Information about CAN-SPAM

The US Congress passed anti-spam legislation called the CAN-SPAM Act which took effect on January 1st, 2004. This webpage is intended to help you become aware of and compliant with CAN-SPAM. This document is not legal advice; please consult a qualified attorney for legal counsel about your company's CAN-SPAM compliance.

About CEMMs
CAN-SPAM regulates all commercial electronic mail messages (known as CEMMs), not just bulk email or spam email. A CEMM is a message whose primary purpose is to promote or advertise your company, product(s), or service(s). All CEMMs your company sends, or your company's employees send, even if they're only sent to a single person, should comply with CAN-SPAM.

CAN-SPAM has five important provisions

  1. Prohibits the use of misleading subject lines and other misdirection in the message headers.
  2. Requires labeling, in the message subject, of unsolicited CEMMs. Also requires that unsolicited CEMMs contain clear and conspicuous notice that they are an advertisement or solicitation.
  3. Requires a working "opt out" mechanism in each CEMM, a clear and conspicuous notice that it is possible to opt out, and a valid physical postal address for the sender. Opt-out requests must take effect within 10 days.
  4. Authorizes the FTC to create a national do-not-email registry, and directs the FTC to recommend a plan for this within six months.
  5. Supersedes any and all state laws that explicitly regulate commercial electronic mail, except insofar as they apply to fraud. Specifically, CAN-SPAM preempts California SB 186, which is another anti-spam law that was slated to take effect on January 1st, 2004.

CAN-SPAM also defines a category of "transactional and relationship email" which is in most cases excluded from provisions (1) through (4). Such messages cannot advertise or promote your company, and should have content that directly relates to ongoing business between the sender and the recipient. For example, a shipping confirmation email message would be a "transactional or relationship" email, while a holiday greeting email would be a promotional CEMM.

Prepare, don't panic!
If your business is conducting opt-in mailings, there is no reason to be alarmed by the passage of CAN-SPAM. However, you will probably need to make some adjustments to your email content and/or subscription form(s) to be in compliance.

CAN-SPAM may be enforced by the FTC, State Attorneys-General, and ISPs. Individual citizens have no private right of action under CAN-SPAM.

What CAN-SPAM means for your mailings
While CAN-SPAM does not prohibit unsolicited email, your policy of delivering only opt-in email that does not employ any deceptive practices in message headers should not change. (Provision 1, above.)

CEMMs sent to subscribers do not need any special labeling in their Subject line. Only unsolicited messages must be labeled, and such messages may not be sent via iPost. (Provision 2, above.)

You must indicate "clearly and conspicuously" that your CEMM is an "advertisement or solicitation." We recommend you include a statement to that effect somewhere in your message, perhaps as part of your standard footer.

You must include a working opt out (unsubscribe) mechanism and notice in every message, even singular emails sent by individual employees. (Provision 3, above.)

You must include your physical postal address in each CEMM. (Provision 3, above.) A P.O. Box may be sufficient (CAN-SPAM does not specify), but a street address is certain to comply.

The opt out mechanism must provide a single option to stop all CEMMs, but may also provide a wider range of choices (such as iPost's "topics"). If your email preferences page provides multiple choices for subscribing, you should ensure that there is a single item that opts out of all choices. (Provision 3, above.)

Special handling of opt-out lists
When a subscriber opts out of your mailings, you must ensure that they receive no more CEMMs advertising or promoting your company, from any source.

For example, you must ensure that opt-outs that your mailing lists collect are also passed on to your Sales department, to ensure your salespeople do not send CEMMs to those opt outs either.

For another example, if you perform email comarketing with a partner who sends email promoting your company, you must pass your opt-outs to your partner so they can ensure your opt outs do not receive the mailing.

Follow best practices

  • To protect your brand and help ensure your email is delivered to your subscribers, it is more important than ever to follow opt-in list best practices:
    First and foremost, do not send commercial email to someone who has not explicitly agreed to receive it from you.
  • Don't use rented or third-party email lists to advertise your brand. It is an unresolved legal question whether permission can be transferred from one brand or company to another.
  • Use opt-in mechanisms that are clear and concise. Don't automatically assume that your customers or website visitors want to receive marketing email from you. Instead, provide an opt-in checkbox, turned off by default, on your checkout or info request pages. Keep database records and web logs of your subscribers' opt-ins, so that you can protect yourself in the event of a complaint.

iPost offers CANcomply, a centralized opt-out management service that can assist you in maintaining CAN-SPAM compliance for your entire company's email communications.
 
What you can do >
 
Contact us now for more information about CANcomply.
©2004-2005, iPost. All rights reserved. The information provided on this site is not legal advice; please consult a qualified attorney for legal counsel about your company's CAN-SPAM compliance.