What Every Emailer Needs to Know About CAN-SPAM and Email Deliverability


This white paper presents an introduction to the Federal law commonly known as SPAN-CAM, which regulates commercial email. In addition, common problems with delivery of commercial email are discussed, along with methods to increase deliverability.

The Federal CAN-SPAM act became effective on January 1, 2004, establishing requirements for all commercial email messages sent in the United States. If you send commercial email, it is important to understand who is subject to the law and what its specific requirements are.

What email senders are subject to the law?

If you use email to promote your business or inform the public about your services, you are most likely subject to the CAN SPAM act. The law defines a commercial email message as follows:

…any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).

The sole exception to the above is “Transactional” or “Relationship” messages, which are messages between the sender and an existing customer or someone who has already agreed to buy your product or service, the primary purpose of which is to complete the transaction, deliver the product or service, provide warranty or recall information related to it, provide account information, advise of changes in the product or service, or to provide update information or upgrades the customer is entitled to in accordance with the terms of his existing agreement. It’s clear that even if your email is to an existing customer, if its purpose is to promote another product or service or sell the customer something else, that email must comply with the CAN-SPAM legislation.

How much email must you send in order to fall under the law?

While the section of the law prohibiting various fraudulent practices of spammers applies to senders of “multiple commercial electronic mail messages”, and defines that term in various ways as to the various offenses, the section of the law regulating the content of commercial email has no such limitation. According to the letter of the law, if you send a single email to a single recipient and the primary purpose of that email is to promote your product, service, or commercial website, you are in violation of the law if the email does not comply with CAN-SPAM

If an emailing service sends your mail, who is responsible for compliance?

It is you and not the email service that is responsible for compliance. The law defines the sender of the email to be “a person who initiates such a message and whose product, service or Internet web site is advertised or promoted by the message”. And, the term “initiate” is defined to mean “to originate or transmit such message or to procure the origination or transmission of such message…” It’s clear, therefore, that the burden of compliance with the law belongs to the business whose mail it is. Contracting with others to develop or transmit the message does not change that.

Are you prohibited from sending unsolicited email messages?

Unsolicited email messages are messages that are not the result of an “opt in” action by the recipient. CAN-SPAM does not prohibit you from sending unsolicited messages, but must be clearly and conspicuously identified as an advertisement or solicitation.

This conspicuous labeling requirement is why so many emailers opt for an “opt in” approach, because the requirement to label mail as advertising does not apply “if the recipient has given prior affirmative consent to the receipt of the message”. Thus, you do not have to identify your commercial email sent to opt in subscribers as an advertisement or solicitation, but you do have to so identify any commercial email sent to people who have not opted in.

Another concern is the source of the list you use to send mail to recipients who have not opted to receive your email. The law prohibits sending commercial email to any address which the sender knows or should know was obtained by using automated means to “harvest” addresses from websites or online services, or was obtained by using automated means to generate email addresses using combinations of names, letters or numbers.

Subject to those concerns, there is nothing in the law that prevents your sending unsolicited email. Whether your business should send unsolicited email is another issue entirely, and there are compelling reasons to suggest that it should not. In addition to general business reputation issues, your email servers could be “blacklisted” by anti-spam organizations and ISP’s, negatively impacting your ability to successfully get any email you send delivered. These reasons are compelling enough to strongly suggest that any bulk email should only be to recipients who have affirmatively indicated that they wish to receive mail from you, and that you have confirmed that election. We will discuss this topic later as related to deliverability of your email.

What does the law require of your email?

Assuming your email is not sexually explicit and is not fraudulent, compliance with the law is not difficult. Here are the steps you must take:

(1) Your email must include a valid and accurate “From” address and routing information. It must clearly identify the person who initiated the email

(2) You must use an accurate subject line. It must reflect the actual content of the email without misleading the recipient as to the actual content of the email message.

(3) You must clearly and conspicuously inform the recipient that the email is an advertisement, and that the recipient can opt out of receiving any more commercial email from you. The only exception is that mail sent to an “opt-in” subscriber need not state that it is an advertisement.

(4) Your email must include the sender’s valid physical postal address.

(5) Your email must prominently include an unsubscribe mechanism, which remains operable for at least 30 days following the sending of the mail. The unsubscribe mechanism must allow the recipient to unsubscribe from all future email from the sender to the email address unsubscribed. The recipient may be given a list or menu from which to choose the specific types of messages the recipient does and does not want to receive.

(6) You must act upon any unsubscribe requests within ten days.

If you send bulk email that is CAN-SPAM compliant, will it actually get delivered?

Not necessarily. During debate on the CAN-SPAM act, some expressed concern that since the law clearly spells out the steps to be taken to make spam legal, suits from spammers would prevent internet providers and companies from filtering the legal email sent by spammers. That has turned out to not be the case. While there have been some lawsuits against ISP’s by subscribers upset with overly aggressive filtering, the fact is that bulk email filtering by companies and ISP’s is becoming more aggressive and more effective all the time. That’s not likely to change. Last year, it was reported that AOL receives roughly 2 billion email messages a day, of which about 75 percent are blocked, and another 4 to 7 percent are sent to the user’s bulk folder.

ISP email filtering methods are similar to search engine ranking algorithms in that the details are kept secret by the ISP’s, so there’s no definite formula for how to keep your email from being mistaken for spam and discarded by the spam filters. There are, however, a number of steps you can take to increase the likelihood of delivery of your email, and the steps fall into three areas: technical considerations, reputation considerations, and content considerations.

Technical considerations

Email servers and DNS servers must be properly configured to get your email through ISP spam filters. Most if not all filtering includes a Reverse DNS check, to make sure that the connecting IP address actually belongs to the domain it says it does. If your domain has no reverse DNS record, your mail is rejected. There are a number of relatively new technologies (SPF, Sender ID, and Domain Keys) that have one purpose: they seek to authenticate the fact that the sender of an email is who he purports to be. Falsifying the sender’s true identity is a popular tactic with spammers, and these technologies seek to make doing so more difficult. The most basic of these technologies is SPF, which involves only publishing an additional DNS record for your domain which identifies the servers authorized to send email for that domain. It’s an easy and quick process, and millions of companies have now published their SPF records. At least one major ISP (AOL) has already begun using SPF authentication as a part of its spam filtering. If you send email from your own server, your IT Department should be up to date on implementation of these technologies. If you use an email service, they should be handling it for you.

Reputation considerations

ISP filters don’t just rely on analyzing the content of your email as the primary means of determining whether it contains spam. Even if there is nothing in your email to suggest it is spam, your mail will be rejected if the filter’s analysis determines that you are a sender who engages in spam-like practices. Some of the means used are:

  • Blacklists. A number of anti-spam organizations maintain lists of the URL’s or IP addresses of those who have engaged in spam-like behavior, and other organizations build their own internal blacklists, based primarily on complaints. Incoming mail is checked against the blacklists, and if the sending URL matches, the filter can take action ranging from deleting the mail to labeling it as spam and delivering it. If your IP address should make it to a blacklist, there is a good possibility that any mail sent from that IP will be blocked as spam.
  • Whitelists. Large ISP’s including Yahoo and AOL have whitelisting programs that cause your mail to be treated more favorably by their filters if you have agreed to send mail only to those who have opted in to your email, and you agree to abide by other requirements established by them.
  • Bounce rates. A “bounce” is a notification that your message did not make it to the intended recipient. It can occur because the user does not exist at the domain, or the domain does not exist, or that the message was rejected by the server, or other reasons that prevent the email from being delivered. Spammers typically use email lists that are not very accurate and are not updated, and the result is that mail sent by spammers has high bounce rates. Email filters maintain information on the bounce rates of email received, and may “blacklist” senders whose mail has high bounce rates.
  • URL Blocklisting. In addition to using “blacklists” to filter mail coming from certain IP addresses, spam filters examine the links within the content of your message, and see if your email has links to URL’s known to be used by spammers. If it does, your IP may be “blocklisted”, meaning future mail from you will be automatically discarded. A number of the largest ISP’s including AOL, Optimum Online, Hotmail and MSN simply delete email that contains links to blacklisted URLs.
  • User-level filtering. The points above apply to ISP-level email filtering, but it is important to remember that users filter mail as well, via their email client. When someone receives a written mail piece, they have only two choices: read it or discard it. With email they have additional choices: block further email from you; relegate future mail from you to the “junk mail” folder; or worse, complain to the ISP that your email is spam, potentially resulting in your IP being blacklisted.

Content considerations

Finally, email filters look at the content of your email to see if it appears to have characteristics of spam. Some use a weighting method, and block mail scoring above a certain threshold. Others simply delete mail that has spam characteristics. Some of the types of content that can cause your email to look like spam to the spam filters are:

  • Specific words. Spam filters look for specific words that are often used by spammers: things like FREE!, Mortgage, Prescription, Viagra, multiple exclamation points and the like.
  • Attachments. Since attachments are often used for illicit purposes, spam filters tend to view email containing them with suspicion.
  • Non-personalized text. If an ISP receives a large number of messages from your IP and the text of each of them is identical, it’s going to have a strong disposition to discard the messages as spam.
  • Message format. Spam filters tend to be very suspicious of HTML emails that have a lot of images and pretty graphics. Since various types of spam tends to be graphics-heavy, there is benefit in making your email as plain as is consistent with what you are trying to accomplish. And you should remember that some email clients can be set to not display HTML formatting at all. Your HTML email should always contain a plain text alternate version.

Top Ten things you can do to increase delivery rates

Faced with all these obstacles to getting your email delivered, what can you do to help assure your marketing email actually gets to the intended recipient? Email deliverability is a big topic and takes ongoing diligence to monitor and improve delivery. Here are ten steps you can take now, though, to give your email a much better chance of being delivered.

1. Obtain Permission. No matter how legitimate your business or how good your product or service, send only to opt-in subscribers. If you send unsolicited bulk email you are by definition a spammer, and chances are high that you will be so identified and blacklisted. This is so important to maintaining a healthy email reputation that it is generally agreed that a procedure of allowing users to opt-in to your mailing is not in itself sufficient. Your opt-in procedure should at minimum include a confirming email (confirmed opt in) that gives the user the opportunity to change the opt-in election if it was made in error. Most emailers go even further and use a double confirmation process. Using double-confirmed opt in, the subscriber is sent an email which requires him to follow a link to confirm his opt-in election before he is added to the subscriber mailing list. Without a double-confirmed opt in process, a malicious person could subscribe other people’s email addresses and render your email list worthless

2. Protect your Email Reputation. Even if you are careful to send only to opt-in subscribers, it is important that you not let your URL become associated with those of known spammers by implication. For example, if you send an email newsletter that accepts advertising, just having a suspect URL in an advertisement in your newsletter could result in your URL being “blocklisted”. Make sure you know your advertisers are not spammers

3. Ensure CAN-SPAM compliance through the use of “template” emails. Complying with the CAN-SPAM legislation is not difficult, but the detailed tasks of designing compliant reliable unsubscribe links, clear identification of the sender and subject matter and other requirements should not have to be repeated anew with each new email campaign. Use an email system that allows these features to be incorporated into email “templates” that can be used as the basis for future email of a particular type. A template email system will ensure not only a consistent graphics approach, but a consistent and recognized sender name and consistent “branded” subject lines.

4. Maintain your subscriber lists. Approximately one third of the average email list changes each year due to address changes. Just compiling a double opt-in mailing list for your email is not the end of the process. Your email should contain a link that users can click to access a profile page on your website that lets them change email preferences, report email address changes, and subscribe/unsubscribe to your various mailings. In addition, your system should promptly process bounced email, to prevent repeated attempts to send email to bad addresses.

5. Monitor user response to your email. Your email system should make it quick and easy to monitor bounce rates, open rates, and response rates for your email campaigns. Closely monitoring this information is vital for detecting problems with not only deliverability but the quality of your content.

6. Personalize your email. By sending email messages individually personalized for the user, not only is your email less likely to be filtered as spam, but the more appealing the email will be to the user, and the less likely it will be regarded by the recipient as spam. Your email program should provide a simple and easy-to-use method to insert any information from your user database into individual email messages sent to that user.

7. Choose the correct message format. Spam email typically uses HTML formatting, and for that reason spam filters are somewhat more suspect of HTML formatted email than plain text email, resulting in somewhat higher delivery rates for plain text email. That probably does not mean that you should avoid HTML email altogether; the advantages of being able to send an attractively formatted newsletter vs. a plain text version, for example, probably outweigh the increased possibility of it being filtered. But where there is no particular need for HTML formatting, choose plain text. When you do send an HTML email, your email system should allow you to include an alternative plain text version, and you should always use that option. If a plain text alternative is not sent, users who have configured their email clients to display only plain text will receive a jumble of text and formatting codes instead of your carefully designed email. With viruses running rampant, most email users have become wary of attachments. Your document is much more likely to be read if your email provides a link to the document on your website. Modern content management systems will provide you opportunities to use web content for multiple purposes; e.g. the same press release document you send to news outlets should serve as web content and newsletter content.

8. Avoid suspicious words and phrases. You may have perfectly legitimate and non-spam-related reasons for using words and phrases like “FREE!”, “low mortgage rates”, and even “Viagra” in your newsletter, but if you do, your email looks more like spam and is more likely to be filtered. Try to avoid “suspicious” content such as overly promotional phrases, capitalized text, exclamation points, and other text often used by spammers. If your business is discount-driven and you absolutely have to include potentially troublesome text, consider putting the text into image-based content. Using images instead of text has its own problems: the file size will be larger, and many email clients are set to block the download of images. But it’s potentially a way to include words that would otherwise get your newsletter filtered.

9. Proof and test your messages. Establish a small “test list” of addressees to whom you can send newly developed mailings before going “live” with your campaign, and if possible solicit their feedback on your mailing. Only a test mailing will make some potential problems such as bad image paths and incorrect variables obvious. If your test list includes recipients using various ISPs and various email clients, monitoring the results of your test mailing will alert you to potential deliverability and viewability problems.

10. Don’t forget user-level filtering. Finally, you must remember that the final and most effective filter is at the user level. You can follow all the suggestions above and get your email delivered to the user, only to have him or her consider it spam and delete it unread, or worse, block future email from you, or worst of all, complain to his ISP.

  • Don’t misrepresent what the user is going to receive when he subscribes to your mailing. If the user is expecting an informative newsletter and gets mostly advertising, there’s a good chance he’s going to consider it spam.
  • Use a consistent and recognizable “From” address. Template emails make this easy.
  • Ask to be added to the user’s address book. Different email clients have different terminology: “People I know”, “Safe Senders”, or just address book. But if your recipient adds your address there, it’s less likely your mail will be identified as junk email. Your email can contain a short paragraph reminding the recipient that he subscribed to your newsletter and ask to be added to the address book to ensure he receives future editions.
  • Provide relevant, current, valuable content. Your email program should let you easily capture news releases, product announcements, and other content from your website, and include it, or a link to it, in your newsletter. In addition, your email program should provide efficient workflow and routing tools to eliminate bottlenecks and delays in the process from design to approval to sending of a campaign.
  • Monitor response to improve your mailing. Even with deliverability concerns, email provides one tremendous advantage over other types of marketing communication: with a good emailing system, you can tell at a glance how many people your message reached, how many read it, and how many acted on it. Use this information to your advantage to develop compelling messages. Establish benchmarks for deliverability rates, open rates, click-throughs and conversions. When a particular campaign falls short in any of those areas, find and remedy the reasons. You’ll soon find the best subject lines to get your mail opened, and the best way to present your message to get results.