Questions about CAN SPAM.

In the US, the law governing the sending of commercial email is CAN SPAM. I’ve seen a number of questions about CAN SPAM recently.
One came from twitter, where someone was asking if just having an email address meant permission to send to it. Clearly, just being able to dig up an email address doesn’t imply permission to send marketing or commercial email to it. I can promise you April23@contact.wordtothewise.com did not sign up to receive information on increasing Facebook followers.
CAN SPAM doesn’t prohibit unsolicited email. All it says is that if you send unsolicited email you must do a few things.

  1. The recipient must be able to opt-out of future messages.
  2. The opt-out process needs to be easy for the recipient. No more than a single click to an opt-out page and the recipient does not need to provide more than an email address and an email preference.
  3. The sender must identify their organization through a physical address.
  4. The sender can’t fake or forge any part of the headers.

And, really, that’s it. Meet those few criteria and senders can send as much spam as they want.
Another person asked if there is a risk that CAN SPAM violators will have their door broken down by the CAN SPAM police. And, no, CAN SPAM police aren’t going to break down your door. But they’re not the only thing to consider when making a decision to avoid complying with CAN SPAM.
It’s breaking the law, and I won’t recommend my clients knowingly break the law. Not because I think they’re going to end up fined or in jail, but because meeting the law is such a low bar. I mean, even the worst senders don’t claim they want to keep people on their list who don’t want to stay on the list. Putting in a physical address may seem like a bit much for some groups, but it makes you look like a real company. This is part of running an effective business email marketing program.
There are also other penalties for not complying with CAN SPAM. I know that there are people who make filtering decisions that treat mail that violates CAN SPAM as filter targets. Many filter groups also treat the lack of an opt-out link as a sign of spam. In a much more extreme case, I recently had a SBL listing that centered around a problem in the opt-out process. My client was a brick and mortar sender that collected the email address of a spamhaus volunteer at the point of purchase. The SBL rep told me this happens quite a bit with that particular address, and that she normally just opts-out. But in this case the sender didn’t honor the opt-out, so my client was listed. And stayed listed for a couple weeks and lost a lot of money — all because they didn’t honor an opt-out.
While a small business is probably not going to be subject to FTC penalties, there are consequences to violating CAN SPAM.

Related Posts

Spamhaus dDOS

I got mail late last night from one of the Spamhaus peeps telling me that they were under a distributed Denial of Service (dDOS) attack. This is affecting email. Incoming email is delayed and they’re having difficulty sending outgoing email. This is affecting their responses to delisting queries.
They are working on mitigation and hopefully will be fully up and running soon.
Updates when I get them.
Update (8/29/2012): mail to Spamhaus should be back.

Read More

One Click, Two Click, Red Click, Blue Click

I’ve seen a lot of discussion and arguments over the CAN SPAM rule about whether or not an unsubscribe needs to be a One-Click unsubscribe. It’s gotten so common, I have a stock email I use as a template when wading into such discussions. It’s probably useful for a lot of other people, too, so I thought I’d share.
The regs say:

Read More

Spamhaus rising?

Ken has a good article talking about how many ESPs have tightened their standards recently and are really hounding their customers to stop sending mail recipients don’t want and don’t like. Ken credits much of this change to Spamhaus and their new tools.

Read More