In 2003, the Federal Trade Commission (FTC) approved the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM). Commonly referred to as the U.S. anti-spam law or spam act, CAN-SPAM sets the federal standards for commercial emailing.
1. What is the CAN-SPAM Act of 2003?
The Controlling the Assault of Non-Solicited Pornography and Marketing Act – or more simply the CAN-SPAM Act of 2003 – is made up of several rules which outline appropriate and inappropriate actions regarding commercial emailing.
In the FTC’s CAN-SPAM guide, they offer this definition of the act, stating that it:
…sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.
All United States (US) businesses that send commercial emails – or employ third-party services to send electronic mail on their behalf – are subject to comply.
CAN-SPAM classifies emails into three categories:
- Commercial
- Transaction or relationship content
- Other
Mailings and digital communication that are informational, or which detail a transaction or relationship, are not considered to be commercial, and are therefore not covered by CAN-SPAM.
However, this spam act does apply to advertising messages and content sent by businesses to consumers through social media channels, such as Facebook, Twitter, and Linked.
2. CAN-SPAM Compliance – How to Follow the FTC’s CAN-SPAM Rules
Complying with CAN-SPAM is relatively simple for most companies, assuming your email strategy doesn’t rely on spam, dishonesty, or inappropriate materials.
However, CAN-SPAM rules can be added, removed, or amended by the FTC at any time. So, it’s important to understand what the current provisions of CAN-SPAM entail, and how you can ensure your business is compliant with them and adhering to best practices.
1. Be honest and focus on transparency
Like most of the privacy laws that have emerged with the rise of the internet, CAN-SPAM seeks to increase business-to-user transparency. One of the key provisions of the act is the requirement that information in emails be honest. The following details of your commercial messages should be clear and truthful:
- Subject line – Before CAN-SPAM, “clickbait” subject lines ran rampant (e.g. “Attention Needed ASAP,” “You’re the Winner!” etc.). Now, it’s critical that the subject of your email messages accurately reflect the content inside.
- Email addresses and domain names – Don’t send electronic mail from a fake or unrecognizable account. Make your domain name clear and correct.
- “To” and “From” – Another remnant of the wild west days of email marketing, addressing messages from fake senders is not permitted under CAN-SPAM requirements.
Complying with these requirements should not be difficult, as being dishonest in any of the above categories is likely a pointed effort.
2. Label the message as an ad
According to CAN-SPAM Act of 2003, commercial messages sent for the primary purpose of advertisement or solicitation need to be clearly and conspicuously labeled as an ad.
A commercial email is defined as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.”
Questions often arise about this rule, as the guidelines are ambiguous in specifying the appropriate language or placement of this label. Responding to the confusion that has surrounded this rule, the FTC says:
Initiators of commercial email only have to identify the message as an ad in a way that is “clear and conspicuous.” The law gives you flexibility in how to do that effectively, but remember that deceptive subject lines are illegal.
As stated, there’s flexibility in how you accomplish this, but the “ad” label is commonly placed in the subject line or body of emails. Hiding it in a footer or other discreet location may lead to trouble in the event of a CAN-SPAM complaint.
Note that email recipients who have actively opted in to receiving advertising and solicitation emails from your company are exempt from this rule.
3. Warn of explicit content
The Commission adopted a new CAN-SPAM rule in 2004 known as the Label for Email Messages Containing Sexually Oriented Material (Adult Labeling Rule). Under this rule, if you send any message containing sexually-geared content, you must:
- Indicate the presence of explicit content by writing “SEXUALLY-EXPLICIT:” at the start of the email subject line.
- Only make non-explicit media and information viewable upon the opening of the message.
4. Include your address
Every commercial message sent from your company needs to include your valid, registered postal address somewhere in the email. Most often, this means including your physical address, PO Box, or otherwise registered mailbox in the footer of all your emails.
5. Allow for opt out
Under the legislation, people have the right to opt out of receiving email messages from your business at any time. There are four specific features of this rule that you must follow in order to comply:
- Present users with an obvious means of opting out – Include an easy-to-find link in the text or footer of every electronic mail you send that falls under the subjugation of CAN-SPAM. This link should clearly indicate that people can unsubscribe or opt out of receiving future messages.
- Honor opt-out requests in a timely fashion – Presenting users with a link or button that promotes opting out is pointless if you don’t honor those requests. In order to comply, you must address these requests by removing the user from your mailing list within 10 business days of receiving the request.
- Allow opt out for at least 30 days – After you’ve sent a message containing an opt-out function, users have at least 30 days to opt out of communications using that opt-out function.
- Users cannot be incentivized against opting out from your email list – The text specifies:
…an email recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single Internet Web page to opt out of receiving future email from a sender.
Opting out should be clear and easy for users, and you should make every effort to honor those requests quickly and without conflict.
6. Accept responsibility for your company
Even if your product or service is being promoted by a third party (such as a marketing agency), you are still responsible for holding messages promoting your business to the high standards of CAN-SPAM.
Be careful when using third-party services – whether those are marketers or email marketing platforms – and ensure that emails sent from or about your company comply fully with these requirements and your own privacy policy emails. Otherwise, you’ll be the one paying the price.
3. What are the Noncompliance Penalties?
The cost of not complying with CAN-SPAM can quickly add up for an offending company, with threatened penalties as high as $42,530 per electronic mail in violation.
Furthermore, a CAN-SPAM violation can be classified as a criminal offense, meaning penalties – like jail time – are within the realm of potential consequences for noncompliance.
In 2006, an infamous spammer named Christopher William Smith was charged under CAN-SPAM and ordered to pay $5.3 million in damages to AOL for his violating email tactics. It doesn’t take much to avoid Mr. Smith’s fate by making simple efforts to comply with the regulation.
4. What Do Compliant and Noncompliant Emails Look Like?
To fully understand good and bad emailing under the CAN-SPAM Act of 2003, let’s take a look at an email that complies with the rules and one that does not.
Example of CAN-SPAM compliant email
What they did right:
- Indicate that this email is an ad
- Identify the company in the “from” line and email address
- Give recipients a way to unsubscribe
At the bottom of the same email, we can see they continue to nail CAN-SPAM compliance:
What they did right:
- Include a second avenue through which recipients can unsubscribe, and give the option of customizing their email preferences
- Provide a valid mailing address
While Target got it right with their marketing email, plenty of others continue to get it wrong. Let’s take a look at what a noncompliant email looks like.
Example of CAN-SPAM noncompliant email
What they did wrong:
- Subject line doesn’t honestly represent the content of the message
- No indication that it is an ad
- Dishonest sender name
- No option to unsubscribe
- No address
While making all of these mistakes in one email is likely a dedicated effort by spammers, making one or two mistakes can happen to honest email marketers. Be careful when crafting your emails to ensure you have the necessary features in place to comply with CAN-SPAM.
5. Conclusion
Now that you know what the CAN-SPAM rules are, you may be wondering how relevant they still are, given their over 15-year reign.
In mid-February of 2019, the FTC reviewed the CAN-SPAM rules and determined that they are, in fact, still necessary and should remain in their current form. In other words – CAN-SPAM isn’t going anywhere. So if your business is subject to the guidelines of the spam act, the time to comply is now.