Message for our friends and clients More Information
Spam & Marketing 101
Understanding Spam & CAN SPAM Law Compliance
Revised June 13, 2019
Originally Published October 1, 2002
Spam is not only annoying, it can be dangerous.
While standard spam (mass, unsolicited commercial email, also often referred to as junk mail) is a hassle to search through, there are malicious individuals out there that:
- send spam containing viruses that can compromise a computer (ransomware),
- or attempts to trick users by phishing to steal usernames and passwords to financial websites,
- and more.
The goal of this article is three fold:
- To provide an understanding of spam and how it originates.
- To provide some basic safety in dealing with spam day-to-day to avoid the hassle of receiving junk mail, or worse yet, becoming a victim of fraud.
- To provide some basic information on how businesses can market while avoiding sending "spam" and complying with the CAN SPAM ACT law.
Defining Spam & Origination
Spam is defined by the government as:
the sending of unsolicited emails to large numbers of recipients via the internet.
While spam is often commercial in nature and sent by businesses attempting to gain new sales or traffic; the term spam refers to:
any, and all "mass" emailings that are sent without the consent of the recipients.
Before discussing how to eliminate Spam and unwanted junk mail, we must first understand how spam often originates. Spam originates via many methods, including, but not limited to:
Bad Business Practices
Many businesses keep email addresses as a part of normal business operations. These businesses are often legitimate and rarely result in true unsolicited spam.
Unfortunately, for as many legitimate businesses there are an equal number of illegitimate businesses that take customer lists and sell and utilize your information for unsolicited purposes, spam, junk mail, and phone calls.
Computerized Random Address Generation
Computer programs called random address generators, create e-mail addresses to send spam using dictionary words, phrases, and standard names & configurations.
There are millions upon millions of email addresses, so finding a working email address isn't too hard. Many programs also send spam to typical addresses, like:
- sales@ yourcompany.com,
- accounting@ yourcompany.com
- and so on.
All major search engines scrub the web with spiders/bots, while saving information about each page. There are also computer programs that scrub the web, but save all e-mail addresses they come across.
If a website has an email address publicly listed, spiders will index the email address, and use for spam purposes.
Consumer & Business Protection From Spam
Although there is little one can do to eliminate all spam, other than getting rid of the email account, there are several things that can be done to help avoid receiving spam to begin with.
Methods to Reduce Spam
The following are some basic ways in which to avoid, or reduce the amount of spam received:
- See if the email client or service offers spam filters, whitelists, and blacklists. These lists will allow one to block particular email addresses or domains (blacklist); as well as specify certain email addresses to always allow through (whitelist).
- In addition to filters and lists, many email clients and services offer Rules. Rules allow one to specify if a particular email containing [TERM] or [PHRASE] should go to the Inbox, Junk Folder, or just Delete immediately.
- Think about opening a separate email account that is just used for friends, family, business, or other important correspondence. Only give this email account out to trustworthy sources. Open another, free account to use for newsletters, chat rooms, etc.
If all else fails, remember the delete key is available. Emails from unrecognized senders are probably not worth opening and possibly spam. It's often safest to mark unrecognized emails as junk/spam and simply delete to avoid potential phishing or virus attacks.
Business Marketing Compliance
Understanding the CAN SPAM Act is imperative to successful marketing in today's world.
- The CAN SPAM Act does not eliminate the ability for businesses to send commercial emails to clients and potential prospects.
- It does lay out guidelines that are important to follow so as to stay in compliance with the law to avoid tough penalties.
- This law not only applies to business-to-consumer emails, but also business-to-business emails.
- ANY email that is sent with a commercial advertising or promotion purposes MUST follow the below guidelines to stay in compliance, not just bulk email.
Violations of this law can result in penalties up to $16,000 for EACH email in violation of this law.
This law does not cover transactional or relationship emails.
Transactional or relationship emails are defined as emails with the primary purpose of facilitating or confirming commercial transactions that the recipient as already agreed to.
This can include receipts, warranties, recalls, safety, security, change in terms, and so on.
Transactional and relationship emails are exempt from this law so long as there is nothing false or misleading.
If there is any mention of advertising or promotional services within the email, then the email may fall under the CAN SPAM Act and must follow these requirements:
All commercial emails MUST contain the following:
- Avoid using false or misleading header information. The From, To and Reply-To and related routing information must include the originating domain and email address. This must accurately identify the person or business sending the email.
- Cannot use deceptive subject lines. The Subject line of the email must accurately reflect the contents of the message.
- Identify the email as an advertisement. The email must disclose clearly, and in a conspicuous (obvious) place that it is an advertisement.
- Identify the sender's location. The email must include a physical postal address. This can be the actual physical address of the business, a post office box, or private mail box registered with a commercial mail receiving agency established under USPS Regulations.
- Clearly identify Opt Out instructions. The message much clearly and conspicuously explain in no uncertain terms how the recipient can opt out of receiving email from the business in the future. This notice must be easy for the average person to recognize and understand without unreasonable requirements to opt out.
- Process & honor opt out requests in a timely manner. Opt out mechanisms must be able to process opt out requests for at least 30 days after the email has been sent. All opt out requests MUST be processed within 10 days of receiving the opt out request. Fees cannot be charged for opting out, nor can a business require additional personally identifying information beyond an email address to remove, nor make the recipient take any steps others than sending a reply email or visiting a single page on the internet as conditions for removing or honoring opt out requests.
- Watch what others are doing on behalf of the business. The law clearly states that a business is legally responsible for any emails sent on their behalf by others such contracted advertising agencies. In such circumstances, both companies are held legally responsible for failing to comply.
By following these guidelines, businesses can be assured that they are in compliance with the law. As well, such compliance can help make sure that recipients truly know and understand what it is they are receiving, hence improving the potential for responding to an email if they are interested.
In addition to the above requirements that must be complied with when sending emails, there are some technical requirements that should be made to a business's domain records that will help to avoid having email sent to junk, or rejected as spam by receiving email servers.
DKIM (DomainKeys Identified Mail)
DKIM is a method of email authentication that can help to avoid spoofing and phishing attempts. DKIM helps receiving email servers to confirm that an email was in fact sent from a specific domain and authorized.
For example, historically many hackers attempted to send phishing emails to users pretending to be PayPal, in an effort to get recipients to follow a fake link and enter their PayPal username and password, which the hackers would then steal and use to break into the user's real PayPal account.
However, with DKIM, a receiving email server will see that the DKIM is non-existent, or does not match that of PayPal.com's. Hence this will mark it as potential spam, thus alerting the user to potential fraud.
SPF Record (Sender Policy Framework)
SPF records are another method of avoiding spoofing and phishing attempts. SPF records designate what domains, mail servers and IP's are authorized to send email on behalf of a domain. This helps to eliminate any spoofing attempts from outside sources attempting to send spam with a forged From address.
By following the above guidelines, consumers can be assured of avoiding unwanted spam, while businesses can be sure to comply with laws related to marketing and advertising via email. Email is today's greatest method of marketing, but requires common sense, safety, and compliance to avoid potential negative repercussions.
Newsletter Archive Topics
- Design & Development
- General Information
- Marketing, General
- Online Security
- Organic / Natural SEO
- Search Engine Marketing
- Website Conversion
- Website Technologies
Newsletter Article Ideas?
We want to hear about it! Our newsletter is geared towards you so email your article ideas or questions to email@example.com.