Email marketing laws

Good email practice boils down to setting clear expectations. If someone is on your list they should know exactly what they’re going to receive and why, who it’s coming from, and how often to expect it.

If you send someone an email, and they don’t know why they got it, they can hit the spam button. If they do Gmail, Outlook and Yahoo pay attention. They will listen to a user over a marketer any day of the week.

Legality and permissions aside, we’re talking about deliverability here. Just because you send an email does not mean that it will land in someone’s inbox. Deliverability is not the same as a bounce rate. If Gmail thinks your email is spam, they might just not deliver it. They don’t report back to you either, there’s no bounce back, they just don’t deliver it.

According to Jessica Best (I’ll link in her amazing course on Email Marketing at the end), in the US, what we see on average deliverability is about 85%. About 5% or 6% go to a spam folder, and the rest of it just goes missing entirely. So whether or not the following laws apply to your it is in your interest to follow them

Let’s say you’re setting up a new newsletter for your SaaS business and you fully intend to follow the law, here’s what you have to do to make sure everything is above board:

  1. You must accurately identify yourself and who the email is from.
  2. You must have a functional opt-out mechanism.
  3. You must add a physical address to your emails. The reason being that people need to be able to opt out without clicking on a link. If you get dangerous-looking spam and you don’t want to click on any links you always have the option to write a letter to opt-out of any email marketing.
  4. Your message and subject line must not be deceptive in any way. This means that the subject line must accurately reflect the content of the message. If your email is an advertisement you must disclose this clearly and it all has to be in plain language. If you promise something in the email and don’t deliver that is just fraud. For example, if you say you’ll compensate or reward people for taking some action and have no plan to follow through. There is zero grey area here, this is straight-up illegal.

These are all US rules based on the CAN-SPAM act. The last one is actually from the Federal Trade Commission. I will include links to all of these sites at the end of the post.

The US has some of the most relaxed laws when it comes to email marketing. The law is literally called CAN-SPAM. You can spam anybody you want until they tell you to stop.

In the US, the only people who can take action are inbox providers like Gmail. They take action on mass on behalf of the folks that use their service for their email. On the other hand, Canadian anti-spam legislation allows individual citizens to take action.

With CASL you must explicit permission to send an email to someone on your list. No pre-check checkboxes and no automatic opt-ins. You have to have affirmative consent to email somebody.

The kicker is that anyone in Canada can invoke CASL. Not just Canadian citizens. Anybody who’s in Canada at the time of receiving your email. If someone reads your email in Canada, technically, you are required to follow the laws of CASL.

Similarly, GDPR is for people in the European Union. Again, this is about where your readers are, not where your company is. If your company sends emails to people in Europe you are subject to GDPR law.

If you want to comply with all of these laws the trick is to explain how someone’s email is going to be used when they signup. This means everything should be clear right before someone presses the submit button where they give you their email address.

You have to use plain, concise, intelligible, transparent language that is easily accessible. No sneaky jargon and you can’t obscure important details on a hidden privacy policy page.

The scary bit for businesses is that under GDPR law an individual subscriber can request all of the data that you have on them and ask to be forgotten. This can be
tough because you don’t always know where all your consumer data is. If somebody asks to be forgotten, you must be able to comply in 30 days.

Fortunately requesting to be forgotten is not the same as unsubscribing. Unsubscribing just means they don’t want to receive marketing emails. You can still keep someone’s details on your database after they unsubscribe, provided they are marked as ‘do not mail/email/market’. In most cases, you need to keep someone’s details so that you don’t accidentally add them back to your through another channel.

The last thing I think I’ll cover in this primer is that you can’t deny people goods or services or charge them different prices, based on the profile data you collect. For example, if you live in a higher income zip code, you can’t charge people more based on the zip code data. Or if people live in other zip codes, you can’t deny a sale just because they live in lower-income zip codes.

I think I’ve now covered the most important fundamentals here. I’m still learning about this stuff so if I’ve got any of it wrong please let me know.

If you’re interested in learning more, here are all of my primary legal resources around permissions and data: