CAN-SPAM Law: A Brief History

CAN-SPAM Law is a shortened version of the name of Public Law No. 108-187, which was signed into Law by President George W. Bush on December 16, 2003. The full name of the law and bill was the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003. Of course, the name was also a play on the fact that unsolicited and unwanted email is typically referred to as “spam.” The Law gives the U.S. Federal Trade Commission the right to enforce the standards of the law (which we’ll discuss in detail below). You may think, based on the amount of unwanted and unsolicited emails that you receive daily, that the Law is not particularly effective. However, as a sender of the email, you are still governed by it. If the proper complaints are filed against you and you are found to be in violation of CAN-SPAM Law, then you are subject to large fines. Fortunately, being in compliance with CAN-SPAM Law is quite simple if you follow a few basic rules.

What Type of Email Sending Does CAN-SPAM Law Cover?

It’s also misleading to think that CAN-SPAM Law only applies to large bulk email sends. CAN-SPAM Law covers all commercial email messages. What does that mean? According to the wording of the Law, it means “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.” That includes an email that promotes content on a commercial website, so if your website makes any money at all and your email links back to it, you are liable under CAN-SPAM Law.

What Are the CAN-SPAM Law Fines?

Each separate email in violation of CAN-SPAM Law is liable for a fine of up to $16,000.

How Do I Make Sure That I’m CAN-SPAM Law Compliant?

There is good news. It’s very easy to be a CAN-SPAM Law complaint. Here are the steps that you need to follow.

  • Don’t Use False or Misleading Email Header Information: This one is easy. Your “From”, “To” and “Reply-To” fields on your email as well as the routing information (which includes the domain name and email address) but accurately identify the business or person who initiated the message. That mean’s if you own and want to send an email to your users, the email has to come from and not from another url or domain.
  • Don’t Use Deceptive Subject Lines: Your subject line must accurately reflect what’s in the content of your email. If your email contains an offer for 10% off of a Persian rug, your subject line can’t say that the Persian rug is free or talk about a completely unrelated topic just to incite people to open the email.
  • Identify That the Email is An Ad: You can do this in very subtle ways as the law is not detailed on it. However, somewhere your email must reveal that the message is an advertisement. A “brought to you by” at the close of the email is often considered sufficient.
  • Provide a Physical Location: You must let recipients know where you are physically located via a physical postal address within your email. This is not optional. It can be a street address or a postal box address. However, you must provide a way for users to reach you via registered postal mail.
  • Let Recipients Know How to Opt-Out of Future Emails: This is completely non-optional. Your email must always provide recipients with a clear and conspicuous explanation of how the recipient can opt-out of getting any email from you in the future. It must be easy for a person to recognize, read, and understand. The best methods, which are usually automatically handled by email marketing platforms such as Comm100, will provide either a return email address or an easy-to-click-to web page where users can quickly unsubscribe from future mailings. You are allowed to create a menu in which users can opt-out of only specific types of mailings, but you are always required to give the user the option of opting out of ALL future mailings from you (called a “Universal Unsubscribe”).
  • Honor Opt-Out Requests Promptly and Honorably: Whichever opt-out mechanism you choose to use must be able to process opt-out requests for at least thirty days after you send your email message, and users request to opt-out must be honored within ten business days. You are not allowed to charge a fee or require a recipient to give you any personally identifying information beyond an email address. You may not make a recipient take any step other than to send a reply email or visit a single page on a website as a condition for opting-out of an email list. After people have opted out of an email list, you cannot sell, rent or transfer their email addresses, even if those are contextualized as part of a postal mailing list. The ONLY exception to this rule is that you may transfer the email addresses to a company that you have hired in order to help you be CAN-SPAM LAW complaint.
  • Monitor What Others Do On Your Behalf: Even if you have hired another company to do your email marketing, you are still the responsible party under the law as both the company whose product is being promoted as well as the company who sent the email are legally responsible. This is a particularly important point if you run an affiliate marketing program as one of your marketing channels.