Your Guide to Complying with Email Marketing Laws

Written By Kelli Jones

It is VERY important that your business does email marketing correctly—and by correctly, we mean legally. Did you know it’s actually against the law to send commercial emails that don’t follow the FTC’s rules? Not only is this just really bad business etiquette, but it can also result in some intense fines. The best route is clear: Know what the email marketing rules are and comply with them.

Here’s what you need to know to get on the right path and stay there!

Commercial vs. Transactional Emails

Your first step in ensuring email compliance is to know what type of email(s) you’re sending. Commercial emails have different rules than transactional emails, and if you’re sending both, you should definitely know how to tell them apart.

👉 A transactional email is an essential email sent to a customer based on some action THEY took. Customers don’t need to opt-in to these emails, which include purchase receipts, shipping notifications, password resets, and certain notices (e.g., legal information and updates to privacy policies). While these emails do not require opt-out links, best practices include having a clear subject line and a reply-to email address.


👉 A commercial email isn’t essential. It is usually promotional in nature and/or falls within the realms of marketing and advertising. Examples include alerts about sales, products, and events. (Let it be known: Your newsletter is commercial.) Commercial emails are the ones you need to be careful about. You must comply with regulations such as the CAN-SPAM Act.

The CAN-SPAM Act 

If you’re sending commercial emails, get super cozy and read up on CAN-SPAM. We’ve included the basics here for you!

👉 DON’T try to hide who’s sending the email. The FTC says an email’s “From,” “To,” “Reply-To,” and routing information must point consumers to the right sender.

👉 DON’T use a deceptive subject line. Your email subject line must tell the consumer more or less what’s in the email.

👉 DO make it clear that you’re sending an advertisement. A note in the footer is a popular way to accomplish this.

👉 DO include a physical address (this can be a P.O. Box). 

👉 DO include a way to opt out of future commercial messages. This has to be EASY! Seriously … make it easy to opt out. 

👉 DO honor opt-out requests. The FTC wants you to honor these requests within 10 business days.


The penalty for breaking rules is steep. We’ll let the FTC tell it to you straight:


“Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $50,120.” 


Yes, that says $50,120.


And please note, if you hire another company to do your email marketing, you’re still on the hook for what your email marketing company does under your name. (Both parties could be held legally responsible for non-compliance.)

Good Vs. Shady Practices for Email Subject Lines

To make things crystal clear, let’s cover some examples of the more subjective dos and don’ts listed above. 

First, subject lines. If you’ve been part of the email marketing world for more than one second, you know how much of a BIG DEAL subject lines are. Email marketing experts have all the advice about how to get people to open your emails, but be careful. 

Click-baity—or worse, deceptive—subject lines may be enticing to your audience, and they may drive your open rate up in the short term, but this strategy won’t serve you in the long run. From a practical standpoint, consider how you feel when you open an email based on something in the subject line and then feel let down when the rest of the email doesn’t deliver. You’re probably actually less likely to open an email from that company in the future. And you may unsubscribe.

From a legal standpoint, CAN-SPAM requires that a commercial email’s subject line reflect what’s in the email; it can’t be deceitful. So you can’t claim that someone’s won a bunch of money when they haven’t, and you can’t say they’ve won something when they haven’t. 

Choosing subject lines for commercial emails that reflect the email’s actual content is not only the best thing to do legally, it’s also a best practice for maintaining a good relationship with the people on your email list. 

While you should listen to what email marketers have to say about writing engaging subject lines that’ll get people to open your newsletters, you should not throw all caution to the wind. The honest way is the best way. Let your creativity shine within the realms of what the truth is (i.e., preview what the email is about, but make it fun).

International Laws

And just when you felt like you had it all figured out after reading up on CAN-SPAM … we’re hitting you with international laws. If you are sending emails to people outside of the U.S., be aware that additional laws may apply beyond CAN-SPAM. 

For instance, read up on the Canada Anti-Spam Law. This law prohibits companies from sending commercial emails and text messages without the recipient's consent, using false or misleading representations to promote digital products or services, illegally collecting personal information, and harvesting email addresses.

Like CAN-SPAM, Canada’s Anti-Spam Law wants senders to only send to people who have agreed to receive commercial communication. Senders’ emails shouldn’t include false or misleading information, and it should be clear who the message is from. That means including a business name, accurate contact information, and a mechanism for unsubscribing.

And in the EU, there’s the GDPR (you might want to sit down for this one). Even if you’re not in the EU, if any of your subscribers or customers are, you must comply with the GDPR (General Data Protection Regulation). This document is very long and has a reputation for being the toughest privacy and security law in the world.

However, just because it’s “tough” doesn’t mean you can’t figure it out and comply! The GDPR outlines principles of accountability, like transparency about what you’re processing, as well as places limits on why you collect data, how you store it, and how long you store it.

The GDPR also explicitly lists a person’s privacy rights. For instance, the law requires companies to grant email subscribers the following rights:

  • The right to be informed

  • The right of access

  • The right to rectification

  • The right to erasure

  • The right to restrict processing

  • The right to data portability

  • The right to object

  • Rights in relation to automated decision-making and profiling

If you’re a U.S. company wondering how to accomplish all of this, definitely check out this checklist for GDPR compliance to help you ensure you’re doing everything you can be doing to stay legal! And if you thought the penalty for CAN-SPAM was intense, the consequences for ignoring GDPR rules are way higher. Less severe infringements can result in fines up to €10 million or 2% of a firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. (And that’s for “less severe” infringements. 🫢)

So now that you have the facts, ask yourself: Is it worth it to know and comply with email marketing laws? We hope you’re now nodding a resounding YES and clicking on all the links we’ve provided above to educate yourself further. 

We’ve covered the U.S, Canada, and the EU in this post, but there are other compliance laws in other countries. A best practice in email marketing is to check a nation’s laws before sending commercial emails to someone in that country. 

Stay legal, friends!

Kelli Jones
Previous

Women Are Less Likely to Protect Their Intellectual Property
Next

Copyright vs. Trademarks: 5 Things You Need to Know