WITH THE ADVENT OF FEDERAL
LAWS controlling spam e-mail,
CPAs must exercise caution in their
communications with clients and prospects.
In so doing they can improve the look and
effectiveness of their e-mail marketing
THE CAN-SPAM ACT OF 2003
INCLUDES civil and criminal
penalties for predatory and abusive
commercial e-mail practices. A
commercial message is one intended to
advertise or promote and is not related
to a previous transaction between the
AS E-MAIL SENDERS, CPAs
MUST COMPLY WITH a variety of
rules, including clearly identifying the
message as an advertisement or
solicitation and indicating the content
in the subject heading. Firms also must
provide a way for recipients to opt out
and refuse future messages via a working
return e-mail address that functions for
30 days after the firm sends the
CPAs SHOULD CLEARLY
UNDERSTAND how the firm
gathers e-mail addresses. This will help
it avoid using so-called aggravating
techniques such as harvesting or
randomly generating addresses. Firms
that participate in co-op advertising
programs should make sure these
arrangements fully comply with the act’s
TO ENSURE MESSAGES AREN’T
BLOCKED AS SPAM, CPAs should
ask companies they contact by e-mail to
have their employees add the accounting
firm’s address to their individual
address books. By implementing this and
other best practices, firms can use
CAN-SPAM to improve e-mail and marketing
|JOSEPH E. MORRISON,
CPA, is an information systems audit and
security consultant in Memphis. His e-mail
PAs who use e-mail to market and
develop their accounting practices may find
themselves labeled “spammers” under a new federal
law. The Controlling the Assault of Non-Solicited
Pornography and Marketing Act of 2003 (CAN-SPAM),
which took effect January 1, 2004, regulates
business e-mail. Unwary CPAs could run afoul of
the act even though it’s designed to target the
abuses, fraud and criminal activities of hard-core
spammers. Fortunately, accounting firms still can
use e-mail advertising if they follow the rules.
Here’s what practitioners need to know about the
act and how to use it to improve the effectiveness
of their e-mail programs and keep them in
compliance with CAN-SPAM.
Users Fed Up
recent survey of e-mail users found that
75% were bothered they
couldn’t stop the flow of spam no matter
what they did.
55% got so much unwanted
mail in their personal accounts they
found it hard to get to the messages
they wanted to read.
30% were concerned
filtering devices might block important
Internet & American Life Project,
www.pewinternet.org , 2003.
REQUIREMENTS AND PENALTIES
CAN-SPAM prohibits predatory and
abusive commercial e-mail practices and specifies
other requirements for protecting commercial
e-mail users. (CPAs can find the text of the act
www.spamlaws.com/federal/108s877.html .) The
act provides both criminal and civil penalties.
Enforced by the Federal Trade Commission, the
criminal penalties include fines, imprisonment and
forfeiture of equipment, software and any property
acquired from the proceeds of illegal spamming.
Civil penalties include injunctive relief
and monetary damages that could total more than $6
million in cases with aggravating circumstances,
such as using a program to search Web sites or
other online locations to “harvest” e-mail
addresses, randomly generating e-mail addresses
and falsely registering Web sites. The act
empowers the states’ attorneys general to seek
civil actions on behalf of their residents; it
also provides Internet service providers (ISPs)
with a “cause of action.” CPAs should be aware the
first civil action already has been filed under
the act—a suit brought by an ISP naming a
marketing company and its client as defendants.
(More information is available at
Before examining the specific
requirements, let’s look at how the act defines
commercial e-mail and distinguishes it from other
communications CPAs may send to current and
prospective clients. Under the act, commercial
e-mail refers to messages that have as their
primary purpose advertising or promotion or are
not transactional or “relationship” in nature. The
latter include messages that primarily relate to
previous transactions between the parties—for
example, subscriptions, loans, accounts, delivery
of goods or services, warranty or recall
information, or messages about employment and
benefit plans. Practitioners should note that all
such messages must have accurate header
information, including originating e-mail
addresses and domain names.
CPAs also must comply with other rules for
commercial e-mails. They must clearly identify
messages as advertisements or solicitations and
indicate their content in the subject headings.
Firms must provide a “clear and conspicuous” way
for recipients to “opt out”—refuse future
e-mails—via a working return e-mail address or
other mechanism that will function for 30 days
after the firm sends the message. Once a firm
receives an opt-out request, it cannot send any
e-mail to that recipient beyond a 10-day grace
period. For further identification and contact, a
firm must include a valid physical postal address
in its e-mails.
FOLLOW THE RULES
CPAs should look at
their firms’ e-mail solicitations and advertising
carefully and take this self-assessment test:
Am I sending e-mails with an
appropriate originating address including the
firm’s domain name? For example, in
“Tom.Doe@Doe_&_Co.xyz,” the originating e-mail
address is “Tom.Doe” and “Doe_&_Co.xyz” is the
Does the firm operate different
divisions or lines of business, and is it
identifying a particular segment as the sender?
Under the act a firm’s technology consulting
division would be an entity apart from its tax
services division if it is operated separately and
so identified in e-mails.
Does my message contain the firm’s
street address? Post office boxes may not be
acceptable, so firms should use the address where
clients would expect to find them if they knocked
on the door.
Have I identified the message as an
advertisement or solicitation in the subject line?
Consider beginning the subject line with “ADV” and
putting a “This is an advertisement” notice at the
beginning of the message itself.
Does the message subject line clearly
reflect the content? CPAs should avoid subject
lines that, while catchy, actually may be
misleading about the message content. “Money in
Your Mailbox” is great copywriting but is not
appropriate as the subject line of an e-mail
advertising tax services.
Have I included a clear and
conspicuous way for a recipient to refuse further
e-mails from the firm? Be sure any return e-mail
address for opting out is a working address that
goes back to the firm and functions for at least a
month after the message is sent.
Do I know who in my firm is sending
e-mails? CPAs should establish firmwide rules,
train all employees who are involved in sending
messages and enforce those rules.
Do I have a review process and a
standard of reasonableness to ensure clear subject
lines and subject–content agreement? CPAs should
consider this extra step as a way to be certain
the message is not misleading.
Have I assigned responsibility to an
employee for acting on any opt-out messages the
firm receives? Opt-outs must be made effective in
10 days; a single subsequent message violates the
Do I know how my firm gathers e-mail
addresses? CPAs should be sure neither they nor
their marketing firm is harvesting or randomly
generating addresses or falsely registering a Web
site; if so, they should stop immediately.
If my firm participates in co-op
advertising or is among the sponsors of commercial
e-mails, do these programs and messages conform
with the act? Firms should insist on compliance
and not participate in programs until they fully
meet the act’s requirements.
The exhibit below provides
practitioners with examples of the right—and
wrong—way to structure e-mail content under the
MAKE THEM BETTER
While CPA firms are
focusing on Internet communications, they should
take the opportunity to enhance and improve their
e-mail marketing. Firms should ask any companies
they contact by e-mail to have their employees add
the accounting firm to their individual address
books to reduce the risk of having the firm’s
messages blocked as spam. In structuring messages,
CPAs also need to make an effort at “branding”
that goes beyond form and content to develop a
“look and feel” for all firm e-mails, including
consistent colors and layout. For example, using
the firm’s name in the subject line increases
recognition and adds credibility to the message.
One best practice firms can implement is an
effective opt-in program based on what the act
terms “affirmative consent,” whereby a recipient
asks for the firm’s messages. CPAs should consider
the firm’s entire Web site, not just e-mail, when
developing such a program, including opt-in
consents any place on the site where there are
forms of any kind, such as log-in or order entry.
The act requires express consent, so having the
recipient check a box to receive the firm’s e-mail
messages is better than providing an already
filled in box.
Firms can further improve
this process by sending a follow-up e-mail that
asks recipients to confirm the original request
before adding their names to the firm’s e-mail
list. This step will eliminate bogus requests or
misspelled addresses and also will give the firm a
record it can use to respond to complaints from
recipients or ISPs. Firms can clarify this further
by including a short reminder that it is sending
the message because the recipient previously opted
in. Getting prior consent from the recipient also
entitles the firm to not label the message as an
advertisement, reducing the chance of its being
blocked, and puts the firm a step ahead should a
“Do-not-e-mail” list become law, which is possible
in the future under CAN-SPAM.
||PRACTICAL TIPS TO
CPA firms should
be certain their e-mails
include a “clear and
conspicuous” way for
recipients to “opt out” or
refuse future messages via a
working return e-mail address
or other mechanism that will
function for 30 days after the
firm sends the message.
messages that promote the
firm’s products or services,
ensure the subject line
identifies the e-mail as an
advertisement or solicitation.
Consider beginning the subject
line with “ADV” and putting
“This is an advertisement” at
the beginning of the message
should establish firmwide
rules on the content and
structure of e-mail messages
and train all employees
involved in sending them.
Firms also should implement an
e-mail review process and a
standard of reasonableness to
ensure clear subject lines and
adopt an opt-in program
whereby recipients ask to
receive e-mail messages. When
developing the program,
include opt-ins at various
locations on the firm’s Web
site, such as at log-in or
order entry. Having recipients
check a box to receive the
firm’s e-mail messages is
better than providing an
already filled in box.
became effective January 1, 2004, the rule making
is only just beginning. CPAs should remain aware
of FTC actions and adjust firm marketing programs
In March 2004 the FTC sought
public comment on proposed rule making under the
act. It solicited comments in a variety of areas
Criteria to determine the primary
purpose of an e-mail message.
The reasonableness of the 10-day
period for implementing opt-out requests.
Adding activities and practices to
the list of aggravated violations.
Clarifying the sender’s obligations
in a “Forward-to-a-friend” scenario and when there
are multiple senders of a single e-mail.
The FTC also solicited comments on reports to
Congress required by the act, including
A nationwide “Do-not-e-mail”
A system for rewarding informants who
supply information about violations.
A plan for requiring commercial
e-mail to be identifiable from its subject line.
While CPAs will find
compliance with CAN-SPAM can be relatively simple,
it may require some adjustments to a firm’s
marketing program. E-mail will continue to be
among the most highly effective communication
channels. While firms can keep sending e-mail
newsletters, reminders and personal messages to
clients, they should take care to avoid anything
the act might label as spam. Sender beware!