CAN-SPAM Rules for Internet Marketers - lace market

CAN-SPAM Rules for Internet Marketers – lace market

Posted on

Marketers who send any form of commercial email as defined by the act will need to comply with CAN-SPAM rules in order to avoid legal consequences. The act was designed to reduce unsolicited commercial messages, sent both as email and to wireless devices such as cell phones. 

There is of course much debate about how effective this law will prove to be in stopping spam. After all, spammers can easily send their messages from email servers located overseas, in locations beyond the effective reach of US enforcement efforts. Many marketers feel that spam will continue flooding us as ever, while legitimate, opt-in marketers, who want to comply with the law, will have to jump through time-consuming and sometimes expensive extra hoops to be able to send email. In fact, many believe that the act will lead to an upsurge in spam regardless, because it seems to be legal as long as it meets the requirements of the act. 

For marketers to comply with the law, they need to follow some simple guidelines provided for in the legislation. Virtually all marketers who run email lists are already in compliance with most of the law. Generally, any business communicating with existing customers or prospects by mail must include in their emails a valid return email address that is active for at least 30 days after commercial email is sent; a physical mailing address, valid and NOT a P.O. Box; and a way for recipients to opt-out of future mailings. In addition, the subject line must not be misleading or deceptive, state in some way the message is an advertisement or commercial in nature, and the marketer must honor opt-out requests. Again, probably none of that is too much different from what you’re already doing, except perhaps for the addition of the physical mailing address. 

If you send mail from one of the online mailing services, chances are they’ve already asked you to make necessary changes to comply with the act. But if you run your own autoresponder, have you remembered to add your physical mailing address so that it will be placed on every email you send out? Have you added it to any one-time messages that you may send from the autoresponder accounts that may be included in your hosting account? Have you added it to any scripts that you have that generate email? 

If you receive any opt-out requests, you must stop sending email to the requesting account within 10 business days. Again, for marketers using autoresponder software, that usually happens immediately, so no worries there. You may also not sell or lease email addresses of those who opt-out of your mailings without their consent. 

Certain email is exempted from the CAN-SPAM regulations. For example, email that is transactional in nature, or that is a “relationship” message, may not be covered. This would include, for example, sales receipts, announcements of product bug patches, change of membership login information, etc. Still, to be safe, it may be best to make sure all of your email communication is compliant. CAN-SPAM is vague about the rules as they apply to existing and inactive business relationships, and when such relationships end. 

Now that you’re aware of the act’s requirements, you’ll want to review every email you send, from every site you own, to comply with the act and avoid the severe civil and criminal penalties for non-compliance. This article isn’t intended to be legal advice – see a professional for that.


With new threats to computer security and data integrity a regular feature of the evening news, a panoply of products that promise to detect, protect, and dis-infect are being marketed to consumers. Intrusion detection systems, firewalls and anti-virus software are critical to online security, but the Federal Trade Commission, the nation’s consumer protection agency, says computer users — from grade school kids to grandparents — need to know exactly why they need online security products and what they’re buying. 

Why the Need
Computers “talk” to each other over the Internet by sending data through their communications ports. If a port is open, it “listens” for communications from the Internet. A computer has thousands of ports: which ones are open depends on the software the computer is running. Hackers can “eavesdrop” or scan the ports to determine which are open and vulnerable to unauthorized access. 

An intrusion detection system (IDS) monitors incoming Internet traffic, much like a security camera “watches” your front door to see who might be trying to come in. When the IDS detects a suspicious pattern, it sends an alert (and creates a record) that an intruder may be trying to break in to your computer. Some IDS alerts — but not all — show a pop-up message on your screen. An IDS alone cannot prevent an unauthorized entry into your computer; only a firewall can do that.

Firewalls block hackers’ access to your computer by creating a barrier — like a wall — between your ports and the Internet that allows you to control the data that comes and goes through your ports. Your firewall protects your ports even if you don’t have an IDS. Sometimes a firewall is bundled with an IDS. If not, and if you want an IDS, be sure it’s compatible with your firewall.

Anti-virus software detects and deletes viruses that are in your computer. Viruses often attach themselves to your computer through email attachments and floppy disks. That means a firewall can’t catch them. Similarly, an IDS won’t alert you when a virus is attacking your computer. Look for anti-virus software that recognizes current viruses, as well as older ones; that can effectively reverse the damage; and that updates automatically.