On January 1, 2004, commercial email became a federally regulated activity thanks to the CAN-SPAM Act. This legislation, which became significantly more potent in the course of its final revision in December 2003, provides for both civil and criminal liability for wrongdoers.
Although targeted at those whose activities were already questionable under existing laws, the CAN-SPAM Act may ensnare legitimate businesses as well, especially small businesses with no compliance experience. Every law has its first fall guy. It's only a matter of time before CNN broadcasts the first CAN-SPAM perp walk.
For this reason, companies large and small must establish compliance programs and train their employees, especially those in sales and marketing. The trick to compliance lies in interpreting the law as conservatively as possible, since no courts have yet opined on its scope. This article will help get you started.
Consent: Good to Have, but Not a Free Pass
Earlier versions of the CAN-SPAM applied primarily to unsolicited commercial email, but the final version of the law applies to all commercial email. Furthermore, the law only recognizes one form of consent—”affirmative consent” (it used to also recognize “implied consent”). Although obtaining affirmative consent enables you to bypass some of the law's requirements, no one knows how far such consent extends.
For example, suppose you publish a monthly email newsletter that uses a double-opt-in subscription process. Under the law, you likely have the affirmative consent of your subscribers to send them your newsletter every month. But what if you decide to increase the frequency to biweekly? Or what if you also periodically send standalone promotional messages to the same subscribers?
Until a court or the FTC addresses the scope of affirmative consent, take a conservative approach—treat all of your company's commercial email as unsolicited, and make sure it complies with all of the law's requirements.
Eight Not-So-Simple Rules for CAN-SPAM-Compliant Email