A compliance guide for businesses when sending commercial email

Email is one of the most popular ways for businesses to reach potential customers and make sales. And yet email is still vulnerable to unwanted messages called spam, which adversely affect business productivity. What’s worse, spam has been known to be a common means for phishing, data breaches, and malware that can cripple systems.

To protect your inboxes from spam, you must abide by rules backed by laws such as the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), the General Data Protection Regulation (GDPR), and Canada's Anti-Spam Law (CASL). Here are the top rules to remember.

Make sure your email headers are accurate

In other words, your to, from, reply-to, and similar header information should contain accurate information and not be misleading. In compliance with the CAN-SPAM Act, your email recipients should be assured of the authenticity of the sender. Thus, whenever you’re sending an official email from your organization, its headers should identify your organization and any affiliated party.

Avoid misleading subject lines

Email marketers and businesses may use creative subject lines to entice potential customers to open their messages. But regardless of whether you're sending a promotional email, news and updates, or special offer mail, you must avoid using subject lines that are creative yet misleading. Use subject lines that accurately indicate the email’s content. For instance, don’t write a subject line about winning a fortune when the email is really about your product launch that happens to include a lottery as part of the event.

Many of these anti-spam rules for businesses can be summed up into a single mantra, “don’t trick people.” That said, you don't need to be so blunt as to indicate "this is an ad" in your subject lines.

Obtain consent

You may have a customer’s email address, but this doesn’t always entitle your business to send them a promotional message. Under CASL and GDPR, if your business or your email recipients and customers are located in Canada or the European Union, you must obtain their permission. Without it, your mail will be considered spam no matter how helpful they are.

Honor opt-outs and data wipes within legal deadlines

When an email recipient unsubscribes from your mailing list, you must dutifully comply. Under CAN-SPAM, you have 10 days to honor this request. Any commercial messages you send after that period will be considered spam. Furthermore under GDPR, if a recipient has requested to have their data deleted, your business has to honor that request immediately.

Include a brick-and-mortar address

If there’s one thing that can make your marketing emails appear fishy, it’s not including a physical address in the message. Make sure the emails you send have one so that your recipients have a means to reach out to your business. A P.O. box will do, as it serves the same purpose.

Launch email campaigns responsibly

You are responsible for all marketing emails you send, even if you outsource it to outside marketing agencies or contractors. According to CAN-SPAM, you must comply with relevant anti-spam laws. Noncompliance will mean your business will be penalized.

Provide information about personal data use

Certain laws specify that consumers have a right to know how their data, such as email addresses, is being collected and used. If your business has customers in the EU, you must comply with the GDPR rules, which state that you need to have a privacy policy that clearly states what data you collect, how it is stored, and if you share that data with other entities. This information should be readily available for subscribers or customers should they look for it.

Here at NetQuest, we specialize in protecting businesses from email threats. We also streamline processes so that you can easily find critical data from your inboxes. What’s more, we provide businesses in the Baltimore area with technology services for all kinds of business needs. Find out what we can do for you today.