Complying with CAN-SPAM isn't just a good idea - it's the law. Complying with
the CAN-SPAM act of 2003 and its subsequent newer rules is required of
all commercial email senders, regardless of size. If you send out email
that can in any way be considered commercial, or send email to a mailing list
which you maintain, you need to comply with CAN-SPAM.
CAN-SPAM compliance is the minimum standard which an email sender must
meet if they have any hope of having their email delivered to the inbox, rather
than it being delivered to the junk folder or otherwise blocked as spam.
However, most ISPs and spam filters require more stringent mailing list
maintenance processes than CAN-SPAM requires - again, CAN-SPAM is the minimum standard.
Here is what you must do in order to meet the CAN-SPAM requirements. The below
is current as of June, 2008, and includes the newest rules for CAN-SPAM, which
were published in May of 2008.
CAN-SPAM Requires that:
1. All information in your email, both the email headers and body (content) of
the email, be true, accurate, and not misleading.
2. You provide a fully-functioning method for the recipient to opt-out of your
mailings in each and every mailing, and that the act of opting out can only require a single
action. This means that the recipient either can reply to the email to
opt-out, or they can click a
link that takes them immediately to the opt-out, requiring no further action.
You cannot require someone to enter a password, or to have to click through to a
second page, in order to effect the opt-out.
3. You honor all opt-out requests, and immediately remove the user from your
mailing list, and also cease sharing the user's address with anybody, even with previously agreed-to partners. You
may not "repurpose" a subscriber's email address once they opt-out by adding it
to a different mailing list, or sharing it with someone else.
4. For any email you send that contains the advertisements of someone other than
yourself, the entity that the email is "From" must also have their own
advertisement in the email (in other words, the "From" sender must match at
least one advertisement within the email). Doing so makes the "From" sender the
"designated sender" under CAN-SPAM, making them responsible for processing all
opt-out requests. Failure to have a designated sender - i.e. if the "From"
sender does not have an advertisement for their own goods or services in
the email, but there are advertisements in the email for other entities - then
each and every entity advertised in the email all become
responsible for processing opt-out requests.
This is the requirement which by far causes the most confusion. In large part,
this requirement is an effort to hold affiliate programs responsible for
how their affiliates promote them. If the affiliate is honest about who they are, and their "From address", and if
they put something in the email about themselves, then the user will be
able to unsubscribe from the affiliate's list. But if the affiliate is
dishonest, and hides their true identity, then the affiliate program for the product featured in the email (which will be the product
being sold under the affiliate program) becomes responsible. In other words, if
you are advertised in the affiliate's email, and the affiliate cloaks who they
are, you become responsible. By shifting
responsiblity for mislabled email to the companies being advertised in the
email, there is an incentive for affiliate program managers to more tightly
police their affiliates.
An example best illustrates how this rule applies in the multi-marketer email
context. Suppose A, B, and C have goods advertised or promoted in a single
email message. If A's name appears in the "from" line of the message, A is
considered the "sender". While B and C promote their goods, services, or
website in the message, and may control portions or all of the content of the
message, and may supply email addresses for A to use, neither B nor C would be
considered "senders" (unless A does not comply with the requirements under
CAN-SPAM). This is because it would be clear to a consumer that an opt-out
request should be sent to A.
Another example to help explain this rule is to imagine an email newsletter. Typically
such a newsletter will be from a particular organization, and there will be
things about that organization in the newsletter. However, if you
received a newsletter from A, with nothing in the newsletter at
all about A, and only advertising for B, you might be confused not only as
to why you were getting this advertising that appears to be from B, but how to opt out. If A's
information is in the body of the newsletter, it will be much clearer to you
that to opt-out, you need to opt-out with A. Or, if the "From" line is "From
B", then you will know to opt-out with B. But if the "From" is A, and the
content is all B's, then both A and B are on the hook for handling
opt-outs, as it's not really clear to the user who really should be
responsible. You can see how this can also apply to affiliates - if
affiliate A sends email promoting B's products, and A is not mentioned anywhere
in the offer, but the email is "From" A, then both A and B are on the hook for
handling any opt-outs. But if A makes clear in the text of the offer that the
offer is being sent by A, then only A is on the hook for handling
opt-outs. This puts the onus on affiliates to be clear in their email that they
are the ones sending the email, and on those offering affilliate programs to
police their affiliates.
5. You include your physical mailing address in each and every mailing. This can
be your actual street address, a post office box, or a private mail box ("PMB")
such as at a Mailboxes Etc..
CAN-SPAM Applies To:
1. Any and all bulk commercial email - including nearly all mailing lists of
any size. If you send two or more pieces of nearly identical email to two or
more different people, your email can be considered to be bulk commercial email
for the purposes of CAN-SPAM.
2. Email for which a primary purpose is to feature your
goods, services, or content even if you do not send the email yourself.
3. All email sent out by your affiliates on your behalf.
