Most businesses have sent some form of email marketing, whether it’s a welcome email, newsletter, promotion, or other campaigns to engage their audiences. Email is a great way to reach consumers, considering about half of the world’s population are email users.
The best email campaigns include a branded design, clear call to action (CTA), and valuable information that will help you achieve your marketing goals. But beyond the formatting and content, you better make sure your email campaign is in compliance with current laws and regulations.
The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act) was created to protect consumers from spam emails, which continue to hit inboxes across the globe. In March 2020, spam messages accounted for 54 percent of email traffic, according to Statista.
While that number might seem high, it’s actually decreased since 2018 when it was 55 percent and in 2012 when it was 69 percent. And the CAN-SPAM Act is in place to push that percentage even lower by regulating commercial email messages.
You’re probably wondering what that means for your business, considering most send some sort of email messages to their audience. We’ll cover everything brands need to know about this legislation to ensure they stay compliant, including:
So before you send your next email, make sure your brand is staying CAN-SPAM compliant. (Because trust us, you don’t want to face the possible penalties — scroll down to the end if you’re brave enough to see those monster numbers.)
Signed into law by President George W. Bush in 2003, the CAN-SPAM Act established the United States’ first national standards for the sending of commercial emails — requiring the Federal Trade Commission (FTC) to enforce the provisions.
Basically, this law:
Here are some of the Act’s general requirements:
Now that we’ve covered some of the basics (more on that below), let’s dive into who has to follow these rules.
Put simply, this act is for anyone sending commercial messages — not just bulk emails. What exactly constitutes a commercial message, you ask? This is how the law defines it:
Anything that is designed to sell the recipient something would fit this description. For example, if you send an email about an upcoming seminar, this could be considered a “commercial product or service” because you’re asking them to pay for registration.
That description also includes emails that promote content on commercial websites. It is important to note that the law doesn’t make exceptions for business-to-business (B2B) emails, so this isn’t only for business-to-consumer (B2C) brands.
The law states that the CAN-SPAM Act applies to initiators and senders of commercial email messages, so let’s define those two terms:
Don’t let these terms fool or confuse you. Marketers in a single email message who are not designated senders are still considered “initiators,” according to CAN-SPAM, making them liable under any of the provisions that apply to initiators. That means these marketers are still prohibited from using deceptive headers and subject lines, and they are required to include an opt-out link.
Commercial emails can have multiple initiators and senders, like when a company has a marketing affiliate send commercial emails advertising the company’s products. Both the company and the marketing affiliate would need to be CAN-SPAM compliant.
That’s because the marketing affiliate is an initiator due to the fact that they transmit the email. The company is an initiator because it procures (intentionally pays or provides other considerations to another person to initiate the message on their behalf) the transmission of the email and a sender because its products are advertised in the email.
To safeguard against potential liability issues, the people or entities involved in the joint marketing campaigns should make sure they have:
These people and entities should also audit all third-party service providers and marketing affiliates on a regular basis to make sure they are compliant.
There is an exemption in the CAN-SPAM Act for relationship and transactional messages, which are both, by definition, not commercial messages. To determine whether an email contains any transactional or relationship content, see if the message does one or more of the following:
If your message contains any of that information and no commercial content, it’s a transactional or relationship message.
However, these messages still need to follow the basics of not containing false or misleading header information. That header information includes the:
Besides that, these messages are otherwise exempt from the CAN-SPAM Act’s requirements.
While the transactional and relationship category can be helpful, what about other types of “non-commercial” email messages? We’re talking about:
Where do these fall?
A newsletter isn’t normally construed as either a commercial message or transactional or relationship message, for example. However, what if it’s supported by a paid advertising or has a general promotion for a conference that requires a registration fee? That’s where the primary purpose test comes into play.
The FTC established rules for determining the primary purpose of a message that includes both commercial and transactional or relationship content — as well as commercial vs. non-commercial content.
If messages include both commercial and transactional or relationship content, they should be treated as commercial if either:
The FTC explained the use of the term "substantial" does not refer to volume, but instead to the nature of the content. According to the FTC, the transactional or relationship content that appears at the beginning of the message must be something recognizable as transactional or relationship content, such as account balance information.
Additional related information, like recent account activity, could be provided below the commercial content. The FTC clearly noted that simply stating "Your Account" at the top of the message would not be sufficiently substantial.
The FTC believes placing transactional or relationship content at or near the beginning of the message will allow recipients to quickly identify messages providing transactional or relationship content without having to scroll through the commercial content.
Messages that include both commercial and non-commercial content that is not transactional or relationship content will be deemed commercial if:
According to the FTC, this net impression test is designed to evaluate the message in its totality and looks to the impression the entire message makes on the reasonable recipient.
Factors relevant to the net impression evaluation include the:
If the sender draws attention to the commercial content, the message may leave the impression that it is commercial. The FTC has noted nothing in its rules or guidelines prohibits senders from formulating its messages in ways that result in a net impression that is not commercial.
Many brands often participate in forward-to-a-friend email marketing campaigns. These campaigns encourage consumers to forward emails that advertise or promote the company’s products and can be conducted in one of these methods:
The company is considered the initiator and sender under CAN-SPAM if it procures the origination or transmission of the forwarded email. That can happen in one of two ways:
But beyond that, simply encouraging a consumer to forward a message without something more is permissible and not subject to CAN-SPAM liability. Furthermore, consumers who forward commercial emails without being offered an inducement or consideration are also not subject to CAN-SPAM — even though they would technically be considered initiators under a strict reading of the Act.
Does this Act affect nonprofits? The answer is “maybe.” There are no exemptions for nonprofits. However, the FTC has acknowledged that “it is possible — or even likely — that messages between a nonprofit and its members could constitute ‘transactional or relationship’ messages.”
That statement might boost the argument that certain messages to associate members fall under the transactional or relationship category if they are given to the members in the course of delivering benefits that the members expect to receive. However, association emails to non-members would most likely fall outside of the transactional or relationship category.
And of course, not all email messages to members would automatically be considered transactional or relationship.
Emails that market products (ex. shirts, books, or seminars) would obviously be included in the Act — while fundraising emails may fall outside of the CAN-SPAM Act umbrella. So, it’s best for nonprofits to err on the side of caution and incorporate compliant best practices. That can also include ensuring every subscriber has opted into your list, preferably twice. Double opt-in subscribers are less likely to complain that they never signed up.
Beyond how many times the user opt-ins, there are two specific types of opt-ins:
For example, express consent is when someone gives you their email address because they want to receive an email from your nonprofit. This most commonly occurs when someone visits your website and leaves their email address in your signup box to receive your emailed newsletter.
Implied permission would be when a donor makes a gift through your donation page and shares his or her email address with you on that form. No matter which type of consent it is, the best practice is to send an email immediately and ask the subscriber to verify that they opted-in by replying to that email or clicking a link.
If you’re still reading, we’re going to guess that means you send at least some amount of commercial emails. And if that’s the case, you’re going to need to follow the regulations set out in this law. Really, these are best practices that any good marketer should be following anyway.
Here is your CAN-SPAM compliance checklist of dos and don’ts from the FTC:
Most companies will place a majority of the information requirements in the email footer. Here’s an example from a JOANN email’s footer with their compliance information (ex. unsubscribe link, physical address):
While it might seem like a lot of work upfront, once a template with all of the CAN-SPAM Act requirements is set-up, that template can easily be used for all future emails.
Third-party email service providers like MailChimp, Robly, and Constant Contact can also help make it easier to stay compliant, by including Unsubscribe links in your design templates and marking possible spam concerns. However, the burden still rests on your company to ensure you’re not missing the mark.
We also need to mention there’s a section of the CAN-SPAM Act dedicated to regulations on sexually explicit emails. Yep, they lumped commercial emails right on in there with pornography. We won’t spend a huge amount of time on this section, but here are the basic rules:
No graphics are allowed on the “brown paper wrapper.” That makes sure the recipients can’t view sexually explicit content without an affirmative act on their part — like scrolling down or clicking a link. However, this requirement doesn’t apply to people receiving the message who have already given affirmative consent to receive the sender’s sexually oriented messages.
This law allows the Federal Communications Commission (FCC) to regulate unwanted mobile service commercial messages — meaning commercial emails that are sent to email addresses associated with a wireless device, like firstname.lastname@example.org.
So, the FCC has enacted rules addressing messages like that which include:
Unlike the FTC’s opt-out requirements for commercial email messages, this opt-out requirement requires companies to have express prior authorization before initiating a mobile service commercial message.
A commercial message is presumed to be a mobile-service commercial message “if it is sent or directed to any address containing a reference, whether or not displayed, to an Internet domain listed on the FCC’s wireless domain names list.”
There is no liability for sending a message where a domain has appeared on the FCC’s list for fewer than 30 days, as long as the person or entity does not knowingly initiate a mobile service commercial message.
You can check the FCC’s wireless domain names list within 30 days of sending any commercial emails to addresses associated with a wireless device to ensure compliance. If you see that the domain in issue does appear on the list, you’ll need to follow these two steps:
Primarily enforced by the FTC, the CAN-SPAM Act has pretty steep fines if you’re found to be noncompliant:
Take a second to imagine paying the max violation fine for each email on a 10,000-subscriber list. Not something you want to think about, right? That’s why it’s so important to stay compliant with this law.
Also, more than one person can be held responsible for the violations:
Remember: This penalty is the maximum dollar amount per violation, so the FTC will take into account the degree of culpability, any history or prior such conduct, ability to pay, and the effect on the ability to continue to do business.
The FTC also has a civil penalty leniency program for small businesses that establishes criteria that they will consider when determining the propriety of a penalty waiver or reduction for small businesses that aren’t in compliance.
There are also certain aggravated violations that may increase fines. The CAN-SPAM Act allows criminal penalties (including imprisonment) for certain actions:
In certain circumstances, the law can also be enforced by other federal agencies such as the Federal Communications Commission (FCC), state attorneys general, and Internet Service Providers (ISPs). There is no private right of action.
And to keep states from passing stronger anti-spam laws that could raise standards and make compliance more complex, the CAN-SPAM Act stipulates that it supersedes any state-level anti-spam laws:
We’ve covered all of the basics involved with the CAN-SPAM Act and how to stay compliant in this guide. But in case you have some more specific questions or a quick answer, here are a few FAQs:
Q. What if an email combines commercial content with transactional or relationship content?
A. It’s common for emails sent by businesses to mix commercial content and transactional or relationship content. When an email contains both kinds of content, the primary purpose of the message is the deciding factor.
To make that determination, think about this:
So, when a message contains both kinds of content – commercial and transactional or relationship – if the subject line would lead the recipient to think it’s a commercial message, it’s a commercial message for CAN-SPAM purposes.
Q. What if my company sends emails with a link so the recipients can forward the message to others? Who is responsible for CAN-SPAM compliance for these messages?
A. Whether a seller or forwarder is a “sender” or “initiator” depends on the facts. Deciding if the CAN-SPAM Act applies to a commercial “forward-to-a-friend” message often depends on whether the seller has offered to pay the forwarder or give the forwarder some other benefit.
For example, if the seller offers one or more of these things, they may be responsible for compliance:
Or if a seller pays or gives a benefit to someone in exchange for generating traffic to a website or for any form of referral, the seller is likely to have compliance obligations under the CAN-SPAM Act.
Q. What’s the difference between the CAN-SPAM Act and the Canadian Anti-Spam Lawn (CASL)?
A. For starters, the CAN-SPAM Act is for the United States, and as the name suggests, the CASL is for Canada. But beyond the obvious, here are a few other differences.
While there are other differences, there are some commonalities between these two provisions. For example, they both have guidelines on how you can make it easy for recipients to opt-out of further communications (usually by providing the link to a one-click subscription center or a reply-to address you check regularly), a hard rule that opt-out requests must be honored quickly, and instruction that you are responsible for monitoring communications sent from other organizations on the recipient’s behalf.
Q. How is Retention.com legal, considering the CAN-SPAM Act?
A. This is a question we get all of the time, so we have plenty of resources to answer this for you. Here’s a video you can check out!
Of course, if you have other questions or need clarification, visit the FTC’s website.