There are nearly 4 billion active email users around the world. So it makes sense that email is one of the most popular ways for businesses to reach out to potential customers.
But you cannot simply reach out to anyone and everyone via email whenever you see fit. There are anti-spam laws in place to prevent businesses from abusing this communication method. In the U.S., the CAN-SPAM Act includes a wide array of laws related to commercial emails. The GDPR in the E.U. and Canada’s CASL laws may also apply to businesses in the U.S. if they have any international customers on their email lists.
Email Spam Laws
To help you stay compliant, here are some of the top rules for email marketers to be aware of. These may not include every single law that applies to your business, so it’s important to look into relevant laws in your area or in the countries where your customers reside as well. However, many of these email spam laws include common themes. And email marketing platforms often make compliance fairly straightforward.
You Cannot Use Misleading Headers
The to, from, reply-to and similar header information in your emails should always be accurate in order to comply with the U.S.’s CAN-SPAM Act. So if you’re sending an email from your business, you should name your business or a specific person affiliated with your business when sending. Basically, just don’t try to trick people into thinking the email is coming from or going to someone else.
Subject Lines Must Accurately Reflect the Content of the Message
Your subject lines should also be accurate so recipients know what they’re getting into before opening the email. You can get a little creative. But don’t include something about winning a million dollars if the email is just about a new product you’re launching.
The Message Must Be Identified as an Ad
This rule also falls under the category of “don’t try to trick people.” If the purpose of your email is to try to sell products, that should be very clear. You don’t necessarily need to include the phrase, “this is an ad.” But you do need to make it clear that the message is part of a promotion.
You Must Obtain Consent Before Sending Commercial Messages
Under CASL and GDPR laws, you must obtain permission to contact people before reaching out. You can include an opt-in box for customers to receive emails after completing a purchase or a simple sign-up form on your website to gather their email addresses. Even if your business is not located in Canada or the E.U., these laws apply to businesses that send communications into those countries.
You Must Include an Opt-Out
Even if people signed up for your email list, they need to have an option to get out if they want. This is required under U.S., E.U. and Canadian law. Usually, you can just include a simple “unsubscribe” link at the bottom of each email. Most email marketing providers make this pretty easy for you by automating this part of the process.
You Must Honor Opt-Outs Within Ten Days
Under CAN-SPAM, you must begin to honor the opt-out request within ten days. So after that period, you can no longer send emails to that recipient. Under GDPR, recipients who request to have their data deleted have the right for that request to be honored immediately.
You Must Include a Physical Address
All marketing emails also must include your physical address so people have another way to reach out to you if needed. This can be your physical address or a P.O. Box . But it must be a valid address.
You’re Still Responsible for Those Who Manage Your Email Campaigns
Under CAN-SPAM, you are responsible for all of the marketing email sent out on behalf of your company. That means that even if you rely on an outside marketing agency or contractor to manage your emails, you need to make sure they’re complying with all relevant anti-spam laws. If they’re not, your business may still be held accountable for any penalties.
You Must Provide Information About Personal Data Use
You Must Inform Users About Data Breaches
Data breaches happen to companies of all sizes. But they can also have a negative impact on consumer privacy. GDPR laws specify that anyone who’s data you’ve collected has the right to be informed of data breaches. And you must do so within 72 hours of learning about a breach.