What Nonprofits Must Do to Comply with the CAN-SPAM ACT

Woman at desk overwhelmed with spam email.
Tim Robberts/Stone/Getty Images

Email, in its early days, was like the Wild West. Almost anything happened. 

Fortunately, the CAN-SPAM Act became law in 2004 to cut down on misleading emails.

Since then, email recipients are usually required to opt-in twice, can unsubscribe from lists easily, and receive far fewer emails with deceiving subject lines.

Do you know what CAN-SPAM means? It’s a jaw twister. The full name of this Act is “Controlling the Assault of Non-Solicited Pornography and Marketing Act.” Thank heavens they shortened it!

So what does this have to do with nonprofit organizations?

CAN-SPAM applies primarily to commercial email. But nonprofits might fall under its umbrella if your organization markets products (gift shop items, books, seminars for instance) that people buy. Or if a corporate sponsor is involved with anything your organization sends out by email.

Also, the ACT contains no specific exemption for nonprofits. You too could end up with a big fine should you cross the line.

In practice, we should all follow the CAN-SPAM rules. They have become the best practices for email and work amazingly well.

What a Nonprofit Should Do to Comply with CAN-SPAM

  • Provide a clear and conspicuous notice of the opportunity to opt-out. The notice must be in every email message and must be provided to all individuals receiving the message.
  • Provide a functioning opt-out in every email message, such as a return email address or other Internet-based function. Do not send subsequent offers more than ten business days after a recipient has requested not to receive further emails. If the recipient has opted-out, the sender may not rent, exchange or otherwise transfer or release the email address of the recipient.
  • Provide a valid physical postal address of the sender.
  • If there is a commercial advertisement in your email, you must be clear that the email is an advertisement. Use phrases such as "you might be especially interested in this offer" in the body copy of the email.
  • Provide a "from" line that accurately and clearly indicates the sender. Doing so provides reassurance to supporters and donors that the email is from a trusted organization.
  • Use a subject line that is not misleading as to what is contained in the email.
  • Nonprofits, particularly, should make sure that every subscriber has opted in, preferably twice. That means sending the subscriber a way to confirm their subscription. It’s clunky, for sure, and some people will not manage the second step. Do it anyway. Subscribers are less likely to complain that they never did sign up.

Fortunately, all legitimate email marketing companies (where you can store your list, design email fundraising appeals and newsletters, and send mass emails) are set up to help you comply with CAN-SPAM.

Work with your email provider's requirements and you should be safe. If your email marketer does not require things that follow CAN-SPAM, such as asking for your physical address to put at the end of your emails, find a supplier that will conform. If your provider slips up, you are responsible.

What Does It Mean to "Opt-In"?

It's important for nonprofits to understand "opt-in" to stay out of trouble. There are two kinds:

Express permission - A good example of express permission is when someone gives their email address to you because they want to receive email from you. This most commonly occurs when someone visits your website and leaves their email address in your signup box to receive your emailed newsletter.

Best practice is to send an email immediately and ask the subscriber to verify that they opted-in by replying to that email. 

Implied permission - Examples of this kind of permission would be when a donor makes a gift via your donation page and shares his or her email address with you on that form. Or when you exchanged business cards with each other at an event. 

Whether there is express permission or implied permission, never assume anything. Always make it clear on whatever form is filled out that by leaving an email address recipients are agreeing to receive emails from you. You should do this, for instance, on your donation form or any form that a volunteer fills out on your site. 
There are numerous ways that these types of permission might occur, so think carefully about how you set up forms, sign-up boxes, and handle the exchange of emails at events.

Bloomerang's [GUIDE] When Your Nonprofit Can and Cannot Send An Email has some excellent examples to help you figure out what to do and when.

SPAM May Hurt You Even When You Play by the Rules

Even though your email may comply with SPAM regulations, your email can still end up in those SPAM folders everyone has within their email programs and it could hurt you.

A study from EveryAction (2016) found that the monthly spam rate for email sent by 55 nonprofits was 7.03 percent, The study put a dollar amount on all of that lost opportunity. The study estimated that "every percentage of email going to spam results in a loss of $1,052.64 annually."

When an email from your nonprofit never gets seen, much less opened, the actions you had hoped and planned for so carefully never take place. While email is relatively inexpensive compared with direct mail, it does have a cost. You pay fees to email companies that send the email plus your staff time has been wasted.

Unlike illegal SPAM that is regulated by the government, Email inbox SPAM is created by the very people who signed up to get your email! The EveryAction email study suggests being assigned to the SPAM folder has to do with three things:

  • You haven't made it easy to unsubscribe so the receiver marks your email as SPAM. The cure? Always provide a one-click unsubscribe link in your email.
  • Your email list is out of date. It's tough these days to keep up. People move, change their email program, or just drop off for no apparent reason. The answer? Clean your email list every 6 months or so. If there's no sign of life (opens, responses) from an address, drop it.
  • You're sending irrelevant email. Lack of any kind of engagement means your email does not meet the recipient's expectations when they signed up. Segment your list and personalize more to engage better.


The CAN-SPAM Act Compliance Guide, FTC

The CAN-SPAM Act and You, Idealware.

2016 Nonprofit Email Deliverability Study, EveryAction