Spam Laws, Email Marketing, and Compliance

  • Home
  • /
  • Blog
  • /
  • Spam Laws, Email Marketing, and Compliance
Spam laws, email marketing, and compliance - Duct Tape Marketing
photo credit Flickr

Every year, governments increase restrictions on unsolicited email. With new restrictions also comes harsher penalties when laws are broken. Here, we’ll give you a quick refresher on where spam laws stand both nationally and internationally, and how your business can avoid costly mistakes.


This act, passed in 2003, establishes guidelines for sending behavior, content, and subscription compliance, while defining commercial email messages (which are different from transactional or relationship-based emails).

One specific guideline includes making “unsubscribe” both operational and easy to see for readers. Further, companies must have a legitimate physical address, “From” information, and proper subject lines. Businesses should also note that this Act highly discourages sending emails from a purchased list.

But these guidelines don’t stop at the U.S. border.  Compliance laws reach a global market, so let’s visit a few that affect any international email your marketing team sends.

Global SPAM Laws

If you’re larger than a mom and pop shop, complying and understanding global laws is pertinent to your bottom line. These laws not only apply to companies located within a specific country’s jurisdiction, but to any entity sending emails to citizens within that country.


Canada, which passed the Anti-Spam Law (CASL) in 2014, set strict guidelines which threatened millions of dollars in fines when American companies send an email to northern neighbors. Not to be confused with CAN-SPAM, an opt-out law, CASL is specifically opt-in.

This means that you cannot assume consent with pre-checked boxes. Businesses must gain consent through an opt-in action, where subscribers take positive steps to give permission. Although this law has just begun baring its teeth — transitional periods end July 1, 2017 — it’s only the start of even stronger anti-spam legislation.

You can find more information on country-specific guidelines to brush up on documentation:

The entire EU has plans to create more unified legislation across Europe, so while these laws are country specific, businesses should keep up-to-date on what is up the road.

General Data Protection Regulation

Within the next month or so, the European Union Parliament is planning to approve a comprehensive legislative directive known as the General Data Protection Regulation (GDPR). The renovated directive is expected to become law across all 28 member EU Member States in 2018. Within the legislation contains highly organized requirements about obtaining consent when collecting information as well as guidelines about how that information can be stored and used.

Additional objectives of the GDPR include citizen’s control of personal data, and simplification of the regulatory environment for international businesses by merging regulations within the EU. When GDPR takes effect it will replace the data protection directive from 1995.

Best Practices for Compliance

With these laws in place, there are best practices for email marketing that help businesses stay inside the policies and remain compliant.

Use the Double Opt-in Method

Double opt-in lists are not only compliant with international spam laws, they also help boost open rates in the emails you send. MailChimp took a random sample from 30,000 users in its database who had sent at least ten email campaigns, looking for improved email marketing stats from double opt-ins. The email service provider found that the double opt-in method resulted in a 72.2 percent increase in email opens. The data also showed an 114 percent increase in clicks when compared to single opt-in lists!

Never, Ever, Buy a List

Using single opt-ins or double opt-ins is perfectly up to preference, but whatever you do — and we mean it! — never buy a list. You are at risk of a spam trap infection when you purchase any email list.

Most often, purchased lists contain bad and out-of-date information, and there isn’t any good way to tell how old those email addresses really are. Email addresses expire at a rate or 22.5 percent each year. When companies send to bad email addresses, they’ll be flagged as spam, or even blacklisted completely. Deliverability and sender scores are decimated when businesses send to thousands of individuals who never opted in at all.

Choose Name and Subject Lines Wisely

Data from Convince & Convert found that 43 percent of email recipients would report email as spam based only on “from” names or email addresses. And, 69 percent said they would report email as spam based on the text in a subject line. As a result, it’s critical for businesses to be clear about who they are and what the contents of your email say. This is the only way to engage and keep, the individuals you worked so hard to join the list in the first place.

Make Unsubscribing Easy

While it might seem like common sense, we’re constantly surprised how often an “unsubscribe” link is forgotten or broken in email campaigns businesses send out daily. Once a recipient clicks on that link, businesses can obtain more information about why they clicked. Therefore, it’s important to make this process easy and to remove them quickly from your list (within 10 business days is required in the United States).

Clean Up Dirty Lists

Two of the most critical components of CASL and GDPR are data maintenance, so keep a close eye over time. Email recipients must provide either expressed or implied permission to use their information (and a pre-filled checkbox doesn’t mean you have valid consent). Keep a record of where and how permission was given. Internet service providers (ISPs) are becoming more reliant on engagement metrics to monitor spam, so keeping your list clean is imperative. Clean lists also have a much higher engagement rate than old or purchased lists.

Implied consent has an expiration date of about two years with CASL. As an example, someone who purchased a product has given implied consent to add them to your mailing list. But, you’ll want to confirm expressed consent from them at least once every two years. This is easily completed by a running a re-engagement campaign, where recipients click a button to confirm they want to keep hearing from you.

With the new law, GDPR, recipients have the “right to be forgotten” if data belonging to them is not in use for the purpose it was originally collected. That means you won’t be able to use a list you collected for one company to advertise for another.

Don’t Cut Corners When You Email

Following these rules and complying with laws, while also building a list through strict opt-in methods can be daunting, but efforts will pay off in the end. Email marketing is about the quality of contacts, not the quantity. Highly engaged lists lead to improved overall performance of campaigns, better deliverability, and favorable long-term results for your brand and your bottom line.

If you liked this post, check out our Small Business Guide to Email Marketing.

John ThiesJohn Thies is the CEO and Co-Founder of Email on Acid, a service that gives email marketers a preview of how their emails are displayed in the most popular email clients and mobile devices. He resides in Denver, Colorado with his wife and son. When he isn’t working he’s either on the golf course or snowboarding in the fresh Colorado powder.


John Thies

You may also like