A Supreme Court Justice once famously said that he may not be able to
define pornography, but he sure knows it when he sees it.
The same might be said about spam. No one has yet clearly defined
what spam is...or isn't. Yet most email recepients would probably
tell you they know when they're being spammed.
The law on spam is all very new and very much in flux. Any specifics
I tell you today may well be out-dated tomorrow. So take this all
with several grains of salt, please, and be sure to stay current on
new developments as they emerge. I will give you some links, below,
to help you do that.
Perhaps the vaguest area of all is -- what happens to the well-meaning
sender of email who inadvertently sends mail to someone who doesnt
want to receive it. This is becoming more and more of a concern for
businesses who do not want to be seen as spammers, but certainly do
want to continue using email as a legitimate means of reaching out to
existing and potential customers. Ill deal with this question a bit
more below, as well.
But first, let's get some general do's and dont's listed to keep you
in pretty good graces with consumers and with the law, no matter where
in the world you send your messages to:
--Use opt-in only distribution lists for your e-mailing campaigns.
The best lists are probably those you compile yourself.
--But just to be on the safe side, include a simple, working opt-out
process in each and every email you send. Better yet, include two
processes, such as an automatic opt-out link to click on, and -- in
case the link doesnt work for a given consumer -- reply
instructions or an email address they can send an opt-out request to.
--In addition to the opt-out process, include some sort of gracious
comment along the lines of: We never send unsolicited email, and are
sending this message only to those who have asked to receive
information from us. If for any reason you do not wish to receive
messages from us please [describe opt-out procedures] and you will be
immediately removed from our mailing list.
--Identify yourself as clearly and completely as you can. Include a
company name, a physical mailing address, phone number, contact
person, or any other information that you can provide about who and
where you are. And absolutely do not use any technological tricks to
try and hide the source of the originating email. Spammers are
notorious for hiding behind electronic veils that mask their true
identity. The clearer you can be about who you are, the more
legitimate is your claim that you didnt intend to spam anyone.
--In the subject heading of the email, make it very obvious what the
email is about. If its an ad, say so. If its notice about a
special offer or event, say so.
--Dont make your list available to anyone else. It can be tempting
to look for opportunities to market your distribution list, but my own
opinion here is that this is just too messy and asking for trouble.
Keep your list to yourself. And on the emails you send, let
recipients know that your list is 100% private, and give them a link
In addition to the above, there are two emerging areas to be aware of:
--Many countries have already created do not call lists that
telemarketers are required to check before calling consumers. The
same is beginning to happen with do not email lists. Iceland
already has such a list, and other jurisdictions are considering the
same. You will need to stay up-to-date on new developments in the law
in order to stay aware of when you will need to consult such
do-not-mail lists (however...if you mail exclusively to opt-in
consumers, then this shouldnt be an issue for you).
--Another legal trend is that email recipients are being given
explicit rights in some areas to know where you got their address
from. So...keep careful records in this regard, especially if you
buy/rent lists from other sources. If a recipient asks you How did
you get my address, you should be prepared to fully answer this
Adhering to these dos and donts should offer pretty good protection
against running into problems -- complaints would hopefully be
minimal, but if someone should complain, you can make a pretty good
case for having acted responsibly.
Turning now to the specific issues you raised, lets take them one by
Problem 1: On our web site customers can register and sign up for
newsletters. In the backend system, email addresses are manually
collected in customer service. Of course the web site and the backend
system are not yet integrated, which means that if a customer calls
customer service and says that he does not want to get emails, he can
still get it from the web site (or the other way around). Of course we
try to avoid this, but it can happen. Is this illegal, or is it "only"
bad for the customer satisfaction?
Your opt-out system needs to work well for you to have any
credibility. Technically speaking, sending an email to someone who
has requested an opt-out is illegal in a few jurisdictions, and will
become illegal in many more as new laws begin to take effect (e.g. see
the article about Californias anti-spam law that Ive linked to,
My guess would be that the laws coming into effect will largely be
aimed at the serious spammers -- those sending out millions of
unwanted emails. I would think it unlikely that sending an occasional
unwanted email would result in serious consequences for a business --
especially if they can demonstrate their well-intentioned efforts to
-- for the most part -- avoid spam as much as possible.
However, there will doubtless be people who will jump on any
unsolicited email as an opportunity to complain, sue, ask for
compensation...whatever. Again, the laws are very ill-defined in this
regard, and it remains to be seen how this scenario will play out.
But your best defense, obviously, is to not give anyone cause for
complaint by having a well-run, well-documented opt-in only system.
Problem 2: What happens if, by mistake, an email is sent to all
registered users - not only the ones that signed in for emails?
Again, appearances and intent are important. If this happens once,
the authorities would likely be more forgiving then repeated mishaps
along this line. The best defense in to clearly have anti-spam
policies in place (the steps I outlined above), so that -- if a
mistake is made -- you can clearly demonstrate that it *really was* a
Problem 3: Let's say that I buy a list from a trade organization and
mail these people. Who is responsible for this if some of the
customers are suing for spam - my company or the company that sold
Again, there is very little case law here to offer any precedent, but
theres certainly no reason to suppose that its an either-or
situation. BOTH of you might well have some share of the liability
(for that matter, even your internet service provider might be drawn
into such a suit). My advice above was to avoid using lists from
other sources. But if this is not practical, then do your
homework...make sure the source of the list is well-respected and that
it follows the same type of anti-spam guidelines that Ive outlined
Problem 4: Should there be certain words in the subject line to state
that the email is a promotion?
As I said above, its a good idea to identify your email for what it
is. Spain already has the publicidad requirement that I
mentioned...as far as I know, they are the only country to currently
require specific wording in the subject line. The European Union has
issued a Directive that requires member countries to enact legislation
that includes some identification requirements as well, so this will
be a rapidly emerging area of new law.
Problem 5: How should the sign-up process work? Double opt-in?
Double opt-in would seem to provide your highest degree of confidence
in the resulting list. This could also solve your website/backend
problem...sending your phone contacts an email asking them to confirm
their opt-in would go a long way towards eliminating problems.
The intent of most of the emerging anti-spam rules seems aimed at the
mega-spammers...the really bad eggs who are deluging inboxes with
zillions of unwanted messages. It seems unlikely to me that
small-scale, well-intentioned businesses will be targeted for serious
enforcement actions, or that courts will allow successful suits
against businesses just because they were not 100% perfect in
preventing an unsolicited email from getting through.
The key will be having a clear-cut, workable anti-spam system in
place. I have offered some guidelines here as to how to go about
Having said that, I will also say that the law is often a strange
duck, and who knows how it will shape up in the long run. Anti-spam
law is especially complicated because it can involve so many different
jurisdictions -- a sender in one country, a recipient in another, and
an email distribution service in a third...whose law does one adhere
to? There are no clear answers to this question yet.
You would do well to stay on top of emerging issues. Here are some
sources you can look to for this:
The Direct Marketing Association in the U.S. keeps a running list of
major national and international anti-spam laws. It is pretty
up-to-date, but when if you use it as a resource, make sure it is
being kept up-to-date. You can find it at:
Executive Summary of International Spam Laws
DMA also has a list of state laws in the US, but this has not been
updated since May 2003, so they are missing some key events. You can
see the list at:
And finally from DMA, a list of their Anti Spam Working Strategy can
be found at:
It includes the Four Pillars of responsible mailing, which by now,
should sound familiar:
-- An honest subject line.
--No forging of headers or technological deceptions.
--Identity of the sender, which includes a physical address.
--An opt-out that works and is easy to find and easy to use.
There are two recent laws you need to know about.
California passed an anti-spam law just a few weeks ago (one of
Governor Davis last acts!) that is considered to be one of the
toughest laws anywhere. It does not go into effect until 2004, so pay
careful attention to developments here. A description of the law can
be seen here:
And the UK imposed new regulations regarding emails. Heres the
official announcement from the Department of Trade and Industry:
and heres an interesting take on the laws likely impact:
As you can see, theres a lot happening, and a lot to keep track of.
It might well be worth your while to post a new question here at
Google Answers in a few months time to get an update on the latest
developments in the world of anti-spam.
Ive tried to give you a good overview of the lay of the land here,
and some clear guidelines you can use in crafting your own email
strategies. If you would like additional information on anything
here, just let me know by posting a Request for Clarification, and
Ill be happy to assist you further.
Best of luck...
search strategy: Google search on: anti-spam law (US or EU or
Clarification of Answer by
15 Oct 2003 18:33 PDT
I guess I got so focused on the clarification you gave, I neglected to
attend to the original question, so Im happy to remedy that here.
Thanks for your understanding.
There is no current national legislation directly addressing spam.
Congress is seen to be leaning towards opt-out legislation of some
kind, although their efforts may be superceded by a trend towards
opt-in legislation both internationally and in some states. The
Federal Trade Commission has levied fines against some spammers based
on misleading content of their emails, including use of misleading
links (that is, links that offer an opt-out, but dont really allow
the recipient to do so). A description of the FTCs approach can be
"Remove Me" Responses and Responsibilities:
Email Marketers Must Honor "Unsubscribe" Claims
Some marketers send email as a quick and cheap way to promote their
goods and services. Be aware that the claims that you make in any
advertisement for your products or services, including those sent by
email, must be truthful. This means that you must honor any promises
you make to remove consumers from email mailing lists.
If your email solicitations claim that consumers can opt-out of
receiving future messages by following your removal instructions, such
as "click here to unsubscribe" or "reply for removal," then the
removal options must function as you claim. That means any hyperlinks
in the email message must be active and the unsubscribe process must
California is seen as the national leader in the US in terms of
anti-spam legislation. Their recently passed law is scheduled to go
into effect in January 2004. Main provisions are:
opt-in email only to anyone in California
fines of $1,000 or more for unsolicited email
complaints can be filed by recipients, the State, or an ISP
no email address harvesting permitted in California
no spam should be sent from within California
More information can be found here:
European anti-spam rules are summarized below, as based on information
The European Union has passed two Directives on electronic commerce
which all EU member countries are expected to adhere to by passing
their own national legislation regarding emails. The main provisions
of the EU directives include:
-easy opt-out in every message.
--The ability of an email addressee to review and withdraw from any
directory of addresses before it is published or otherwise
Adherence to any opt-out (do not email) lists that are officially
--Any terms and conditions of a commercial transaction must be easily
--Acknowledgment of a customer order by electronic means. An order
is not considered placed until the recipient receives an
Emails for sales, promotions, sweepstakes and prizes must be clearly
--Prohibits the use of false identities or false return addresses.
-No specific legislation yet regarding commercial emails. However
some courts have interpreted general consumer protection laws as
extending to emails, and have ruled unsolicited emails as an
interference in business. No clear guidelines are yet available.
You can see the specifics of some court cases here:
General adherence in several laws to opt-in.
Opt-in only. Commercial e-mail must be labeled "publicidad"
(advertisement) in the subject line. Simple, no-charge opt-out
procedures must be available.
Spam is unsolicited commercial e-mail sent without the consent of
the addressee and without any attempt at targeting recipients who are
likely to be interested in its contents.
Opt-in only, to send email or to include an address in a directory.
--No specific laws yet regarding email, though a general adherence to
opt-in exists in overall communications laws regarding telemarketing,
Current law mandates an opt-out system, but this is likely to change.
Identity of email sender must be clear.
Opt-in, with all emails containing easy opt-out provisions. Adherence
to official do-not-email lists if one is published Part of the law
seems to imply a right to send a one-time-only unsolicited
communication, but if recipient opts-out, thats the end.
Let me know if any of this is not clear, or if you need additional
And best of luck in your ventures.