Why Popular Tools Aren't Enough for CAN-SPAM Compliance

We all have seen increased sales and marketing emails in the last few months with the rise of AI. Although we are becoming numb to such emails/messages, most emails do not follow regulations like the CAN-SPAM Act of 2003 when they blast thousands of users.

For some of us who do not know about the CAN-SPAM Act, it’s “Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003.” FTC has developed a set of rules for businesses that are using emails for commercial emails that give recipients the right to have you stop emailing them. As per FTC, “Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $51,744, so non-compliance can be costly. But following the law isn’t complicated”, so if you are emailing 100s of folks, you must follow CAN-SPAM otherwise most of the marketing budget or Seed/Series A money might end up going to regulators.

Thanks for reading Priyank’s Newsletter! Subscribe for free to receive new posts and support my work.

For all the risk-takers who think that the FTC language is not scary enough. They should read about the?FTC charges against Experian?for $650,000 when they sent a misleading marketing email stating that it “Contains important information about your account” and forgot to add an opt-out button.

The CAN-SPAM rules are straightforward to follow. Here is the high-level checklist to make sure an email is compliant with the CAN-SPAM Act

• Always include a clear and conspicuous opt-out mechanism in every email.
• Honor opt-out requests promptly (within ten business days).
• Include the sender's valid physical postal address in every email.
• Use accurate "From," "To," and "Reply-to" information that identifies who is sending the message.
• Use subject lines that accurately reflect the content of the message.
• Identify the message as an advertisement unless the recipient has given prior consent to receive it.
• Monitor the compliance practices of companies you've hired to manage your email marketing.
• Implement a robust review process involving engineering and legal teams before launching automated campaigns.
• Regularly audit your email marketing practices to ensure ongoing compliance.
• Stay informed about updates to the CAN-SPAM Act and other relevant regulations.

The startup founders’ and industry leader’s responsibility is to enforce a culture where the team follows these regulations. However, after talking to many founders and advertisers, I realized most of us depend on email tools (like MailChimp, SendGrid, OneSignal, etc.) to guide us in making email complaints and follow all the regulations.

Unfortunately, most of these tools are not sophisticated enough to capture all aspects of CAN-SPAM regulation. For example, all these email providers will let you add an “opt-out” or “unsubscribe” button by default and let you add the address in the footer, but they won’t check the correctness based on the context of the email.

Here are a few examples of existing tools and how they are tackling CAN-SPAM

SendGrid

SendGrid is one of my go-to APIs for sending emails, but it has happened countless times when APIs do not have enough validation, and I have ended up sending emails without the correct address. For instance, here is an example copied from an official Sendgrid video.

One Signal

One Signal does provide an option to add an unsubscribe button. Still, it asks the user to follow regulations and delegate responsibilities to users to ensure they follow all the rules. Here is an example: you can email everyone who has unsubscribed, which increases the possibility of misusing this feature by marketers (or someone who wants to spam).

There are many more such tools, and none cover end-to-end CAN-SPAM compliance; they rely mainly on the users to send complaint emails.

In such cases, the engineering and product teams step in to ensure they are working with legal and compliance, sending emails that are correctly categorized as marketing or sales emails, and following the CAN-SPAM Act correctly. In the past, I have set processes across the team to ensure we review and follow all regulations correctly; some of the learning and improvements we made at Stilt/Onbo/JGW can help others.

• Develop an engineering culture where they understand compliance and use it daily.
• Set up a process where the compliance/legal team reviews all copies on the website or in email. For example, update your JIRA template to have a compliance review step and have the compliance team follow it.
• We have monitoring and oversight in place. That is, we audit and review website content and email regularly to ensure we did not make any mistakes; if we did, we have a plan to rectify them.

I understand that with the current culture of “Move fast, breakfast,” it becomes challenging for the engineering team to follow and be constantly updated on compliance. That’s why I think there is a need for a tool that can automatically catch such compliance errors, ideally preventing them from happening or letting the compliance team know there has been an issue they need to look at urgently, short of “Compliance On-Call.”

The good news is that with the advancement in AI, not only can we send thousands of automated emails, but we can also build tools that can help to catch these errors very fast and prevent us from paying hundreds of thousands of penalties. In the last few days, I have built such a tool and ran it over all the emails I have received in the previous few months. Here are a few examples; as you can see, with the tool, I could parse through content and identify issues with the email (e.g., no opt-out method, no address). Most of these emails come from individual sales representatives who are either unaware of CAN-SPAM or are ignoring it.

This email is from Cloudflare, and as you can see on the right side, the tool can identify all the errors in the email.

Similar here is another example from Flyhome

and, last but not least, Podsap.com, clearly, email written with AI agent is the winner here

We will eventually need such a tool to identify errors in email sending, marketing, websites, and other aspects of the business. Hopefully, after this, we will get more complaint emails, making it easy for us to opt-out.

This article was originally published on Substack.