Printer Friendly

Are you spamming your clients? How firms can make sure their e-mails don't violate the law.

CPAs who use e-mail to market and develop their accounting practices may find themselves labeled "spammers" under a new federal law. The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM), which took effect January 1, 2004, regulates business e-mail. Unwary CPAs could run afoul of the act even though it's designed to target the abuses, fraud and criminal activities of hard-core spammers. Fortunately, accounting firms still can use e-mail advertising if they follow the rules. Here's what practitioners need to know about the act and how to use it to improve the effectiveness of their e-mail programs and keep them in compliance with CAN-SPAM.


CAN-SPAM prohibits predatory and abusive commercial e-mail practices and specifies other requirements for protecting commercial e-mail users. (CPAs can find the text of the act at The act provides both criminal and civil penalties. Enforced by the Federal Trade Commission, the criminal penalties include fines, imprisonment and forfeiture of equipment, software and any property acquired from the proceeds of illegal spamming.

Civil penalties include injunctive relief and monetary damages that could total more than $6 million in cases with aggravating circumstances, such as using a program to search Web sites or other online locations to "harvest" e-mail addresses, randomly generating e-mail addresses and falsely registering Web sites. The act empowers the states' attorneys general to seek civil actions on behalf of their residents; it also provides Internet service providers (ISPs) with a "cause of action." CPAs should be aware the first civil action already has been filed under the act--a suit brought by an ISP naming a marketing company and its client as defendants. (More information is available at

Before examining the specific requirements, let's look at how the act defines commercial e-mail and distinguishes it from other communications CPAs may send to current and prospective clients. Under the act, commercial e-mail refers to messages that have as their primary purpose advertising or promotion or are not transactional or "relationship" in nature. The latter include messages that primarily relate to previous transactions between the parties--for example, subscriptions, loans, accounts, delivery of goods or services, warranty or recall information, or messages about employment and benefit plans. Practitioners should note that all such messages must have accurate header information, including originating e-mail addresses and domain names.

As senders, CPAs also must comply with other rules for commercial e-mails. They must clearly identify messages as advertisements or solicitations and indicate their content in the subject headings. Firms must provide a "clear and conspicuous" way for recipients to "opt cut"--refuse future e-mails--via a working return e-mail address or other mechanism that will function for 30 days after the firm sends the message. Once a firm receives an opt-out request, it cannot send any e-mail to that recipient beyond a 10-day grace period. For further identification and contact, a firm must include a valid physical postal address in its e-mails.


CPAs should look at their firms' e-mail solicitations and advertising carefully and take this self-assessment test:

Message requirements

* Am I sending e-mails with an appropriate originating address including the firm's domain name? For example, in "Tom.Doe@Doe_&," the originating e-mail address is "Tom.Doe" and "Doe_&" is the do-main name.

* Does the firm operate different divisions or lines of business, and is it identifying a particular segment as the sender? Under the act a firm's technology consulting division would be an entity apart from its tax services division if it is operated separately and so identified in e-mails.

* Does my message contain the firm's street address? Post office boxes may not be acceptable, so firms should use the address where clients would expect to find them if they knocked on the door.

* Have I identified the message as an advertisement or solicitation in the subject line? Consider beginning the subject line with "ADV" and putting a "This is an advertisement" notice at the beginning of the message itself.

* Does the message subject line clearly reflect the content? CPAs should avoid subject lines that, while catchy, actually may be misleading about the message content. "Money in Your Mailbox" is great copywriting but is not appropriate as the subject line of an e-mail advertising tax services.

* Have I included a clear and conspicuous way for a recipient to refuse further e-mails from the firm? Be sure any return e-mail ad dress for opting out is a working address that goes back to the firm and functions for at least a month after the message is sent.

Compliance questions

* Do I know who in my firm is sending e-mails? CPAs should establish firmwide rules, train all employees who are involved in sending messages and enforce those rules.

* Do I have a review process and a standard of reasonableness to ensure clear subject lines and subject--content agreement? CPAs should consider this extra step as a way to be certain the message is not misleading.

* Have I assigned responsibility to an employee for acting on any opt-out messages the firm receives? Opt-outs must be made effective in 10 days; a single subsequent message violates the act.

* Do I know how my firm gathers e-mail addresses? CPAs should be sure neither they nor their marketing firm is harvesting or randomly generating addresses or falsely registering a Web site; if so, they should stop immediately.

* If my firm participates in co-op advertising or is among the sponsors of commercial e-mails, do these programs and messages conform with the act? Firms should insist on compliance and not participate in programs until they fully meet the act's requirements.

The exhibit on page 65 provides practitioners with examples of the right--and wrong--way to structure e-mail content under the CAN-SPAM rules.


While CPA firms are focusing on Internet communications, they should take the opportunity to enhance and improve their e-mail marketing. Firms should ask any companies they contact by e-mail to have their employees add the accounting firm to their individual address books to reduce the risk of having the firm's messages blocked as spam. In structuring messages, CPAs also need to make an effort at "branding" that goes beyond form and content to develop a "look and feel" for all firm e-mails, including consistent colors and layout. For example, using the firm's name in the subject line increases recognition and adds credibility to the message.

One best practice firms can implement is an effective opt-in program based on what the act terms "affirmative consent," whereby a recipient asks for the firm's messages. CPAs should consider the firm's entire Web site, not just e-mail, when developing such a program, including opt-in consents any place on the site where there are forms of any kind, such as log-in or order entry. The act requires express consent, so having the recipient check a box to receive the firm's e-mail messages is better than providing an already filled in box.

Firms can further improve this process by sending a follow-up e-mail that asks recipients to confirm the original request before adding their names to the firm's e-mail list. This step will eliminate bogus requests or misspelled ad dresses and also will give the firm a record it can use to respond to complaints from recipients or ISPs. Firms can clarify this further by including a short reminder that it is sending the message because the recipient previously opted in. Getting prior consent from the recipient also entities the firm to not label the message as an advertisement, reducing the chance of its being blocked, and puts the firm a step ahead should a "Do-not-e-mail" list become law, which is possible in the future under CAN-SPAM.


Although CAN-SPAM became effective January 1, 2004, the rule making is only just beginning. CPAs should remain aware of FTC actions and adjust firm marketing programs accordingly.

In March 2004 the FTC sought public comment on proposed rule making under the act. It solicited comments in a variety of areas including

* Criteria to determine the primary purpose of an e-mail message.

* The reasonableness of the 10-day period for implementing opt-out requests.

* Adding activities and practices to the list of aggravated violations.

* Clarifying the sender's obligations in a "Forward-to-a-friend" scenario and when there are multiple senders of a single e-mail.

The FTC also solicited comments on reports to Congress required by the act, including establishing

* A nationwide "Do-not-e-mail" registry.

* A system for rewarding informants who supply information about violations.

* A plan for requiring commercial e-mail to be identifiable from its subject line.


While CPAs will find compliance with CAN-SPAM can be relatively simple, it may require some adjustments to a firm's marketing program. E-mail will continue to be among the most highly effective communication channels. While firms can keep sending e-mail newsletters, reminders and personal messages to clients, they should take care to avoid anything the act might label as spam. Sender beware!

Users Fed Up

A recent survey of e-mail users found that

* 75% were bothered they couldn't stop the flow of spare no matter what they did.

* 55% got so much unwanted mail in their personal accounts they found it hard to get to the messages they wanted to read.

* 30% were concerned filtering devices might block important incoming e-mail.

Source: Pew Internet & American Life Project, Washington, D.C., 2003


* WITH THE ADVENT OF FEDERAL LAWS controlling spam e-mail, CPAs must exercise caution in their communications with clients and prospects. In so doing they can improve the look and effectiveness of their e-mail marketing programs.

* THE CAN-SPAM ACT OF 2003 INCLUDES civil and criminal penalties for predatory and abusive commercial e-mail practices. A commercial message is one intended to advertise or promote and is not related to a previous transaction between the two parties.

* AS E-MAIL SENDERS, CPAs MUST COMPLY WITH a variety of rules, including clearly identifying the message as an advertisement or solicitation and indicating the content in the subject heading. Firms also must provide a way for recipients to opt out and refuse future messages via a working re turn e-mail address that functions for 30 days after the firm sends the message.

* CPAs SHOULD CLEARLY UNDERSTAND how the firm gathers e-mail addresses. This will help it avoid using so-called aggravating techniques such as harvesting or randomly generating addresses. Firms that participate in co-op advertising programs should make sure these arrangements fully comply with the act's requirements.

* TO ENSURE MESSAGES AREN'T BLOCKED AS SPAM, CPAs should ask companies they contact by e-mail to have their employees add the accounting firm's address to their individual address books. By implementing this and other best practices, firms can use CAN-SPAM to improve e-mail and marketing communication efforts.

Examples of "Bad" and "Good" E-Mail Messages

A Bad Message:

What's wrong here?

To: Senders should not harvest or randomly generate recipients' e-mail addresses. Practitioners should make sure the firm properly obtained the e-mail addresses of all prospects.

From: The CPA should be clearly identified as the sender with an individual e-mail address and domain name. Subject: While catchy, this subject line is unclear and misleading about the content of the message. There also is no indication the message is an advertisement or solicitation.

Message: What's not here is the problem. The act requires the message be identified as an advertisement or solicitation and the sender provide an opt-out mechanism, as well as the firm's complete street address.

A Good Message:

How does this message meet the law's requirements?

To: The firm did not harvest or randomly generate the recipient's e-mail address; the sender supplied it as an opt-in.

From: The CPA is clearly identified as the sender.

Subject: The subject of the message is clearly stated and consistent with the content. Because the recipient previously had opted in, the subject line does not have to identify the message as an advertisement or solicitation.

Message: Although it's not required by law, a statement reminding the recipient of an earlier request to receive e-mails from the firm helps to increase recognition. The message provides a clear and conspicuous way for the recipient to refuse future e-mails and a link to an "opt-out" page. The firm should have a procedure in place to handle the request within 10 days.

The message also provides full contact information, including a street address and phone and fax numbers. While the act specifies only a postal address, this message goes a step further and provides multiple ways for the recipient to contact the firm.


* CPA firms should be certain their e-mails include a "clear and conspicuous" way for recipients to "opt out" or refuse future messages via a working return e-mail address or other mechanism that will function for 30 days after the firm sends the message.

* When sending messages that promote the firm's products or services, ensure the subject line identifies the e-mail as an advertisement or solicitation. Consider beginning the subject line with "ADV" and putting "This is an advertisement" at the beginning of the message itself.

* Accounting firms should establish firmwide rules on the content and structure of e-mail messages and train all employees involved in sending them. Firms also should implement an e-mail review process and a standard of reasonableness to ensure clear subject lines and subject-content agreement.

* Firms should adopt an opt-in program whereby recipients ask to receive e-mail messages. When developing the program, include opt-ins at various locations on the firm's Web site, such as at log-in or order entry. Having recipients check a box to receive the firm's e-mail messages is better than providing an already filled in box.

JOSEPH E. MORRISON, CPA, is an information systems audit and security consultant in Memphis. His e-mail address is
COPYRIGHT 2004 American Institute of CPA's
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2004, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Author:Morrison, Joseph E.
Publication:Journal of Accountancy
Date:Aug 1, 2004
Previous Article:E-mail and the law: how to manage privacy issues using the AICPA/CICA framework.
Next Article:An update on review engagements: SSARS no. 10 amends the guidance covering reviews of financial statements.

Related Articles
Technology for business: say 'so long' to snail mail.
Creating Cyberspace Policies.
Retrieving spouse's e-mail did not violate state wiretap law.
E-mail: not a communication panacea. (Eye on the Industry).
A spam attack. (Stateline).
New blends of email threats. (Security).
Microsoft sues seven sex spammers.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters |