounting firms still can use e-mail advertising if they follow the rules. Here’s what practitioners need to know about the act and how to use it to improve the effectiveness of their e-mail programs and keep them in compliance with CAN-SPAM.

REQUIREMENTS AND PENALTIES
CAN-SPAM prohibits predatory and abusive commercial e-mail practices and specifies other requirements for protecting commercial e-mail users. (CPAs can find the text of the act at www.spamlaws.com/federal/108s877.html.) The act provides both criminal and civil penalties. Enforced by the Federal Trade Commission, the criminal penalties include fines, imprisonment and forfeiture of equipment, software and any property acquired from the proceeds of illegal spamming.

Civil penalties include injunctive relief and monetary damages that could total more than $6 million in cases with aggravating circumstances, such as using a program to search Web sites or other online locations to “harvest” e-mail addresses, randomly generating e-mail addresses and falsely registering Web sites. The act empowers the states’ attorneys general to seek civil actions on behalf of their residents; it also provides Internet service providers (ISPs) with a “cause of action.” CPAs should be aware the first civil action already has been filed under the act—a suit brought by an ISP naming a marketing company and its client as defendants. (More information is available at http://legal.hypertouch.com/bobvila/bobvila-complaint.html.)

Before examining the specific requirements, let’s look at how the act defines commercial e-mail and distinguishes it from other communications CPAs may send to current and prospective clients. Under the act, commercial e-mail refers to messages that have as their primary purpose advertising or promotion or are not transactional or “relationship” in nature. The latter include messages that primarily relate to previous transactions between the parties—for example, subscriptions, loans, accounts, delivery of goods or services, warranty or recall information, or messages about employment and benefit plans. Practitioners should note that all such messages must have accurate header information, including originating e-mail addresses and domain names.

As senders, CPAs also must comply with other rules for commercial e-mails. They must clearly identify messages as advertisements or solicitations and indicate their content in the subject headings. Firms must provide a “clear and conspicuous” way for recipients to “opt out”—refuse future e-mails—via a working return e-mail address or other mechanism that will function for 30 days after the firm sends the message. Once a firm receives an opt-out request, it cannot send any e-mail to that recipient beyond a 10-day grace period. For further identification and contact, a firm must include a valid physical postal address in its e-mails.

FOLLOW THE RULES
CPAs should look at their firms’ e-mail solicitations and advertising carefully and take this self-assessment test:

Message requirements
Am I sending e-mails with an appropriate originating address including the firm’s domain name? For example, in “Tom.Doe@Doe_&_Co.xyz,” the originating e-mail address is “Tom.Doe” and “Doe_&_Co.xyz” is the domain name.

Does the firm operate different divisions or lines of business, and is it identifying a particular segment as the sender? Under the act a firm’s technology consulting division would be an entity apart from its tax services division if it is operated separately and so identified in e-mails.

Does my message contain the firm’s street address? Post office boxes may not be acceptable, so firms should use the address where clients would expect to find them if they knocked on the door.

Have I identified the message as an advertisement or solicitation in the subject line? Consider beginning the subject line with “ADV” and putting a “This is an advertisement” notice at the beginning of the message itself.

Does the message subject line clearly reflect the content? CPAs should avoid subject lines that, while catchy, actually may be misleading about the message content. “Money in Your Mailbox” is great copywriting but is not appropriate as the subject line of an e-mail advertising tax services.

Have I included a clear and conspicuous way for a recipient to refuse further e-mails from the firm? Be sure any return e-mail address for opting out is a working address that goes back to the firm and functions for at least a month after the message is sent.

Compliance questions
Do I know who in my firm is sending e-mails? CPAs should establish firmwide rules, train all employees who are involved in sending messages and enforce those rules.

Do I have a review process and a standard of reasonableness to ensure clear subject lines and subject–content agreement? CPAs should consider this extra step as a way to be certain the message is not misleading.

Have I assigned responsibility to an employee for acting on any opt-out messages the firm receives? Opt-outs must be made effective in 10 days; a single subsequent message violates the act.

Do I know how my firm gathers e-mail addresses? CPAs should be sure neither they nor their marketing firm is harvesting or randomly generating addresses or falsely registering a Web site; if so, they should stop immediately.

If my firm participates in co-op advertising or is among the sponsors of commercial e-mails, do these programs and messages conform with the act? Firms should insist on compliance and not participate in programs until they fully meet the act’s requirements.

The exhibit below provides practitioners with examples of the right—and wrong—way to structure e-mail content under the CAN-SPAM rules.

MAKE THEM BETTER
While CPA firms are focusing on Internet communications, they should take the opportunity to enhance and improve their e-mail marketing. Firms should ask any companies they contact by e-mail to have their employees add the accounting firm to their individual address books to reduce the risk of having the firm’s messages blocked as spam. In structuring messages, CPAs also need to make an effort at “branding” that goes beyond form and content to develop a “look and feel” for all firm e-mails, including consistent colors and layout. For example, using the firm’s name in the subject line increases recognition and adds credibility to the message.

One best practice firms can implement is an effective opt-in program based on what the act terms “affirmative consent,” whereby a recipient asks for the firm’s messages. CPAs should consider the firm’s entire Web site, not just e-mail, when developing such a program, including opt-in consents any place on the site where there are forms of any kind, such as log-in or order entry. The act requires express consent, so having the recipient check a box to receive the firm’s e-mail messages is better than providing an already filled in box.

Firms can further improve this process by sending a follow-up e-mail that asks recipients to confirm the original request before adding their names to the firm’s e-mail list. This step will eliminate bogus requests or misspelled addresses and also will give the firm a record it can use to respond to complaints from recipients or ISPs. Firms can clarify this further by including a short reminder that it is sending the message because the recipient previously opted in. Getting prior consent from the recipient also entitles the firm to not label the message as an advertisement, reducing the chance of its being blocked, and puts the firm a step ahead should a “Do-not-e-mail” list become law, which is possible in the future under CAN-SPAM.

PRACTICAL TIPS TO REMEMBER

CPA firms should be certain their e-mails include a “clear and conspicuous” way for recipients to “opt out” or refuse future messages via a working return e-mail address or other mechanism that will function for 30 days after the firm sends the message. When sending messages that promote the firm’s products or services, ensure the subject line identifies the e-mail as an advertisement or solicitation. Consider beginning the subject line with “ADV” and putting “This is an advertisement” at the beginning of the message itself. Accounting firms should establish firmwide rules on the content and structure of e-mail messages and train all employees involved in sending them. Firms also should implement an e-mail review process and a standard of reasonableness to ensure clear subject lines and subject–content agreement. Firms should adopt an opt-in program whereby recipients ask to receive e-mail messages. When developing the program, include opt-ins at various locations on the firm’s Web site, such as at log-in or order entry. Having recipients check a box to receive the firm’s e-mail messages is better than providing an already filled in box.

MORE COMING
Although CAN-SPAM became effective January 1, 2004, the rule making is only just beginning. CPAs should remain aware of FTC actions and adjust firm marketing programs accordingly.

In March 2004 the FTC sought public comment on proposed rule making under the act. It solicited comments in a variety of areas including

Criteria to determine the primary purpose of an e-mail message.

The reasonableness of the 10-day period for implementing opt-out requests.

Adding activities and practices to the list of aggravated violations.

Clarifying the sender’s obligations in a “Forward-to-a-friend” scenario and when there are multiple senders of a single e-mail.

The FTC also solicited comments on reports to Congress required by the act, including establishing

A nationwide “Do-not-e-mail” registry.

A system for rewarding informants who supply information about violations.

A plan for requiring commercial e-mail to be identifiable from its subject line.

EXERCISE CAUTION
While CPAs will find compliance with CAN-SPAM can be relatively simple, it may require some adjustments to a firm’s marketing program. E-mail will continue to be among the most highly effective communication channels. While firms can keep sending e-mail newsletters, reminders and personal messages to clients, they should take care to avoid anything the act might label as spam. Sender beware!