9 Things You Need to Know about Anti-spam Law and Opt-outs

9 Things You Need to Know about Anti-spam Law and Opt-outs

Mar 7, 2017
9 Things You Need to Know about Anti-spam Law and Opt-outs

The legal side of anti-spam law is your responsibility. Claiming willful ignorance is a gamble that will not pay off. So what are things you need to consider to avoid falling foul of the law?

Disclaimer: Although this article is designed as a guide to help make sure your email marketing activities comply with the law, do check with current legislation as laws change every day.

In the previous article of this series, 6 Things You Need to Know about Anti-spam Law and Opt-ins, we spoke about the steps countries around the world have taken to protect their citizens from receiving unsolicited emails. Also, what rules, as a sender of commercial email messages, you need to keep in mind when implementing a subscription process.

Today, we will speak about the other side of the coin—­what the law has to say about opting out from your commercial messages.

Even though countries differ slightly when it comes to handling unsubscriptions, what they all have in common is the requirement for the unsubscription workflow to be as easy as possible without any unnecessary barriers along the way.

So, without further ado, let’s jump into the most frequent topics we get asked about when it comes to the unsubscription process.

1. Is it mandatory to provide the possibility to unsubscribe to my commercial messages? 

Yes, as a sender, you are obligated to give the recipients the possibility to opt out from your mailing lists at no cost, easily, and in each advertising email.

This is not only common for countries that have already adopted anti-spam laws, but for countries that are still waiting for one (e.g., Russia or Brazil). If the unsubscription process is not handled appropriately, citizens of countries with no anti-spam laws can rely on laws addressing privacy policies and personal data protection.

2. Which unsubscription mechanism do I need to implement? 

There are plenty of different ways you can adopt to let your users unsubscribe. Any one you decide to go for, make sure that you don’t put any unnecessary obstacles in the way.

The easiest and most user-friendly way is to add an unsubscribe link to each email you send. This link is usually at the end of the email in its footer. You should make sure that after clicking the unsubscribe link, the user is taken to a page confirming they have been successfully unsubscribed.

If unsubscribe links are not a viable option for you, you can provide other ways to unsubscribe. Your email then needs to instruct users on how to proceed. Typical scenarios could be:

  • The subscriber is asked to reply to the same commercial email they got and request to opt out
  • The subscriber is asked to send such a request to a provided email address

Here is an example of an email footer instructing users well on what to do in order to unsubscribe, and in the other, what means of communication not to use.

What may surprise you is that in plenty of countries, you need to make sure that such automatic unsubscribe mechanisms need to be functional for at least 30 days after the email is delivered. Even though broken links and non-functional unsubscribe mechanisms are quiet common, they can result in penalties.

The last thing you should keep in mind is that unsubscription requests coming via other channels or in a non-standard ways need to be processed as well, even though you will have to do that manually—it can be through phone calls or messages sent to email address other than the one provided in the footer of your emails.

3. After clicking the unsubscribe link, can I direct people to a preference center? What information can I ask for before they are unsubscribed? 

Preference pages are in compliance with the law unless they require information other than an email address or opt-out preferences in order for the user to unsubscribe.

In fact, directing users to a preference center after they have clicked the unsubscribe button in the email can be very useful and can help you learn more about why users are unsubscribing.

The following examples can help you understand why a preference center can be so beneficial for your business and marketing team.

  • A preference center will help you understand WHY your subscribers decided to opt out

  • A preference center can be useful if you have plenty of products/services and you want the users to specify which mailing lists they want to opt out from. This way, you are letting the users decide what they want to hear about.

  • A preference center will allow you to change the user’s opinion by offering them a different frequency for sending them commercial emails.

Giving the possibility to change the frequency can help you increase the open and click rate of your emails because the users will feel they are the ones that have decided they want to keep receiving your emails and how often.

4. What about the double opt-out confirmation process? Is it something that is allowed? 

What all anti-spam laws have in common is the requirement for the unsubscription workflow to be as easy as possible without any unnecessary barriers along the way. As long as you reflect this, you are fine to design an unsubscription process that suits your business best.

We can understand the double opt-out in two different ways:

  • The user clicks the unsubscribe link in your email and is redirected to a page where they need to confirm their wish to opt-out. This is a type of unsubscription process that we are all used to, and it doesn’t hurt, as it only makes sure that the user did not hit the unsubscribe button in the email accidentally.

  • Now, let’s look at another way to understand the double opt-out. After clicking the unsubscribe link, the user receives an email with a link that needs to be clicked for the user to be unsubscribed. Enabling this type of double opt-out will add an additional and painful step for the user.

If you decided to go for the second type of double opt-out, just ask yourself: “Am I really doing this because I want to protect users from accidentally opting out or is it because I hope people will not see the confirmation email in their inbox and stay subscribed?”

Even though no law currently prohibits you from implementing such a double opt-out process, it can get you into big trouble and harm your sender reputation. People may start reporting you as a spammer as they may think they have unsubscribed but keep receiving your messages.

5. Can I ask users to log in to unsubscribe? 

Plenty of you know what I am talking about. You click the unsubscribe button in the email and expect to be unsubscribed. Instead of that, you get to a page requiring you to log in… and what if you have forgotten your password? Arrrgh…  So many steps for just one request!

Well, on one side, I get that. Marketers that have implemented this type of unsubscribe process want to be sure that the person that is attempting to unsubscribe is really the person receiving the commercial messages.

Now, requiring users to log in to unsubscribe is very controversial because nobody is really sure whether it complies with the law or not.

Let’s see what the American CAN-SPAM act has to say about this: “…subscribers cannot be required to provide information other than their email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single Internet web page to opt out of receiving future email from a sender.” It seems to me then that, under the US CAN-SPAM act, it is not permitted to require a login to opt out.

On the other hand, there are still plenty of companies that claim there is nothing bad about this, and they are only trying to protect their users. One of the most criticized companies that requires login details as a part of their unsubscription workflow is LinkedIn. Once you click the unsubscribe button under their email, they take you to a page that allows you to unsubscribe from the mailing list that the particular email came from.

But if you want to unsubscribe from all mailing lists (and you click on Manage other email preferences), you first need to log in.

Whether this approach is allowed or not, keep in mind that your task is to make it as easy as possible to opt out as it was to opt in.

6. Do I need to grant an unsubscription request immediately? 

You can look at this question from two different angles—the first one would be from what the law requires you to do and the other one from what is best for the user.

Now, as for international laws, they slightly differ from each other in this matter. Some of them require that you honor the opt-out request within five days (New Zealand, Australia), some of them say that you need to do it no later than 10 days after your received the opt-out request (United States, Canada), and some of them don’t put any timeframe, even though they specify the request should be honored without any delay (Germany, Japan).

Now, let’s have a look at it from the user’s point of view. Imagine a person, let’s call him Paul, that just clicked the unsubscribe button. After he did that, Paul was not (to his surprise) unsubscribed immediately but was taken to the page “Your unsubscription request will be honored as soon as possible.” Now he thinks: “What the heck does this mean? Are they going to do it in two hours? Tomorrow? In one week?” This uncertainty just drives people crazy.

Another thing to bear in mind is that if Paul receives new emails while you are working on his request,  Paul will likely end up very angry and decide to reach out to your customer care team with a complaint. In the worst-case scenario, he may decide to report your emails as spam—this could significantly harm your reputation.

7. Is it necessary to confirm the unsubscribe request by sending another email? 

No, it is not. No international law requires an email confirming the unsubscription to be sent to the email address of the user. It is redundant and can be considered harassment. It should be enough for you to take the user that just unsubscribed to a page confirming successful unsubscription, as this one does:

8. What else should I not forget?  

Apart from a functioning unsubscription process, there are a couple of rules that you need to stick to in regards to the information in your commercial messages. Let’s have a look at them.

Header Information 

  • “From” and “Reply to” fields must clearly identify the person or business that initiated the message
  • You cannot use deceptive subject lines—the subject line should reflect the contents of the email
  • The subject line should not contain spam words, title capitalization, or special characters
  • It needs to be clearly stated that the email the recipient is receiving is an advertisement

Sender Identity 

  • Your message needs to identify the individual/company/product on whose behalf the message is sent

Contact Information 

  • A valid postal address where the sender can be reached by the recipient is required
    • A post office box or private mailbox can satisfy this requirement in some countries (e.g., the United States) but not everywhere (Germany)
  • You should also include a telephone number and/or email address via which the recipients can reach you
  • Under Canada’s anti-spam legislation, to provide the required information, you can use a clear and prominent link to a web page containing this information
  • The contact information should be valid for at least another 30 days (Australia, New Zealand) / 60 days (Canada)

Here is an example of where and how such contact information can be displayed:

9. Do I need to keep a record of those that subscribed to my newsletters? 

For your own good, you definitely should. In case of complaints, you may be asked to present the following information in front of a court:

  • The way the consent was given (single vs. double opt-in, a checked box)
  • In the case of a double opt-in confirmation email, what the contents of such an email was
  • The time of the declaration of consent
  • The IP address of the user that provided the consent

As you can see, there are plenty of things to keep in mind when implementing an opt-out process and handling unsubscription requests. I would recommend that you go through your current unsubscription process and see for yourself how easy or difficult it is for your subscribers to opt out. This will be an eye-opening exercise for you. Are there any unnecessary steps that you can avoid? Have you seen any obstacles that your subscribers may not be able to overcome? Get rid of them! Make the unsubscription process as easy as possible for your subscribers. You never know, they may come back to you again later on.

Disclaimer: The purpose of this article is to provide you with a general overview of anti-spam laws around the world. It should not be interpreted as legal advice. We recommend contacting your lawyers for legal guidance on specific cases.

How thorough are you in your opting-in and out process? Have you received any complaints and what impact did they have on your approach? Do you think legislation is unreasonable or do you think it doesn’t protect recipients enough and why?

If you are interested in the issues that regulations such as GDPR raises, check out how Kentico 11's Data Protection app can make compliance much easier

More by this author

We're sorry, but your browser is currently not supported. Try using our website in other browsers like the new Microsoft Edge, Google Chrome, or Mozilla Firefox.
Should you have any query or want to report any issue, feel free to send us an email to support@kentico.com.