Termly

| By | Reviewed By Masha Komnenic CIPP/E

CAN-SPAM Act: CAN-SPAM Laws and Compliance Guide

Start Building Compliance CAN SPAM Act: Law and Requirements Compliance Guide Featured Image

Home Resources Articles CAN-SPAM Act: CAN-SPAM Laws and Compliance Guide

In 2003, the Federal Trade Commission (FTC) approved the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM). Commonly referred to as the U.S. anti-spam law or spam act, CAN-SPAM sets the federal standards for commercial emailing.

Table of Contents
  1. What is the CAN-SPAM Act of 2003?
  2. CAN-SPAM Compliance – How to Follow the FTC's CAN-SPAM Rules
  3. What are the Noncompliance Penalties?
  4. What Do Compliant and Noncompliant Emails Look Like?
  5. Conclusion

1. What is the CAN-SPAM Act of 2003?

The Controlling the Assault of Non-Solicited Pornography and Marketing Act – or more simply the CAN-SPAM Act of 2003 – is made up of several rules which outline appropriate and inappropriate actions regarding commercial emailing.

In the FTC’s CAN-SPAM guide, they offer this definition of the act, stating that it:

…sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.

All United States (US) businesses that send commercial emails – or employ third-party services to send electronic mail on their behalf – are subject to comply.

CAN-SPAM classifies emails into three categories:

  1. Commercial
  2. Transaction or relationship content
  3. Other

Mailings and digital communication that are informational, or which detail a transaction or relationship, are not considered to be commercial, and are therefore not covered by CAN-SPAM.

However, this spam act does apply to advertising messages and content sent by businesses to consumers through social media channels, such as Facebook, Twitter, and Linked.

2. CAN-SPAM Compliance – How to Follow the FTC’s CAN-SPAM Rules

Complying with CAN-SPAM is relatively simple for most companies, assuming your email strategy doesn’t rely on spam, dishonesty, or inappropriate materials.

However, CAN-SPAM rules can be added, removed, or amended by the FTC at any time. So, it’s important to understand what the current provisions of CAN-SPAM entail, and how you can ensure your business is compliant with them and adhering to best practices.

1. Be honest and focus on transparency

Like most of the privacy laws that have emerged with the rise of the internet, CAN-SPAM seeks to increase business-to-user transparency. One of the key provisions of the act is the requirement that information in emails be honest. The following details of your commercial messages should be clear and truthful:

Complying with these requirements should not be difficult, as being dishonest in any of the above categories is likely a pointed effort.

2. Label the message as an ad

According to CAN-SPAM Act of 2003, commercial messages sent for the primary purpose of advertisement or solicitation need to be clearly and conspicuously labeled as an ad.

A commercial email is defined as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.”

Questions often arise about this rule, as the guidelines are ambiguous in specifying the appropriate language or placement of this label. Responding to the confusion that has surrounded this rule, the FTC says:

Initiators of commercial email only have to identify the message as an ad in a way that is “clear and conspicuous.” The law gives you flexibility in how to do that effectively, but remember that deceptive subject lines are illegal.

As stated, there’s flexibility in how you accomplish this, but the “ad” label is commonly placed in the subject line or body of emails. Hiding it in a footer or other discreet location may lead to trouble in the event of a CAN-SPAM complaint.

Note that email recipients who have actively opted in to receiving advertising and solicitation emails from your company are exempt from this rule.

3. Warn of explicit content

The Commission adopted a new CAN-SPAM rule in 2004 known as the Label for Email Messages Containing Sexually Oriented Material (Adult Labeling Rule). Under this rule, if you send any message containing sexually-geared content, you must:

  1. Indicate the presence of explicit content by writing “SEXUALLY-EXPLICIT:” at the start of the email subject line.
  2. Only make non-explicit media and information viewable upon the opening of the message.

4. Include your address

Every commercial message sent from your company needs to include your valid, registered postal address somewhere in the email. Most often, this means including your physical address, PO Box, or otherwise registered mailbox in the footer of all your emails.

5. Allow for opt out

Under the legislation, people have the right to opt out of receiving email messages from your business at any time. There are four specific features of this rule that you must follow in order to comply:

  1. Present users with an obvious means of opting out – Include an easy-to-find link in the text or footer of every electronic mail you send that falls under the subjugation of CAN-SPAM. This link should clearly indicate that people can unsubscribe or opt out of receiving future messages.
  2. Honor opt-out requests in a timely fashion – Presenting users with a link or button that promotes opting out is pointless if you don’t honor those requests. In order to comply, you must address these requests by removing the user from your mailing list within 10 business days of receiving the request.
  3. Allow opt out for at least 30 days – After you’ve sent a message containing an opt-out function, users have at least 30 days to opt out of communications using that opt-out function.
  4. Users cannot be incentivized against opting out from your email list – The text specifies:

…an email recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single Internet Web page to opt out of receiving future email from a sender.

Opting out should be clear and easy for users, and you should make every effort to honor those requests quickly and without conflict.

6. Accept responsibility for your company

Even if your product or service is being promoted by a third party (such as a marketing agency), you are still responsible for holding messages promoting your business to the high standards of CAN-SPAM.

Be careful when using third-party services – whether those are marketers or email marketing platforms – and ensure that emails sent from or about your company comply fully with these requirements and your own privacy policy emails. Otherwise, you’ll be the one paying the price.

3. What are the Noncompliance Penalties?

The cost of not complying with CAN-SPAM can quickly add up for an offending company, with threatened penalties as high as $42,530 per electronic mail in violation.

Furthermore, a CAN-SPAM violation can be classified as a criminal offense, meaning penalties – like jail time – are within the realm of potential consequences for noncompliance.

In 2006, an infamous spammer named Christopher William Smith was charged under CAN-SPAM and ordered to pay $5.3 million in damages to AOL for his violating email tactics. It doesn’t take much to avoid Mr. Smith’s fate by making simple efforts to comply with the regulation.

4. What Do Compliant and Noncompliant Emails Look Like?

To fully understand good and bad emailing under the CAN-SPAM Act of 2003, let’s take a look at an email that complies with the rules and one that does not.

Example of CAN-SPAM compliant email

target ad email

What they did right:

  • Indicate that this email is an ad
  • Identify the company in the “from” line and email address
  • Give recipients a way to unsubscribe

At the bottom of the same email, we can see they continue to nail CAN-SPAM compliance:

target ad email preferences

What they did right:

  • Include a second avenue through which recipients can unsubscribe, and give the option of customizing their email preferences
  • Provide a valid mailing address

While Target got it right with their marketing email, plenty of others continue to get it wrong. Let’s take a look at what a noncompliant email looks like.

Example of CAN-SPAM noncompliant email

example of an email not compliant with CAN-SPAM

What they did wrong:

  • Subject line doesn’t honestly represent the content of the message
  • No indication that it is an ad
  • Dishonest sender name
  • No option to unsubscribe
  • No address

While making all of these mistakes in one email is likely a dedicated effort by spammers, making one or two mistakes can happen to honest email marketers. Be careful when crafting your emails to ensure you have the necessary features in place to comply with CAN-SPAM.

5. Conclusion

Now that you know what the CAN-SPAM rules are, you may be wondering how relevant they still are, given their over 15-year reign.

In mid-February of 2019, the FTC reviewed the CAN-SPAM rules and determined that they are, in fact, still necessary and should remain in their current form. In other words – CAN-SPAM isn’t going anywhere. So if your business is subject to the guidelines of the spam act, the time to comply is now.

Written by KJ Dearie

KJ Dearie is a product specialist and privacy consultant for Termly, where she advises small business owners on how to comply with the latest data privacy laws and trends. She's been published in Business News Daily, Omnisend, ITProToday, MarTechExec, and more.

Related Articles