May 19th, 2017 | by

With email usage worldwide projected to reach 3 billion users by 2020, businesses simply have to continue using email marketing to reach their target audiences.

But it’s not as simple as quickly drafting a messages and hitting “send.”

Read it: What is Spam? The Truth About Cold Email

With laws and regulations surrounding this marketing method, many still don’t understand all the rules and restrictions that surround this platform. Marketers need a reference guide for bulk email compliance as it gets pretty complex internationally. This handy resource will help you navigate CAN-SPAM, CASL, EC Directive, and SPAM Act 2003.

The information provided covers your bases for all English-language bulk messaging in the marketing context.

We’ve tried to break down the rules and legal jargon into something a little easier to understand and help you remain compliant in your email marketing efforts. For the full-on legalese we’ve provided links to the government copy.

Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act of 2003)   


What country does this law effect:

The United States

Permissions, opt-ins, and send context requirements:

Compliance requires that you don’t use false or misleading header information or deceptive subject lines. The message must clearly be identified as an ad, and recipients must have a clear way of opting out of receiving future emails.

Information you must provide:

  • Accurate information in your “From,” “To,” “Reply-To,” and routing information fields. You must identify the person or business who initiated the message.
  • Accurate subject lines, and clear disclosure that the message is an ad.
  • A valid physical postal address.
  • Your message needs a clear and conspicuous explanation of how the recipient can opt out of getting emails from you in the future.

What CAN-SPAM says you cannot do:

Opt-out requests must be addressed within 10 business days. Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act.

Who is responsible for following CAN-SPAM regulations:

If you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.


The Privacy and Electronic Communications (EC Directive) Regulations 2003


What country does this law effect:

The United Kingdom

Permissions, opt-ins, and send context:  

  • You must not send marketing emails or texts to individuals without specific consent.
  • You must not disguise or conceal your identity.
  • You can send marketing emails or texts to companies. However, it is good practice to keep a ‘do not email or text’ list of any companies that object.

Information you must provide:

  • A consent form for individuals to specifically agree to receive emails or texts from you—for example, checking an opt-in box.
  • A clear chance to opt out of getting marketing emails or texts when you collected their details, and in every communication you send.

What the E Directive says you cannot do:

  • Without consent, you cannot use email to send information to individuals.
  • You also cannot send texts, picture messages, video messages, voicemails, direct messages via social media or any similar message that is stored electronically.
  • ‘Electronic mail’ is defined as: “any text, voice, sound or image message sent over a public electronic communications network which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient and includes messages sent using a short message service.”

Who is responsible for following EC Directive regulations:

You can only use purchased email lists if all the people on the list specifically consented to receive that type of message from you. Generic consent covering any third party is unlikely to be enough. You must take it upon yourself to ensure that any list is accurate and the details were collected fairly, and that the consent is specific and recent enough to cover your marketing communications.

Exceptions and exemptions:

You can send emails to previous customers (called the ‘soft opt-in’) if you give them a simple way to opt out both when you first collect their details and in every message you send.

Tip: If you are a Marketing team from the US that markets to the United Kingdom, this law is somewhat similar to our National Do Not Call Registry. However, it includes all electronic communications such as email or SMS mobile phone messages.


Canada’s Anti-Spam Legislation (CASL 2014)


What countries does this law effect:


Permissions, opt-ins, and send context:

To send a commercial electronic message to an electronic address, you need to have the recipient’s consent, identify yourself, offer an unsubscribe mechanism, and be truthful.

Information you must provide:

You need to:  

  • Clearly identify yourself and your organization
  • Include your mailing address
  • Include a contact method (e.g. phone number, email, or web address) for you or the person on whose behalf you are sending the message for

What CASL says you cannot do:

Your messages must not be false or misleading. They must not have false or misleading sender information, subject matter information, URLs and/or metadata.

Who is responsible for following CASL:

Your organization is responsible for receiving consent from your contacts, even with a purchased list. CASL also applies when there is an installation of software or computer programs (e.g. if someone clicks on a link in an email message that causes a program to be installed on the computer). The person installing the program, or causing the program to be installed, must first obtain the consent of the device’s owner.

Exceptions and exemptions:

If the sender and recipient have had direct, voluntary, two-way communications in the past, these communications reveal a personal relationship and is exempt from CASL.


Spam Act 2003


What country does this law effect:


Permissions, opt-ins, and send context:

The Spam Act regulates the sending of commercial electronic messages and prohibits the sending of these messages except in certain limited circumstances. Electronic messages are messages sent by email, text or instant messaging. Only send commercial electronic messages if you have express or inferred consent.

Information you must provide:

Accurate information clearly identifying the person or the business sending the message, and a functional unsubscribe facility.

What the SPAM Act says you cannot do:

Selling fraudulent, illegal or nonexistent goods, services, land, business or investment opportunities via commercial electronic messages is illegal. A person may be liable for both a contravention of the Spam Act and any other Act which they have done this.

Exceptions and exemptions:

Certain messages from the following types of organizations are exempt and do not need consent:

  • Government bodies
  • Registered charities
  • Registered political parties
  • Educational institutions (for messages sent to current and former students)


There you have it, an overview of the CAN-SPAM, CASL, EC Directive, and SPAM Act 2003 laws. As email marketing continues to increase, more and more governing bodies are cracking down on spammers. Every company must take it upon themselves to know and understand all email marketing laws and most of all, remain compliant with their email communications. For more indepth information on any of these laws, click on the respective link to learn more.


Contact data and scoops for the right buyer — at the right time.



We already have deep insights into your target accounts.


About the author