November 7, 2018

Deliverability 101: CAN-SPAM, the ghost of email past.


In the early 2000s, an anti-spam law was put in place to help curb the onslaught of unsolicited communications consumers were receiving on a daily basis, and to prevent a fragmented patchwork of legislation individually managed at a state level, potentially resulting in 50 different anti-spam laws for marketers to navigate. The resulting collaboration, effective in 2003, is known as “Controlling the Assault of Non-Solicited Pornography and Marketing” (CAN-SPAM).

At first glance, CAN-SPAM was designed to formalize the requirements for sending commercial email in the United States and provide a formalized structure for marketing messages. This included giving a standard for identification of the sender, managing consumer preferences to stop unsolicited email, and build a framework for enforcing penalties against those who fail to follow these rules.

Sounds fairly simple, right? It is. On a scale of easy- to hard-to-follow legislation, CAN-SPAM practically falls off the easy side while Australia’s and Canada’s laws sit at the difficult end of the spectrum. Don’t forget we haven’t even broached consent requirements, as most modern-day privacy laws do. In fact, because of CAN-SPAM’s relaxed rules around opt-in permission, CAN-SPAM has very little impact on commercial spam. Go figure.

CAN-SPAM got a tune-up in 2008 to clear up a few key definitions confusing marketers:

  • The term “person” was clarified to include an individual, group, unincorporated association, limited or general partnership, corporation, or other business entity
  • Rules on defining sender” when there are potentially multiple advertisers involved on a single message
  • Clarification on the definition of “Transactional and Relationship message”
  • Clarification on the term “Address” to clearly allow for a postal box or physical address
  • Confirmation on imposing a fee for not respecting a consumer’s request to opt-out as a violation of the legislation

At the time, the Federal Trade Commission (FTC), the enforcement body for CAN-SPAM, also declined to make changes to the rules around a 10-day opt-out processing requirement and to the length of time a company must maintain a suppression list of past opt-outs.

What’s next for CAN-SPAM?

In 2017, the FTC requested feedback on several potential updates they should consider in regard to the now-15-year-old anti-spam law. The core focus of the research conducted by the FTC looked at the window of time necessary to process an unsubscribe to see if the law should shorten this period to three business days, and if the definition of a transactional email needs to be modified to include more modern mailing programs and message types. Bloomberg Law is reporting the FTC will ask for updates to these two portions of the law.

For more information on anti-spam legislation around the world, the Email Experience Council created a Global Compliance Guide providing an overview and comparison of over 70 countries. EEC members can access this guide for free. Come back here next week, too, as we’ll be looking at other legislation in a smaller, bite-sized way.

Author: Matthew Vernhout

Matthew Vernhout is a digital messaging industry veteran and Certified International Privacy Professional (CIPP) with more than a decade of experience in email marketing. Matt is 250ok’s Director of Privacy, and he is currently the Vice Chair of the eec, after serving for several years as the Chair of their Advocacy Subcommittee.

You may also like...

The Year in Email 2019

It’s hard to believe we are nearing the end of yet another exciting year in email, and 2019 proved to be one of the most momentous and active years to date. Over the past year, the number of new technologies, mergers and acquisitions, mailbox provider (MBP) announcements, news, and highlights is evidence of the versatility […]

[Infographic] Global Privacy Relationship Status: It’s Complicated

I recently gave a presentation on global privacy regulations to a post-graduate marketing class and one of the things I noticed while preparing was that even within a single country, privacy is complicated. On a global scale, it is really complicated. For example, Canada has one federal private sector privacy law, three similar provincial laws, […]

The Year in Email 2018

*Update: This article was featured on email influencer Jordie van Rijn’s emailmonday blog! To see it in action, plus a great round-up of other articles and thought leadership looking forward to the future of email, click here.* The Black Friday emails are deleted, marketers’ email lists are checked twice, we pretty much know which senders […]

Ready to get started?