Home Email Marketing CAN-SPAM Compliance: A Guide for Email Marketers

Email Marketing

CAN-SPAM Compliance: A Guide for Email Marketers

December 27, 2024

https://blog.5gigbucks.com/create-your-very-own-auto-publish-news-blog-site-and-earn-passive-income-in-just-4-easy-steps/

It may not have an outstanding reputation, but
the United States CAN-SPAM Act of 2003 was one of the first pieces of
legislation to try and tackle the issue of email spam.

If you send commercial emails, some of the
best practices you follow today came about thanks to CAN-SPAM compliance. At
the time that CAN-SPAM became law, unsolicited emails were growing into an
issue that was serious enough for lawmakers to take action.

Though there may be plenty of flaws in the
legislation, we likely owe the survival of the legitimate email marketing
industry, in part, to CAN-SPAM’s efforts to reign in the wild west of email.

What prompted some to call it the
“You-Can-Spam” Act? Does your company have to worry about CAN-SPAM compliance?
What happens if you violate this anti-spam law? Let’s dig into the details …

What is the CAN-SPAM Act?

President George W. Bush made email history when he signed the bipartisan bill into law in 2003. The CAN-SPAM Act overrode pre-existing anti-spam laws at the state level. That’s one of the primary critiques of the federal law. Some say CAN-SPAM was an attempt to undermine a much more restrictive anti-spam law in California.

CAN-SPAM stands for, “Controlling the Assault
of Non-Solicited Pornography and Marketing.” The goal is to protect consumers
from unwanted, sometimes dangerous messages. Why? Because people were suffering
through hundreds of unsolicited emails.

Back in the day, outlaw spammers quickly
recognized email as a way to reach millions of people to get a few sales at
best — or to do something much more malicious.

We’re going to ride our trusty ole steed into
the dry desert air and explore the details of CAN-SPAM, what it covers, what it
doesn’t, and how exactly companies can stay on the good side of the law.

Following CAN-SPAM compliance might save you from a hefty federal bounty while supporting healthy email deliverability. So there’s a lot of motivation to stay on marked trails. Let’s head on out.

CAN-SPAM compliance: 7 Keys to
the law

The Federal Trade Commission (FTC) summarizes the law into seven main points:

1. Don’t use false or misleading
header information

The “From:” and “To:” fields in an email must
accurately reflect the sender and the recipient. That includes the email
address, domain, and the name of the business or person sending the email.

2. Don’t use deceptive subject
lines

Subject lines should not misrepresent the
contents of commercial emails.

3. Identify the message as an ad.

While you don’t need to outright proclaim an
email as an advertisement, the FTC says marketers “must disclose clearly and
conspicuously that your message is an advertisement.”

4. Tell recipients where you’re
located

A physical mailing and/or street address must
be present in the email message.

5. Tell recipients how to opt out from future emails

This may be the most important CAN-SPAM
requirement. Commercial emails must have a way to stop receiving those messages
if desired. Whatever method is chosen, the process of opting out should be
clear and easy to understand/act upon.

6. Honor opt-out requests
promptly

Once an individual opts out of commercial
emails, senders have 10 business days to comply with the request.

7. Monitor what others are doing
on your behalf

If you hire another company to handle email
marketing tasks (an agency, a tech platform, etc.) you are still responsible
for ensuring those parties follow the law on your behalf.

More on CAN-SPAM and unsubscribe
compliance

While CAN-SPAM itself doesn’t require
companies to get permission before sending an initial commercial message, you
must provide an opportunity for recipients to unsubscribe and honor that
request in a timely manner.

The notice and instructions must be clear to
understand and the process must take place through the internet. No, you can’t
require that someone call an 800 number or visit your office to opt out.

You must always provide the option to
unsubscribe from all commercial
messages but can offer alternatives such as to remain subscribed only to
monthly newsletters.

Businesses must complete unsubscribe requests
within ten days and provide the option to make a request for at least 30 days
after the email is sent.

Finally, you can’t charge a fee, request
additional personal information, or require subscribers to visit more than a
single page to unsubscribe. Basically — no tricks!

CAN-SPAM compliance and sender
behavior

Regulators generally frown upon what’s
considered “funny business.” So, while the law contains substantial gray areas,
marketers that deliberately attempt to break the rules are often going to catch
the attention of the FTC.

Behaviors such as harvesting email addresses,
using false information to register for multiple email accounts, relaying
messages to mislead others about the origins of an email, or sending spam from
someone else’s computer are criminally
punishable.

And once an opt-out request has been received,
marketers can’t sell or transfer the email address to circumvent the
recipients’ intentions.

It should also be noted that, to help close a potential loophole, the companies being advertised can be held liable even if the message is sent by a third party. You can’t outsource email marketing to get around the law. That’s why it’s very important to know the reputation of third-party partners and the procedures they use that may impact your compliance with anti-spam laws.

Who must comply with CAN-SPAM?

The CAN-SPAM Act reaches widely throughout the
business world as it applies to any
sort of commercial email — bulk sending of emails is not a requirement to
trigger a violation. So if you’re an email marketer, of any kind, you need to
be mindful of CAN-SPAM compliance.

The primary situation in which a company
wouldn’t need to worry about CAN-SPAM is if the email is purely relational or
transactional. And that begs the questions:

What is considered a commercial
email?

CAN-SPAM defines a commercial email as, “Any
electronic mail message the primary
purpose of which is the commercial advertisement or promotion of a
commercial product or service.”

If the main reason for sending an email is to
sell something, it’s a commercial email.

What is a transactional or
relational email?

A transactional email provides an update to an
already agreed-upon commercial transaction or relationship. For eCommerce, this
would be something like advising a customer that their order has shipped. In
B2B, it might be a quote or a reminder about an upcoming meeting.

The FTC
lists five kinds of content that are acceptable in a transactional or
relational email:

Updates about an order or previously agreed-upon transaction.
Warranty, recall, safety, or security information.
Change in terms, features, or account information for a membership, subscription, account, loan, or another ongoing relationship.
Employment information or employee benefits.
Actual delivery of goods or services as part of a transaction the subscriber has agreed to.

As long as the message only contains these
kinds of content and doesn’t contain false or misleading information, CAN-SPAM
probably doesn’t apply.

Understanding an email’s primary
purpose

Because CAN-SPAM only applies to commercial
emails, it’s incredibly important to understand whether or not what you’re
sending is, in fact, commercial.

This becomes complicated, however, because
there are times that an email can be considered both transactional and commercial. In this case, the law
goes back to “the primary purpose.”

You can determine the primary purpose by
analyzing both the subject line and content of the email:

If a message contains both commercial and
transactional information, but the subject line sounds, to an average
subscriber, like it’s commercial, the email is considered commercial.

If the subject line sounds transactional
(“Your order status has been updated”), but the email primarily contains
promotional messages, it is, again, considered commercial.

However, if you send a receipt with a
reasonable subject line (“Receipt for today’s purchase”) you can include a
short promotional message — but it needs to come below the primary transaction
information and remain a small portion of the content.

In
summary, to be confident an email is considered transactional:

Have a clear, non-promotional
subject line.
Put the transactional information
at the beginning.
Keep promotional content secondary
both in volume and positioning.

This order confirmation and thank you email from Huckbery is a nice example:

CAN-SPAM compliant Huckberry transactional email with promotion Via Really Good Emails

The subject line is obviously transactional,
and that’s the kind of content the customer sees when the email is opened. All
the links for order tracking and the receipt info are there. But, there’s also
a section at the bottom of the email with “trending products.” Because it’s
primary purpose is transactional,
there is no unsubscribe link.

No marketer wants to miss a promotional opportunity, but CAN-SPAM’s potential consequences are no joke. James Glover, CEO of Coherent Path, offers a pretty simple way to break things down:

“My advice to eCommerce email marketers who combine relational and promotional emails is to always go above and beyond the minimum requirements. Treat your customer how you would want to be treated. If they’ve given you permission to email them, don’t abuse that channel. Use it to help the customer and say something relevant every time they open their email. As my mom used to say: if you can’t say something nice, then don’t say anything at all.”

Who enforces CAN-SPAM?

The Federal Trade Commission (FTC) is the primary agency tasked with enforcing CAN-SPAM compliance. The FTC even had the power to create a national do-not-email list similar to the do-not-call registry that exists today. However, the commission decided against this action.

While most enforcement lies with the FTC, state attorneys general, the FCC, and ISPs can take action in rare cases. The FCC is specifically responsible for creating rules to “protect consumers from unwanted mobile service commercial messages.”

But, to the frustration of critics, the law prevents individuals from bringing a suit against spammers. So, in some ways, it takes away the rights of individual subscribers because it preempts most state laws — many of which were more aggressive and allowed individuals to seek compensation.

The FTC has periodically reviewed CAN-SPAM
over the years to provide follow-up reports and recommend changes.

2005

In a 2005 follow-up report by the FTC, the committee noted two successful overall outcomes. The first was the adoption of “commercial email ‘best practices’ that many legitimate online marketers are now following.” And the second was the ability for ISPs and law enforcement agencies to use the CAN-SPAM act as a means for action against spammers.

2008

In 2008, the law was updated in several ways:

Outlined that subscribers could not be forced to pay a fee to unsubscribe.
Clarified the definition of “sender”.
Noted that an accurately registered post office box or private mailbox in compliance with USPS regulations would satisfy the act’s requirement of a physical postal address.
Updated the definition of “persons” to specify that protections applied to more than just natural persons.

2019

The law was once again reviewed in 2019. The FTC solicited feedback from the public about potential changes as well as whether it provides a meaningful benefit to consumers and/or economic burdens on commercial entities.

The large majority of public feedback favored
keeping the rule and the committee unanimously voted to uphold it without
changes.

What are the penalties for
CAN-SPAM violations?

Failure to follow the rules for CAN-SPAM
compliance may result in some serious financial damage, while more aggravated
violations can result in jail time.

How much can you get fined for a
CAN-SPAM violation?

Each individual email can be subject to penalties of up to $43,792.

If you’re found guilty of additional, more
severe kinds of trickery, penalties can include jail time. These include things
like, according to the FTC’s site, “relaying or retransmitting multiple spam
messages through a computer to mislead others about the origin of the message,
harvesting email addresses, or taking advantage of open relays or open proxies
without permission.”

It’s more than a threat — the first person was criminally sentenced in 2004 as a result of CAN-SPAM act violations.

Marketo reports successful fines of $900,000 levied against an IT company and a $2.5 million judgment against a pharmaceutical company, both stemming from misleading headers, subject lines, and the inability for subscribers to opt out.

These penalties aren’t small — they’re
enough to get anyone’s attention and warrant careful steps for CAN-SPAM
compliance.

How successful has CAN-SPAM been?

Since CAN-SPAM takes precedence over state
laws (many of which were tougher) and prevents individual consumers from filing
suits, it’s regarded by many to be ineffective.

Marketo points out that though some cases have resulted in large judgments, it’s “weak.”

Technically, it is still perfectly legal to send unsolicited emails to people in the United States. There is no opt-in requirement in the CAN-SPAM Act. That’s what led some to dub it the You-Can-Spam law. Here’s what the Coalition Against Unsolicited Commerical Email (CAUCE) had to say upon CAN-SPAM becoming law …

“This legislation fails the most fundamental test of any anti-spam law, in that it neglects to actually tell any marketers not to spam. Instead, it gives each marketer in the United States one free shot at each consumer’s e-mail inbox …”

Coherent Path CEO James Glover, who also hosts the Coherent Thoughts podcast, points out that the lack of a consent requirement is a fatal flaw of CAN-SPAM.

“Overall, CAN-SPAM has been largely ineffective at preventing spam emails. One of the greatest things about email marketing, in its ideal form, is that it is a form of permission marketing in which you can build a relationship with a customer. It is the email marketer’s responsibility to maintain and build that relationship by delivering content the recipient cares about, or it risks being cut off by customers unsubscribing.

The act unfortunately does not stop spam initiation because it does not require the recipient to give initial permission. One benefit to CAN-SPAM, however, is that it requires senders to give recipients an opt-out and that unsubscribe requests must be processed in a timely manner. ”

Glover believes there are many ways America’s anti-spam law should be updated. The sad reality is that, according to Securelist by Kapersky, spam still made up more than 45% of email traffic in early 2021. See more insights from Coherent Path’s Email Marketing Insights Report

Do ESPs help with CAN-SPAM
compliance?

Yes, but they can only do so much.

Email service providers will typically prevent
marketers from sending campaigns that don’t include an unsubscribe link and
contact address. In fact, many include their own email footer by default that
contains this information.

Some other ESPs, like Constant Contact, go a step further by verifying the from email address and requiring previous unsubscribers to manually confirm consent before being added back to a list.

But that still leaves a large swath of
compliance — like the bulk of the content and how a large portion of the
header appears — in the hands of marketers themselves.

The
point: email service providers are not
going to take care of CAN-SPAM compliance for you.

Check email deliverability before
you send

CAN-SPAM compliance might seem tricky, but it
really comes down to what James Glover summed up, “treating others the way you
want to be treated.” You can take care of the majority of compliance by being
transparent with subscribers about the intentions of your email and who it’s
from, and by offering an easy way to opt out of future messages.

At Email on Acid, we understand CAN-SPAM compliance, but we’re not legal experts. So, we suggest you consult with a legal professional before determining whether or not you’re in compliance. Don’t just take our word for it.

We are, however,
experts at helping marketers get the most from each campaign, every time they
hit the send button. And considering all that you’ve invested into compliance,
much less the email content itself, you want every subscriber to receive your
message.

Email on Acid’s email deliverability tool identifies potential issues before you launch your campaign. It runs tests against four of the most popular blocklists and 23 of the most widely recognized spam filters. Even better, it provides actionable steps to resolve issues.

Catch issues before you hit send. See the power of our email deliverability tool.

Author: The Email on Acid Team

The Email on Acid content team is made up of digital marketers, content creators, and straight-up email geeks.

Connect with us on LinkedIn, follow us on Facebook, and tweet at @EmailonAcid on Twitter for more sweet stuff and great convos on email marketing.

https://blog.5gigbucks.com/create-your-very-own-auto-publish-news-blog-site-and-earn-passive-income-in-just-4-easy-steps/

CAN-SPAM Compliance: A Guide for Email Marketers

What is the CAN-SPAM Act?