I’ve seen a lot of discussion and arguments over the CAN SPAM rule about whether or not an unsubscribe needs to be a One-Click unsubscribe. It’s gotten so common, I have a stock email I use as a template when wading into such discussions. It’s probably useful for a lot of other people, too, so I thought I’d share.
The regs say:
§ 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out.
Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient’s electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or
(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).
If you shorten that really complex sentence and take out the modifiers / pointers to statutes it says: “No one may require that a recipient take any steps except visiting a single internet web page in order to submit a request to not receive future commercial emails from a sender.”
Under this rule, the sender may ask for the recipient’s electronic email address and their opt-out preferences.
I believe that a “2-click” process, where the first click takes the user to a webpage and the second click confirms the email address and the unsubscribe option, is legal under the FTC rulemaking. What the FTC really wanted to stop was requiring things like passwords for an opt-out, and to counter some of the spammers who were requiring people pay to be unsubscribed.
I do not like green eggs and spam.
I do not like them, Sam I am. (With apologies to Dr. Seuss)