Email Compliance
If you are marketing via email, compliance is critical.
The Rules of the Road in Email Marketing
There are several laws that marketers need to understand and comply with, as they build out their email marketing programs. In the United States, the key email marketing regulation is the CAN-SPAM Act of 2003, which lays out very specific rules and guidelines for marketing to recipients in the United States.
CAN-SPAM Act Compliance
The law includes a number of specific rules and guidelines for email marketers to follow in order to send various types of commercial marketing email to recipients in the U.S. There are two important types of email to note when it comes to CAN-SPAM or other related email marketing compliance.
- Unsolicited Commercial Email – where the recipient has not specifically requested to receive marketing email messages from the sender. (i.e. unsolicited email)
- Opt-In Email – where the recipient has previously subscribed or otherwise opted in to receive marketing emails from the sender. (i.e. email newsletters or other subscription-based emails)
This is one of the most important aspects of CAN-SPAM, as the law does not prohibit the sending of unsolicited email, but rather sets up the rules under which such commercial email may be lawfully sent, and under what circumstances it may no longer be sent to particular recipients who have opted out. Here are several key rules and guidelines set for by CAN-SPAM that are important to highlight.
Provide Recipients with a Way to Opt-Out
The CAN-SPAM Act is built on the principle of providing all commercial email recipients with a method to Opt-Out or Unsubscribe from future mailings from the sender/advertiser. Specifically, it requires “that your email allows recipients an opt-out method”. While this Opt-Out method may take different forms (a return email address or other internet-based response mechanism), the most common in use today is an Opt-Out or Unsubscribe Link. This link may simply submit the Opt-Out request and lead consumers to a confirmation page, acknowledging the Opt-Out has been received. It may also lead to a web page that allows users to adjust their email preferences to continue receiving a certain type of email (i.e. newsletter, etc.) while unsubscribing from a different type of messages (i.e. special offers, or other promotions), and also provides an option to Opt-Out of all commercial messages from the sender. These types of pages are often called Preference Centers and can provide a very consumer-friendly email management tool.
Any Opt-Out mechanism used by the sender/advertiser must be capable of processing Opt-Out requests for at least 30 days after a specific commercial email campaign is sent (i.e. the Opt-Out Link must remain active and continue accepting opt-out requests for at least 30 days following the date of mailing).
Honor Those Opt-Out Requests
Once an Opt-Out request is received, The CAN-SPAM Act gives the sender/advertiser 10 business days to stop sending commercial email to the requestor’s email address. This does not necessarily mean that if you have a customer’s email address on your file, that you can’t send them something like a monthly invoice after they unsubscribe. But, you can no longer send them any marketing/advertising related emails. This Opt-Out request does not expire and must be honored in perpetuity – unless the same recipient specifically opts-in receive emails from you again in the future.
Opt-Out Requests Extend to 3rd Parties
Additionally, honoring Opt-Out requests extends to any 3rd parties that may be mailing on an advertiser’s behalf (affiliate marketers, performance agencies, channel partners, etc.). If a user opts out of an email campaign sent on an advertiser’s behalf, the advertiser must honor that request, as well as all other 3rd parties that may be sending out marketing email for the advertiser. This type of 3rd party relationship is identified specifically in the CAN-SPAM Act, as it states that “you cannot help another entity send email to that address, or have another entity send email on your behalf to that address” with regard to an address that has opted out of future email campaigns. This directly applies to companies that use affiliates to advertise on their behalf, when those affiliates are using email marketing to reach consumers. Affiliate marketing can be a very effective marketing channel for many companies, but it must be managed closely to ensure full compliance.
Similarly, it is not permissible for a company to sell or transfer the email addresses of recipients who opt-out of receiving marketing emails from the company, even in the form of a mailing list, unless the transfer of the addresses is for the purposes of assisting another entity to comply with the law.
Be Clear About Who is Sending the Email
The CAN-SPAM Act bans false or misleading header information. This means that a commercial email’s “From”, “To”, and routing information – including the originating domain name and email address – must be accurate and identify the originator of the email.
Subject Lines Should Not be Deceptive
The law prohibits the use of deceptive email subject lines. The subject line cannot mislead the recipient about the contents or subject matter of the message. Marketers make their living by effectively connecting with an audience and getting them to respond, buy, or otherwise take an action by engaging with the advertiser. While the use of clever wording plays a huge role in successful marketing, it should never deceive the recipient. CAN-SPAM specifically makes this clear regarding email subject lines.
Let Recipients Know it’s an Advertisement
The law requires that commercial email be identified as an advertisement and include the sender’s valid physical postal address. Each email message must contain clear and conspicuous notice that the message is an advertisement or solicitation and that the recipient can opt out of receiving more commercial email from the sender. It also must include the sender/advertiser’s valid physical postal address.
Fines for CAN-SPAM Violations
The CAN-SPAM Act also creates the ability to impose fines on companies that are found to be in non-compliance with the law. It states that a company can be fined up to $51,744 (updated 2023) per email in violation of the Act (as of September, 2020). The law continues to be reevaluated over time and the maximum fine amounts have gone up significantly from the original amounts included when the law was passed in 2003. Just as a point of reference, no lawsuit brought on by the FTC for non-compliance with CAN-SPAM has been settled for less than $1,000,000.00. It’s important to note that if a 3rd party sending marketing emails on behalf of a advertiser is found to be non-compliant, the FTC may also fine the advertiser itself, based on the actions of an affiliate.
Additional Information on CAN-SPAM
This page is just a high-level overview of some key aspects of the CAN-SPAM Act of 2003. Nothing in this text or anywhere on this website should be construed as legal advice. We highly recommend that you familiarize yourself with the various information sources regarding CAN-SPAM on the FTC website. Additionally, you may also choose to obtain professional legal advice regarding your company’s email compliance efforts, related to CAN-SPAM or other relevant regulations that impact email marketing.
CAN-SPAM Resources
You can find detailed information about CAN-SPAM on the FTC website.
Check out our updated CAN-SPAM overview.
If you need clarification on what the CAN-SPAM Act means to you and your email marketing campaigns, Contact Us Today – we would be happy to review this important information.
Email continues to be a highly effective marketing and communications channel for many companies around the world. But, one of the foundations of a high performing and long-lasting email marketing program is a focus on compliance.
International Email Regulations
Email can be a highly effective marketing channel for campaigns running in multiple countries, however, it’s important to understand that regulations impacting email marketing can vary significantly from one country to another. Outside of the U.S. and CAN-SPAM, perhaps the most significant law to understand is the General Data Protection Act (GDPR) in the European Union. GDPR is a much broader law, impacting marketing channels well beyond email. But, it’s impact on email is significant, as it sets requirements for both receiving prior permission to email recipients as well as rules for responding to opt-out requests.
You can learn more about international email guidelines on our Global Email Compliance page.
As with any legal requirements, it is always recommended to get professional legal advice to ensure your email program is compliant with all relevant laws in different countries and regions