Is CAN-SPAM Canned? The New Era of Email Marketing
- Spam shift. Email spam definitions have evolved, making anti-spam law CAN-SPAM less relevant in today’s environment.
- New standards. Unsolicited emails are now filtered out effectively, prompting a shift towards higher standards set by mailbox providers.
- Legal lag. Anti-spam laws like CAN-SPAM are becoming outdated as mailbox providers like Gmail and Yahoo set stricter rules.
The US’s anti-spam law, the Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act, was passed way back in 2003. That was well before much stronger anti-spam laws were passed in other countries, most notably CASL in Canada and GDPR in the EU, which have set email marketing standards for multinational American brands.
But, more importantly, CAN-SPAM was passed before mailbox providers upped their spam filtering game so much that they effectively eradicated traditional, malicious spam.
With spam almost entirely blocked before reaching even consumers’ spam folders, much less their inboxes, consumers were left with a Report spam button that they didn’t quite know what to do with. With no malicious messages they didn’t request from unknown senders to report as spam, consumers started using the Report spam button to complain about other messages. For instance, they used it to nix unwanted emails from brands they knew — and even to banish emails they gave brands permission to send to them.
Let’s take a look at the anti-spam law, CAN-SPAM.
Of course, that’s just one way in which mailbox providers have led the way on fighting spam and, indeed, establishing the rules of engagement for email marketers. Last month, for instance, in an unprecedented collaboration, Google and Yahoo released joint email standards on authentication, spam complaint rates, and more that go into effect in February 2024.
That announcement made one of my colleagues ask, “I wonder what the FTC thinks about this?” Of course, as private businesses, mailbox providers are allowed to set higher standards. But as I thought more about everything major mailbox providers have done, I asked a different question: Is CAN-SPAM now meaningless?
Let’s answer that question by exploring the core tenets of CAN-SPAM and what the major inbox providers require of senders.
Related Article: 7 Burning Questions About Email Unsubscribes
Anti-Spam Law: Permission Not Required
CAN-SPAM says senders can email whomever they want, so long as they give them a way to opt out (more on that in a moment). In contrast to opt-in marketing laws like CASL and GDPR, CAN-SPAM codifies opt-out marketing, which doesn’t require permission from recipients.
Mailbox providers say nay. While they don’t mandate permission per-se, they give their users the ability to report a sender’s emails as spam. When a recipient does that, your emails don’t reach their inbox anymore. And if enough of your recipients do that, then none of your emails reach any of the inboxes controlled by the provider.
Gmail specifies in its Email Sender Guidelines that senders should “aim to keep your spam rate below 0.10%.” Moreover, they say senders should “avoid a spam rate of 0.30% or higher, especially for any sustained period of time.” Yahoo says it will follow this same standard. This is the first time that mailbox providers have spelled out exactly the complaint thresholds they don’t want to see exceeded.
Related Article: The Gmail Promotions Tab: 10 Years of Email Marketing Misunderstandings
Provide an Easy Way to Unsubscribe
CAN-SPAM says senders must include unsubscribe links in all promotional emails — that is, all emails that aren’t transactional in nature. Moreover, it stipulates that unsubscribe processes should be simple and clear, and that senders can’t require additional information from people who want to opt out.
For example, that prohibits senders from requiring people to create or log into an account in order to unsubscribe. It also prohibits them from asking for the person’s name or even their email address, as all of that unnecessarily burdens consumers.
Mailbox providers say it should be even easier. In addition to providing the Report spam button (which is essentially a one-click unsubscribe with vengeance), Gmail and Yahoo are now mandating that bulk sender include list-unsubscribe headers in their promotional emails. These headers power one-click unsubscribe links that appear next to the sender name in inbox interfaces, as well as in Gmail when you click the Report spam link and it asks if you’d like to Unsubscribe and report spam or just Report spam.
Thankfully, most email service providers already enable list-unsubscribe headers by default. However, those senders that have disabled these headers should turn them back on. And ESPs should make it so they can’t be disabled going forward.
These native unsubscribe links are in addition to the ones that brands must include in the footer of their emails, which can continue to link to unsubscribe pages and preference centers that present subscribers with options other than simply opting out.
Related Article: 10 Common Email Marketing Mistakes That Are Easy to Fix
Honor Unsubscribes Quickly
CAN-SPAM says senders must honor unsubscribes within 10 business days. This portion of the law has been misinterpreted over the years. It was never meant to imply that senders can continue to email subscribers who opt out for up to 10 additional business days. Yet, I continue to see language on some opt-out confirmation pages saying that my request will be honored within 10 days.
The spirit of CAN-SPAM has always been to process unsubscribes as soon as possible. The 10-day provision was in there solely as a carveout for highly distributed businesses. Think: Insurance companies with lots of independent brokers and sellers. This provision gave them time to share unsubscribe requests across their networks. Back in 2003, that could take some time. Today? Much less time is needed, which is why…
Mailbox providers say unsubscribes must be honored within two days. That’s the new limit set by Gmail and Yahoo. While they don’t have a way of enforcing that when their users opt out via unsubscribe links included in emails, they can see if senders are honoring unsubscribes quickly enough when a native subscribe link powered by list-unsubscribe is used. That will surely be the proxy by which they measure compliance with this mandate.
Those are the three core tenets of CAN-SPAM and mailbox providers have in each case set a much higher standard. So, is CAN-SPAM meaningless?
No. It’s still meaningful, but unfortunately it’s in a bad way. Let me explain. The problem with CAN-SPAM isn’t that it holds so little meaning. It’s that a significant number of people believe it has a lot of meaning.
Unfortunately, too many organizations begin by looking at what’s legal, and largely stop there. For those organizations, CAN-SPAM sets all the wrong expectations for how to succeed with consumers and how to stay in the good graces of mailbox providers, which is essential for email marketing success. It’s time for this dinosaur of a law to go extinct.
Related Article: The 5 Biggest Changes From a Decade of Email Marketing Change
The Asteroid Approaches
The good news is that the clock is ticking on the anti-spam law, CAN-SPAM. Kicked off by California’s CCPA, more and more states are passing their own privacy laws to fill the void of not having a strong national standard. According to the International Association of Privacy Professionals’ US State Privacy Legislation Tracker, 12 states have already signed privacy legislation, with many more set to be signed in the months ahead.
Eventually, so many states will have their own laws with varying requirements that compliance with all of them will be so onerous that national chains will demand a new federal standard. When that happens, we’ll likely get a law that’s akin to GDPR that addresses both privacy and anti-spam across channels.
That said, given the historic levels of dysfunction and gridlock in Washington, this asteroid may take years yet to arrive. In the meantime, marketers should keep a close eye on mailbox providers. Today, they’re the ones really setting the rules and leading the way on email marketing standards.
Learn how you can join our contributor community.