The Imagination Factory

Can-Spam Compliance

May 4th, 2008 by Ted Bailey

I don’t deal in Viagra, Porn or Get Rich Schemes. I don’t SPAM or send unsolicited email, why do I care… other than whether or NOT it (the CAN-SPAM Act) reduces the SPAM I get? I’m a legitimate business, how can I be in violation?
The short answer: Even if you, your company or organization sends only permission-based email, the CAN-SPAM Act may require that you make certain changes to your emails and your website. We’ve summarized some of the more salient points below.


A website is an excellent vehicle for developing better and less expensive customer service. Handling email inquiries are far less expensive than staffing phone lines. An existing and/or targeted audience yields better marketing responses, BUT only if they are interested in what you have to say. The Imagination Factory recommends (at minimum) an opt-in, permission-based email marketing and messaging vehicle. We offer our clients a double opt-in emailer system which not only allows the visitor to opt-in, but they must also CONFIRM in order to be added to a list. It also provides for automagic OR client assisted name removal.

Sending unsolicited commercial email (UCE) may likely result in customer backlash, could damage to your reputation, brand, product, service and/or get your domain(s) blacklisted (by anti-spam organizations). Blacklisting will prevent you and anyone else on your domain from sending email to much of anyone on the Internet (most SPAM filters check the blacklists first).

On a daily basis, we all have mailboxes filled with porn, body-part extension offers, herbal extracts, the chance to earn a bunch-o-money each week from the comfort of their home. Fortunately (and unfortunately) email marketing works – both for us AND for the bad guys. This attests to how important email is in the lives of today’s netizen.

How about some background?

When the “Do Not Call” registry website was launched in 2003, it was an instant hit with millions of people. No longer would anyone who signed up have to suffer through unwanted telemarketing calls during dinner. The Cry against SPAM quickly followed and Congress quickly realized that passing such common-sense legislation that affects the everyday lives of citizens would be an asset during the next election. It is not likely that a “Do Not Email” registry will be in place unlit late 2004 (FTC is NOT required to set one up per this act).

Spam, or Unsolicited Commercial Email (UCE), remains another significant intrusion into most of our lives. According to some estimates, UCE makes up more than 50% of all email received in the U.S. UCE is expected to have cost U.S. businesses more than $10 billion in 2003.

Approximately half of the U.S. population has an email account, according to a U.S. Department of Commerce study in September 2001 (the latest data available). Eighty-four percent of email users check their email account frequently. In the past ten years, email has grown from the fiefdom of the geeks to one of the dominant ways in which people communicate. From grandparents seeing photos of their grandkids, to businesses sending documents and information efficaciously, people rely on email to keep them connected.

Many states have passed conflicting and contradictory laws to deal with the rise in UCE, but until 2003, Congress had done little to address the issue of UCE. California’s restrictive anti-spam law was set to take effect on January 1, 2004, but is pre-empted by the federal “Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003” (now known as the CAN-SPAM Act, which took effect January 1, 2004). While critics suggest that the legislation may do little to halt unsolicited email (especially UCE that is sent from overseas), it is a boon for businesses and organizations that have had difficulty complying with a patchwork quilt of state laws.

CAN-SPAM Act of 2003 – A summary:

Under the CAN-SPAM Act of 2003, your commercial email messages will likely fall under one of the two categories:

    1. Relationship / Transactional Messages:
      • Messages sent to complete a transaction or sale or deliver goods / services
      • Warranty, product updates, upgrades, or recall information
      • Safety or security information about a product used or purchased by recipient
      • Change in terms or features of a subscription or service
      • Account balance information


      If #1, then you must not use fraudulent headers (ie no fake/false/misleading email accounts, domains or subject lines)
    1. Commercial Electronic Messages:
      • Primary purpose is to promote a product, service, or content on a Website operated for commercial purpose
      • Most marketing-related email messages will likely fall into this category


    If #2, then here’s the BIG list of requirements:
  • You must provide an Opt-out / Unsubscribe Mechanism (and remove w/in 10 days of request)
  • You must have a “Valid Physical Postal Address of the Sender” in all commercial email messages
  • You must have a functioning Return Email Address (for at least 30 days after the message is sent)
  • You must include an ADV Warning label in subject line (req’d if you don’t have EXPRESS permission to send the email to the recipient)
  • You must have Valid Header Information / Not Use Fraudulent Headers (see above)
  • Your mail server must not have an open relay / allow others to send email through your servers without your permission.
  • You must not use an open relay or send via a computer with a username / password where you donít have permission.
  • You must follow ‘good” list management (ie non-harvested or randomly generated email addresses)


How can/will this be enforced?


  • FTC can enforce the CAN-SPAM Act with the following:
    • 5 years in jail for repeat offenders who also commit a felony
    • 3 years in jail for first time offenders
    • Confiscation of proceeds from mailing as well as any computers, software, technology or equipment used during the offense.
  • State Attorney’s General can enforce the CAN-SPAM Act with a civil action:
    • $250 / message, up to $2 million
    • If fraudulent information used in headers, no upper limit
  • ISPs can enforce the CAN-SPAM Act with a civil action:
    • Damages of actual monetary loss
    • Or, $25 / email, up to $1 million.
    • If fraudulent information is used in the headers, damages of $100 / email with no upper limit


In short, the CAN-SPAM Act isn’t exceedingly tough for legitimate businesses, but there are some tricky bits and/or things that are easy to miss. Many of the items above are already handled by our emailer or servers. Other items you must address. Failure to comply could have a substantial and detrimental, financial effect on your business. Proper crafting of your emails and site design (and especially the hiring of The Imagination Factory) helps to ensure that you will be in compliance.

The Imagination Factory • 15 Ionia Ave. SW, Suite 220 • Grand Rapids, MI 49503 • phone: 616.356.CLIK (2545) • fax: 616.356.2546 • email: Contact Us Online

© 2024 - The Imagination Factory
Website Security Test