The CAN-SPAM Act and Requirements for Email Senders

The CAN-SPAM Act and Requirements for Email Senders

The Controlling the Assault of Non-Solicited Pornography and Marketing or CAN-SPAM Act for short is a federal law that sets forth various rules and regulations for the use of commercial email to to U.S. based recipients, including digital promotion and email marketing. The CAN-SPAM Act was passed in 2003 to help protect American consumers from malicious and unsolicited email messages. The CAN-SPAM Act applies to any commercial electronic message that is sent to U.S. consumers, including business to consumer communications as well as business to business communications.

Both transactional messages and marketing messages fall under the jurisdiction of the CAN-SPAM Act. While transactional email messages are only required to convey truthful information, commercial email messages are subject to the following requirements:

  • Avoid misleading to the recipient – Commercial emails sent to American consumers must contain both an accurate representation of the sender, be it an individual, company, or brand, as well as a clear and non-deceptive subject line. Moreover, the subject line must accurately describe the content contained within the email message, while marketing messages must also convey a specific message or purpose, such as a promotion or advertisement.
  • Include a physical mailing address in the body of the email message – Commercial emails must also contain a physical address in the body of the message to which unsubscribe requests can be mailed.
  • Provide an unsubscribe link – Commercial emails must contain a clear and obvious link by which consumers can unsubscribe from all of the sender’s future emails.
  • Opt-out requests must be honored within 10 days – Commercial email senders have no more than 10 business days to effectively process unsubscribe requests that are submitted by email recipients. Today, many email service providers do this automatically, with no additional action on the part of the sender. However, an email sender must maintain their global suppression indefinitely, even when changing internet service providers.
  • Senders and their agencies are held responsible – All agencies and consultants who send emails on behalf of clients are responsible for said email messages, as are any client-senders. Businesses and companies are prohibited from contracting away their legal responsibility to comply with the CAN-SPAM Act.

What if an email message or campaign combines both commercial and transactional content?

It’s extremely common for emails sent by companies or businesses to contain a mix of both commercial and transactional content. In such cases where an email message contains both forms of content, the primary purpose of the message is the determining factor in relation to the CAN-SPAM Act. For example, if an email recipient who reasonably interpreted the subject line of a given email message would likely conclude that said message contained and advertisement or promotion for a commercial product or service, or said messages transactional content does not plainly appear at the beginning of the message, the primary purpose of said email message is considered to be commercial. To this point, when an email message contains a mixture of commercial and transactional content, the subject line is the determining factor.

What if an email message includes content from more than one business or company?

If an email message promotes or advertises the websites, goods, or services of more than marketer, the CAN-SPAM Act outlines a clear method for determining who should be held responsible in terms of compliance. Marketers whose websites, goods, or services are promoted or advertised within an email message can designate a single marketer as the sender for CAN-SPAM Act purposes, as long as the designated sender meets the following criteria:

  • Adheres to the CAN-SPAM Act’s definition of a “sender”, meaning that they initiate a commercial email message promoting or advertising their own websites, goods, or services.
  • Is specifically identified in the “from” line in the email message .
  • Complies with the “initiator” provisions of the CAN-SPAM Act. For example, ensuring that an email message does not contain a deceptive subject heading or transmission information, ensuring that an email message includes a valid postal address, a functioning opt-out link, as well as proper identification in regards to any commercial or sexually explicit content.

What are the penalties for violating the CAN-SPAM Act?

Individual email violations of the CAN-SPAM Act can result in fines and penalties up to $43,792 per violation. What’s more, more than one person or entity can be held liable for these violations. For example, both the company whose product has been promoted in a commercial email message, as well as the company who originated said messages can be held liable for CAN-SPAM violations. Conversely, emails that are proven to contain misleading or deceptive claims about products or services are also subject to CAN-SPAM violations. The CAN-SPAM Act is enforced by the Federal Trade Commission and permits criminal penalties, including imprisonment, to be levied against businesses and individuals on who engage in the following actions:

  • Accessing someone else’s computer to send spam without consent or permission.
  • Using false information to register for multiple domain names or email accounts.
  • Retransmitting or relaying multiple spam messages through a computer to mislead potential consumers about the origin of an email message.
  • Harvesting email addresses or generating them by the means of a dictionary attack, a practice by which email senders send emails to email addresses consisting of random letters and numbers, with the hope of reaching valid email addresses.
  • Taking advantage of open proxies or relays without explicit permission.

As email messaging has come to represent some of the most common forms of communication around the world, it is only fitting that the U.S. government maintains federal legislation in regards to what can and cannot be contained in the contents of an email message. With laws such as the CAN-SPAM Act, American consumers can rest assured that email senders cannot make false or misleading claims in relation to their products or services. Furthermore, the CAN-SPAM Act also protects the privacy of American consumer by ensuring that senders of email messages identify themselves, provide opt-out or unsubscribe links, and give consumers a physical mailing address where they can also choose to opt-out or unsubscribe from future messages.