At the start of this year, the CAN-SPAM Act went into effect. Some aspects of the law are well-defined; others, such as using “ADV” or another label in commercial mail subject lines, are not yet fully outlined. Then, there are real grey areas, such as whether you must include your or the list owner’s brand when sending a commercial message to a third-party list.
Here’s a quick reference version of a report I put together for myself and my clients based on my reading of the law. It includes:
- Overview of some new terminology from Congress.
- Ten-point checklist of things to do now.
- Timeline of when future provisions will flesh out and take effect.
- Link to the full text (all 21 pages of legalese) of the Act.
Space doesn’t permit a discussion of CAN-SPAM’s grey areas here. Watch industry publications this month and next as these are more defined. If there’s interest and more definitive information next month, I’ll cover the grey areas in my next column.
Disclaimer: I’m not a lawyer (nor do I even play one on TV!). The following recommendations are based on my reading of the law, not legal advice. Where applicable, I cite section numbers that refer to the law’s original language.
Congress created some new terminology you’ll want to be familiar with. The high points:
- Affirmative consent. Basically this means opt-in, but with an added responsibility. If you share the email address with a third party, you must give the recipient “clear and conspicuous notice at the time the consent was communicated” (section 3(1)).
- Commercial email messages versus transactional/relationship email messages. The law treats these types of messages differently, so it’s important to know which group your missive falls into. The basic distinction is the message’s purpose. If it’s an advertisement or promotion for a commercial product or service, it’s commercial. If the purpose is to “facilitate, complete, or confirm” a previously agreed-upon commercial transaction, it’s transactional or relationship. Included in the latter definition is warranty information, product updates or upgrades that regard the previously agreed-upon commercial transaction, and benefit/other information to your own employees.
Further details on how to categorize email are forthcoming (see the timeline, below). The law does state simply referencing or including a link to a commercial entity in an email message is not sufficient to make it a commercial email message (sections 3(2) and 3(17)).
Compliance Basics: A 10-Point Checklist
Many of these are very basic and already second nature to opt-in email marketers: no fraudulent transmission data, no harvesting email addresses. Others are more complex, such as new rules regarding inclusion of a physical postal address. These are good starting points in ensuring your email program is in compliance with the new law:
- Don’t use fraudulent transmission data, such as open relays and false headers (sections 4(a), 5(a)(1), and 6).
- Don’t use misleading sender or subject lines (section 5(a)(1) and 5(a)(2)).
- Add your postal address to all email (section 5(a)(3) and 5(a)(5)(A)(iii)).
- If your email list isn’t opt-in or double opt-in (“prior affirmative consent”), include a clear notice that states the email is an advertisement or solicitation in commercial messages (section 5(a)(5)(A)(i)). If your list is opt-in or double opt-in, you’re exempt from this provision.
- Include a “clear and conspicuous” unsubscribe mechanism in every email (section 5(a)(5)(A)(ii)).
- Have a process for handling unsubscribes within the 10-day window. Ensure this is in place electronically, as well as for unsubscribes received via postal mail (and any other contact information you include in the email, such as phone and fax) (section 5(a)(4)).
- Offer recipients a way to receive some types of email from you while blocking others, along with a “global unsubscribe” option to stop all future email from your organization (section 5(a)(3)(B)).
- Don’t share the address of a person who unsubscribed with any other entity seeking to send that party email (section 5(a)(4)).
- Don’t harvest email addresses or use automated means to randomly generate addresses (section 5(b)(1)).
- Remove any sexually oriented material from your messages. The law requires such material be readily identified in the subject line. When “initially viewed,” the message body should include only instructions on how to access the sexually oriented material, as well as your postal address, a notice the message is an advertisement or a solicitation, and a working unsubscribe mechanism (section 5(d)(1)). You can ignore this if the message is sent to someone who opted in (section 5(d)(2)).
Another note, not so much on compliance as protection. Under this law, if you want to protect email addresses on your Web site from being harvested, add a notice you don’t “give, sell, or otherwise transfer” these addresses to “any other party for the purpose of initiating, or enabling others to initiate,” email messages (section 5(b)(1)(A)).
Future Provisions Timeline
Most enforcement will be undertaken by the Federal Trade Commission (FTC), some with input from the Attorney General, the Federal Communications Commission (FCC), the Department of Justice, and other appropriate Federal agencies:
- January 1, 2004: CAN-SPAM goes into effect (section 16).
- On or before May 1, 2004: Regulations will be announced for adding “clearly identifiable marks or notices” to inform recipients and facilitate filtering for email containing sexually oriented material (section 5(d)(3)).
- On or before July 1, 2004: Plan and timetable will be announced for a Do-Not-E-Mail Registry, along with any concerns about such a registry and how it would function in respect to children’s email addresses (section 9(a)).
- On or before October 1, 2004: Plan will be announced for rewarding people who help identify organizations and/or individuals who violate CAN-SPAM’s provisions. The document will outline how violations are to be reported to the FTC, including an electronic submission option (section 11(1)).
- On or before October 1, 2004: Regulations will be announced to protect consumers from commercial email messages delivered to wireless devices (cell phones, pagers, etc.). They will consider the sender’s ability to know they are transmitting to a wireless device (sections 14(b) and 14(c)).
- No sooner than October 1, 2004: FTC may implement the Do-Not-E-Mail registry (section 9(b)).
- On or before January 1, 2005: Regulations will be provided on how to define the primary purpose of an email to categorize it as either commercial or transactional/relationship (section 3(2)(C)).
- On or before July 1, 2005: Plan for subject line labeling of commercial messages will be announced. Use of “ADV” is mentioned as an option; if there are no standards by this date, the FTC needs to explain why it opposes the plan. There’s precedent in the plan to exclude opt-in lists from this provision (section 5(d)(2)) (which I agree with), but it’s not a done deal until the plan is released. Opt-in email marketers should watch this and provide input (section 11(2)).
- On or before January 1, 2006: A report will be presented on how successful the law’s provisions are, identifying any additional measures Congress should take. This will include an analysis of technical and marketplace developments, recommendations for email sent from abroad, and any additional ideas for protecting recipients, particularly children, from obscene and pornographic email messages.
Full text of the CAN-SPAM Act of 2003.
Happy New Year! And best wishes for happiness, health, and effective and profitable email marketing in 2004! Your thoughts and feedback on my columns are always welcome.
Until next time,
Want more email marketing information? ClickZ E-Mail Strategies is an archive of all our email columns, organized by topic.
No matter your industry, field, career, day-to-day responsibilities, or duties, communication is integral to your success. This is particularly true in SEO ... read more
Do your email subscribers use social media? Let me ask this a different way. Is anyone not using social media? Like email, ... read more