The CAN-SPAM Act is a federal law in the United States that regulates commercial email messages. The acronym “CAN-SPAM” stands for “Controlling the Assault of Non-Solicited Pornography and Marketing.” The law sets rules for commercial email messages, gives recipients the right to have a business stop emailing them, and spells out harsh penalties for emailers who violate the law.
The law applies to all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.” This applies to both business-to-consumer and business-to-business messages.
The main requirements of the law are that companies must:
- Provide a clear and conspicuous way for recipients to opt-out of receiving future emails.
- Include their physical postal address in the message.
- Identify the message as an advertisement in some reasonable way.
- Not use false or misleading header information.
- Not use deceptive subject lines.
- Monitor what others are doing on their behalf.
Violations of the CAN-SPAM Act can result in penalties of up to $46,517 per violation, and companies that knowingly violate the law can face even higher penalties.
Must You Have Explicit Consent Before Sending Cold Emails?
The CAN-SPAM Act, at 15 U.S.C. § 7704(d)(2), states “[it] does not apply to the transmission of an electronic mail message if the recipient has given prior affirmative consent to receipt of the message.”
The Act does not require explicit or affirmative consent from recipients before sending commercial emails. The act requires that commercial email messages are only lawful if the recipient has not opted-out from receiving such messages.
The CAN-SPAM Act, at 15 U.S.C. § 7704(a)(3), states that a commercial email is “lawful” only if the recipient has not opted-out of receiving such messages by using a functioning unsubscribe mechanism.
The law requires that companies must provide a clear and conspicuous way for recipients to opt-out of receiving future emails, such as an unsubscribe link in the email.
Honoring opt-out requests
The CAN-SPAM Act requires companies to honor opt-out requests “within 10 business days.” This means that once a recipient has requested to opt-out of receiving further emails from a company, the company must stop sending them commercial emails within 10 business days.
The law also requires that companies must provide a clear and conspicuous way for recipients to opt-out of receiving future emails, such as an unsubscribe link in the email. Once a recipient has used that link to opt-out, the company must stop sending them emails, even if 10 business days have not yet passed.
Additionally, the law requires that companies must also include a process for handling opt-out requests that is easy for the recipient to use, and that the process must be able to process opt-out requests for at least 30 days after the email is sent.
It’s important to note that companies must also implement procedures to ensure that opt-out requests are honored in a timely manner and that the recipients’ email addresses are inactivated in their email lists and not sold or transferred to another entity.
When does the FTC take action?
Many companies have been sued by the Federal Trade Commission (FTC) and state attorney generals for violations of the CAN-SPAM Act. The FTC has brought many enforcement actions against companies that have violated the Act’s requirements, including actions against companies that have sent spam with false or misleading header information, used deceptive subject lines, and failed to include a functioning opt-out mechanism in their emails.
Here are a few examples of companies that have been sued by the FTC for violations of the CAN-SPAM Act:
- In 2019, a company called LeadClick Media was sued by FTC for sending unwanted text messages and emails to consumers, and for not allowing consumers to unsubscribe from their messages
- In 2018, a company called “Your Baby Can Read” was sued by FTC for making false and misleading claims in their email advertisements
- In 2014, a company called “Amazon Cloud Drive” was sued by FTC for sending unwanted text messages and emails to consumers, and for not allowing consumers to unsubscribe from their messages
- In 2008, a company called “Sellers Playbook” was sued by FTC for sending spam emails to consumers, and for not allowing consumers to unsubscribe from their messages
- In 2006, a company called “e360 Insight” was sued by FTC for sending spam emails to consumers, and for not allowing consumers to unsubscribe from their messages
These are just a few examples of companies that have been sued for violations of the CAN-SPAM Act, and it’s important to note that the FTC continues to bring enforcement actions against companies that violate the Act’s requirements.