Lyris Home } Knowledge Center } Anti-Spam Resources } CAN-SPAM FAQ  
Anti-Spam Resources for Email Marketers
 

 

Frequently Asked Questions about CAN-SPAM

The FAQ below addresses key questions you may have about the new Federal anti-spam legislation — called the CAN-SPAM Act of 2003 — which went into effect on January 1, 2004. If your email publishing or marketing program meets a few very basic rules, CAN-SPAM will likely not impact you at all:

  • Don't "harvest" email addresses from the Internet or generate them via a "dictionary" process for commercial mailing purposes.
  • Don't send commercial email via a computer for which you don't have proper authorization to use.
  • Don't falsify or obscure the header information in your commercial email messages — always use a valid From: address and an accurate, non-misleading Subject: line.
  • Include a valid postal mailing address and a functioning opt-out mechanism in every commercial email message you send.
  • Don't continue to send email to a recipient who has opted-out of your list.
  • If you send adult content (i.e., sexually explicit material), use a warning label of that fact in your subject line.

As an ethical email publisher or marketer, you're likely already following these terms; they're simply good email practices. We also recommend several others in this FAQ. Note that responsibility for enforcing CAN-SPAM lies with the Federal Trade Commission, and that private individuals or Internet Service Providers are not empowered to file lawsuits based on it.

Please also note, of course, that Lyris is not a legal expert, and we offer the information below with no implied or express warranties; it is for informational purposes only. Because CAN-SPAM is so new, there are not yet any examples of its application to actual cases and real-world situations. We therefore encourage all of our clients, customers, and Web site visitors to speak with their own legal advisors to understand how email legislation may apply to their businesses in particular.

Frequently Asked Questions

Understanding the CAN-SPAM Act

How to prepare for CAN-SPAM compliance

Other email legislation

CAN-SPAM and Lyris


Understanding the CAN-SPAM Act

To whom does law apply?

CAN-SPAM applies to two primary groups:

  • Senders
    Any person or entity using Lyris email software or hosting services to deliver commercial email would be considered a Sender per the CAN-SPAM Act's terms

  • Recipients
    Members of email lists run by Lyris email software or hosting services are Recipients.

What does law prohibit and require?

CAN-SPAM prohibits four major activities or actions:

  • False or misleading transmission information, such as From: or Reply To: headers that are technically accurate but misrepresentative of the message's true origins
  • Deceptive subject headings that mislead the recipient as to the true nature of the message's content
  • Email transmission after objection; that is, sending a message to a recipient more than 10 days after the recipient has opted-out of the list.
  • Address harvesting and dictionary attacks, in which commercial email is sent to addresses that were collected from the Internet without permission or that were compiled by automated means.

CAN-SPAM requires two key actions:

  • Inclusion of an opt-out process and postal mailing address. Every commercial email message must include a valid mechanism for opting-out of future communication from the Sender, as well as the Sender's valid physical postal mailing address. In addition, if a message is sent without "affirmative consent" (e.g., an opt-in relationship), the message must identify itself as an advertisement.
  • Warning labels for adult content, such that Recipients who have not provided affirmative consent are advised in the subject line that the message contains sexually explicit material.

Who is responsible for enforcing the law?

The Federal Trade Commission (the FTC, or "Commission" in CAN-SPAM's legalese) is ultimately responsible for enforcement of the CAN-SPAM Act, and may bring suit against those who violate it. In addition, the Attorneys General of each State have some powers of enforcement with respect to violations of the law affecting their respective states. Note that private individuals and Internet Service Providers (ISPs) are not permitted to file lawsuits directly.

What can happen to a Sender who violates the law's terms?

CAN-SPAM levies financial penalties of $250 per violation, up to a maximum of $2,000,000 for repeated offenses; this amount can also be increased to $6,000,000 for repeated, willful violations. Note that per the law's terms, only the Federal Trade Commission and the State Attorneys General may bring suit against a person or entity that allegedly violates the CAN-SPAM Act.

How to prepare for CAN-SPAM compliance

How does my Lyris software or service help me comply with the law?

Several functions in Lyris ListManager software and our ListHosting service enable you to run a permission-based email list.

First, our double opt-in process is the industry gold standard; it ensures that your list members are who they say they are, and that they've joined your list of their own initiative — no "forgery" is possible. While the CAN-SPAM Act only speaks to complying with opt-out requests, we believe that opt-in is a very credible way of demonstrating "affirmative consent" between you and your list members. If any of your members questions your mailings, you can always locate his or her subscription and confirmation dates via the product interface.

To learn more about double opt-in functionality and membership records, see these pages:

You can also identify the time and date of a specific list member's subscription to your list via the "Members" page. (In ListManager v3-v5, click the Members button, and then select and the member; in ListManager v6-v7, select the Information tab on the Utilities>Members>Edit page.) And if you're using ListManager v7.6 or later, you can use the "Member History" function to identify a specific list member's join date:

In addition, our email software and service make it easy to include clear, "failsafe" unsubscribe instructions in every message you send. This function enables you to comply with S.877's requirement of a valid unsubscribe mechanism in every message. Note that the body of your email message should also include your physical postal mailing address as well.

You can learn more about unsubscribing here:

If you're a ListManager software owner, we strongly recommend that you:

  • confirm all of your new list members, and
  • include proper unsubscribe instructions in the footer of every message.

If you're a Lyris ListHosting client on our network, we require you to follow these rules. See our usage policy for more information.

What precautions should I take before purchasing or renting an "opt-in" mailing list?

Lyris has been a build-your-own-list advocate since our inception in 1994. Although we don't recommend renting or purchasing lists, we recognize that some organizations supplement their house lists with other addresses; if you decide to rent or purchase a third-party's list, we strongly recommend that you also:

  • discuss the pros and cons of this practice with your management;
  • obtain credible documentation about exactly what the members of the rented or purchased list have opt-in to receive;
  • make sure that your content matches the likely expectations of those list members;
  • preface your first communication to these members with a reminder of when and what they requested to receive — and how your mailing complies with those terms; and
  • invite these members to opt-in to your house list, in order to receive further communication from you.

In our opinion, following these "best practices" is simply good email marketing sense, and we'd suggest them regardless of the legislative climate! The folks who join your list are far more likely to want to hear from you on a regular basis — as well as to react positively to whatever product or service you're offering.

Learn more about opt-in.

Will compliance protect me from being sued?

We like how our own counsel answered this question, so we'll quote her directly: "This is a trick question, since there is no protection from suit. Even if you haven't done anything wrong, you can always be sued. Compliance with the law is only relevant to the outcome of a lawsuit."

Since the CAN-SPAM Act does not allow anti-spam lawsuits to be filed by private individuals, we are confident that organizations that follow ethical mailing practices such as double opt-in will eliminate inadvertent or mistaken subscriptions, and thereby reduce the likelihood of complaints. If you're delivering something of value (your email content) in exchange for your list members' permission to contact them, we'd like to believe that your email publishing and marketing campaigns will flourish.

What does the law say about communications from multiple groups or divisions of my company — that is, if a person joins Division A's list, is it acceptable for Division B to send her email?

The CAN-SPAM Act doesn't address this question directly, but our counsel has concluded several points from it. First, if Division A holds itself out as "A" rather than "Division A of Company X," and/or Division B does the same thing, it's probably not safe to transfer mailing lists between them. Divisions that hold themselves out as separate companies will be deemed separate companies for the purpose of the statute. Second, if Division A intends to transfer its list to Division B, it would be well-advised to advise its subscribers at the time of their subscriptions that their email addresses may be shared with Division B. Third, if Division A subsequently receives an opt-out notice from a list member, it cannot share that email address with Division B after 10 days if the two divisions are deemed separate; likewise, if Division A and Division B are deemed part of the same whole, Division B cannot send a message to the unsubscribed list member after 10 days from the opt-out notice.

What does the law say about communication of different types — that is, if a person signs up for my email newsletter, is it also ok for me to send an email promotional offer?

CAN-SPAM does not speak to this issue at all, so the best advice we can offer is to manage your list members' expectations and try not to surprise them. We try to do this in our own marketing: for example, when we created a new corporate HTML newsletter, we realized that some of our existing list members might object to the new format — even though the content was similar. We invited those members to subscribe to a new list that would continue to receive text-only communications.

Other email legislation

What other current or pending email legislation should I be aware of?

Since the CAN-SPAM Act supersedes any and all State-level email laws, it will be much easier for you to keep up to date on this matter. The following three sites are good resources for your future reference:

CAN-SPAM and Lyris

What does Lyris think about the new email legislation?

Concerns about email-related legislation are top-of-mind for many businesses these days, and we're happy to address them. Lyris welcomes some form of anti-spam legislation, for the simple reason that we believe it will help the businesses of legitimate email marketers and publishers (that is, you — our customers and clients). A reduction in unsolicited commercial email will increase the likelihood that your messages — legitimate, opt-in email — will be read. For the last ten years, Lyris has emphatically advocated opt-in email as the best method of business communication — and now the market has finally caught up with us.

For more information about Lyris' stance on permission-based email, please see these pages:

How does the law affect Lyris?

As a list hosting provider that offers "routine conveyance" for clients, Lyris is exempt from liability for the content sent by its clients over its network. Lyris' own list hosting service agreement exempts us as well.

Lyris will, of course, continue to screen prospective hosting clients to verify that they employ good opt-in email marketing standards; we'll also maintain our longstanding practice of monitoring mailing patterns and complaint rates of existing clients, and terminating the contracts of those clients who do not comply with our list hosting terms. The bottom line is that we will vigilantly protect our hosting business and the clients it serves, many of whom share server space and IP addresses.

As a software developer, Lyris will continue to deliver and refine best-in-class tools to facilitate ethical email marketing — such as documentation of subscriber opt-in and confirmation; sophisticated targeting filters to create personalized, desirable messages; recency and frequency rules to prevent over-mailing; and failsafe unsubscribe functionality to keep your lists clean.

Lastly, as an email advertiser, Lyris will comply with the CAN-SPAM Act in terms of our own marketing programs and customer communication.

Contact us at editor@lyris.com to share your ideas. We may include it in the next issue of Making Mail Work!