Breaking Down The CAN-SPAM Law

If your business does any email marketing, you need to know about the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003.  (Also known as CAN-SPAM to it's friends.)

This law gives the U.S. Federal Trade Commission the ability to penalize those who don't comply, and non-compliance isn't cheap.

Sound scary?

Let's break it down.

CAN-SPAM Breakdown

The act consists of seven requirements;  if you can adhere to these, you should be in the clear.

DON'T

• Don't use misleading headers. All of the information included at the top of your email, including the "from", "reply-to" and any routing information must accurately identify your business or the person sending the email.
  
  
• Don't falsify the subject line. If you're not really trying to give away a million dollars, don't put it in the subject line in hopes of getting someone to open the email. 
  
  
• Don't obscure your location. Every email from you should include your physical address. It can be a PO box, a street address, or a private commercial mailbox you've registered for, but it must be in your email. 
  
  
  

DO

• Offer an opt-out option. If your recipient isn't interested in receiving email from you, they must have a clear and simple explanation for how to stop it. Whether they have to send a message to your return address or if you offer a one-click opt-out button, you need to provide an easy way for people to stop the email.
  
  
• Promptly act on any opt-out request. You must honor any opt-out request within 10 business days, and you can't make them jump through crazy hoops (like providing a great deal of additional information, charging a fee, or anything along those lines) before you allow them to stop receiving your emails. 
  
  
• Be clear that your email is an advertisement. Again, you can't try to present your email as something other than what it is to entice people to open it. 
  
  
• Be aware of any marketing done in your name. Just because you're not the one sending the emails on your company's behalf doesn't mean that you're not liable if they're breaking the law. If you hire a marketing company to handle your emails, be sure that you know what they're sending, and that's it's entirely legal. 
  
  

Penalties 

We'll assume that you'll follow the rules laid out above, but just in case one should slip by you, what would happen if you violate the law?

Spolier alert: Not pretty. 

Every. single. email. that doesn't adhere to CAN-SPAM can garner you and your company a fine of $16,000. The bigger the list, the bigger the fine. And it doesn't matter if the infraction occurred when you weren't aware of the law; you're still on the hook. 

Additionally, if the email in question also makes untrue claims about the services or products it advertises, it could lead to a prison sentence. 

Case Study

One of the first major cases brought against a company violating the CAN-SPAM act came about after the FTC charged a Detroit-based company called Phoenix Avatar with spamming potential clients in hopes of selling diet patches. The company not only falsified their identities with obscured third-party email addresses in the headers of their emails, but the product they were peddling was also found to be bogus. 

Additionally, the false email addresses led to thousands of emails being bounced to innocent third parties who were then mislabeled as spammers. To further compound their guilt, they also failed to allow consumers an opt-out on all future email. 

The case was eventually settled out of court, and the judgement ordered the individuals affiliated with the case to pay $230,000 each. However, once their financial records were submitted and it was discovered that they didn't have the funds to cover the judgement, they were charged $20,000, with the caveat that if their financial statements were misrepresented, the entire amount would be due.

Now, I'm sure none of you are being super shady or manipulative with your email marketing, but the FTC doesn't mess around.

Stay Compliant

Even though the spammers weren't prosecuted to the fullest extent of the law, the fine wasn't a slap on the wrist; if you're concerned about the potential punishment, you should audit your email procedures.

Make sure your subject lines are accurate, your audience knows from whom the emails are coming, and that you offer a simple method of unsubscribing from future email. 

If someone chooses to opt-out of your future offerings, be sure that you process the request within ten business days. Make sure that all email sent in your name is compliant with the laws, even if you're not sending the emails personally. 

Checking and double-checking your email processes can save you from costly and embarassing fines and potential imprisonment.