FTC updates CAN-SPAM rules

By Published on .

Reprints Reprints

The Federal Trade Commission on Tuesday updated CAN-SPAM Act regulations in a move that will make it easier for e-mail recipients to opt out of unwanted e-mails. The new regulations also more clearly define what’s expected of marketers.

The most significant change for b-to-b marketers out of the four updated provisions relates to the word “sender.” In the past, those who worked with affiliates, rented lists or advertised in other companies’ newsletters or e-mail marketing messages may have been confused about who was responsible for providing an opt-out link and removing e-mail addresses.

Under the new provision, “sender” is now defined so that only one company or person—whoever initiated the message—is in charge of these functions. The company whose name or whose employee’s name is in the “from” field is responsible for providing an opt-out link and a physical address, and for removing opt-outs from lists. The sender “controls the content of the message [and] determines the electronic mail addresses to which such message is sent.”

Today, it’s not uncommon for e-mail marketers to have two different identities—their e-mail address’ domain name as well as a “from” field—and this is a practice that will have to change under the new ruling, said Julie Katz, analyst, Forrester Research. So, for example, the company name in the “from” field should match the domain name.

“Marketers should already be doing this,” she said. “They should be clear about who they are and be open about identifying themselves to recipients. It’s really just another way to differentiate yourself from spammers.”

This will also affect those who in the past have co-branded their e-mails.

“There’s what’s legal and what I consider best practices,” said Rick Buck, e-Dialog’s director of privacy and ISP relations. “Legally, the FTC was wise to say one person owns an e-mail. But if you’re a good marketer, you will ask your advertisers to forward you any opt-out addresses from people who say they don’t want to receive messages from that company, and at the bare minimum, if you’re advertising in someone else’s e-mail you should include your own opt-out link, too.”

The second important regulation solidifies what marketers should have known—and been doing—all along. According to the ruling, marketers must make it as easy as possible for people to opt out of their communications. This means marketers can’t ask recipients to pay a fee to opt out or provide any additional information other than an e-mail address and their opt-out preferences. In addition, marketers must follow a one-click paradigm. They can’t ask those opting out to perform multiple clicks, log in or provide a password.

Other updates to the regulations included defining what constitutes a “person,” clarifying that post office boxes and private mailboxes constitute “valid physical postal addresses,” and keeping the period between when a person opts out and when they must be removed from a marketer’s list at 10 days instead of three days.

The changes came about after the FTC received and reviewed more than 13,500 comments, including those from 93 industry representatives and three privacy groups. The comments can be found on the FTC’s site (, along with the official updated regulations (

In this article:
Most Popular