News and tips from the industry leaders in email compliance.

The CAN-SPAM Act and What it Means for Email Marketers in 2019

The CAN-SPAM Act provides the rules for email marketers to follow in order to stay compliant.

Email marketing continues to thrive and evolve, 40 years after the first marketing email message was sent. In the digital age, that makes email marketing very old-school. There are any number of reasons that email has remained successful after so many years, with newer marketing channels arriving with regularity. But, one possibly surprising reason for email’s longevity is related to the industry and federal government coming together on a law that set the rules for companies looking to leverage email marketing – The CAN-SPAM Act.

The CAN-SPAM Act of 2003 was enacted to set guidelines for companies or individuals that send commercial messages or marketing email campaigns. The law includes a number of specific rules for email marketers to follow that allow them to send different types of commercial marketing email, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.”

  1. Unsolicited commercial email – where the recipient has not specifically requested to receive a marketing email from the sender. (i.e. unsolicited email)
  2. Opt-in email – where the recipient has subscribed or otherwise opted in to receive marketing emails from the sender. (i.e. email newsletters or other subscription-based emails)

This is one of the most important aspects of CAN-SPAM, as the law does not prohibit unsolicited email, but rather sets up the rules under which such commercial email may be lawfully sent, and under what circumstances it may no longer be sent to particular recipients (who have opted out). While the law outlines a number of rules for marketers to follow, here are a few that are important to highlight.

Give Recipients a Way to Opt-Out

The CAN-SPAM Act is built on the principle of providing all recipients with a method to Opt-Out or Unsubscribe from future mailings from the sender/advertiser. Specifically, it requires “that your email allows recipients an opt-out method”. While this Opt-Out method may take different forms (a return email address or other internet-based response mechanism), the most common in use today is an Opt-Out or Unsubscribe Link. This link may simply submit the Opt-Out request and lead consumers to a confirmation page, acknowledging the Opt-Out has been received. It may also lead to a web page that allows users to adjust their email preferences to continue receiving a certain type of email (i.e. newsletter, etc.) while unsubscribing from different types of messages (i.e. special offers, or other promotions), and also providing an option to Opt-Out of all commercial messages from the sender. These types of pages are often called Preference Centers and can provide a very consumer-friendly email management tool.

Any Opt-Out mechanism you provide must be able to process Opt-Out requests for at least 30 days after you send your commercial email campaign.

Honor Those Opt-Out Requests

Once you receive an Opt-Out request, The CAN-SPAM Act gives you 10 business days to stop sending commercial email to the requestor’s email address. This does not necessarily mean that if you have a customer’s email address on your file, you can’t send them something like a monthly invoice after they unsubscribe. But, you can no longer send them any marketing/advertising-related emails. This Opt-Out request does not expire and must be honored in perpetuity – unless the same recipient specifically opts into another one of your products or services at some point in the future.

You can find more information by reading our Deep Dive Series on Honoring Opt-Out Requests.

Opt-Out Requests Extend to 3rd-Parties

Additionally, honoring Opt-Out requests extends to any 3rd parties that may be mailing on a company’s behalf (affiliate marketers, performance agencies, etc.). If a user opts out of an email campaign sent on a company’s behalf, the company must honor that request, as well as all other 3rd parties that may be sending out marketing email for the company. This type of 3rd party relationship is called out specifically in the CAN-SPAM Act, as it states that “you cannot help another entity send email to that address, or have another entity send email on your behalf to that address” with regard to an address that has opted out of future email campaigns. This directly applies to companies that use affiliates to advertise on their behalf, when those affiliates are using email marketing to reach consumers. Affiliate marketing can be a very effective marketing channel for many companies, but it must be managed closely to ensure full compliance.

Similarly, it is illegal for a company to sell or transfer the email addresses of people who opt out of receiving marketing emails from the company, even in the form of a mailing list, unless the transfer of the addresses is for the purpose of assisting another entity to comply with the law.

Be Clear About Who is Sending the Email

The CAN-SPAM Act bans false or misleading header information. This means that a commercial email’s “From”, “To”, and routing information – including the originating domain name and email address – must be accurate and identify the originator of the email.

Subject Lines Should Not be Deceptive

The law prohibits the use of deceptive subject lines. The subject line cannot mislead the recipient about the contents or subject matter of the message. Marketers make their living by effectively connecting with an audience and getting them to respond, buy, or otherwise take action by engaging with the advertiser. While the use of clever wording plays a huge role in successful marketing, it should never deceive the recipient. CAN-SPAM specifically makes this clear regarding an email subject line.

Let them know it’s an advertisement and provide a physical address

The law requires that commercial email, which is a form of commercial advertisement, be identified as an advertisement and include the sender’s valid physical postal address. Each email message must contain clear and conspicuous notice that the message is an advertisement or solicitation and that the recipient can opt out of receiving more commercial email from you. It also must include your valid physical postal address, which can be a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail-receiving agency established under Postal Service regulations. This ensures transparency and compliance with regulations governing commercial advertisement via email.

Fines for Violation

The CAN-SPAM Act also sets fines for companies that are found to be in non-compliance with the law. It states that a company can be fined up to $51,744 per email in violation of the Act (as of January 2024). The law continues to be reevaluated over time and the fine amounts have gone up significantly from the original amounts in 2003. Just as a point of reference, no lawsuit brought on by the FTC for non-compliance with CAN-SPAM has been settled for less than $1,000,000.00. It’s important to note that if a 3rd party sending marketing emails on behalf of a company is found to be non-compliant, the FTC may also fine the advertiser itself, based on the actions of an affiliate.

Additional Information on CAN-SPAM

This is just a summary of some key aspects of the CAN-SPAM Act of 2003. Nothing in this text should be construed as legal advice. We highly recommend that you familiarize yourself with the various information sources regarding CAN-SPAM on the FTC website. Additionally, you may also choose to obtain professional legal advice regarding your company’s email compliance efforts, related to CAN-SPAM or other relevant regulations that impact email marketing.

Email continues to be a highly effective marketing and communications channel for many companies around the world. But, one of the foundations of a high-performing and long-lasting email marketing program is a focus on compliance.

You can also find more information on The CAN-SPAM Act on our Email Compliance page, a Deep Dive into CAN-SPAM and Opt-Out Methods, and this article on Forbes, by our head of marketing, Tom Wozniak.

Share This