The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003
The CAN-SPAM Act covers commercial email messages with the primary purpose of advertisement or promotion of a commercial product or service.
“EU Opt-In Directive”
Directive 2002/58/EC (specifies minimum legislation for member states)
Directive 2003/58/EC (amending Council Directive 68/151/EEC)
The EU Opt-In Directive covers all direct email marketing messages, including charitable and political messages.
“CASL – Canada’s Anti-Spam Legislation”
S.C. 2010, c. 23
CASL covers all commercial electronic messages, including those sent by non-profit organizations. Commercial electronic messages are defined as messages that have as their purpose, or one of their purposes, to encourage participation in a commercial activity.
Opt-In Requirements and Permission
No, the CAN-SPAM Act allows direct marketing email messages to be sent to anyone, without permission, until the recipient explicitly requests that they cease (opt-out).
Yes, direct marketing email messages may be sent only to recipients who have given their prior consent (opt-in). Prior permission is required for business-to-consumer (B2C) communication covering all “natural persons”.
For business-to-business communication (B2B), i.e. “legal persons”, EU member states are free to make opt-out the minimum legislation. However, national legislation of member states can require opt-in for B2B email communication too.
Existing Business Relationship:
A business relationship in which contact information was obtained constitutes prior consent as long as a means to opt out was provided at the same time and continues to be provided with each such message and each message is about similar products or services by the same company.
Yes, commercial electronic messages may be sent only to recipients who have given their prior consent (opt-in). All recipients’ express, or in certain cases implied, prior permission is required.
Existing Business Relationship:
When there is an existing business or non-business relationship, a recipient’s implied consent applies for 36 months, beginning July 1, 2014.
Certain exceptions apply to specific types of messages sent by a political party, charity, family members, people in personal relationships, persons within an organization or between organizations.
Opt-Out Requirements and Unsubscribing
Yes, every message must include opt-out instructions. Subscribers cannot be required to pay a fee, provide information other than their email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single Internet web page to opt out of receiving future email from a sender. The sender must honor the opt-out request within 10 days.
Yes, every message must include opt-out instructions. Sending email for purposes of direct marketing without a valid address to which the recipient may send a request that such communications cease is prohibited.
Existing Business Relationship:
When the email address is obtained in the context of the sale of a product or service, the natural or legal person may use the email for direct marketing of its own similar products or services provided that customers clearly and distinctly are given the opportunity to object, free of charge and in an easy manner, to such use of electronic contact details when they are collected and on the occasion of each message in case the customer has not initially refused such use.
Yes, every message must include opt-out instructions. Subscribers must be able to easily opt out from receiving further messages at any time at no cost. The mechanism can be, for example, an unsubscribe link that is included clearly and prominently in an email, allowing the recipient to unsubscribe by simply clicking it. The sender must honor the opt-out request without delay and in any event no later than 10 business days after receiving it.
Sender Identity and Message Labeling
The CAN-SPAM Act prohibits false email header information, open relay abuses, generating multiple email addresses from which to send, address harvesting, dictionary attacks, and other fraudulent ways of sending spam. The subject line cannot mislead the recipient about the content or subject matter of the message. Identification that the message is an advertisement or solicitation is required.
Disguising or concealing the identity of the sender on whose behalf the communication is made is prohibited.
CASL prohibits spam, malware, spyware, address harvesting, unauthorized alteration of transmission data as well as false and misleading electronic representations. The sender must identify itself and the persons on whose behalf a commercial electronic message is sent.
Contact Information and Postal Address
Yes, a valid physical postal address is required. A sender of commercial email can include an accurately registered post office box or private mailbox established under United States Postal Service regulations to satisfy the requirement that a commercial email display a valid physical postal address.
Yes, the same information disclosure requirements apply to business email as to physical business letters. Companies registered or operating in the EU need to state their company details on every electronic business communication sent from their organization. Business email messages sent by a company should include:
- The full name of the company and its legal form
- The place of registration of the company
- The registration number
- The address of the registered office
- The VAT number
A valid return address must be always provided.
Yes, a valid postal address, where the sender can be reached by the recipient, must be provided. When it is not practical to include this information in the body of the message, then a clear and prominent link to a web page containing this information is an acceptable practice.
Directive 2002/58/EC (Directive on Privacy and Electronic Communications)
Amending Council Directive 68/151/EEC
Directive on Privacy and Electronic Communications on Wikipedia
Checklist of Legal Requirements
- Do I have prior explicit and verifiable permission (opt-in) from the recipient?
- Does the message have:
- A clear and accurate sender identity?
- An accurate subject line?
- Clear and easy opt-out instructions?
- A physical postal address and company details?
- A valid return address?
- Have I tested that the subscription and unsubscription mechanism works?
- Have I checked the test messages carefully before sending? Did my colleagues do this too?
- Can I process replies and any subscriber requests promptly?
Checklist of Email Marketing Best Practices
- Obtain prior permission via a double opt-in subscription mechanism. Send an automated and well thought-out welcome message with key instructions and expectations.
- Test readability
- Check the HTML message design and readability. It must work with blocked images.
- Include a plain text alternative with any HTML message.
- Keep the subject line short and clear. 25 characters display in most clients.
- Test deliverability
- Use email authentication. Check that SPF, Sender ID, DomainKeys and DNS records correctly verify the sender.
- Scan email messages to make sure that they are not identified as spam by common spam filtering applications before sending.
- Provide wanted, expected, relevant and interesting messages to each recipient.
- Provide clear instruction on how the subscribers can automatically unsubscribe (opt out). Send an automated and well thought-out farewell message. This works as a successful confirmation, gives an opportunity to ask for feedback and thank the subscriber.
Kudos to L-Soft – lsoft.com. Thank you!