What You Need to Know About the CAN-SPAM Act
If you use email in your business, you need to know the many requirements of the CAN-SPAM Act of 2003. The penalties for not complying with it are high – as much as $16,000 per email sent. That’s a hefty fine! I’ve put together this quick post to help you be aware of some of the key requirements.
The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act was first passed in 2003. Additional clarifications to the law were published in 2008. The act applies to anyone sending commercial email messages in the United States. Basically, it includes any email with a primary purpose of being a commercial advertisement or promotion of a commercial product or service, including B2B email.
Complying, however, isn’t that difficult. There are seven key requirements to be aware of in order to comply with the CAN-SPAM Act:
- Don’t use a false or misleading header information (i.e., from, to, reply to, and routing information).
- Don’t use deceptive subject lines. In other words, don’t bait recipients with an offer in the subject line that isn’t the real offer in the body of the email.
- Make it clear that your email is an advertisement. The law provides a bit of leeway for this, but suffice to say, you must clearly disclose that the email is an advertisement.
- Include your address in the email. The original 2003 version of the act required that you include your physical address, but the 2008 version modified the requirements to allow a P.O. box, as long as it’s registered with the U.S. Postal Service. If you’re not using a U.S. Postal Service P.O. box directly, however, there are a few additional details you need to know about.
- You must give your recipients a way to opt out – or unsubscribe – from future emails. This is a very important requirement. The unsubscribe link must be clear enough for an ordinary person to read, recognize, and understand. You can provide options for unsubscribing, but you must always include a choice to stop all commercial messages. If you take readers to your website, make sure they don’t have to log in or navigate through pages to get to the unsubscribe form. Nothing but an email address may be requested on an unsubscribe form, and there should be no persuasive language to keep users opted in.
- Honor unsubscribe (opt-out) requests promptly. Although you have 10 days to honor an unsubscribe request, most email service providers have mechanisms to facilitate unsubscribe requests immediately. You are also required by law to be able to process opt-out requests for 30 days after you send a message. That means that if you are changing email service providers, you must retain the old system for 30 days after your last message was sent from the system to continue to be able to process the unsubscribe requests.
- Be aware and monitor what your consultants, business partners, or others may be doing on your behalf. CAN-SPAM makes it clear that even if you hire another firm to send your emails for you, both the company doing the sending – as well as the company whose product is being promoted in the email – are legally responsible.
These are some – but not all – of the most important requirements of CAN-SPAM. For example, the law is very clear that you’re also not allowed to “scrape” email addresses off of websites and email to them. Nor are you allowed to use what are called dictionary attacks – creating a bunch of names and words to place before the @ sign of an address in an effort to discover valid email addresses. These activities can lead to aggravated penalties.
Finally, note that the law indicates that there could be a reduction in damages if “the violation occurred despite commercially reasonable efforts to maintain compliance.” This emphasizes the importance of understanding the law, communicating the requirements, and training your staff in what is required and acceptable under the law. FulcrumTech provides live CAN-SPAM seminars to organizations across the United States help train staff about the requirements of the law. Clients often obtain signatures from those who attend to prove that training occurred. So if you are emailing, you need to spend the time getting your arms around this law.
To learn more, contact FulcrumTech today for a free copy of the Federal Trade Commission’s CAN-SPAM Act: A Guide for Business.