What Nonprofits Must Do to Comply With the CAN-SPAM Act

These best practices for email have worked amazingly well.

Sign about junk mail lying across a computer keyboard.
    NuStock/E+/Getty Images

What Is the CAN-SPAM Act?

Email, in its early days, was like the Wild West. Almost anything happened. Fortunately, the CAN-SPAM Act became law in 2003 to cut down on misleading emails. As a result, email recipients are usually required to opt-in twice, can unsubscribe from lists quickly, and receive far fewer emails with deceiving subject lines.

Do you know what CAN-SPAM means? The full name of this Act is "Controlling the Assault of Non-Solicited Pornography and Marketing Act." Thank heavens, they shortened it!

What Does This Have to Do with Nonprofit Organizations?

You might think at first that the law has something to do with those emails that end up in the receiver's spam folder. But that's not the case, although that can be a problem for nonprofits as well.

The CAN-SPAM Act is supposed to deter email that you never signed up for or asked for. It's truly meant to keep the bad guys out of your email box.

Although CAN-SPAM applies primarily to commercial email, a nonprofit might fall under its umbrella if they market products (gift shop items, books, T-shirts, or seminars, for instance) that people buy. Or if a corporate sponsor is involved with anything your organization sends out by email. Although fundraising emails should be exempt from CAN-SPAM, it pays to err on the side of caution.

Also, the Act contains no specific exemption for nonprofits. So, you too could end up with a big fine should you cross the line, even accidentally. In practice, we should all follow the CAN-SPAM rules. They have become the best practices for email, and have worked amazingly well.

What a Nonprofit Should Do to Comply with CAN-SPAM

  • Provide clear and conspicuous notice of the opportunity to opt-out. The notice must be in every email message and must be provided to all individuals receiving the message.
  • Include a functioning opt-out in every email message, such as a return email address or other Internet-based function. Do not require any information other than the email address to unsubscribe. You have ten days to scrub the name from your list, so do not send subsequent offers after that. Furthermore, if the recipient has opted-out, the sender may not rent, exchange or otherwise transfer or release the email address of the recipient.
  • Provide a valid physical postal address of the sender.
  • If there is a commercial advertisement in your email, you must be clear that the email is an advertisement. Use phrases such as "you might be especially interested in this offer" in the body copy of the email.
  • Provide a "from" line that accurately and clearly indicates the sender. Doing so provides reassurance to supporters and donors that the email comes from a trusted organization.
  • Use a subject line that is not misleading as to what is contained in the email. We all want to hook people's attention, but watch out for those "unique" or "catchy" subject lines.
  • Nonprofits, particularly, should make sure that every subscriber has opted in, preferably twice. That means sending the subscriber a way to confirm their subscription. Even though technology makes this easy and pretty seamless, some people will not manage the second step, and you will lose them. Do it anyway. Double opt-in subscribers are less likely to complain that they never did sign up. 

Fortunately, all legitimate email marketing companies (where you can store your list, design email fundraising appeals, newsletters, and send mass emails) are set up to help you comply with CAN-SPAM.

Work with your email provider's requirements, and you should be safe. If your email marketer does not require things that follow CAN-SPAM, such as asking for your physical address to put at the end of your emails, find a supplier that will confirm. If your provider slips up, you are responsible.

What Does It Mean to Opt-In?

It's vital for nonprofits to understand what "opt-in" means to stay out of trouble. There are two kinds:

Express permission - An excellent example of express consent is when someone gives their email address to you because they want to receive an email from you. This most commonly occurs when someone visits your website and leaves their email address in your signup box to receive your emailed newsletter.

The best practice is to send an email immediately and ask the subscriber to verify that they opted-in by replying to that email. 

Implied permission - Examples of this kind of consent would be when a donor makes a gift via your donation page and shares his or her email address with you on that form. Beware of just putting people on your email list because you happened to meet them somewhere. That's not implied permission.

Whether there is express permission or implied permission, never assume anything. Always make it clear on whatever form is filled out that by leaving an email address, recipients agree to receive emails from you. You should do this, for instance, on your donation form or any form that a volunteer fills out on your site.

There are numerous ways that these types of permission might occur, so think carefully about how you set up forms, signup boxes, and handle the exchange of emails at events. 

Ending Up as SPAM Even When Playing by the Rules

SPAM filters do try to catch suspicious emails. Even though your email may comply with SPAM regulations, your email can still end up there. And it could hurt you.

A study from EveryAction (2019) found that the monthly spam rate for email sent by nonprofits was 20.18% in 2018. The study put a dollar amount on all of that lost opportunity. The study estimated that nonprofits lost out on $92.8 MILLION because of spam filters and low deliverability rates.

When an email from your nonprofit never gets seen, much less opened, the actions you had hoped and planned for so carefully never take place. While email is relatively inexpensive compared with direct mail, it does have a cost. You pay fees to email companies that send the email, plus your staff time has been wasted.

Unlike illegal SPAM that is regulated by the government, email inbox SPAM is often created by the very people who signed up to get your email. The EveryAction email study suggests that being assigned to the SPAM folder has to do with three things:

  • You haven't made it easy to unsubscribe, so the receiver marks your email as SPAM. The cure? Always provide a one-click unsubscribe link in your email.
  • Your email list is out of date. It's tough these days to keep up. People move, change their email program, or just drop off for no apparent reason. The answer? Clean your email list every six months or so. If there's no sign of life (opens, responses) from an address, drop it.
  • You're sending an irrelevant email. Lack of any kind of engagement means your email did not meet the recipient's expectations when they signed up. Segment your list and personalize more specifically for better engagement.