Menu

How to Keep Your Email Legal and Stay Compliant with CAN-SPAM and CASL

Below you’ll find an unedited version of a chapter from my new book, Email Marketing Demystified. To get your copy of Email Marketing Demystified, visit www.myemailmarketingbook.com

Wood gavel, bunch of keys, scales and stack of old books against the background of a row of antique books bound in leather

While email marketing and other aspects of Internet business can sometimes feel like you are operating in the Wild West, email marketing is actually regulated in the United States, Canada and in some other developed countries. You will want to learn about your country’s specific regulations regarding email marketing so that you can stay in compliance with the law and avoid getting hit with hefty penalties for unknowingly violating the law.

Enter your email address below to receive a steady stream of tricks, tips and ideas to help you build a better and more profitable business.

CAN-SPAM Act of 2003 (United States)

Congress passed the Controlling the Assault of Non-Solicited Pornography And Marketing Act in 2003, better known as the CAN-SPAM Act. CAN-SPAM establishes a basic set of rules for all commercial email. Each separate violation of the CAN-SPAM Act can result in penalties of up to $16,000, so it’s important to make sure that your messages stay compliant with the law.

The Federal Trade Commission has put together a guide for businesses titled “CAN-SPAM Act: A Compliance Guide for Business”, which is located at http://1.usa.gov/1wftWeD. The guide outlines the main requirements of CAN-SPAM and provides a series of frequently asked questions that clarify different components of the legislation. I recommend that every mailing list owner in the United States read this guide.

Here are some of the main requirements of CAN-SPAM listed in the guide:

  1. Don’t use false or misleading header information. Your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.
  2. Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message.
  3. Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
  4. Tell recipients where you’re located. Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations.
  5. Tell recipients how to opt out of receiving future email from you. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. Craft the notice in a way that’s easy for an ordinary person to recognize, read, and understand. Creative use of type size, color, and location can improve clarity. Give a return email address or another easy Internet-based way to allow people to communicate their choice to you. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you. Make sure your spam filter doesn’t block these opt-out requests.
  6. Honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request. Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act.
  7. Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.

There have been a number of criminal indictments under the CAN-SPAM Act of 2003 since its passage. To date, only a handful large-scale spam operations have been targeted by the Federal Trade Commission. Most small marketers probably don’t need to worry much about the FTC knocking on their door over a CAN-SPAM violation, but you should still make sure that your mailings are in compliance with the CAN-SPAM Act. The rules outlined by the Federal Trade Commission are straight forward and are very easy to follow. Be honest about who you are, where your business is located and the content of your messages. Provide clear opt-out instructions and honor opt-out request promptly. Do these two things and you probably won’t have much to worry about.

Interestingly enough, the CAN-SPAM Act of 2003 doesn’t actually outlaw spam. The legislation does not require commercial email senders to get permission before emailing someone. When the legislation was first passed, some referred to it as the “You Can Spam” Act because it didn’t actually do anything to limit the amount of spam that people receive. The CAN-SPAM Act also generally only applies to people living in the United States. Many spammers are located in developing countries around the globe, which makes it extremely difficult to take any legal action against them. Because of the limited jurisdiction of the CAN-SPAM Act and its relatively light regulatory burden, spam continues to be a major problem in the United States and the rest of the world.

FTC Endorsement Guidelines (United States)

If you are going to promote other company’s products as an affiliate, you need to be aware of the Federal Trade Commission’s paid endorsement guidelines. Generally, you need to disclose whenever you are getting paid to promote a product or service for another company. Your disclosure must also be “clear and conspicuous” and as close to the endorsement as possible. This means that you shouldn’t try to hide your disclosure in the footer of your messages or in some other inconspicuous location.

The Federal Trade Commission issued a guide in March 2013 that outlines disclosure rules and recommendations titled “.com Disclosures: How to Make Effective Disclosures in Digital Advertising” (http://1.usa.gov/1G7chtn). The guide provides specific recommendations about how to properly disclose paid endorsements in digital media.

Canada’s Anti-Spam Legislation (CASL)

The Canadian Parliament passed the Fighting Internet and Wireless Spam Act (FISA) in December 2010. The legislation, which is better known by the nickname of Canada’s anti-spam legislation (CASL) went into effect on July 1st, 2014. CASL requires that marketers only send email to individuals that consent to receive messages, with a few exceptions. CASL is arguably one of the most stringent pieces of anti-spam legislation in the world due to its consent requirements and other restrictions put in place by the legislation.

Under CASL, you can only send email to subscribers that have expressly opted-in into your mailing list or to recipients that have passively agreed to accept email through some form of implied consent. For example, you can email anyone that’s purchased a product from you or has done a business deal with you within the last 24 months under the guise of implied consent. There are also a variety of exceptions for recipients that you have an existing personal or business relationship with and for recipients that you need to notify of a product recall, court order or updates and changes to an existing product or service they previously purchased.

CASL also puts a number of other restrictions on marketers. The legislation requires mailing list operators to have a working opt-out mechanism. CASL also makes harvesting email addresses using software and installing computer programs without consent illegal. The legislation makes it illegal to alter messages in transit and makes it illegal to use of false or misleading representations online in the promotion of products or services.

The legislation is enforced by the Canadian Competition Bureau, the Canadian Radio-television and Telecommunications Commission (CRTC) and the Canadian Office of the Privacy Commissioner. Individuals that violate the legislation can face fines of up to $1 million and businesses in violation can face fines of up to $10 million. The law will go into full effect in 2017 when private citizens can take civil action against spammers that violate the provisions of CASL.

If you don’t live in Canada, you might think that the provisions of CASL won’t apply to you. However, if you live in the United States or another jurisdiction and have subscribers in Canada, you need to pay attention to the legislation. CASL applies where “a computer system located in Canada is used to send or access” an electronic message. This means that CASL will apply if a sender in the United States sends an email to a Canadian citizen and opens it on a computer or smartphone located in Canada. While it remains to be seen if Canada will try to enforce the CASL outside of its borders through extradition, it’s probably a good idea to stay in compliance with CASL if you are going to have any Canadian customers. The American Bar Association has published an article that contains additional information about CASL’s implications for citizens in other countries titled “Canada’s Tough New Anti-Spam Legislation: Beware Its Extra-Territorial Reach” (http://www.americanbar.org/publications/blt/2014/01/keeping_current_french.html).

For more information about CASL and how to stay compliant, visit www.fightspam.gc.ca.

Wrap-Up          

While regulations that surround email marketing will vary depending on what country you live in, you probably won’t have a lot to worry about if you follow what I refer to as the three golden rules of email marketing:

  1. Only send email to people that have opted-in to receiving your messages
  2. Only send content that you would actually want to receive if you were a subscriber to your mailing list.
  3. Don’t be deceptive in the content of your messages and don’t try to hide your identity to your subscribers.

If you only send high-quality, relevant and honest content to your subscribers and you only email people that have expressly opted-in to your mailing list, it’s extremely unlikely that anyone is ever going to get upset with you enough to try to hit you over the head with a civil suit for failing to follow anti-spam legislation. You should still pay attention to your country’s anti-spam legislation and try to follow its provisions, but you won’t have a target on your back if you follow the three golden rules of email marketing.

Action Steps

  • If you live in the United States, verify that your email sending practices are in compliance with the CAN-SPAM Act of 2003
  • If you live in Canada, verify that your email sending practices are in compliance with Canada’s Anti-Spam Legislation (CASL).
  • If you live in another country, research your own country’s anti-spam laws to make sure that you are in compliance with your country’s laws and regulations.
  • Follow the three golden rules of email marketing.