Silverpop - CAN-SPAM and Other Global Email Laws and Regulations
It appears you are using an older version of your browser. This site was developed to be progressive and future-compatible. Please take a minute to upgrade your browser for an optimal experience.
Skip to content
  • Subscribe:

CAN-SPAM and Other Global Email Laws and Regulations

blog post thumbnail image
by: Loren McDonald (@LorenMcDonald)
23 April 2015

Enabling email subscribers to opt out quickly and easily is Job No. 1 for your unsubscribe process, but ensuring that you comply with local and international laws is also critical. (Read my full email unsubscribe series.)

In this post, I'll review sections of the U.S. email regulations covering the unsubscribe process and survey similar regulations in Canada, the European Union, the UK, Australia, New Zealand and Japan. (NOTE: You should consult your company’s legal counsel for specific guidelines regarding the laws of the countries where you’re sending email.)

United States: CAN-SPAM

It stands for "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003" and is the set of federal laws and regulations governing email in the United States. It sets out the following requirements governing unsubscribing:

1) Explain how to opt out: Use plain language to explain how the subscriber can stop receiving your email messages.

2) Working unsubscribe link: Each promotional email message must include a working unsubscribe function and the company's postal (street) address. Subscribers can opt out by using an unsubscribe link, replying to the email address or sending a letter to the postal address.

The link also has to remain active up to 30 days after you send the email.

3) 10-day window: Senders must honor opt-out requests within 10 business days. Suppressing the subscriber immediately upon opt out is the best practice.

The window gives brands enough time to synch opt-out requests with various CRM, marketing and third-party databases. Sending email in that 10-day unsubscribe period, however, can make you vulnerable to spam complaints.

4) No restrictions: You can't make your subscriber type in a password, pay a fee, take a survey or view additional web pages in order to unsubscribe.

You can link from your unsubscribe page to a one-page preference center that explains other options (changing frequency, opting off some lists while staying on others, etc.).

The no-password rule holds even if you password-protect your users' account information. In that case, provide a separate unsubscribe link that allows your subscribers, customers or members to manage their email or opt out without logging into their accounts.

This does not apply to member- or account-based emails such as notifications that subscribers have requested or are important to the member/account relationship.

5) No repurposing: Once a subscriber opts out, you can't use that email address for any other purpose, such as adding it to another email list or sharing it within your company or third-party services.

6) Penalties: Violators can be assessed up to $16,000 per contested email. Senders also can be fined $250 for every email they send after the subscriber opts out and $750 per email if a plaintiff can prove the company "willfully" ignores the opt-out request.

What CAN-SPAM Doesn't Cover

1) Location, language, appearance: The law doesn't specify how to structure the unsubscribe function, how to word the language explaining it or where to place it in your email.

2) Transactional messages: The law generally exempts emails that relate to or are generated by customer, subscriber or member actions – confirmations, updates, warranty notices, account alerts, etc.

You can include some promotional content within the email, such as cross-selling recommendations or a deal of the day, but the subject line and most prominent body copy must relate to the transaction.

Unsubscribe Rules Around the World

Following the guidelines below will make you compliant in major email centers such as the United States, Canada, the European Union, the UK and Australia:

1) A working unsubscribe link or "reply-to" function and an explanation on how to unsubscribe.

2) A location that makes the link easy to find. Don't hide the link at the very bottom of your email message or camouflage it with a tiny font that blends in with your background color.

3) No further email contact. Some countries allow a short time period (10 days in the United States; five days in Australia and New Zealand) to suppress unsubscribed addresses. Others, including Japan, allow no grace period once a subscriber opts out.

4) Persistent link: The unsubscribe link must remain active, generally for 30 to 60 days, after sending the message.

5) Same channel: Your subscribers must be able to opt out via the same channel they used to sign up. You can't require a letter or toll phone call, although a toll-free number would satisfy SMS messaging in Australia and New Zealand.

Still, many countries have unique characteristics:

Canada: Canada's Anti-Spam Law

1) Applies to all senders: Covers any electronic message (email, text, etc.) destined for or passing through a Canadian computer connection. It applies to any marketer sending emails to or through Canada, even if the message originated outside Canada.

2) Link longevity: The unsubscribe link must remain active for 60 days after transmission.

3) Penalty: Up to $10 million for companies; each offending email is a violation. Beginning in 2017, individuals can sue companies directly.

Australia: Spam Act 2003

1) 5-day window: You have five business days to process the unsubscribe.

New Zealand: Unsolicited Electronic Messages Act 2007

1) 5-day window: You must remove the address within five working days of receiving the unsubscribe request. You can send an unsubscribe confirmation if it would be received within that five-day window.

EU: Directive on privacy and electronic communications

1) "Valid address:" Article 13 prohibits sending direct marketing email via a disguised or concealed identity or without a "valid address" to request unsubscribing but doesn't specify that it be a working link in the email.

UK: Privacy and Electronic Communications Regulations 2003 and Data Protection Act 1998

1) "Valid address:" The PECR requires the sender to include its valid postal address in each email.

2) "Prompt" removal: Neither the PECR nor the DPA specifies when to remove an address after opt-out. Guidelines from the Information Commissioner's Office say the laws "expect" removal within 28 days.

3) Penalty: Up to £500,000 for a "serious breach," such as ignoring unsubscribe requests or sending spam emails or texts repeatedly.

Japan: Law Concerning the Proper Transmission of Specified Electronic Mail

1) No grace period: The address must be removed as soon as a sender receives an unsubscribe request.

2) Penalties: Up to 1 million yen each for a sender who violates the law or refuses to allow the government to inspect its records. Up to 30 million yen for senders whose agents violate the law; up to 1 million yen for each agent who refuses to cooperate or comply.

Related Resources:

1) White Paper: “Unsubscribe Best Practices: How to Decrease Database Churn and Strengthen Your Marketing Program

2) Blog: "How an Effective Unsubscribe Strategy Can Make Your Email Program Stronger

3) Blog: "Why People Unsubscribe and How It Affects Your Email Growth"


Sign up Now!

Subscribe to IBM Marketing Cloud's Digital Marketer Newsletter!

Popular Categories

Top 5 Posts


To give you the best experience, this website uses cookies.

Continuing to use this website means that you consent to our using cookies. You can change your cookie settings in your browser at any time.
Find out more here or by clicking the Cookie Policy link at the bottom of this page.