After Mark Stechbart’s recent stay at a Wyndham hotel, he received an email with the subject line “Stay 2 nights, save 20%.” The email was a spam advertisement from Howard Johnson’s, a brand of Wyndham Hotel Group. It contained a link to unsubscribe from future emails, but the link was in a tiny font, buried in paragraphs of legalese at the bottom of the email and easily missed. More emails from Wyndham brands followed.
Stechbart was annoyed. He had never opted in to receive commercial solicitations from Wyndham following his stay at the hotel. He forwarded the original email to our advocates and asked us two questions: Were these emails legal? And how could he get them to stop?
“Among many internet annoyances is spam off hotel website signups,” Stechbart complains. “They rarely have clear opt-out buttons.”
Commercial emails and messages are regulated in the U.S. at the federal level by the CAN SPAM Act.
The Act does not prohibit commercial solicitation altogether, but it requires advertisers to abide by the following:
- All solicitations must clearly indicate their senders’ identities and routing information, including the originating domain name and email address.
- Subject lines must accurately reflect the message’s content.
- The message must clearly and conspicuously disclose that it is an advertisement. This information must not be buried in fine print.
- The message must include the sender’s valid physical postal address, which can be a post office box or private mailbox.
- The message must include a clear and conspicuous mechanism, such as a URL hyperlink or email address, that allows recipients to request to be removed from all future commercial messages.
- Advertisers have 10 business days to honor opt-out requests, and any opt-out mechanism included in a message must be able to process opt-out requests for at least 30 days after the message is sent. Advertisers are prohibited from charging fees, requiring additional contact information, or making recipients take any additional steps beyond sending one email or visiting a single web page as conditions for honoring opt-out requests.
- Advertisers may not allow third parties to violate the law while performing advertising and marketing services for them.
Violations of the law are subject to penalties of up to $40,654, which can be levied against more than one person in connection with a specific violation. The law also deems certain acts to be criminal offenses, including using someone else’s computer, open relays or open proxies to send spam without the owner’s permission, registering for multiple email accounts or domain names using false information, misleading others about the origins of messages by relaying or retransmitting multiple spam messages through a computer, and harvesting email addresses or sending emails to email addresses consisting of random letters and numbers in the hope of reaching valid ones (aka a “dictionary attack”). However, the Act does not require that all recipients of a commercial message have “opted in” prior to the sending of the message.
The email Stechbart received from Howard Johnson’s may be in violation of the CAN SPAM Act since the unsubscribe link was not “clear and conspicuous.”
Wyndham’s privacy notice provides that
We use personal information for the following purposes:
…To send you marketing communications that we believe may be of interest to you via postal mail, email, telephone or SMS.
Marketing: We may contact you by email, telephone, SMS or postal mail with information about products or services offered by Wyndham or a third party that may be of interest to you. You can opt-out at any time by doing the following:
If you do not wish to receive further commercial emails from us, you can opt-out by using the unsubscribe function in the email you receive from us.
Since Stechbart apparently didn’t find the unsubscribe link in his email, he used our company contacts for Wyndham to contact Daniel Olson, senior director of customer experience, and Robert Loewen, executive vice president and chief operating officer of Wyndham, requesting that he not receive any marketing emails from Wyndham in the future.
We don’t endorse the tone of Stechbart’s message to Olson and Loewen, which contained impolite language and a threat to “complain to all travel writers in California” if Wyndham sent Stechbart any further emails. As we’ve noted elsewhere, this is not an appropriate way to ask for help.
Despite the tone of Stechbart’s message, Olson responded, apologizing to Stechbart and assuring him that he has asked Wyndham’s email team to confirm that Stechbart’s email address is removed from Wyndham’s marketing lists.
While we congratulate Stechbart on his successful self-advocacy efforts (his tone notwithstanding), we also ask whether the CAN SPAM Act goes far enough in that it didn’t stop a business from sending a commercial message to a customer who didn’t opt in and didn’t place the unsubscribe link in the message where he could easily find it.