It’s easy to send an email, but it’s not so easy to get it right. Take your eye off the ball for one minute and you’ll end up with typos, the wrong images, and broken links and that’s even before you’ve considered one of the biggest mistakes of all — non-compliance.
In this guide, we’ll take a look at email regulations and email unsubscribe laws. We’ll explore what these laws are, what they cover, and how to make sure your marketing emails are compliant.
When it comes to email marketing for your small business or eCommerce store, there are a few things to consider before you jump in. Before you even craft a promotional email or set up an automated campaign, you first need to understand email marketing laws and regulations for businesses.
One of the most well-known email laws is what’s known as the CAN-SPAM Act. This catchy acronym stands for the Controlling the Assault of Non-Solicited Pornography and Marketing Act and is governed by the Federal Trade Commission (FTC). It’s this law that we’ll focus on, as it’s widely applicable and also falls in line with other international email laws.
The CAN-SPAM Act sets out how businesses should act when sending out commercial emails. It applies to any commercial email — not just your mass marketing campaigns to promote a sale or offer. Any email in which the primary message is commercial in nature falls under the remit of this legislation.
While it might look at first glance as though this law is all about preventing email spam, it goes beyond that.
The CAN-SPAM Act introduces requirements that promote honesty, transparency, choice, and responsibility. Following the law means that your email recipients have greater control over their Inbox, can trust the messages you’re sending, and have the option to leave your list at any time.
Here are the main rules around sending commercial emails under CAN-SPAM:
Failure to follow these rules can land you with a fine of up to $43,792 per violation. This applies to each separate email, so it can be a costly adventure if you take a risky approach to sending commercial emails.
Want to make sure you’re compliant? Keep reading for our tips on how to stay within the law for every rule above.
If you’re based in the US and send commercial emails, following the CAN-SPAM Act is a must-do if you want to stay compliant. Outside the US, other email and anti-spam laws govern your responsibility and requirements when sending marketing emails.
In Canada, businesses are required to follow Canada’s Anti-Spam Legislation (CASL). This is largely similar to CAN-SPAM, but a notable difference is that you need consent to email. You can’t send unsolicited email to recipients. Consent can either be explicit or implied, but implied consent has an expiration date. If you’re relying on implied consent after a purchase, you have two years, while it’s just six months after an inquiry. You also need to display contact information in your emails, beyond the standard postal address.
If you operate in the UK, the Privacy and Electronic Communications Regulations (PECR) come into play. Like Canada’s law, the PECR is similar in nature to the CAN-SPAM Act. You must share a valid address and you can’t conceal your identity. As with Canada, you need consent to email. This doesn’t have to be explicit — you can use implied consent if someone has bought a similar product from you before and you’ve given them a way to opt-out at the point of collection and with every email since.
Take special care when it comes to sending unsolicited emails or “cold emails” internationally. While this is acceptable in the US, in other locations including the UK and Europe sending cold emails to individuals isn’t permitted.
Outside dedicated laws regarding emails, other privacy regulations can also have an impact on the way you do email marketing for your eCommerce business. These laws often outline the importance of and what constitutes consent, which can change how you operate.
For example, the EU’s General Data Protection Regulation (GDPR) requires you to have express permission to collect, use, store, and transfer data. This can make collecting data for your email list more complicated. Instead of using a pre-filled checkbox or a generic statement, you instead need to have people opt-in to receive your email newsletter or promotional emails. There’s no specific requirement to use “double opt-in” to confirm consent, but it’s a useful way to demonstrate this.
You also need to be mindful of other privacy concerns as you plan, create, and send your eCommerce email campaigns. Take care over data accuracy and automation, to avoid situations where your personalized emails might contain someone else’s data. Invest in the right email tools and partners to help you maintain security and privacy right the way through the process.
Your focus might be on perfecting your email content so that it converts, but it’s just as important to get the compliance basics right. Here’s how to stay compliant with the CAN-SPAM Act when you’re sending commercial email messages for your eCommerce business.
The FTC states that your header information must be accurate and reflect the sender honestly. This includes your “from”, “to”, and “reply-to” fields and also the routing information that accompanies your email. In simple terms, this rule is asking you not to hide who the sender is.
Take a look at this example here from Adobe. it’s clear from both the “from” field and email address displayed that this is a genuine email from the company.
Being transparent with your field names and the email address domains you use helps create trust between you and the recipient. They can use this information to confirm that you’re the real deal, and that they’re not being targeted by a fraudster. It also simplifies the experience — your email recipient isn’t looking for a quirky name here, they just want to know who the sender is.
We’ve all had those emails where the subject line feels like a trap once you’ve opened the email and read the contents. Not only are these dishonest subject lines a great way to alienate your audience, they’re also a no-no under the CAN-SPAM Act.
Your email subject line should accurately reflect the content of your email. It doesn’t have to explicitly outline what’s covered, but the two should match up. If you’re promoting a sale or product launch, mention that in your subject line so your recipient knows what to expect.
Here’s a great example of a simple subject line from Storksak. The email introduces the latest seasonal collection, with an understated subject line that lets you know exactly what the email is celebrating.
Using responsible subject lines is a great way to show respect for your recipients’ time. Instead of opting for a flashy or misleading title, keep it simple and let a combination of honesty and your brand personality take the lead. Your recipient can then decide whether the email sounds interesting enough to open or not.
The CAN-SPAM Act wants you to make it clear to your audience that your marketing email is an ad. This is left open to interpretation, as there’s no requirement for your wording to be explicit when it comes to this rule. Instead, use common sense and focus on being clear that this is a commercial rather than a transactional message.
Let’s take a look at this example from clothing brand Monki. It’s clear from the graphics used right at the top of the email that this is a promotional email or ad, telling customers about the current sale.
The goal with this rule is to distinguish between promotional and non-promotional emails. Your recipient should be able to quickly identify from the content whether this is an information or transaction-based message, or if it’s a sales opportunity for you. Keep this in mind as you craft your email copy and design supporting graphics.
Your emails shouldn’t come from a faceless organization. The FTC states that you need to share your location with your email recipients in the form of a valid physical postal address. This is to aid transparency and make it easier for people to get in touch or make a report if they have concerns.
Here’s a great example from Etsy. This email footer covers all bases and provides the recipient with the relevant business name and address details, no matter which location they’re based in.
While the address must be physical and valid, it doesn’t have to be a street address. Under the CAN-SPAM Act, a post office box or private mailbox is an acceptable option. This is great news if you’re just starting up your eCommerce empire and don’t want your home address on the bottom of your emails.
If you’re sending commercial marketing emails, you need to offer recipients a way to opt out of future campaigns. The CAN-SPAM Act states that this should be “clear and conspicuous” and written in plain language, so it’s easy for anyone to understand how to take this action.
Try to make the unsubscribe process as pain-free as possible for your recipients. At this point, they’ve already decided to unsubscribe — make the experience simple and warm instead of putting extra barriers in the way. Aim to make it just as easy to leave your list as it is to join it.
It’s not enough to look the part, you also need to make sure you action these unsubscribe requests. Luckily, there’s an unsubscribe mechanism built into every good email marketing tool these days that makes this a simple process.
Depending on the laws in your location, you could have anywhere from days to a whole month to do so — but in the US it’s 10 business days.
Not only that, but your system should be able to action these requests for a period of 30 days from when the email was sent. This gives people time to make a decision after they’ve read your email.
There’s nothing more frustrating than continuing to receive emails from a company when you’ve already subscribed. Even if this is due to a system issue rather than not actioning requests, try to find an alternative. Make sure your software tool lets you honor those opt out requests instantly if possible, to avoid irritating your audience.
Outsourcing your email marketing can take some of the workload off your to-do list, but it can’t remove the legal responsibility from you. Even if you hire another agency or individual to run your email marketing campaigns, the responsibility to act within the law falls on both parties.
Be clear with any agency or company that you hire that they should be aware of email laws and regulations and follow them. Have someone on your team authorize emails before they go out too, as an extra opportunity to check for compliance. It’s your brand reputation and a potential fine on the line, so it’s a useful step to add to your process if you outsource your email marketing.
Knowing your responsibilities when it comes to email marketing laws is a must-have, but it’s only a small part of how to make sure your eCommerce business is compliant. From website compliance to protecting your customers’ data, data privacy and compliance runs right the way through your business.
If compliance isn’t your area of expertise, this can feel overwhelming. You don’t need to become an expert at privacy law and know everything about personal data — you can let a tool like Enzuzo’s privacy platform guide you.
Email laws don’t exist to curb your creativity or put unnecessary pressures on your marketing team. Instead, they focus on honesty, transparency, and responsibility. Once you’re all clear on the main rules and how to comply with them, it’s simply a case of making these rules part of your overall approach to data privacy and compliance.
Setting up systems or changing your approach takes time, but once you’re there it’s easier to manage and there’s less pressure on your team to get things right. For a better way to reduce privacy risk, try Enzuzo and compliment your team’s knowledge with a specially designed tool to help you run things smoothly.