Questions about CAN SPAM.


In the US, the law governing the sending of commercial email is CAN SPAM. I’ve seen a number of questions about CAN SPAM recently.
One came from twitter, where someone was asking if just having an email address meant permission to send to it. Clearly, just being able to dig up an email address doesn’t imply permission to send marketing or commercial email to it. I can promise you did not sign up to receive information on increasing Facebook followers.
CAN SPAM doesn’t prohibit unsolicited email. All it says is that if you send unsolicited email you must do a few things.

  1. The recipient must be able to opt-out of future messages.
  2. The opt-out process needs to be easy for the recipient. No more than a single click to an opt-out page and the recipient does not need to provide more than an email address and an email preference.
  3. The sender must identify their organization through a physical address.
  4. The sender can’t fake or forge any part of the headers.

And, really, that’s it. Meet those few criteria and senders can send as much spam as they want.
Another person asked if there is a risk that CAN SPAM violators will have their door broken down by the CAN SPAM police. And, no, CAN SPAM police aren’t going to break down your door. But they’re not the only thing to consider when making a decision to avoid complying with CAN SPAM.
It’s breaking the law, and I won’t recommend my clients knowingly break the law. Not because I think they’re going to end up fined or in jail, but because meeting the law is such a low bar. I mean, even the worst senders don’t claim they want to keep people on their list who don’t want to stay on the list. Putting in a physical address may seem like a bit much for some groups, but it makes you look like a real company. This is part of running an effective business email marketing program.
There are also other penalties for not complying with CAN SPAM. I know that there are people who make filtering decisions that treat mail that violates CAN SPAM as filter targets. Many filter groups also treat the lack of an opt-out link as a sign of spam. In a much more extreme case, I recently had a SBL listing that centered around a problem in the opt-out process. My client was a brick and mortar sender that collected the email address of a spamhaus volunteer at the point of purchase. The SBL rep told me this happens quite a bit with that particular address, and that she normally just opts-out. But in this case the sender didn’t honor the opt-out, so my client was listed. And stayed listed for a couple weeks and lost a lot of money — all because they didn’t honor an opt-out.
While a small business is probably not going to be subject to FTC penalties, there are consequences to violating CAN SPAM.

About the author


This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • anti spam protection: Not much. The FTC or state can get penalties, but that is rare. Courts have been ruling that an ISP has to show a causal relationship between the e-mails and harm (ie. system crashes), which is impossible for a legitimate ISP. However, violating the CAN-SPAM could be violating a state law which would get you state penalties, ie. Cal. B&P 17529.5 which could hit you for $1,000/each.

By laura

Recent Posts


Follow Us