Email Spam & Legal Issues: Advanced Email Marketing Tutorial

1.2 Introduction

This is Matt Bailey. In this chapter we are going to be covering the legal aspects of sending emails. We're covering the legal aspects because governments have gotten involved in email marketing.

1.3 Volume of Spam Email

The primary reason is from a consumer protection standpoint. It's estimated that 85% of emails sent in a single day are spam. In fact, that numbers in the billions, the amount of emails sent every day. And only about 14 to 15% of all emails sent in a day, is legitimate email. Because of this, governments have got involved. They have enacted some very stiff laws, as well as fines and penalties that have some teeth to them. If you're involved in email marketing, you should be aware of the legal essentials of how to create and send an email. So that you are complying with all aspects of the law. The more time goes on, the less governments are going to be willing to be compliant, and allow companies to claim ignorance of these laws. Many companies try to claim ignorance, but in fact, that's not going to work. And these laws are only going to become more and more restrictive towards marketers doing email.

1.4 Costs of Spam

In one lawsuit, the defendant had to pay penalties and damages of $87,000. And the main reason is when identifying the sender, rather than using a legitimate sender, an email address that used keywords trying to promote their email. And of course, because it did not identify the sender as required by the CAN-SPAM Act, they lost the lawsuit. In another lawsuit, the company Jumpstart was fined nearly a million dollars because they used personal messages in the subject line. And, according to the CAN-SPAM Act, this was a deceptive subject line. It was meant to persuade the recipient to believe there was an existing message or an existing relationship from someone that they knew. And because it was deceptive, it was considered to be illegal.

1.5 CAN-SPAM Act

Now a few things you may not know about the CAN-SPAM act, this does not cover just email. The CAN-SPAM act is extensive and that it covers all electronic communications. So this can extend into the realm of social media and spamming through Facebook and Twitter. So be aware of the extensiveness of some of these anti-spam laws. The second issues is a $16,000 maximum fine for each separate email violation. That means if you send an email out to 100,000 recipients and you are found to be afoul of the law. That you have gone against the requirements. That each email that you sent is subject as a separate email violation. Each one of those 100,000 emails can be subject to a $16,000 maximum fine. So the penalties can add up very quickly, if you do not comply to the balance of the law.

1.6 Header Guidelines

Now as a company creating or managing an email marketing campaign, in my opinion, these are all legitimate common sense items. And what that means is, if you are sending out emails, tell the recipient who you are, what the purpose of the email is, and provide real, legitimate information that allows the email to be traced back to you. This is the first level in providing quality information, getting past spam filters, and complying to the law. Make sure that all the routing information is there, that you provide an originating email address, as well as a reply-to email address, and that they are accurate and verifiable. Make sure that you are addressing it specifically to the person that you have, that it's not hidden somehow or misleading.

1.7 Subject Line Guidelines

Don't use Deceptive Subject Lines. Don't make it look like it is a forwarded email when it is not. Don't make it look like when it's a replied email when it's not. Be careful about using deceptive subject lines. Be obvious, be clear about who you are and what you're presenting. Obviously, as you look at these guidelines there is a specific kind of spam that you will recognize. The law is trying to eliminate the types of emails that show up that look like, there's an established relationship, that they are trying to sell us a product or service based on deceptive means. In this example, it looks like this is an ongoing discussion. It's talking about a policy payment. It has the RE colon, which signifies that it's a responsive email. And, trying to say that, here's a way that you can get a new rate. This is considered spam, because it is not open and honest about who is sending it, what company it is, and it has a deceptive subject line, in claiming that there is an established relationship. And so as you can see, there was a certain type of SPAM email that these laws are trying to prevent. As a business, developing email campaigns and sending email campaigns, some of these things may not seem important to you. Because you're taking steps to make sure that people know that this is a business-related email, and that is an advertisement or a promotional email. And that really gets to the heart of the CAN-SPAM Act. And that is that you have to disclose the purpose of the message. Is it promotional, is it advertising, is it transactional? You have to disclose what type of message this is. And the language of the law is really what you need to evaluate is, is it clear, is it conspicuous? Is it clear, what type of email this is? Is it clear, that it's an advertisement?

1.8 Include Opt-Out

One of the aspects of email that is absolutely required in every message you send, there has to be an Opt-Out according to the CAN-SPAM Act. The Opt-Out needs to be clear and conspicuous. It needs to be obvious that, that is what it is for. And it needs to be obvious, what people can do whether they need to click on it, follow it, in order to unsubscribe. And you also need to make sure that you provide a legitimate return email address. And as one company found out, make sure your spam filter doesn't block opt-out requests. Even though this company's spam filter blocked the opt-out requests, because those opt-out requests were never honored and the recipients were never taken off the list. The company was still found guilty of the Can-Spam Act. It didn't matter that their own spam filtering software removed the opt-out requests from being delivered to the company. And so you need to be aware that when someone opts-out, even if you don't receive the message, If you don't honor that request. You will still have to comply to the law, and be guilty of not removing their names. The CAN SPAM Act specifically goes after the opt-out, in honoring the opt-out very quickly. And you cannot charge any fees, you cannot ask for personal information. You cannot make the recipient take additional steps. You have to honor the opt-out quickly and easily, and remove their email address and delete from your records. Especially, you cannot sell or transfer as part of a third party list. Take these things seriously, because the opt-out is critical in complying to the CAN SPAM Act.

1.9 3rd Party Responsibility

Now, you may say that, well, we use a third party software and so it's their responsibility to manage opt-outs. It's their responsibility to make sure we don't use deceptive lines to do all these things. And in reality, both the company promoted, and the company sending. Even if you are using a third party email service provider, both you and your service provider can be held liable if you break the CAN-SPAM laws. And so you as a company have to be aware of how you're handling all of these processes, and making sure that your email messages comply to the law, even though you are using a third party provider.

1.10 Categorizing Email Purpose

[00:00:00] Now as part of the CAN-SPAM Act they do group emails based on specific purposes. There are commercial based emails, those are emails that advertise or promote. They must comply to the aspects of the CAN-SPAM Act. Emails that are transactional, or relational, these are emails that have to do with a receipt, an update, changes to a warranty, changes to a terms of service, or an update of some sort when there is an existing relationship, these are exempt, for the most part. [00:00:38] It depends on how the email is written, presented to the recipient in terms of how exempt it will be. An example of this is sometimes people mix messages. That it can be transactional based on a relationship, but it can also be commercial, and in that case, you still have to comply. [00:01:02] Any time there is commercial information inside of an email, it has to comply the CAN-SPAM Act, even if it's transactional in nature, even if there's an existing relationship, simply adding commercial information into your email makes it have to comply. Here's an example of how that will work. Now in the first email message A, the subject line is your recent order. [00:01:29] It talks about the order. You can see the status of the order at the link. There are the order details, and then there is the company contact information for any questions. This email is purely transactional in nature. It is not subject to all of the canned spam requirements for a promotional email because it's not promotional. It only has to comply to the routing requirements, that is a legitimate email address, a legitimate reply email address, a legitimate method of sending and honesty in the headers. Now email message B, talks about your recent order, but the first two paragraphs are all promotional in nature. And the information about the order is only one sentence in the third paragraph. Because this email message is primarily promotional it is now subject to all CAN-SPAM requirements. As soon as you add promotional information into an email, you have now made that email subject to all the requirements. You may want to make your transactional emails purely transactional. However, some transactional emails like to cross sell and upsell. That's fine, and it's a good practice to do so, but realize, as soon as you start mixing transactional and promotional, you are subject to CAN-SPAM requirements.

1.11 California's Anti-Spam Laws

Now in the United States, the government can have the Can-SPAM Act but also each state can individually enact spam laws. This is specifically applied in California, where businesses in California are not only subject to the Can-SPAM Act nationally, they are also subject to California's own laws about email. And those laws sometimes can be even more restrictive than the Can-SPAM Act. And every few years, California is updating their commercial email laws. Now one example of how California's laws are a little different from the national laws is that as a recipient I do not have to opt out of an unsolicited email. In fact, I can sit there and receive 10, 20, or 30 unsolicited emails without opting out and then file suit against that company for sending me unsolicited emails, and I can claim damages of $1,000 per email. The National Can-SPAM Act says that I as a recipient need to opt out, and I can only then file suit against a company if I receive an email after I have opted out. That's the only time that I can make a claim, in California, I don't have to opt out. I can receive as many emails as I want prior to filing a claim against that business. Now, sometimes someone may use a false email address or a friend's email address to sign up for something. And if it's a single opt-in where someone just writes the email address and has access to whatever they want, if you as a company send an email to that person's address, that friend whose email address was used, it's an unsolicited email even though you've got safeguards in place, you try to prevent unsolicited emails. It's mistaken or it's unintentional, and that person can claim damages of up to $100 an email. And if the date and IP address is cited there, but it's wrong, you, as a company, are still responsible. The best thing you can do, even though it's not required by California law or the Can-SPAM Act, is a double opt-in mechanism. And what that means is that once someone has given you their email address, and they've hit the button to subscribe or download or opt-in, that you send them a link in their email to confirm that the email address is valid, and also it requires that double opt-in of the recipient clicking the link in their email to verify that they do want to receive your emails. That's what's called the double opt-in mechanism and that will protect you against both California laws and the Can-SPAM national act. It's not required but it's a great practice to do so. Now, also one additional thing about California is that the headers cannot be false or misleading and they go an additional level beyond the CAN-SPAM Act. That means you can only have an info@ email address if it's at the brand name or company name. That means the email being sent, the reply email, you can only use things like info@, no-reply@, marketing@, email@, if you are using the brand name or company name domain. And the domain has to be registered in the name of the business or the business owner. So these are specific steps that you must take in order to be sure that you are providing a true email reply so that consumers can find you, track you down, reply to the email. And so as a business in California, if you are doing email marketing, you do need to be aware of the email address from which the emails are being sent and be sure that you are using your domain name, the legitimate email, and the domain is registered properly to the business.

1.11 California's Anti-Spam Laws

Now in the United States, the government can have the Can-SPAM Act but also each state can individually enact spam laws. This is specifically applied in California, where businesses in California are not only subject to the Can-SPAM Act nationally, they are also subject to California's own laws about email. And those laws sometimes can be even more restrictive than the Can-SPAM Act. And every few years, California is updating their commercial email laws. Now one example of how California's laws are a little different from the national laws is that as a recipient I do not have to opt out of an unsolicited email. In fact, I can sit there and receive 10, 20, or 30 unsolicited emails without opting out and then file suit against that company for sending me unsolicited emails, and I can claim damages of $1,000 per email. The National Can-SPAM Act says that I as a recipient need to opt out, and I can only then file suit against a company if I receive an email after I have opted out. That's the only time that I can make a claim, in California, I don't have to opt out. I can receive as many emails as I want prior to filing a claim against that business. Now, sometimes someone may use a false email address or a friend's email address to sign up for something. And if it's a single opt-in where someone just writes the email address and has access to whatever they want, if you as a company send an email to that person's address, that friend whose email address was used, it's an unsolicited email even though you've got safeguards in place, you try to prevent unsolicited emails. It's mistaken or it's unintentional, and that person can claim damages of up to $100 an email. And if the date and IP address is cited there, but it's wrong, you, as a company, are still responsible. The best thing you can do, even though it's not required by California law or the Can-SPAM Act, is a double opt-in mechanism. And what that means is that once someone has given you their email address, and they've hit the button to subscribe or download or opt-in, that you send them a link in their email to confirm that the email address is valid, and also it requires that double opt-in of the recipient clicking the link in their email to verify that they do want to receive your emails. That's what's called the double opt-in mechanism and that will protect you against both California laws and the Can-SPAM national act. It's not required but it's a great practice to do so. Now, also one additional thing about California is that the headers cannot be false or misleading and they go an additional level beyond the CAN-SPAM Act. That means you can only have an info@ email address if it's at the brand name or company name. That means the email being sent, the reply email, you can only use things like info@, no-reply@, marketing@, email@, if you are using the brand name or company name domain. And the domain has to be registered in the name of the business or the business owner. So these are specific steps that you must take in order to be sure that you are providing a true email reply so that consumers can find you, track you down, reply to the email. And so as a business in California, if you are doing email marketing, you do need to be aware of the email address from which the emails are being sent and be sure that you are using your domain name, the legitimate email, and the domain is registered properly to the business.

1.12 Canada's Anti-Spam Law

Canada's anti-spam law takes this another step further. It's much more restrictive in that you can't send e-mail to someone who hasn't explicitly and this is the important term, that they have explicitly opted-in. Now an easy way to explain explicitly. That means that you can no longer have a pre-checked option to receive a newsletter. That means it's a pre-checked opt-out, that you are requiring the user to opt out. Meaning they're automatically opted in, but they have to take an action to opt out. Canada's law requires express consent, which means that you cannot have an opt-out. It must be an opt in, that you cannot default to a checked opt in box for a newsletter or email communications. You have to have an express opt in. Now if you are a business, that means that you should at this point verify those email addresses and put it on record that your recipients in Canada want to receive your emails. Use the double opt in as a way to protect yourself from the express consent clause. The main reason is Canada's penalties are much higher than anybody else's. A corporation can be penalized up to $10 million. An individual can be penalized up to $1 million. And recipients can sue up to $200/email, and this also covers any electronic message. And it doesn't even have to be commercial in nature. This can be interpreted in many different ways and Canada's anti-spam law is one of the most restrictive as well as one of the most aggressive in terms of penalties. So, be aware especially if you are doing international mailing or that you have international recipients. You do need to be aware of the anti-spam laws in the countries where your recipients are. Europe has some of the most restrictive anti-spam laws. And so you do need to be aware of where your recipients live, where they receive their email. And ensuring that you are complying to each element because you do not want to be surprised by new spam laws enacted in different areas of the world that all the sudden you are now guilty of breaking.

1.12 Canada's Anti-Spam Law

Canada's anti-spam law takes this another step further. It's much more restrictive in that you can't send e-mail to someone who hasn't explicitly and this is the important term, that they have explicitly opted-in. Now an easy way to explain explicitly. That means that you can no longer have a pre-checked option to receive a newsletter. That means it's a pre-checked opt-out, that you are requiring the user to opt out. Meaning they're automatically opted in, but they have to take an action to opt out. Canada's law requires express consent, which means that you cannot have an opt-out. It must be an opt in, that you cannot default to a checked opt in box for a newsletter or email communications. You have to have an express opt in. Now if you are a business, that means that you should at this point verify those email addresses and put it on record that your recipients in Canada want to receive your emails. Use the double opt in as a way to protect yourself from the express consent clause. The main reason is Canada's penalties are much higher than anybody else's. A corporation can be penalized up to $10 million. An individual can be penalized up to $1 million. And recipients can sue up to $200/email, and this also covers any electronic message. And it doesn't even have to be commercial in nature. This can be interpreted in many different ways and Canada's anti-spam law is one of the most restrictive as well as one of the most aggressive in terms of penalties. So, be aware especially if you are doing international mailing or that you have international recipients. You do need to be aware of the anti-spam laws in the countries where your recipients are. Europe has some of the most restrictive anti-spam laws. And so you do need to be aware of where your recipients live, where they receive their email. And ensuring that you are complying to each element because you do not want to be surprised by new spam laws enacted in different areas of the world that all the sudden you are now guilty of breaking.

1.13 Trends and Safe Practices

In order to protect yourself, here are some of the industry Safe Practices and Best Practices. The first thing you can do is be transparent. Disclose who you are. Identify who you are and be clear in the presentation of the business, the reply to email, the from email, and the purpose of the email. Some of the things that you can do to protect yourself is the Double Opt-In. Manage your list clearly, that is go back and practice list hygiene, remove old emails, every once in a while, ask people to reconfirm their subscription and make sure that you have a process in place to remove Opt-out emails quickly from your list.

1.14 Thank You

We covered a lot of the illegal aspects of sending emails.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Name*
Email*
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Email*
Phone Number*
Company*
Job Title*