Understanding CAN-SPAM
Overview
CAN-SPAM (Controlling the Assault of Non-Solicited Pornography And Marketing) is an act that was passed in 2003. It is a very important law that you need to know about if you are sending electronic marketing email. If you do not abide by it, you are subject to fines and penalties from the U.S. Federal Government of up to $16,000 per violation.
The FTC's website provides a Compliance Guide for Business that can be found at: https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business
Despite its name, the CAN-SPAM Act does not apply to just bulk email. It covers all commercial messages, which the law defines as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service" including email that promotes content on commercial websites. The law makes no exception for business-to-business email.
Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $16,000, so non-compliance can be costly. However, following the law isn't complicated. Here is a rundown of CAN-SPAM's main requirements:
- Include a valid postal address in your message. This can be your current street address, a post office box you have registered with the U.S. Postal Service, or a private mailbox you have registered with a commercial mail receiving agency established under Postal Service regulations.
- Include an opt-out/unsubscribe mechanism in every message. Tell recipients how to opt out of receiving future email from you. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. Craft the notice in a way that's easy for an ordinary person to recognize, read, and understand. Creative use of type size, color, and location can improve clarity. Give a return email address or another easy, Internet-based way to allow people to communicate their choice to you. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you.
- Honor opt-out/unsubscribe requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. Once people have told you they do not want to receive more messages from you, you cannot sell or transfer their email addresses, even in the form of a mailing list.
- Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you cannot contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.
- Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
What am I not allowed to do?
- Do not use false or misleading header information. Your "From," "To," "Reply-To," and routing information, including the originating domain name and email address, must be accurate and identify the person or business who initiated the message.
- Do not use deceptive subject lines. The subject line must accurately reflect the content of the message.
- Do not provide a barrier to opt-out/unsubscribe. You cannot charge a fee, require the recipient to give you any personally identifying information beyond an email address, or provide a password or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request. Once people have told you they do not want to receive more messages from you, you cannot sell or transfer their email addresses, even in the form of a mailing list.
The CAN-SPAM Act has real penalties for those that do not comply. For more information, and FAQ's go to FTC's compliance guide for businesses.