As an email marketer, you know how very easy it is to get carried away with the design of the email, the color of the call to action (CTA) button, the list you are sending to, and thought of how this email sends’s results are going to generate leads (or revenue) for your company. Practically the last thought on anyone’s mind is “Are my emails compliant with current spam laws?”
Email compliance is easily overlooked in today’s fast-paced world. It’s not glamorous. It’s not sexy. There’s no buzz factor at all. But – unfortunately – it is the most important aspect of every single email you send out. More important, even, than your offer.
If you (like so many other marketers) and haven’t found the time to take action, or even to think about whether your emails are compliant with the spam laws in place throughout the world, then now is the time to develop a plan of action to do so. The penalties for non-compliance in just the US are stiff – each separate email in violation of CAN-SPAM Law is liable for a fine of up to $16,000 – so ensuring compliance is the best way to mitigate what could be a serious financial risk to your company.
Today, I want to help you and your team jump-start the conversations by reviewing the key components of CAN-SPAM and CASL, two major email regulations in North America. I’ll also provide you with references to other countries that have their own versions of laws and regulations that must also be followed if you are sending to recipients in their countries.
The full name of the law known as the CAN-SPAM Act is the “Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003.” It was enacted by Congress to help decrease the amount of unsolicited commercial electronic messages (spam).
What is a “commercial” email?
I’ll quote from the FTC itself:
What matters is the “primary purpose” of the message. To determine the primary purpose, remember that an email can contain three different types of information:
- Commercial content – which advertises or promotes a commercial product or service, including content on a website operated for a commercial purpose;
- Transactional or relationship content – which facilitates an already agreed-upon transaction or updates a customer about an ongoing transaction; and
- Other content – which is neither commercial nor transactional or relationship.
What is a transactional email?
The primary purpose of an email is transactional or relationship if it consists only of content that:
- Facilitates or confirms a commercial transaction that the recipient already has agreed to;
- Gives warranty, recall, safety, or security information about a product or service;
- Gives information about a change in terms or features or account balance information regarding a membership, subscription, account, loan or other ongoing commercial relationship;
- Provides information about an employment relationship or employee benefits; or
- Delivers goods or services as part of a transaction that the recipient already has agreed to.
What if your content is mixed? How do you know if your email is commercial or transactional?
It’s common for email sent by businesses to mix commercial content and transactional or relationship content. When an email contains both kinds of content, the recipient determines the primary purpose of the message. Essentially, if the message would lead the recipient to think it’s a commercial message, it’s a commercial message for CAN-SPAM purposes.
Similarly, if the bulk of the transactional or relationship part of the message doesn’t appear at the beginning, it’s a commercial message under the CAN-SPAM Act. If you’re not absolutely certain, treat your email as a commercial message.
Make sure commercial email is compliant
The key takeaways from the law are listed below. If you are sending commercial email, I highly recommend that all of your emails be compliant.
Please note: these are not listed any particular order of importance; all are important and critical to your marketing initiatives. Specifics around each of the below can be found on the Federal Trade Commission site.
- Don’t use false or misleading header information. All “From,” “To,” and “Reply-To” must accurately identify the person and or business who initiated the message.
- Use relevant subject lines. There must be a sense of relevancy between the subject line and content in the message body.
- Identify the message as an advertisement. I think this is sometimes the hardest item to do as you probably won’t put ‘Ad:’ or ‘Advertisement:” in the email’s subject line. There is a lot of leeway in the law with this portion, but it must be clear that your email is promotional or an advertisement.
- Provide a physical address that tells recipients where you are located. This could be a street address or a PO box registered by the US Postal Service.
- Must include an opt-out link. All promotional/advertising electronic emails must include a clear way for a recipient to opt-out of getting your emails. You should not try to mask your opt-out in any way.
- Honor opt-out requests promptly. Per the law, all opt-outs must be process honored within 10 business days. Also, you are not allowed to charge a fee for the opt-out, ask them to give personally identifiable information or take them to more than one landing page to opt-out. Note that if you continue to send commercial email inside that 10-business-days window, you could annoy the recipient enough to mark you as spam.
- Monitor what others do on your behalf. The law is clear that all companies involved with the sending of the electronic message, including companies hired to help handle your email marketing as well as those promoted in your email, may all be held legally responsible.
Canada recently introduced one of the world’s toughest email laws, “Canada’s Anti-Spam Legislation” (CASL), which went into force July 1, 2014. It applies to all electronic messages, including email, SMS, voice, IMs, and social media. The key component of this law is that any Canadian or global organization sending commercial electronic messages (CEMs) within, from or to Canada must receive consent from recipients before sending the messages.
Consent is viewed in two ways, expressed and implied. Expressed consent is where someone gives you oral or written (written consent can be sent electronically) permission to send him or her CEMs. Implied consent is if there is an existing business relationship or if they conspicuously publish their contact information or voluntarily disclose their email address without indicating they don’t want to receive CEMs.
If you’re requesting consent or sending commercial email, your messages must include the following:
- The name of the person and or organization seeking consent or sending email
- A physical mailing address as well as a phone number, voice message system, email address or website in which the recipient can have access to an agent for more information.
- The identity of the person on whose behalf consent is being sought.
- The identity and contact information of any third-party or affiliate used to obtain consent.
- A free unsubscribe mechanism that lets recipients to electronically opt-out of communications immediately (unlike CAN-SPAM, where it must be honored within 10 business days).
- The ability to opt-out of all types of communication sent by either your organization or a third party partner.
CASL is one of the toughest laws being enforced to stop unwanted commercial emails. Here’s a story about a company that was just issued a Notice of Violation (with a $1.1 million penalty in Canadian dollars) by the CRTC (Canadian Radio-television and Telecommunications Commission).
If you are a marketer in North America, these two laws are probably the most important to you. If you’re sending to the European Union (EU) or any other countries around the world, be aware that many of them are coming up with similar laws. You should make yourself familiar with them if you’re going to be sending any kind of email into a country. Here’s a roundup of spam laws around the world and a recap of anti-spam laws from Email Marketing Reports:
In the meantime, The European Commission is expected to adopt a new data protection regulation that will create a single, EU-wide data protection law, unifying the patchwork of rules currently in place across 28 EU member nations. Formal adoption is projected this year, with a two-year period to comply.
For many marketers, the impact will be profound. This guide – The EU Data Protection Overview– will help marketers prepare to comply with the new law.
Disclaimer: I am not a lawyer and this is not legal advice – not from me, not from Act-On. If you need legal assistance, I recommend reaching out to your own internal counsel or legal teams.