What do we need to know to stay in compliance with email marketing regulations? What’s the difference between a transactional message and a message with commercial intent? What are best practices for maintaining our lists and subscription management? OMCP’s Michael Stebbins shares best practices in this podcast/article.
The OMCP Online Marketing Best Practices Podcast is where top authors and industry leaders share authoritative best practices in online marketing which are covered by the OMCP standard, competencies, and exams. This is an OMCP pilot program that may continue based on member interest and support. Stay subscribed to the OMCP newsletter to see new episodes.
Episode #2 covers Email Marketing Compliance with Regulation with Michael Stebbins in 11.5 minutes. Recorded October 2016.
Download OMCP Online Marketing Best Practices Podcast MP3 File Here (right click and select ‘save link as’.)
All right, welcome back to the OMCP Studio for the Online Marketing Best Practices Podcast. I’m your host, Michael Stebbins, and today we’ll be covering email marketing best practices for compliance with regulations.
Specifically, this is for sending commercial email to recipients in the U.S., in Canada, and in Europe.
As a professional marketer, it is our responsibility to understand the anti-spam laws in each of the regions where we send email. So in this episode, we’ll look at a few key countries’ relevant laws and highlight what email marketers need to know to comply with them.
The United States has the CAN-SPAM Act. This is called the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003. The CAN-SPAM act covers commercial email messages where the primary purpose is advertising or promotion of a commercial product or service. It’s not going to cover an email between you and your relatives, or private emails. If you’re trying to influence someone to engage for future business, your email falls into the category.
Senders that violate the CAN-SPAM Act can face fines up to $16,000 per message that is in violation, and there have been prosecution of guilty verdict since the act went into place. So, a couple of key areas for CAN-SPAM compliance.
First is an opt-in. The CAN-SPAM Act doesn’t require an opt-in. It allows direct marketing email messages to be sent to anyone without permission until the recipient explicitly requests that they stop, usually via an opt-out. While it may not be a good practice to send unsolicited email, it is not specifically prohibited by the CAN-SPAM Act until somebody says stop, and the opt-out needs to be a service or an easy event for the recipient for commercial email in the U.S.
More explicitly, each email message must include an opt-out instructions, and subscribers can’t be required to pay to unsubscribe or to provide information other than their email address, and opt-out preferences. Or, they can’t be required to take any steps other than sending a reply email message or visit a single Internet webpage to opt out of receiving future email from a sender. You’ve got to make it easy, and that means you can’t require a password to unsubscribe. (That’s one of my pet peeves!) The sender must honor the opt-out request within 10 days.
The CAN-SPAM Act covers identity rules as well. It prohibits falsifying information in the email header. Your from, to, reply to, and routing information, including the originating domain, the email address, have to be accurate and identify the person or business who initiated the message.
And More Bad Practices
Also prohibited are open relay abuses using multiple sending email addresses–perhaps with the intent to get around regulations. Address harvesting, dictionary attacks, and a number of other ways of sending spam where fraud is involved.
Subject Line Must Correlate
I can’t imagine any OMCP using any of those, but what you do need to know is that the email subject line cannot mislead the recipient about the content or the subject matter of the message. Now this was largely enacted the stop porn purveyors from misleading recipients into looking at an innocent email that contained offensive images. But it applies to marketers across the board. So let’s make an example. You could not use email subject line that says, “Your child’s insurance policy,” and then try to sell vacation timeshares in the body of the message. Those two are clearly unrelated and should not be combined, because it misleads a recipient into opening an email for false pretenses.
The U.S. also requires identification that the message is an advertisement or solicitation. Now, even the U.S. government admits that there are not set guidelines for this, and observation shows that there’s very few explicit statements that exist in outbound promotional emails. So, for now, OMCP is monitoring this. It’s not part of the exam or the standard until a generally accepted practice evolves. Including a valid physical postal address in the email is required in the U.S. under the CAN-SPAM regulations. And you can use a post office box, that is acceptable. Typically, these are appearing in the footer, or at the end of the email so they don’t distract from the primary message.
If they’re in there and they’re readable, you’re in compliance as far as including a physical postal address. Also note, and this is important, the business behind the email is liable for a lack of compliance. So, even if there’s an agency or a third-party sending out on behalf of the business behind the message, it does not absolve responsibility. In fact, both the company whose product or services is promoted in the email, as well as the company that actually sent the message, can be held legally responsible for violations under CAN-SPAM. That is part of the body of knowledge, and it’s on the OMCP exam.
Canada, the European Union, and Other Countries’ Regulations
Now, let’s look at Canada, the European Union, and other countries’ regulations. Asia, Africa, South America don’t have comprehensive regulations in place. We’re going to skip those for right now, but it is your responsibility to stay up-to-date on the regulations for the areas where you’re targeting your emails.
Canada has the CASL, the Canadian Anti-Spam Legislation. And some of Europe has the EU opt-in directive. The two differ from each other as to coverage on non-profit, political, and charity messages, but both are largely inclusive of the U.S. regulations and then, and this is important, much, much more strict than the U.S. regulations in obtaining explicit prior consent before sending commercial email to recipients.
So where the U.S. CAN-SPAM is lax and you can send unsolicited email, when you’re targeting areas covered by the EU opt-in directive or addresses in Canada, you cannot. So, CASL and the EU opt-in directive prohibits sending any commercial email messages unless the recipients have given express prior consent.
Now, transactional emails must stick to the product or services that are part of the transaction, and the recipient must, again, give explicit permission to receive other types of email. So, for example, if somebody bought my pretzel making machine, I can continue to send them transactional email about the pretzel making machine, but if I really want to send them something that sells a system to make spun cotton candy, well, then I would have to receive explicit permission to start sending them promotional emails about a different product.
When sending to addresses in Europe, senders need to state their company details on every electronic business communication sent from the organization, and it should include the full name of the company and its legal form, the place of registration of the company, the registration number, the address of the registered office, the VAT number, and a valid return address must always be provided. So, again, a little bit more strict when sending to those regions, something we should know. Now, the commonalities and the safest route is to get explicit agreement from your audience to receive promotional or informational email. One of the safest routes to do this is what is called the double opt-in.
Double Opt In – The Safest Route
A double opt-in typically consists of a second action on the part of the email recipient confirming that he or she wants to continue receiving the emails that you want to promote your products or services.
So the sequence looks like this. Jeff fills out a form on your website to get a white paper. Jeff gets the white paper, but also gets an email that requests his confirmation that he wants to receive a monthly newsletter from your company. So to confirm, Jeff clicks a link in the confirmation email and his consent is recorded in your email systems. Jeff has supplied explicit confirmation. Double opt-in, as we’ve just described here, aligns with the current email regulations that we are seeing in the U.S., Canada, and the EU opt-in directive. The rules can change any time. The EU directive does not cover all European countries so, again, responsible marketers need to watch for changes in the regulations in countries where they are going to send email.
Common Denominator Practices
So let’s bring it all together to look at the common denominator and practices that cover these regulations and best practices for marketing.
- First, we want to ensure prior explicit and verifiable permission from the recipient. This is an opt-in.
- We insure a clear and accurate sender identity and we use an accurate subject line.
- We provide clear and easy opt-out instructions and a physical postal address and required company details.
- We use a valid return and reply to address.
- We test and insure systems are in place to handle unsubscribes, replies, or any subscriber requests promptly.
- But most importantly, we provide wanted, expected, relevant, and interesting messages to each recipient.
And that last one is a good guideline for marketing overall.
Not All Regulations Covered Here
So that’s all the time we have for now. And I do have to add, this podcast and any transcription is provided as a resource and a snapshot of required knowledge for OMCP certification and does not constitute legal advice. If you have more questions about compliance with email regulations, we encourage you to review the regulations directly and to contact an attorney or solicitor within your area who is familiar with email marketing rules. Further, if you are interested in keeping your certification current, learning email marketing or other marketing practices that teach to OMCP standards, have a look at the registered education providers listed on the omcp.org website. I’m your host, Michael Stebbins, and we’ll be together on the next OMCP Online Marketing Best Practices Podcast.
US CAN-SPAM: https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business
Canada CASL http://fightspam.gc.ca/eic/site/030.nsf/eng/00273.html
EU Directive 2002/58/EC Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) Article 13 Unsolicited communications http://eur-lex.europa.eu/LexUriServ/ LexUriServ.do? uri=OJ:L:2002:201:0037:0037:EN:PDF
Guest submissions are invited via contact here.