If you use email in your day-to-day business operations the CAN-SPAM Act is a law that sets the rules for commercial email. It also establishes the requirements for commercial messages, provides recipients the right to have the sender stop emailing them, and mentions the penalties for related violations.
The CAN-SPAM Act applies to bulk email and all commercial messages, which the law defines as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service," including email that promotes content on commercial websites. The law makes no exception for business-to-business email which means all email. As an example, a message to former customers announcing a new product line is required to comply with the law.
Each violation of the CAN-SPAM Act is subject to penalties of up to $16,000. Here are the CAN-SPAM Act's main requirements:
1. Do not utilize false or misleading header information. Your "From," "To," "Reply-To," and routing information - including the originating domain name and email address - should be accurate and identify the person or business who initiated the message.
2. Do not utilize deceptive subject lines. Stated otherwise, the subject line must accurately reflect the content of the message.
3. Always identify the message as an advertisement. Generally, the law provides some freedom on how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
4. Inform the recipients of your location. In sum, the email message must include your valid physical postal address. This can be your current street address, a post office box you've registered with the U.S. Postal Service, or a private mailbox you've registered with a commercial mail receiving agency established under Postal Service regulations.
5. Inform the recipients about opt-out options related to future emails. The email must include a clear and conspicuous explanation of how the recipient can opt out of getting email in the future. Make sure your spam filter doesn't block these opt-out requests.
6. Always honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipient's opt-out request within 10 business days.
7. Always monitor what others are doing on your behalf. The law is clear that even if you hire another company to handle your email marketing, you cannot contract away your legal responsibility to comply with the law. Generally, both the company whose product is promoted and the company that actually sends the message can be legally responsible for any discrepancies.