What are the CAN-SPAM and CASL requirements for unsubscribe confirmation pages, preference updates, and email re-entry?

Key findings

• Re-entry discouraged: Both marketers and experts strongly advise against requiring recipients to re-enter their email address on an unsubscribe or preference update page due to increased friction and potential for errors.
• Simplicity is key: The unsubscribe process should be as straightforward as possible, ideally requiring no more than two clicks (one click in the email, one click to confirm).
• Optional choices: Offering options to reduce email frequency (opt-down) or provide a reason for unsubscribing is acceptable, but these must be optional and not impede the ability to fully unsubscribe. There must always be a clear, obvious way to stop all email.
• Legal interpretation: While some legislation might technically allow for requiring an email address (e.g., for older lists), this is considered a poor practice that increases user frustration and complaint rates.
• Security and automation: Unsubscribe links should include authenticated tokens to identify the subscriber automatically, preventing the need for manual email entry and enhancing security.
• Compliance is deliverability: Adhering to legal requirements, and particularly to best practices that prioritize user experience, directly contributes to better email deliverability and helps avoid blocklists.

Key considerations

• Minimize friction: Any additional steps beyond a direct unsubscribe, such as requiring re-entry of an email address, can deter users and lead to spam complaints rather than simple unsubscribes. This is also covered in our guide on whether requiring a login to unsubscribe is legal.
• Clear opt-out path: Always ensure the option to stop all emails is prominently displayed and easily accessible, regardless of other preference options.
• Automate where possible: Leverage automated processes and secure tokens in unsubscribe links to provide a seamless one or two-click experience for the user. More details on this can be found in our article on 1-click versus 2-click email unsubscribes.
• Understand legal nuances: CAN-SPAM Act: A compliance guide outlines requirements, prioritize user experience to build trust and avoid deliverability issues, even if a practice is technically permissible.

Key opinions

• Increase complaints: Many marketers believe that requiring users to re-enter their email address or navigate complex preference centers only increases spam complaints and tarnishes sender reputation.
• Avoid friction: The consensus is to make the unsubscribe process as smooth and frictionless as possible. Adding extra steps, such as asking for email re-entry, is seen as counterproductive.
• Optional choices: Marketers prefer to offer additional choices like frequency adjustments or reasons for unsubscribing as optional steps that don't interfere with the immediate ability to fully opt out.
• Automate data capture: There should be no technical reason to ask for an email re-entry, as the email address (or a hashed version) should be implicitly included in the unsubscribe link through proper tooling setup.
• User focus: Prioritizing the user's desire to unsubscribe is paramount; preventing or delaying this action offers no real benefit to the sender and only harms deliverability.

Key considerations

• Prioritize experience: A positive unsubscribe experience is crucial for brand perception and minimizing spam complaints. Difficult processes can negatively impact your sender reputation and lead to you being placed on a blacklist or blocklist.
• Unsubscribe link best practices: Ensure that your unsubscribe link design and functionality align with best practices, including proper handling of email addresses with special characters (e.g., plus addresses). Our article on email unsubscribe link best practices provides further guidance.
• Process timely: While CAN-SPAM allows 10 days, best practice is to process opt-out requests immediately, ideally within 24 hours. Prompt processing helps in managing email spam complaints effectively.
• Prominent placement: The full opt-out option should be placed prominently on any preference center page, ideally at the top, to avoid frustration.
• Compliance with best practices: Unsubscribe Best Practices provides additional insights.

Key opinions

• Friction increases complaints: Experts highlight that the more difficult or less smooth the unsubscribe process, the higher the likelihood of recipients marking emails as spam, which negatively impacts deliverability.
• Discourage re-entry: While legislation might allow requiring an email address (e.g., for legacy systems), experts strongly advise against it, viewing it as adding unnecessary friction and potentially insecure if not handled with authenticated tokens.
• Token-based unsubs: The preferred method for unsubscribe links is to include an opaque or authenticated token that uniquely identifies the subscriber, removing the need for manual email entry and preventing list dumping.
• Optional choices: Offering opt-down options or optional reason selections is permissible, provided there is always a clear and unobstructed path to a complete unsubscribe without additional mandatory actions.
• No benefit to friction: Experts universally agree that there is no strategic benefit to making it harder for someone to unsubscribe. Such practices only lead to negative outcomes like increased spam complaints and damaged sender reputation.

Key considerations

• Prioritize deliverability: Design unsubscribe processes with deliverability in mind, understanding that even legally permissible friction can trigger spam filters and result in emails landing in the junk folder.
• Implement secure links: Ensure unsubscribe links use secure, non-iterated identity tokens to protect subscriber data and facilitate a seamless one-click or two-click process. This aligns with many of the one-click unsubscribe requirements for Yahoo and Google.
• Clarity is critical: Make the full unsubscribe option as clear and visible as possible on preference pages. ISPs like Gmail and Yahoo are increasingly enforcing unsubscribe requests based on user experience.
• Avoid anti-patterns: Steer clear of anti-patterns such as hidden unsubscribe options or requiring extensive user input, as these actions typically backfire by increasing complaints and leading to blocklists (or blacklists).
• Broader compliance: Email Marketing Compliance Guide.

Key findings

• Clear unsubscribe: Under CAN-SPAM, every commercial email must include a clear and conspicuous mechanism for recipients to opt out of receiving future emails from the sender.
• Timely processing (CAN-SPAM): Unsubscribe requests must be honored within 10 business days of receipt under the CAN-SPAM Act.
• Mechanism availability (CAN-SPAM): The opt-out mechanism must remain active for at least 30 days after the email is sent.
• Consent model (CASL): CASL operates on an opt-in model, requiring explicit consent before sending commercial electronic messages, which includes emails.
• Ease of unsubscribe (CASL): CASL mandates that unsubscribe options be simple, easy to use, and clearly presented. They must also be accessible for 60 days following the message.
• No login requirement: While not explicitly about re-entering an email address, both laws generally prohibit requiring a login or other additional steps that complicate the unsubscribe process beyond a simple request.

Key considerations

• Legal interpretation: While CAN-SPAM allows for some flexibility in the unsubscribe process, it strongly emphasizes a clear and functional opt-out. The FTC provides candid answers to CAN-SPAM questions clarifying many aspects.
• Beyond the minimum: Adhering strictly to legal requirements is a minimum, but ISPs like Google and Yahoo have introduced new requirements for 2024 that often exceed legal minimums for user convenience, such as one-click unsubscribe.
• Simplify user journey: Documentation generally supports simplifying the user journey to unsubscribe. Practices that add unnecessary steps, like requiring re-entry of an email address, contradict the spirit of these laws, even if not explicitly forbidden for all scenarios. The requirements for one-click unsubscribe further underscore this.
• Maintain accessibility: Ensure that the unsubscribe link remains accessible and functional for the entire mandated period (30 days for CAN-SPAM, 60 days for CASL).