Email Marketing Laws: What Marketers Need to Know

Email Marketing Laws: What Marketers Need to Know

Just as laws have been passed to better regulate the telephone, so are email marketing laws evolving to protect the consumer.

Most of us here are old enough to remember the days of ringing telephones during dinner. While a few calls were welcome, like those coming from family and friends, the majority were annoying. And before the age of caller ID, many of us had to pick up every call-or let the answering machine pick up. Some people got really annoyed and complained to regulators. Laws were eventually passed.

So what does this have to do with email marketing? If you aren’t careful, sending too many emails can be just as annoying as those junk calls during dinner. This is especially so in the age of smartphones and push notifications. Few things interrupt our quiet moments quite as much as the smartphone going off. In that sense, nothing has changed.

In many ways, junk emails have become just like junk calls once were. There are too many of them, and it’s irritating a lot of people. People are getting annoyed: 86% of consumers believe that there should be better data protection laws.

As with the irritating junk calls, governments are listening to consumer complaints. Beginning in the early 2000’s, laws were passed and regulations written which restrict the sending of commercial emails. These laws go far beyond the simple spam filters of the past, and often provide stiff penalties for violations. In addition, data protection laws must be followed every time a commercial email is sent. Let’s take a look at different email marketing laws in major markets.

What is the CAN-SPAM Act?

what is a _____?

In 2003, the United States passed the CAN-SPAM Act, the first of the major email marketing laws that exist today. This law regulates all commercial email, including anything that advertises a product or service, makes a product launch announcement, or encourages you to check out a commercial website. It applies whether you’re sending a single email of this type, or many of them. The Federal Trade Commission has a business guide to the rules on their website.

In a nutshell, the CAN-SPAM Act has a handful of major provisions:

  • Commercial or promotional emails must be marked as such.
  • You must be honest and up front about who you are, where you can be reached (including email and a mailing address), and the contents of your message.
  • Allowing recipients to opt out isn’t optional, and you must respond to opt out requests promptly.
  • You are responsible for the actions of your subcontractors, which means that it’s important everybody complies with the rules.

As marketers, we primarily deal with commercial email, such as newsletters, sale announcements, and product releases. These emails are subject to the more restrictive provisions of this law, meaning we must always be careful to mark those emails as ads. It also means that if we refuse to let people reject our emails then we can be fined.

Understanding Commercial / Promotional Emails vs Transactional / Relationship Content

Perhaps the hardest part of complying with the CAN-SPAM Act is understanding the difference between promotional emails and transactional or relationship building content. This distinction is sometimes hard to master, as even the FTC admits. Perhaps the biggest problem here is with dual-purpose emails: ones which both nurture the relationship and offer a promotion.

Let’s look at one example. Many mail-order catalogs and e-commerce websites will send out coupons with order confirmation or shipping emails. These come in addition to the typical “we’re having a sale” announcements. If the only thing these emails did was provide a receipt or packing slip, then they’d clearly be transactional emails. However, the addition of an extra coupon or promotion makes this a mixed-purpose email.

Although the FTC doesn’t give answers to every case, there are some useful clues to help distinguish between commercial and transactional emails. Generally speaking, the dominant purpose of each email controls which regulations apply. Their example of a mixed-use email that’s considered commercial is one where the commercial content dominates, with a brief mention of the transaction. If the email has mostly transaction information, then it’s typically considered transactional.

What are the Penalties for Violating the CAN-SPAM Act?

What are the Penalties for Violating the CAN-SPAM Act?

As with many other FTC regulations, sending marketing emails which are out of compliance gets expensive very fast. In fact, the penalty for each email is $43,792. That adds up really fast, and it covers every email sent to each address that’s in violation. Marketers must be certain that they’re in compliance at all times.

What is the Canada Anti-Spam Legislation (CASL)

Many companies here in the US also engage customers overseas or send email through outsourcing companies. Any time that you send emails across an international border, it’s critical that you know the email marketing laws for each country involved. Many countries, including Canada, have reciprocal agreements with other governments.

In 2014, Canada enacted their anti-spam law, called CASL. This regulation, found on the government Fight Spam website, covers more than simply sending junk emails. Instead, it goes further to protect Canadians from the unauthorized collection of their email for marketing purposes. Even scraping websites for emails is illegal in Canada. Finally, the regulation prohibits unsolicited commercial text and social media messaging.

Violations of CASL are taken seriously. Some violations, such as hacking computers for personal information, are handled criminally. Others, however, can subject you to civil fines or other penalties. According to the legislative website, an individual can end up owing $1M CAD and businesses $10M.

From an email marketer’s perspective, the implications are simple. You cannot obtain or use a Canadian’s personal information without their express permission. This means that the unsolicited “hi I’m XX brand” emails seen in the US tend to be illegal in Canada. Rather than allowing a brand to email until told to stop like we see in the US, Canadian spam emails are opt-in only.

What is the GDPR?

The European Union’s General Data Protection Regulation is the anti-spam law which applies to all EU countries. However, it’s much more than an email law. Rather, it controls the way in which the information on EU recipients is handled. Besides being binding only on EU businesses, though, it applies to every business that interacts with EU parties.

In a nutshell, the GDPR requires that personal data be protected. To send commercial email, you must get explicit consent from each user. This permission must not be buried at the bottom of a “place order” page, either. And similarly to both US and Canadian regulations, it must be easy to unsubscribe. Finally, you may not use private information for any purpose besides those you disclosed at the beginning, and safeguard the information carefully. File information must be provided on request.

As email marketers, this is a tough regulation. It means that we must get permission from everyone that we email, and that we can’t send even one unsolicited message. Besides this, the “disguised” methods of opting in for emails that are common in the US are illegal. Once someone opts in, their information must be kept private. Customer lists, therefore, are strictly protected and can’t be passed on to anyone.

Like other rulemaking entities, the European Union has made violations expensive. Fines are assessed on global revenues from the previous year, with a maximum of 4% or 20 million Euros. These are huge numbers, so paying attention and complying are critical.

What is the CCPA?

Finally, let’s look at the California Consumer Protection Act, or CCPA. This law was passed in 2018, and took effect in 2020. In a nutshell, it requires businesses to tell consumers about information they are collecting and what it’s used for. They must also delete certain types of information on request, and respect a customer’s wishes to not have their information sold to third parties.

For email marketers, the main implication is that there are certain notices you must give when the data is collected. In addition, your ability to sell or pass on information to other companies is much more limited. Since this is a new law, it should be monitored carefully.

How to Ensure that You Comply with Email Marketing Laws

How to Ensure that You Comply with Email Marketing Laws

With so many regulations to follow worldwide, it can be easy to lose track and become noncompliant. Most notably, things which are legal in the US will get you massive fines in Canada or the EU. From a purely practical standpoint, the easiest way to ensure compliance is to follow best practices worldwide. This may seem like you’re overdoing it for an American audience, but some of the safeguards will make  you look like a good corporate citizen. Not only that, but it’s often cheaper to be over compliant than get fined.

Always get permission to email the people on your list

No matter how strict the opt in rules for your country, it’s always a good idea to ask permission. Here in the United States, you are probably fine using check boxes on order forms or lead magnets. However, if you have even the potential to send those emails overseas, be sure the permission process is more active.

Use double opt-in to ensure that you did your best to get permission from people

A double opt-in is when you send someone an email that indicates their email has been submitted to your list. Then, it asks the recipient to confirm their subscription. When you do this, there is no question that the owner of an email address is OK with being sent commercial emails. If you then keep a log of this permission, it will be difficult for a regulator to argue that you have insufficient permission to send these emails.

Write an honest subject line describing your intentions without potentially misleading the recipient

A frequently used email subject line for us marketers amounts to “open for X% off,” and another is product release announcements. In both cases, it is critical that the subject line indicate you are trying to sell goods and services. The worst thing you can do is deceive a recipient about what you are trying to do, either by disguising a commercial email as a transactional one or misrepresenting the discount.

Remind people why they are getting emails from you

Remind people why they are getting emails from you

Especially with emails that nurture a relationship, it’s important to remind people it exists. The most common way I see this done is a disclosure at the bottom saying “You’re getting emails from X because Y.”

Make sure you have your physical company address on all emails

This one isn’t just required, it’s good etiquette. People may need to reach out for many different reasons, from customer service inquiries to complaints. Don’t make them chase you.

Make opt-outs painless

You know those annoying subscriptions that you can’t get rid of without following a million prompts on the website? Don’t be that company. Instead, put a simple opt-out or unsubscribe link at the bottom of every email. It’s fine to ask customers why they’re opting out, but don’t make it a hassle. Just one or two questions are enough.

Honor opt-out requests promptly

Once people request to have their email addresses removed from your email list, it is important to do so promptly. Many list owners tell subscribers it can take a few days for the request to work its way through the system. This allows for the adaptation of automated software. However, you shouldn’t drag this out or you risk breaking the law.

Globally, the tolerance for unsolicited commercial email is dwindling. Unwanted emails are annoying and take time away from more important tasks in the life of consumers. In response, governments have passed laws that penalize bad actors. At the end of the day, knowing these email marketing laws and following best practices is imperative, especially considering the importance of email marketing as part of a complete digital marketing strategy.

Get A High ROI From Your Email Marketing
We respect your privacy. Unsubscribe at anytime.

Hero photo by Grianghraf on Unsplash

Actionable advice for your digital / content / influencer / social media marketing.
Join 13,000+ smart professionals who subscribe to my regular updates.
Share with your network!
Neal Schaffer
Neal Schaffer

Neal Schaffer is a leading authority on helping businesses through their digital transformation of sales and marketing through consulting, training, and helping enterprises large and small develop and execute on social media marketing strategy, influencer marketing, and social selling initiatives. President of the social media agency PDCA Social, Neal also teaches digital media to executives at Rutgers University, the Irish Management Institute (Ireland), and the University of Jyvaskyla (Finland). Fluent in Japanese and Mandarin Chinese, Neal is a popular keynote speaker and has been invited to speak about digital media on four continents in a dozen countries. He is also the author of 3 books on social media, including Maximize Your Social (Wiley), and in late 2019 will publish his 4th book, The Business of Influence (HarperCollins), on educating the market on the why and how every business should leverage the potential of influencer marketing. Neal resides in Irvine, California but also frequently travels to Japan.

Articles: 427


  1. Thank you for the article! I’ve been acquiring emails personally from public sources where the recipient displays themselves (Instagram for example) and I’ve accumulated about 2,000 of them. These are people or companies that would benefit directly from an app that I’m building, and I want to send them one email to give them an opportunity to sign up and join a waiting list on my website for early access. I won’t send them any further emails after that one unless they subscribe to the waiting list on my website. Does this have the same regulations or is there a grey area here? Thanks in advance!

    • Thanks for the question. I am not a lawyer and not qualified to give you legal advice, so you should consult a lawyer if in doubt. I am only offering my personal perspective as a marketer.

      There is an interesting debate between cold email vs. spam mail. Your list, while not acknowledged by its recipients, would be similar to many cold email campaigns that many businesses do. Even with cold emails, though, you will want to ensure that you include that you clearly state it is an advertisement and try not to deceive people, add a physical address inside the email, and allow people can opt out themselves, even if you promise not to email them again. So any time you send an unsolicited email, the question becomes is it spam or is it somehow compliant as a cold email, which I believe is still a grey area but many companies still do them.

      Hope this is the advice you were looking for. There are plenty of articles about this subject like this one published by one of the cold email tools companies that might help you as well. Good luck!

  2. Am I required to put my business name somewhere in every single email that I send? As in the LLC name? My website name is different than my registered LLC name. I know you stated you have to be clear about who you are, I’m just wondering if it is required to have the LLC or if you can provide enough clarity with your web address and other information? Thank you, great article!

    • It should be clear who the email is from. Why would you not want to let people know your company name if you are trying to develop business for it?

  3. Great article Neal! Question. If I have a large email list from a friends company that he gave me because he is overwhelmed and wants me to email them with my services to help him, can I do that as long as I follow all the rules? They are all US based business clients.

    • Hey Salvatore, thanks for the question! The idea about an email list is that it is a contract between a company / email service provider and a person who opt-ins to receive that communication. If you are a different company, those people on the list have not opted-in to receiving a message from you. That doesn’t stop some companies from sending them messages any way, but hopefully this better explains the rules.

  4. Perfect timing! I’m just starting to figure out how to market in EU/Germany and I know how important rules are. This is one of the things I educate people on. I tell them at least, they might ignore it, but I tell them.
    Thank you.

    • Hey Sara! Yes, when it comes to email marketing the rules of the game are critical to understand, especially with GDPR in Europe! Good luck on educating everyone!

  5. I am not sending the emails.what to do if it is generated emails from another person.

    • Can you describe your situation in a little more detail Linnette as I don’t understand what you mean?

Comments are closed.

Table Of Contents