Enter to open, tab to navigate, enter to select
Email Marketing and Complying with the CAN-SPAM Act
Practical Law Legal Update w-013-5534 (Approx. 5 pages)
Email Marketing and Complying with the CAN-SPAM Act
by Practical Law Commercial Transactions
| Published on 13 Mar 2018 • USA (National/Federal) |
Email is an essential tool for businesses, both for internal communications and as a way of marketing products and services to consumers. As important as the tool itself, the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act), which regulates commercial email, is a set of rules every business should know, especially email marketers. This article gives a brief introduction to the CAN-SPAM Act and provides recommendations on how businesses can ensure their email marketing campaigns meet the CAN-SPAM Act's requirements.
The popularity of email marketing has resulted in a high volume of emails in consumers' virtual mailboxes daily. To combat the rise of unsolicited commercial email, congress enacted the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act), which regulates the transmission of all commercial email messages. This article gives a brief introduction to the CAN-SPAM Act and provides recommendations on how businesses can ensure their email marketing campaigns meet the CAN-SPAM Act's requirements.
The CAN-SPAM Act:
- Establishes the requirements for commercial email.
- Gives recipients rights against email marketers.
- Puts in place penalties for violations.
The Act defines a commercial email message as any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service. (15 U.S.C. § 7702(2)(A)). This definition includes emails sent to business email accounts and individual consumers. Instead of an outright ban on unsolicited commercial email, the CAN-SPAM Act:
- Sets out specific requirements for commercial email messages.
- Ensures consumers can opt out of receiving commercial email messages.
The Federal Trade Commission (FTC) is the government agency primarily responsible for enforcing the CAN-SPAM Act. The FTC can seek civil penalties for CAN-SPAM Act violations as if they were violations of trade regulations and rules, including:
- Civil penalties up to $16,000 for each separate email that violates the CAN-SPAM Act.
- Injunctive relief.
Although the FTC is the primary agency responsible for regulating violations of the CAN-SPAM Act, it is good to keep in mind that there are several other government agencies that regulate commercial emails. For example, the Federal Communications Commission (FCC) has prohibited sending commercial emails to wireless devices without first obtaining the recipients prior express consent (47 C.F.R. § 64.3100) (For more information see, Email Marketing Campaign: CAN-SPAM Act Compliance Checklist: Comply with Additional Requirements for Emails Sent to Wireless Devices).
CAN-SPAM Act Compliance
The broad applicability of the CAN-SPAM Act over commercial email warrants attention from every business. It is important for all businesses that use email to communicate with past, present, and prospective customers to understand how the Act specifically applies to them, whether or not they engage in specific email marketing campaigns.
Any person, including business entities and nonprofit associations that initiate commercial email messages, must comply with the CAN-SPAM Act. The Act defines and applies differently to initiators and senders of commercial emails:
- An initiator of a commercial email message either:
- Originates or transmits the email.
- Procures the transmission of the email (that is, intentionally pays or provides other consideration to, or induces another person to transmit the email on its behalf).
- A sender is an initiator whose own product, service, or website, is advertised or promoted in the commercial message.
Under the CAN-SPAM Act, a business that runs an email marketing campaign for its own product, service, or website is considered an initiator and a sender, even if it outsources the sending of the email campaign to a third-party vendor. As such, the business must comply with all of the Act's requirements. The third-party vendor hired to send the email for the company would only be considered an initiator, so long as it does not advertise its own services in the email.
CAN-SPAM Act Requirements
The CAN-SPAM Act provides for several requirements, including:
- A prohibition on false or misleading transmission information, such as who the email is from, being sent to, or replied to.
- A prohibition on deceptive subject headings, such as a subject heading that would likely mislead the recipient about a material fact about the message's contents or subject matter.
- Inclusion of an opt-out provision in commercial email messages that clearly give the recipient notice of their right to not receive (and opt of) future messages from the sender of the email.
- Clear identification that the message is an advertisement or solicitation.
- Additional rules for emails containing sexually oriented material, including for the email's subject line and content.
Ensuring Email Marketing Messages Meet CAN-SPAM Act Requirements
While all businesses should ensure their email messages are CAN-SPAM Act compliant, those that choose to engage in email marketing should be even more careful. Businesses engaged in email marketing should establish procedures to ensure their marketing emails properly account for the CAN-SPAM Act, before deploying any commercial emails.
Businesses that run email marketing campaigns should:
- Establish a company do-not-email database. The database should be a centralized storage system that holds opt-out requests for:
- all company emails;
- specific email programs (such as e-newsletters, marketing campaigns, and promotions); and
- individual brand emails.
- Establish an opt-out mechanism and process for honoring opt-out requests. The opt-out mechanism should allow recipients to opt out of (or unsubscribe from) receiving future commercial emails from the company.
- Make sure to honor all opt-out requests within ten business days and do not send further commercial email messages falling within the scope of the opt-out requests to that recipient after that time.
- Create a CAN-SPAM Act compliant mailing list. Make sure not to include any recipient that opted out from receiving emails from the company. It is a good idea to scrub the mailing list against the company's do-not-email list just prior to sending the email.
- Do not use false or misleading header or transmission information. Make sure to identify the company as the sender in the "From" line using enough information so the recipients can identify the sender of the message.
- Identify the message as an advertisement or solicitation.
- Use reputable third-party vendors. Conduct due diligence on any third party vendors the company uses, including those that manage their email marketing campaigns.
- Comply with additional requirements if the email contains sexually oriented material. For example, include the warning "SEXUALLY-EXPLICIT" in all caps as the first 19 characters in the subject line.
For a more in-depth discussion of the legal issues related to how the CAN-SPAM Act applies to a business that runs an email marketing campaign advertising its products or services, see Email Marketing Campaign: CAN-SPAM Act Compliance Checklist.