Privacy and Security Law Blog

Posted by Ronald London

The U.S. Court of Appeals for the Fourth Circuit (i.e., for North and South Carolina, Virginia and West Virginia) has affirmed a Virginia federal court’s dismissal of an anti-spam advocate’s complaint that hypertechnical “violations” of the Controlling the Assault of Non‑Solicited Pornography and Marketing, or “CAN-SPAM,” Act entitled him to damages. The ruling is a potential blow to “professional plaintiffs” and other advocates who use the CAN-SPAM Act and/or state laws to sue for damages and/or broker settlements with senders of commercial emails. The decision also may have application to similar tactics by telemarketing foes who use the Telephone Consumer Protection Act and related laws in a like fashion.

In Omega World Travel, Inc. v. Mummagraphics, Inc., Mummagraphics and its president, Mark Mumma, sued over receipt of 11 emails that identified the sender as the Cruise.com website operated by Omega Travel, even though each email contained a line of text that recipients could click for removal from future mailings, a statement that recipients could opt‑out of future emails by writing to a postal address provided in the email, and a link to the Cruise.com website and the company’s toll-free phone number. Mummagraphics, which operates the OptOutByDomain.com and SueaSpammer.com websites, complained that the emails violated the CAN-SPAM Act’s ban on false or misleading information and its requirement to facilitate recipient opt-out requests. It complained the emails stated that recipients had signed up for Cruise.com’s mailing list when in fact Mummagraphics never did so. It also complained that while the emails listed the sender as Cruise.com, they also included a different address in the header that was not an Internet domain name linked to Cruise.com, and that the emails’ “from” line identified cruisedeals@cruise.com, even though the company apparently had stopped using that address. In addition, Mumma claimed Omega violated the CAN-SPAM Act’s opt-out provisions, notwithstanding that he did not use the opt-out link provided in the emails or the mailing address listed therein, but rather called Omega’s general counsel to complain, refused to use the opt-out link or to provide the email address that had received the Cruise.com transmissions, and instead demanded removal from all future mailings every address containing a domain name listed at the OptOutByDomain.com website. Mumma later sent a letter claiming the emails violated federal and Oklahoma law and stating that Mumma intended to sue for at least $150,000 in statutory damages unless the matter was settled for $6,250.

The Fourth Circuit affirmed on all scores the trial court’s holdings that the CAN‑SPAM Act preempted Mummagraphics’ state law claims, and that there were no CAN‑SPAM violations because the asserted inaccuracies in the emails were not material and Omega did not violate the opt‑out requirement. With respect to the alleged “inaccuracies” in the emails, the court held that they did not rise to the level of being “materially” false or misleading that is required, given that “the emails at issue were chock full of methods to identify, locate, or respond to the sender or to investigate alleged violations” as the CAN-SPAM Act requires. It noted that if “alleged inaccuracies in a message containing so many valid identifiers could be described as ‘materially false or materially misleading,’ we find it hard to imagine an inaccuracy that would not qualify,” which would contravene Congress’s clear intent. The court also held that Omega Travel had not violated the CAN-SPAM Act’s opt-out provisions because Mummagraphics had not sufficiently alleged a “pattern or practice” of not honoring opt-outs, especially since it had not made its opt-out requests through methods required by the Act and offered by Omega, but rather did so only by phone call and demand letter to the company’s general counsel.

The court also held “we cannot agree that Mummagraphics’ action for immaterial errors survives preemption” under the CAN-SPAM Act, which displaces state law regulating commercial email generally but preserves state authority over false or deceiving transmissions. It held that for such purposes “‘deception’ requires more than bare error” and that “falsity” requires “an element of tortiousness or wrongfulness,” i.e., “deceitfulness, untrustworthiness, [or] faithlessness.” In support of this holding, the court noted “Congress did not intend ‘falsity’ to encompass bare error because such a reading would upset the Act’s careful balance between preserving a potentially useful commercial tool and preventing its abuse,” and that “[r]ather than banning all commercial emails or imposing strict liability for insignificant inaccuracies, Congress targeted only e‑mails containing something more than an isolated error.” In this regard, the court found that strict liability, which would otherwise be the standard if Oklahoma law had applied, “would become a de facto national standard … even though the CAN‑SPAM Act indicates that Congress believed a less demanding standard would best balance the competing interests at stake.” This would occur, the court observed, because “law‑abiding senders would likely have to assume that their messages were governed by the most stringent state laws in effect” since email is a “bulk medium used to target thousands of recipients” who “could well be covered by the laws of many jurisdictions.”

The Fourth Circuit’s ultimate decision that “the CAN‑SPAM Act prohibits some material misstatements and imposes opt‑out requirements, but it does not make every error or opt‑out request into grounds for a lawsuit” is significant for companies that generally are compliant with the CAN-SPAM Act but encounter aggressive anti-spam advocates and/or suffer the occasional inadvertent technical lapse. The CAN-SPAM Act’s materiality requirement should offer some measure of protection from harmless erroneous information that is inadvertently included in an email and there is no intent to deceive, and the ruling underscores that point. In addition, the decision undermines the ability of serial-litigating anti-spam advocates from setting “traps” in an effort to create liability, such as making unconventional opt-out requests not contemplated by the statute or rules, or by demanding that companies honor opt-out requests that are broader that what the Act allows. The same principles should apply when companies are confronted by anti-telemarketing advocates as well, some of whom also send demand letters, like that Mumma sent Omega Travel, threatening litigation and/or seeking to broker settlements for technical violations that are inadvertent and harmless error, or even that were created by or that resulted from the advocate’s own machinations. Given that the private-cause-of-action provisions in spam and telemarketing laws have spurred quite a cottage industry of “consumer advocate” lawsuits and demand letters, the Fourth Circuit’s decision has the potential to shift that pendulum at least a somewhat back in the direction of companies that seek to comply with relevant laws.

Dear Mr. London

I am the General Counsel for Omega World Travel and I must say your comments are the best written and most accurate of anything I have read to this point.

There are some significant facts missing form the opinion, but, as you are aware the allegations most favorable to the Appellant are assumed by the Court in making their decision. I would like to provide just a few examples. There was the assumption that this was an unsolicited email. In fact, Mumma's email was placed in our opt-in box to receive our cruise specials. He claims he didn't put it there, but there is very strong evidence to the contrary. Another example is the assumption that the send email address was non-working. The address, in fact, is a working email address, but is never checked because the opt-out mechanism is an automatic electronic hyper link contained in the email body. If we relied on the return email address as an opt-out, we would have to manually remove recipients. Finally, it is assumed that the header information is mistaken or inaccurate, which is not true at all, the header identifies the box (computer) or data base from where the email originated. Our tech people just happened to call the box FL-Broadcast. The net was added on electronically by the software we used to send the blast email. Mumma alleges that we were somehow trying to confuse or hide the email path and origination point. This clearly was not the case.

The point is that it is assumed and the case is decided under the assumption that there was some errors or honest mistakes on the part of our company when in fact our behavior did not even rise to that level. We were completely on the up and up and clearly, Mr. Mumma was trying to trap us into a shakedown scheme and it didn't work.

Thank you for your comments.