Is your organization in compliance with the recently passed CAN-SPAM anti-spam legislation? Because of the short-time frame between President Bush signing the legislation and the new law taking effect, many companies have either overlooked or misunderstood certain aspects of the law.
So how exactly does CAN-SPAM affect legitimate permission-based marketers and what steps should you take to ensure compliance? Let’s take a look at some new definitions, the key requirements and recommended steps email marketers should take.
CAN-SPAM: The Definitions
The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act) stipulates that all companies that send or otherwise “initiate” commercial e-mail comply with a number of specific requirements. But first, what constitutes a commercial email? The Act distinguishes commercial emails from “transactional” or “relationship” messages and introduces a new term into the industry lexicon – “affirmative consent.”
Commercial email message: Any email message “the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.”
Transactional or relationship email message: An email message that is primarily intended to facilitate, complete or confirm a commercial transaction that the recipient has previously agreed to enter in with the sender.
Affirmative consent: The Senate Commerce Committee Report for the CAN-SPAM Act indicates that “affirmative consent” requires some active choice or selection by the recipient. Remaining passive, such as not unchecking a pre-checked box or other default Web form, is not sufficient.
Key Requirements of CAN-SPAM
CAN-SPAM requires that all companies that send or otherwise “initiate” commercial email to:
1. Refrain from sending any message with a misleading subject heading.
2. Include in each message a valid return email address or Internet-based reply mechanism that will function for at least thirty (30) days following the transmission of the message.
3. Include a physical postal address in the body of each message.
4. Include a conspicuous notice identifying each message as an advertisement or solicitation*
5. Include in the body of each message a notice explaining how recipients can prevent the transmission of future messages by using the sender’s return email address or Internet-based reply mechanism.
6. Honor all “opt-out” requests within ten (10) business days of their receipt.
7. Refrain from selling, exchanging or otherwise transferring the e-mail address of any recipient who has made an “opt-out” request, except as necessary to comply with the Act or other provisions of law.
*With the exception of the notice identifying a message as an advertisement, all of the above apply to commercial emails (unsolicited or opt-in). Emails sent to recipients with affirmative consent do not need to include the notice of advertisement. The Act allows marketers to determine the form and location of this notice – state laws requiring the letters “ADV” to be displayed in a subject heading and similar labeling requirements are preempted. The full Act can be downloaded at: http://www.spamlaws.com/federal/108s877.html.
Complying With CAN-SPAM
Let’s look at some areas of the Act that in general lack clarity or may require more significant changes in email practices. These include:
Transactional or Relationship Message Requirements – These messages must include accurate path information in the email header, but are not subject to the postal address, notification and opt-out requirements outlined above.
Promotional Content Within Transactional or Relationship Messages – The Senate Commerce Committee Report that accompanied the Act suggests that a bonafide “transactional or relationship message” may contain some content promoting a product or service unrelated to a previous transaction. The report emphasizes, however, that this promotional material must truly be ancillary to the primary purpose of the communication. This would suggest, for example, that a monthly bank statement notice could contain a small amount of content promoting equity lines or car loans.
Pre-Checked Boxes – It has been common practice for many organizations to include “pre-checked boxes” in transaction, registration and other forms that opt in consumers to receive newsletters or promotional emails. This passive opt-in, however, does not qualify as affirmative consent and subjects any emails that result from this approach to the requirements imposed on unsolicited commercial emails. Your company then can either switch to unchecked boxes or add the “advertisement” language in your emails.
Advertising Statement – If you are sending emails without affirmative consent, then you must include the aforementioned notice identifying each message as an advertisement or solicitation. The Act does not stipulate the form of location of the notice, nor does it require the use of “ADV” in the subject line, a common requirement in some state laws.
Multiple Email Newsletters/Messages – If your organization distributes more than one type of newsletter or promotional message, you will need to provide members/recipients with a means to unsubscribe from specific individual recurring message types as well as a global unsubscribe and suppression feature. A global suppression capability ensures that for recipients who request it, they will never receive any future emails from your organization.
Actions Organizations Should Take
To ensure compliance with the Act, consider taking the following steps:
Convene all company staff that are or could be involved in the email marketing process – marketing, Webmaster, IT, call center, legal, sales and others. Ensure that all affected personnel have a good understanding of the Act and how it might affect their practices and policies.
Review your company’s email marketing programs to ensure that they comply with the content and notification requirements and involve your legal counsel as appropriate.
If you haven’t already, add a postal mailing address to all of your commercial emails.
Review and test your opt-out/unsubscribe language and process. Make sure it is clear, simple and actually works. Also, make sure you are using a valid return email address or Internet-based reply mechanism that will remain functioning for at least thirty (30) days after messages are sent.
Make sure that all opt-out requests are honored within ten (10) business days of receipt. The simplest and best approach is to utilize software (installed or hosted) that automates the reply, unsubscribe and global unsubscribe process.
If your organization uses pre-checked boxes or other “passive” opt-in mechanisms in your email sign-up process, it is recommended that you change to unchecked or other affirmative consent approach. Otherwise you will need to add the conspicuous identification that the emails are advertisements or solicitations.
It is highly recommended that you add a profile update page on your Web site and links to it from your email messages. This enables customers and subscribers to easily update their email address, opt in or opt out of individual or multiple newsletters/communications, request not to be communicated to in the future, change email formats and other information and preferences.
Beyond CAN-SPAM: Permission Best Practices
Regardless of what the future holds, companies should take the permission “high road” when responding to the CAN-SPAM Act and surrounding “customer-control environment.” Your email marketing program should support key principles including permission, privacy, trust, brand, preferences, relevance and relationships.
Email marketing can provide organizations with perhaps its most efficient and cost-effective means of marketing and building relationships with its members. The passage of CAN-SPAM and surrounding customer-control environment, however, requires that companies get their permission marketing houses in order.
Loren T. McDonald is Vice President of Marketing at EmailLabs, and is a
frequent author and speaker on email marketing best practices and trends. A
legal brief on CAN-SPAM from Dow, Lohnes & Alberston PLLC is available at
http://www.emaillabs.com/resources_tools.html.
