Planning for the future: How to comply with e-mail regulations | Articles

Abstract

As new e-mail regulations and measures are established, understanding them in relation to e-mail campaigns is crucial. E-mail defense systems are becoming stronger and to avoid being listed as an unreliable or spam source, some rules must be followed.

Understanding new e-mail initiatives

Editor’s note: Terry G. Vavra and Douglas R. Pruden are partners at Customer Experience Partners, LLC. This is an edited version of an article that originally appeared in their weekly newsletter, Insights. Contact terry@terryvavra.com to subscribe.

Americans are besieged with e-mail. A substantial portion of which is unwanted, irrelevant and in some cases malevolent, nefarious probes for private information. Some protection has been previously enabled (e.g., the FTC’s 2003 CAN-SPAM Act and the accompanying CAN-SPAM Rule). This Act mandates honoring unsubscribe requests and requires authenticating e-mail. Both actions have intensified the burden on message senders to increase the relevance and interest-creating values of their messages. In addition, individual ESPs (notably Google and Yahoo) have been policing their subscribers’ mailboxes for some time. Google reports its AI defense system currently blocks nearly 15 billion unwanted e-mails each day and stops almost all spam, phishing and malware from reaching inboxes.

The reactive measures that have been established

Rampant abuse through spam, phishing and other pirating actions has stimulated some governmental reaction. Most notable are GDPR (Europe’s General Data Protection Regulation – 2018), CASL (Canada’s Anti-Spam Law – 2014) and CCPA (California’s Consumer Privacy Act – 2018). Each seeks to offer their constituents protection from abuse from voluminous or malevolent e-mail. While California’s CCPA has inspired several other states to begin developing similar legislation, our federal government has yet to follow suit – except for the FTC regulations mentioned above.

How new initiatives will affect future e-mail campaigns

Responding to the absence of national regulations and the rise in abuse, as of February 2024, both Google and Yahoo have announced new actions to better protect and empower their subscribers. These initiatives will make the abuse of e-mail tactics more difficult for unscrupulous marketers, while requiring some additional considerations/actions from ethical e-mailers. We’ll briefly review these initiatives and then offer some suggestions to ethically respect them and maximize return from e-mail campaigns of the future.

Google’s initiative is directed at bulk senders, those who send more than 5,000 messages to Gmail addresses in one day. A key requirement is the requirement of an authenticated e-mail address. This has already produced a decline in unauthenticated messages by 75%. Google’s new requirements, which reinforce the FTC’s CAN-SPAM rule:

Authentication of the originating e-mail address. Receivers should be able to rely on an e-mail’s stated source.
Enabling easy unsubscription. Recipients must be given a simple, one-step process for unsubscription and unsubscription requests must be acted on within two days.
Ensure the e-mail is wanted. To enforce this, Google has established a spam rate threshold of less than .3%. Rates of reported spam higher than this will identify an e-mailer as non-compliant.

Yahoo is aware of Google’s suggested standards and appears ready to similarly enforce them. Both services acknowledge this isn’t just a one-time exercise but will require industry-wide collaboration and continuous vigilance.

How to successfully comply with requirements

We’ve always subscribed to the adage, “It’s called junk mail because it’s the wrong information sent at the wrong time to the wrong person.” E-mail incorporating any of these mistakes will ring the spam bell and likely result in the offender’s quarantine. So, all future e-mail-dependent campaigns will need to be scrutinized and viewed within the requirements of Google’s and Yahoo’s new initiative. An up-to-date consumer data platform should be at the center of such a review.

Some suggestions from the CAN-SPAM Act

1. Avoid false or misleading information in your header

The “from,” “to,” “reply-to” and routing information – including the originating domain name and e-mail address – must be accurate and identify the person or business who initiated the message.

2. Don’t use deceptive subject lines

The subject line should accurately reflect the content of your message.

3. Identify the message as an ad

The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.

4. Tell recipients your location

Your message must include your valid postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations.

5. Establish a clear opt-out option and tell recipients how stop future marketing e-mails

Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting marketing e-mails from you in the future. Craft the notice in a way that’s easy for an ordinary person to recognize, read and understand. Creative use of type size, color and location can improve clarity. Give a return e-mail address or another easy internet-based way to allow people to communicate their choice to you. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all marketing messages from you.

6. Current subscribers and members can also opt out of marketing e-mails

Individuals who sign up for a subscription service or membership program still have the right to opt out of marketing messages from them. While you don’t need to get members’ consent to send them marketing e-mails, subscribers and members don’t lose their ability to opt out of marketing e-mails from you simply because they have a subscription or membership.

7. Respond to opt-out requests promptly

Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipients opt-out request within two business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an e-mail address or make the recipient take any step other than sending a reply e-mail or visiting a single page on an internet website as a condition for honoring an opt-out request. Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their e-mail addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act.

8. Monitor what others are doing on your behalf

The law makes clear that even if you hire another company to handle your e-mail marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that sends the message may be held legally responsible.

These suggestions cover a lot of territory and require proper planning. But, like many reforms they may usher in a better atmosphere for the productive use of e-mail promotions in the future.