On January 1, 2004, commercial email became a federally regulated activity thanks to the CAN-SPAM Act. This legislation, which became significantly more potent in the course of its final revision in December 2003, provides for both civil and criminal liability for wrongdoers.

Although targeted at those whose activities were already questionable under existing laws, the CAN-SPAM Act may ensnare legitimate businesses as well, especially small businesses with no compliance experience. Every law has its first fall guy. It's only a matter of time before CNN broadcasts the first CAN-SPAM perp walk.

For this reason, companies large and small must establish compliance programs and train their employees, especially those in sales and marketing. The trick to compliance lies in interpreting the law as conservatively as possible, since no courts have yet opined on its scope. This article will help get you started.

Consent: Good to Have, but Not a Free Pass

Earlier versions of the CAN-SPAM applied primarily to unsolicited commercial email, but the final version of the law applies to all commercial email. Furthermore, the law only recognizes one form of consent—”affirmative consent” (it used to also recognize “implied consent”). Although obtaining affirmative consent enables you to bypass some of the law's requirements, no one knows how far such consent extends.

For example, suppose you publish a monthly email newsletter that uses a double-opt-in subscription process. Under the law, you likely have the affirmative consent of your subscribers to send them your newsletter every month. But what if you decide to increase the frequency to biweekly? Or what if you also periodically send standalone promotional messages to the same subscribers?

Until a court or the FTC addresses the scope of affirmative consent, take a conservative approach—treat all of your company's commercial email as unsolicited, and make sure it complies with all of the law's requirements.

Eight Not-So-Simple Rules for CAN-SPAM-Compliant Email

Complying with the CAN-SPAM Act with respect to your lists entails adhering to the eights rules discussed below. As you read through these rules, keep in mind that just one email message can trigger a CAN-SPAM violation. Therefore, you should apply these rules not only to your bulk distributions but also to individual solicitations sent by your salespeople.

1. Staying out of Prison

As bad as paying a civil fine of $250 per noncompliant email message may sound, going to prison is an order-of-magnitude worse. Therefore, it is absolutely essential to make sure that no one at your company engages in any of the five activities that the CAN-SPAM Act has criminalized:

  1. Intentionally sending commercial email from a foreign or domestic computer that you do not have authorization to use.

  2. Using a foreign or domestic computer to “relay or retransmit” commercial email “with the intent to deceive or mislead recipients or [an ISP]” as to their origin.

  3. Materially falsifying the header information of the commercial email you send.

  4. Setting up five or more email accounts or two or more domain names with materially false identities and then sending commercial mail from any of the accounts or domain names.

  5. Falsely claiming ownership to five or more IP addresses, and then intentionally sending commercial email from any such IP address.

Each of the crimes listed above kicks in at relatively low volumes—101 or more messages within 24 hours, 1,001 or more messages within 30 days, or 10,001 or more messages within one year. Just think—send out 100 such messages in a day and you may face civil liability; send one more, and you may find yourself behind bars.

Contrary to popular belief, the CAN-SPAM Act does not outlaw widely criticized techniques such as “address harvesting” or “dictionary attacks,” but those who use such techniques face stiffer penalties for criminal or civil violations. Because no one yet knows how courts will interpret the law, you should not use those techniques.

2. Materially Misleading Header Information

Falsifying header information is a crime. Misleading header information can result in a civil penalty. What's the difference? It's hard to say at this time, but you should undertake the following steps to ensure squeaky-clean headers:

  • If you send commercial email from your own server, make sure the IP address listed in your email header has a valid “Reverse DNS Lookup” associated with your domain name. You can check the reverse lookup of your IP address for free at DNSstuff.com.

  • If you send commercial email through an email distribution service, place your company name and email address in the “from” line. Most services offer this feature.

  • Make sure that everyone in your company has their email accounts properly configured in their email client and their outgoing email messages list their full name and email address in the “from” line.

3. Using Descriptive Subject Headings

The CAN-SPAM Act prohibits subject lines likely to mislead recipients about a “material fact regarding the contents or subject matter of the message.” Even if you unknowingly mislead recipients, you may still be liable if under the circumstances a reasonable person would find the subject line materially misleading.

This requirement should not significantly impact legitimate businesses because it still allows for writing teasers and still allows for focusing on the content most likely to maximize the open rate.

For example, every Tuesday, MarketingProfs.com distributes a newsletter that summarizes and links to the latest articles. Because of technical size limitations, MarketingProfs.com could not possibly describe each article in the subject line. Fortunately, the law does not require a comprehensive description.

Instead, using “Is Your Company CAN-SPAM Compliant?—and Other Helpful Articles” for the subject of the newsletter in which this article appears would not likely raise so much as an eyebrow at the FTC (or even in Elliot Spitzer's office), yet it's a classic teaser.

Notwithstanding this freedom, you should appoint someone to review and approve subject lines for at least your bulk distributions. In addition, testing subject lines will become more important than ever.

4. Allowing Your Reply Address to Function as an Unsubscribe Mechanism

Unsolicited commercial email messages must feature either a “return address” through which someone can unsubscribe or another “Internet-based mechanism, clearly and conspicuously displayed.” If used as an unsubscribe mechanism, a return address must remain functional for 30 days after a message is sent.

Until the courts or the FTC clarify what kind of unsubscribe links qualify as “clearly and conspicuously displayed,” you should send email from an address that someone at your company checks periodically (see below for specifics on frequency) for unsubscribe requests.

This way, if the tiny unsubscribe link at the bottom of your message is someday deemed noncompliant, your messages as a whole will still be compliant thanks to the reply address. For additional insurance, list the reply address somewhere in the message as well.

5. Handling All Unsubscribe Requests on at Least a Weekly Basis

The CAN-SPAM Act mandates that companies refrain from sending unsolicited commercial email to someone more than 10 days after that person submits an unsubscribe request.

This requirement does not necessarily mean that you must act on unsubscribe requests within 10 days. If, for example, you use your house list every four weeks, you have 28 days to act on unsubscribe requests. Nonetheless, you should consider handling such requests on at least a weekly basis for foolproof protection from violations.

Subscribe today...it's free!

MarketingProfs provides thousands of marketing resources, entirely free!

Simply subscribe to our newsletter and get instant access to how-to articles, guides, webinars and more for nada, nothing, zip, zilch, on the house...delivered right to your inbox! MarketingProfs is the largest marketing community in the world, and we are here to help you be a better marketer.

Already a member? Sign in now.

Sign in with your preferred account, below.

Did you like this article?
Know someone who would enjoy it too? Share with your friends, free of charge, no sign up required! Simply share this link, and they will get instant access…
  • Copy Link

  • Email

  • Twitter

  • Facebook

  • Pinterest

  • Linkedin


ABOUT THE AUTHOR

Neil Squillante founded and manages LandingPage Interactive, an online marketing agency in New York City that helps companies generate leads, sales and referrals. Prior to his online marketing career, Neil practiced law at Willkie Farr & Gallagher in New York City. Contact him at njs@peerviews.com.