CAN-SPAM Compliant? You Say that Like It’s a Good Thing
Guest Blog By Ken Magill
Imagine someone saying: “When I drive, I stop at red lights.”
Yeah, so? The person making that statement could be an aggressive jerk who tailgates and recklessly switches lanes. Sooner or later—if he hasn’t already—he’s going to get pulled over by the cops for driving like an ass.
But, hey, he stops at red lights.
That’s what email marketers sound like when they say: “We are fully CAN-SPAM compliant.”
CAN-SPAM compliance is the email marketing equivalent of drivers stopping at red lights. It’s a basic rule of the road by which all but the most egregious drivers abide.
Spam filters are the traffic cops of the Internet. Email marketers can be CAN-SPAM compliant and still get stopped by the Internet’s traffic cops for a host of other reasons.
The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, or CAN SPAM, was written to give law enforcement and Internet service providers the legal tools to go after bad guys while not being needlessly threatening to legitimate businesses.
CAN SPAM infuriates a lot of people because under it, email marketers can actually spam. It does not outlaw unsolicited, bulk commercial email. In fact, contrary to popular belief it doesn’t even outlaw harvesting email addresses, though web scraping is an aggravating factor if an email sender gets busted violating other provisions of the act.
Essentially, all CAN SPAM requires is that the marketer be honest about who they are and that they honor opt outs.
The act was designed to provide a low-bar, basic-behavior framework for commercial email marketers while superseding dozens of conflicting state laws that threatened to kill email as a commercial channel.
Email campaigns consume bandwidth paid for by the organizations that receive and process senders’ messages. As a result, unlike other advertising channels, email shifts costs to the company on the receiving end of the messages.
Inbox providers have one primary goal: deliver email subscribers want and filter the messages they don’t.
This is where permission comes in. CAN-SPAM does not require permission to send email. But inbox providers do.
Every inbox provider has a secret formula to determine whether or not incoming email is spam. For example, they all use one or more blocklists—lists of IP addresses their maintainers have determined are sending unsolicited email. The most famous of these lists is Spamhaus.
A listing on Spamhaus will result in major deliverability issues. The people who run Spamhaus don’t give a rat’s patooty if the sender they decide to list is CAN-SPAM compliant or not. In fact, they view marketers who say they’re CAN-SPAM compliant in an effort to get a block lifted as a major sign the marketer is a clueless fool who is most certainly spamming.
Inbox providers also use other factors to determine who is sending spam, such as how many bad or nonexistent addresses they try to reach and how many spam complaints they get.
How many are too many? Only the anti-spam employees—known as abuse-desk employees—at the individual inbox providers know. But guess what: They don’t care about CAN-SPAM compliance, either.
And heaven help the marketer who hits spam traps. A spam trap is an email address set up solely to catch marketers who are sending illegitimate email and marketers who aren’t exercising good data-quality management.
The worst type of spam trap to hit is the honey-pot address. A honey-pot spam trap is an address published on the Internet that has never been subscribed to any list. As a result, a marketer who hits honey pots has either been harvesting addresses or getting addresses from sources that have been harvesting them.
But CAN-SPAM doesn’t outlaw harvesting email addresses, remember? Yep, but inbox providers don’t care. They won’t tolerate email from marketers who send to honey-pot addresses. A marketer who hits honey-pot spam traps can be completely CAN-SPAM compliant, but is courting serious deliverability trouble, nonetheless.
Simply being CAN-SPAM compliant isn’t even close to enough to avoid being treated like a spammer by inbox providers.
CAN-SPAM compliance isn’t even a best practice. It’s one small checkbox on a long list of things required to stay within the Internet’s email traffic rules.