What is the CAN-SPAM Act?

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations. The FTC enforces the CAN-SPAM Act and the accompanying CAN-SPAM Rule.

Understanding the CAN-SPAM Act

The CAN-SPAM Act applies to all commercial messages sent via email, regardless of whether they are bulk emails or individually targeted messages. The CAN-SPAM Act defines commercial messages as “any electronic mail message, the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.”

This definition includes emails promoting content on commercial websites. Even business-to-business emails fall under the purview of the CAN-SPAM Act, ensuring that all types of email communication comply with specific requirements.

Requirements of the CAN-SPAM Act

To ensure compliance with the CAN-SPAM Act, businesses must adhere to several requirements:

• Accurate header information: The "From," "To," "Reply-To," and routing information in the email must accurately identify the sender and their business.
• Non-deceptive subject lines: Subject lines should reflect the content of the email accurately and not mislead recipients.
• Clear identification as an advertisement: The email must clearly and conspicuously disclose that it is an advertisement.
• Inclusion of physical address: Businesses must include a valid physical postal address in their emails, allowing recipients to identify the sender's location.
• Opt-out mechanism: The email must provide recipients with a clear and easy way to opt out of receiving future marketing emails. This mechanism should be functional for at least 30 days after the email is sent, and businesses must honor opt-out requests within 10 business days.
• Responsibility for third-party actions: Companies are responsible for any email marketing conducted on their behalf by third parties. They cannot contract away their legal obligations under the CAN-SPAM Act.

Transactional or relationship messages

While the CAN-SPAM Act primarily focuses on commercial messages, it also recognizes the importance of transactional or relationship messages. These emails facilitate or confirm commercial transactions, provide updates on ongoing transactions, or deliver employment-related information. Transactional or relationship messages are exempt from certain provisions of the CAN-SPAM Act, but they must still meet requirements related to accurate header information and non-deceptive subject lines.

Penalties for non-compliance

Non-compliance with the CAN-SPAM Act can be costly for businesses. Each violation of the law can result in penalties of up to $51,744. Therefore, it is necessary to follow the guidelines and ensure all email communication adheres to the requirements set forth by the Act. Additionally, deceptive advertising claims made through email may also be subject to penalties under Section 5 of the FTC Act.

In the news

Experian Consumer Services agreed to pay a $650,000 civil penalty and a permanent injunction to settle CAN-SPAM Act violations. The case, filed in the US District Court for the Central District of California, involved Experian's sending commercial emails to consumers who had created free accounts to freeze their credit reports. These emails lacked opt-out options, violating the CAN-SPAM Act. 

The injunction requires Experian to stop sending marketing emails without opt-out information and prohibits further violations. Samuel Levine, director of the FTC’s Bureau of Consumer Protection, stressed consumers' right to unsubscribe from marketing messages, highlighting the FTC's enforcement commitment.

See also: HIPAA Compliant Email: The Definitive Guide

FAQs

Are there any exceptions to the CAN-SPAM Act for business-to-business emails?

No, the CAN-SPAM Act does not provide any exceptions for business-to-business emails. All commercial emails must comply with the Act's requirements.

Are there any specific guidelines for the inclusion of physical addresses in emails?

The physical address included in emails can be the business's current street address, a registered post office box, or a registered private mailbox. The key requirement is that it allows recipients to identify the sender's location.

What constitutes a clear and easy opt-out mechanism?

An opt-out mechanism should be clear, conspicuous, and easy for recipients to understand and use. It should provide a simple way for recipients to communicate their choice to stop receiving marketing emails.

Can businesses sell or transfer email addresses after recipients opt out?

No, businesses cannot sell or transfer email addresses of recipients who have opted out. The only exception is if the business transfers the addresses to a company hired to help comply with the CAN-SPAM Act.

Are there separate rules for email marketing with sexually explicit content?

Yes, the CAN-SPAM Act has specific regulations for emails with sexually explicit content. These emails must include a warning in the subject line and restrict the viewable content to avoid displaying explicit material without the recipient's consent.