USA e-mail marketing rules
In the United States, direct marketing by e-mail is regulated by the federal Controlling the Assault of Non-Solicited Pornography and Marketing Act or so-called CAN-SPAM Act. The Congress passed the CAN-SPAM Act to address the problem of unwanted/spam emails. Its compliance is monitored by the Federal Trade Commission.
The CAN-SPAM Act covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service”, including email that promotes content on commercial websites.
The law makes no exception for business-to-business [B2B] email. It does, however, exempt transactional and relationship messages. That means all email – for example, a message to former customers announcing a new product line – must comply with the law.
Under the FTC’s CAN-SPAM Act, you do not need consent prior to adding users located in the US to your mailing list or sending them commercial messages.
The CAN-SPAM Act contains several requirements that email marketers must adhere to; however, the Federal Trade Commission lists out seven main sections that can be used as a checklist to ensure that your business’s emails and newsletters are not in violation.
- Don’t use false or misleading header information. Your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.
- Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message. Do not be deceitful, misleading or inaccurate with your subject lines in an attempt to get people to open your email. Your subject line should contain a short explanation of the email contents.
- Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement. You do not need to use the word “ad” in the subject line or even create an image in the email that calls out that what the recipient is opening is an ad. But, per the CAN-SPAM Act, it is required that each business email sent says somewhere that it is an ad. This can be as simple as placing text at the bottom of the email saying, “This advertisement was sent by (your business name here).”
- Tell recipients where you’re located. Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations.
- Make opting-out easy. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. Craft the notice in a way that’s easy for an ordinary person to recognise, read, and understand. Creative use of type size, colour, and location can improve clarity. Give a return email address or another easy Internet-based way to allow people to communicate their choice to you. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you. Make sure your spam filter doesn’t block these opt-out requests.
- Honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipients opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request. Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act.
- Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.
Each separate email in violation of the law is subject to fines of up to $43,792, and more than one person may be held responsible for violations. In addition, it has certain violations that may give rise to additional fines. The law provides for criminal penalties – including imprisonment – for:
- accessing someone else’s computer to send spam without permission,
- using false information to register for multiple email accounts or domain names,
- relaying or retransmitting multiple spam messages through a computer to mislead others about the origin of the message,
- harvesting email addresses or generating them through a dictionary attack (the practice of sending email to addresses made up of random letters and numbers in the hope of reaching valid ones), and
- taking advantage of open relays or open proxies without permission.
Contact Us
Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.
Recent blogs
Appointment of a DPO in Singapore: What You Need to Know Before 30th September
If your business handles personal data in Singapore, it’s important to be aware of a key deadline
Enterprise Data Protection: Securing Large-Scale Information Assets
Cyber threats and regulatory pressures have made it necessary for businesses around the world to sa
Continuous Data Protection: Ensuring Real-Time Information Security
Continuous data protection (CDP) has emerged as a crucial strategy in safeguarding data assets agai