While new rules can be hard enough to follow, it's all written in legalese that leads to a lot of confusion and misunderstanding. In some cases, particularly with new businesses, one might as well be reading hieroglyphics. This misunderstanding can lead to people being too lax or too strict. So here it is: CAN-SPAM in ordinary English, making the basics clear. You may want to consult a lawyer on the finer points of the law. This is just a basic guide of the US legislated CAN-SPAM law of 2003.
What does CAN-SPAM stand for?
Well, oddly enough, spam isn't even in the title. CAN-SPAM stands for "Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003." CAN-SPAM has a nice ring, but the title is perhaps a little misleading.
What is "spam" and what isn't?
This is probably the most complicated part of the law. Technically spam is anything defined as "Unsolicited Commercial Email." To translate, spam is annoying emails that you don't want and didn't ask for from people or companies you've never met, trying to sell you something you don't need or want.
Who needs to worry about these new rules?
Anyone who operates a business, small or large. The penalties can be up to $300 per email with a conviction, and it can also put you behind bars. That's right, CAN-SPAM carries with it criminal penalties for violators. This means that sending a single unsolicited email, depending on the judge and the circumstances, could result in more than just a fine.
If I have an email service provider or ESP, what about CAN-SPAM then?
This is probably the case you have to be the most careful with. The reason is that it doesn't matter if you're sending the email, or someone else is sending on your behalf, You're still liable. This means that the onus is on you to ask. Ask your ESP if they can be sure that your emails will be CAN-SPAM compliant. If you're met with blank stares and uncomprehending responses, it's time to get out of dodge. Ask them questions about what compliance features they include, and hire someone who knows what they're talking about.
After all of this, what I really want to know is how to send a CAN-SPAM compliant email?
Well, I can't promise to explain exactly how to do that, since I'm not a lawyer. What I can do, though, is go over the basics, which are generally accepted as best practices anyway. Here are the basics for compliant emails.
1. Make sure your lists are filled only with people who want your message.
You can collect subscriptions or consent in a dozen different ways, using anything from web forms to verbal consent. You do have to opt them in one way or another. Best practices would dictate that you not contact anyone who hasn't contacted or purchased from you in a couple of years.
2. Make sure you offer some kind of simple unsubscribe button.
It doesn't really matter where you put it (top, bottom, side) so long as it's there. That part is the law. You have to have one. You can't make it intentionally complex or difficult for that unsubscribe to be completed, and most certainly charging them for an exit from your service is a bad plan. Rule of thumb says two clicks should be all that is necessary to remove themselves from your list. This is the safest method for you and your customer, and makes things quick and easy.
3. Your customers have to know where you are.
You might know where your emails are coming from, but that doesn't mean your customers do. Besides that, people don't feel near as safe if you're withholding your address. Then again, doing that is illegal under CAN-SPAM. So, it's probably a good idea to be sure that you have your mailing address in that email somewhere. You know, if you don't want to get charged. A best practice to avoid that would be to include your street address or PO box, postal/zip code and ideally your phone number. This is something most businesses do anyway. CAN-SPAM just means that you have to include everything but the phone number. Rule of thumb, though, is that your mailing address is the bare minimum.
4. No means no applies to unsubscribe as well.
If they come back and begin to purchase or use your service again, that's another story. Then you can email them again. But if they tell you they want off the list, according to CAN-SPAM rules, you have ten days to comply before they can start shaking you down for emailing them. Our best practice advice is to have it set up to happen instantly through marketing automation, but that's ultimately on your shoulders.
5. Buying and selling email lists is also against the rules.
Sure, you can arrange an agreement with another company to co-market your services in their media, but sending to customers you don't know can be incredibly risky. You cannot send to people you don't know, because email is legally governed differently than direct mail. In truth, you don't really want to anyway because an effective email campaign sends only helpful mail to existing customers that are interested. Blasting out random email is like throwing a rock in the dark and hoping you hit the target: a waste of time and resources.
This is not legal advice. If you're nervous about your emails, or want to ask case-specific questions, you need to contact a lawyer and have them look things over. If you want to learn more about the entire act and all of the consequences, you can check out the FTC's Compliance Guide for Business. Don't forget that any of this could change if Congress passes another act, or the FTC changes or strengthens the rules. If you're a consumer battling spam in the US, you can report it.
On a final note, many other countries have more stringent laws, so you may want to check out the laws for the countries you do business in. For example, Canada has enacted CASL, their anti-spam legislation that is one of the strictest in the G8. You can learn more about Canadian policy on our CASL page. As an email service provider, check out our email product, and see how our marketing solution helps you stay compliant with spam laws using built-in unsubscribe links, suppression lists and more!