The US CAN-SPAM act is the primary US legislation covering commercial email. It’s been around since 2003, but I still see a steady stream of questions about it, and the folkloric answers to some of them are all over the place.
What does CAN-SPAM require?
The important requirements are
- Don’t use false or misleading header information
- Don’t use deceptive subject lines
- Make it clear the message is an advert
- Provide a valid physical postal address
- Tell recipients how to opt out of receiving future email
- Do not require anything other than the recipients email address to opt-out
- Honor those opt out requests promptly
You can’t contract away your legal responsibility. If you contract with another company to handle your email marketing both you and they may be held liable.
What doesn’t CAN-SPAM require?
CAN-SPAM doesn’t forbid anything other than deceptive and criminal behaviour in any sort of email that has no commercial content.
CAN-SPAM doesn’t require that recipients opt-in.
CAN-SPAM only applies to email, not social media and not SMS (other than SMS sent by sending email to an email-to-SMS gateway).
Does CAN-SPAM apply only to commercial email?
Mostly. CAN-SPAM divides email content into three categories:
- Commercial
- Transactional / Relationship
- Other
The vast majority of CAN-SPAM requirements apply only to mail which has a “primary purpose” that is commercial, not to transactional / relationship mail (which I’m going to just call “transactional” from now on).
You’re not allowed to use false or misleading routing information for transactional emails, but otherwise CAN-SPAM puts no limits on them.
Political email, including fundraising email, is considered “Other”, though relying on that for email that is selling something concrete is sketchy and likely a bad idea.
There’s no specific mention of mail sent by charities or other non-profits in the act – their mail and compliance requirements are judged exactly the same as mail from commercial companies.
Is my mail transactional?
The primary purpose of an email is transactional or relationship if it consists only of content that:
1. facilitates or confirms a commercial transaction that the recipient already has agreed to;
2. gives warranty, recall, safety, or security information about a product or service;
3. gives information about a change in terms or features or account balance information regarding a membership, subscription, account, loan or other ongoing commercial relationship;
4. provides information about an employment relationship or employee benefits; orFTC Compliance Guide for Businesses
5. delivers goods or services as part of a transaction that the recipient already has agreed to.
What if I mix transactional and commercial content in the same message?
When an email contains both kinds of content, the primary purpose of the message is the deciding factor. Here’s how to make that determination: If a recipient reasonably interpreting the subject line would likely conclude that the message contains an advertisement or promotion for a commercial product or service or if the message’s transactional or relationship content does not appear mainly at the beginning of the message, the primary purpose of the message is commercial.
FTC Compliance Guide for Businesses
So for your mail to have a primary purpose that is transactional, and so to be exempt from most CAN-SPAM requirements, it must be clear – to a reasonable recipient – from the subject line that it’s intended to be transactional and the beginning of the message must contain primarily transactional content.
What if I mix commercial and “other” content in the same message?
In that case, the primary purpose of the message is commercial and the provisions of the CAN-SPAM Act apply if:
1. A recipient reasonably interpreting the subject line would likely conclude that the message advertises or promotes a commercial product or service; and
2. A recipient reasonably interpreting the body of the message would likely conclude that the primary purpose of the message is to advertise or promote a product or service.FTC Compliance Guide for Businesses
Factors relevant to that interpretation include the location of the commercial content (for example, is it at the beginning of the message?); how much of the message is dedicated to commercial content; and how color, graphics, type size, style, etc., are used to highlight the commercial content.
Does CAN-SPAM apply to B2B email?
Nothing in CAN-SPAM requires that recipients be consumers. B2B and B2C mail are both covered.
What are the penalties for violation?
Theoretically, civil penalties of up to $42,530. Per email.
Realistically, behaviour has to be pretty egregious for the FTC to consider enforcement beyond a warning letter and an agreement to comply in the future.
But most reputation services and email service providers have much higher standards than CAN-SPAM requires and will likely consider wilful violations of CAN-SPAM as a priori evidence of bad intent.
Legal standards in other jurisdictions, notably Canada and Europe, are higher and enforcement is more likely.
Where can I get more advice?
The FTC has an excellent compliance guide that provides understandable, quotable summaries of the act requirements. I’ve quoted liberally from it here, and it’s what I point people at when they ask “But does CAN-SPAM say …?”.
Or you can read the act itself (or, more readably, at Cornell), if you enjoy legalese. It’s been modified and clarified by he FTC since it was passed, so read some of the rule making and FTC commentary too. But don’t try and rules-lawyer to justify your doing something that’s a dark shade of grey.