Email is an important marketing tool for retailers, who should be aware of federal and state laws regulating its commercial use. Since its enactment in 2003, the Controlling the Assault of Non-Solicited Pornography and Marketing (“CAN-SPAM”) Act has attempted to curb the number of unwanted emails and impose some rules on a largely unregulated frontier. When followed, CAN-SPAM Act’s restrictions give email recipients some control over their inboxes and also maintain fairness in how emails present themselves. Failure to follow the CAN-SPAM Act can lead to penalties of up to $16,000 per violation.
In addition, thirty-seven states have laws regulating unsolicited email advertising. The majority of these state laws target commercial or fraudulent electronic mail. Most state anti-spam laws prohibit using misleading information in the subject line of the message; misrepresenting or falsifying the origin of or the routing information on messages; and using an Internet address of a third party without permission. A list of state email laws is available here.
As a practical matter, many retailers use vendors for their email marketing and other email services, and those vendors often assist the organizations in complying with the requirements of the CAN-SPAM Act and state laws. Nonetheless, the party whose content is promoted via email must supervise the conduct of its vendors and employees in abiding by these laws, or else risk possible sanctions.
The basic requirements of CAN-SPAM and most state laws regulating email are:
- Does your email message include: (a) complete and accurate transmission and header information; (b) a “From” line that identifies your business as the sender; (c) a “Subject” line
- Does your email either contain an email address, physical address, or other mechanism that the recipient may use for opting-out of future marketing emails?
- Is your opt-out mechanism effective for at least 30 days after your email is sent?
- Do you honor all requests to opt-out within 10 days?
- Does your mailing list include any recipient that has asked not to receive email from your business (opted-out)?
- Have you tested the effectiveness of your opt-out mechanism?
- Have you reviewed your vendor contracts to determine each party’s responsibilities with regard to CAN-SPAM compliance?
- Are addresses of people that have opted-out transferred outside of your organization?
- Does your organization use open relays or open proxies to send marketing email?