Part IX: The Truth About Privacy and CAN-SPAM
Truth 39. Understanding the CAN-SPAM Act
The CAN-SPAM Act is U.S. federal legislation describing the legal requirements that must be fulfilled by senders of commercial email. Enforcement of the Act is largely the responsibility of the Federal Trade Commission (FTC). Surprisingly, an eye opening report stated that 81 percent of marketers are unaware of the CAN-SPAM Act.1 While this fact is mind boggling, it is also frightening, since violations of the Act can be punished by large fines and even jail time.
Violating CAN-SPAM can happen to any size company—from a small business to a Fortune 500 company. If you are executing email campaigns, compliance to the CAN-SPAM Act is mandatory. This isn't hyperbole. It is evident today that CAN-SPAM violations can happen to not only small companies, but to prominent ones as well. If you thought that the FTC was just going after low-level spammers, think again. Kodak Imaging Network, formerly Ofoto, was cited and fined more than $25,000 (100 percent of the proceeds from the offending campaign). What did it do wrong?
Failed to contain an opt-out mechanism
Failed to disclose in the email message that consumers have the right to opt out of receiving further mailings
Failed to include a valid physical postal address, as required by law
Remember: CAN-SPAM provides penalties for up to $250 per email spam, with a cap of $2 million that can be tripled for aggravated violations. Who wants to have their marketing budget (or personal bonus) go to the FTC?
Compliance is a legal matter and thus, you should always consult a lawyer to ensure full compliance. That being said, CAN-SPAM covers various requirements, which I would recommend any marketer take the time to read. However, in particular, each email campaign must do the following.
Use a relevant and accurate Subject and From line. Don't mislead in any shape or form. Spammers practice this trick all the time. The best and most straightforward From line is your brand name. The Subject line should provide an accurate teaser or description of the content within the email. The Subject line and messaging should be in sync.
Include the physical address of the sender. This should be standard in all your email footers. If you can't include this, you have no business sending out commercial emails.
When appropriate, include disclosure of your email being an advertisement or business solicitation in the body of the email. If your email is part promotional and part informational (transactional), take the high road and include a commercial email notice to be safe.
Most importantly, have a very clear and functional Unsubscribe link. This has to be automated, or the unsubscribe requests must be manually processed within ten days. You must also provide simple instructions on how to be removed from future mailings, not just provide a URL. Remember: Once a user unsubscribes, you're not allowed to email that user again.
The key is to make sure unsubscribe requests are promptly removed. To ensure your unsubscribe process is fully functional, test and confirm unsubscribes through a personal account on an ongoing basis. This is surely one of the most important aspects of your email program that must be valid and completely operational—with no holes.
CAN-SPAM and International Legislation
One major thing to note is what separates the U.S. CAN-SPAM Act from its international spam-related laws: permission. The U.S. legislation, signed into law by President George W. Bush, does not necessitate the need for permission to be CAN-SPAM-compliant. This means you could get spammed by hundreds of companies you have no relationship with, but as long as they are compliant on the legal front (as defined earlier), they have not violated the law. They would fall into the hall of shame in the email marketing best practices world but not be on the wrong side of the fence in the legal world. The important thing to remember is that the CAN-SPAM Act covers only the legal definition of spam in the eyes of federal authorities. It does not change how users, ISPs, Webmail services, and others define or treat email they consider to be spam. If your only concern is compliance with the Act, you will be in trouble on other fronts. For example, some ISPs classify spam by frequency or irrelevant content.
Most international laws surrounding email marketing require permission in addition to some similar components to the United States, mainly focusing on unsubscribes. This is hardly a perfect system for combating spam, but it at least defines a few mandatory rules for permission marketers to play by.
For more detailed information on the CAN-SPAM Act, you can visit the FTC's CAN-SPAM website (currently located at www.ftc.gov/bcp/conline/edcams/spam/index.html).