CAN-SPAM is an acronym that stands for Controlling the Assault of Non-Solicited Pornography and Marketing Act. It was a law passed in 2003 by the United States government to help protect consumers against two things:
- Before this act, there was a gigantic prevalence of adult content that was being proliferated via email in an unsolicited manner. People who weren't subscribing to adult sites were unknowingly being added to a list and started receiving “naughty” emails. And of course, the last thing anyone wants is for their seven-year-old to walk in as an email comes up on your screen with adult content.
- CAN-SPAM also put parameters around what companies are required to comply with in regard to unsolicited email messages.
Prior to the enactment of CAN-SPAM, you could say that internet marketing was like the Wild West. It was before the days that large inbox providers like Google, Yahoo, and Hotmail had sophisticated rules for managing what we now call “junk mail.” Furthermore, there were no stipulations or penalties around what would traditionally be considered as false advertising (think: the Nigerian Prince who’s looking for a small loan). Consumers had no way of knowing who was sending these messages because there was no requirement to identify yourself from a legal perspective.
These days, because of CAN-SPAM and other regulations like it, there are fines and other punishments for sending intentionally disingenuous or misleading marketing messages.
The U.S. was one of the first to come out with a national standard around these regulations, but we've been largely left behind in that space and CAN-SPAM really doesn't do that much to control it in the modern world.
For example, GDPR (General Data Protection Regulation) poses a tougher set of standards on how, what, or when you can email. More recently, Canada implemented CASL (Canada’s Anti-Spam Law) with stricter standards than CAN-SPAM.
One thing CAN-SPAM doesn’t do is provide regulation for aging out email addresses. For example, if a company collected an email address from a customer or prospect more than 10 or 20 years ago, you can still send freely to that email address as long as you comply with the other mandates of CAN-SPAM.
Other regulations like GDPR and CASL are stricter regarding aging out email addresses. This is loosely referred to as, “the right to be forgotten.” So if you haven't specifically opted in or you don't have a specific business relationship transactionally, both of those regulations have stipulations where the organization cannot email you unsolicited email. CAN-SPAM, on the other hand, doesn't have any existing business relationship or EVR requirements. There's no timetable on how long since a customer's last transaction you can email them.
CAN-SPAM does not have any provisions for text messages or for phone calls other than emails that are sent to mobile devices.