The privacy and compliance landscape is ever-changing as lawmakers need to stay ahead of spammers who are at most a security threat and at least annoying and responsible for giving email senders a bad rap. In honor of the eighth annual Data Privacy Day (January 28), following is a reminder of the importance of email compliance:
The CAN-SPAM Act was signed in 2003, establishing the United States’ first national standards for the sending of commercial email, and making each individual email in violation subject to penalties of up to $16,000. Here are some key components:
Purchased Email Lists
Bottom line: It’s not a good idea to purchase or sell email lists. In fact, the Act specifically states you can’t sell email addresses, although you may transfer them to a company hired to help with compliance.
Unless you have an agreement with another company to co-market in their newsletter or have access to a legitimate opt-in list from an affiliate, only send emails to your own list. While renting lists is not prohibited, legally it can be risky, and ethically, shady. It also typically results in a high rate of unsubscribes and abuse complaints.
False Header Information
In email marketing campaigns, the header information, including originating domain name and email address, must be accurate and identify the person or business that initiated the message.
Misleading or Deceptive Subject Lines
The Act specifically states that subject lines must not be misleading in any way. Besides, disappointing potential customers is a sure way to lose their business and can lead to the FTC exercising its authority to enforce Section 5 of the FTC Act (Unfair or Deceptive Acts or Practices).
Sender’s Postal Address
The sender’s actual postal mailing address must be included in commercial emails. It’s normally seen in the footer and can be your current street address, a USPS-registered P.O. box or a private mailbox registered with a commercial mail receiving agency established under Postal Service regulations.
Opt-out Option (Unsubscribe)
A major requirement of the Act is that recipients be given a way to opt out of or unsubscribe from future emails. It can be a one-click opt-out or more detailed option, such as a preference center listing specific types of communications from which to opt-out. The email must also have a functional return email address or other mechanism clearly and conspicuously displayed a recipient can use to unsubscribe from the mailing list. This address or mechanism must remain functional for 30 days after the email is sent, and any unsubscribe request must be honored within 10 business days.
What about sending marketing messages to people subscribed only to your blog updates or vice-versa? This is permitted. Keep in mind, however, that compliance regulations apply to any message with commercial content, so your blog or newsletter—if transmitted—is likely subject to opt-out and disclosure requirements, too.
While it’s legal to mix the content sent to different lists, we recommend email segmentation. For example, don’t send a subscriber to your blog additional offers unless they purchase something and subscribe to your marketing list and vice-verse to ensure you’re honoring the customer’s wishes.
Also, if your lists are independent and don’t share a suppression list, you can find yourself with increased abuse complaints when they’re not managed correctly. If a recipient unsubscribes from your blog updates, but continues to receive general marketing email (or vice-versa), they might be driven to mark the email as SPAM.
These regulations apply to email marketing in the US, but what if you have subscribers reading your commercial emails outside of the US, too? Be on the look-out for a follow-up article that addresses the importance of email compliance outside of the United States.
James Koons is the Chief Privacy Officer of Listrak