Summary
CAN-SPAM and CASL regulations necessitate clear, easily accessible, and frictionless unsubscribe mechanisms in commercial emails. Unsubscribe requests must be honored within 10 business days. CAN-SPAM's mechanism must be active for 30 days post-transmission, while CASL requires 60 days. While some legislation might allow requiring email address entry for older lists, it's strongly discouraged. Using secure tokens in unsubscribe links is critical to prevent unauthorized list manipulation. Offering preference centers as alternatives to complete opt-out is beneficial, provided a clear unsubscribe option is also available. Unsubscribes should apply globally. CAN-SPAM primarily targets commercial messages. Failing to comply can lead to significant penalties and damage sender reputation. CASL applies to Canadian residents, regardless of sender location. Ensure the unsubscribe process is simple, free, and avoids 'dark patterns'. Regularly update subscriber lists.
Key findings
- Easy Unsubscribe: Unsubscribing must be simple, preferably one-click, to reduce friction and complaints.
- 10-Day Rule: Unsubscribe requests must be processed within 10 business days under both CAN-SPAM and CASL.
- Mechanism Duration: CAN-SPAM requires unsubscribe mechanisms active for 30 days; CASL requires 60 days.
- Secure Tokens: Use secure tokens in unsubscribe links to prevent unauthorized list manipulation.
- Preference Centers: Offering preference centers as an alternative to complete opt-out can reduce unsubscribes.
- Global Unsubscribe: Unsubscribes should apply globally across all email types.
- Commercial Focus: CAN-SPAM primarily targets commercial messages.
- CASL Scope: CASL applies to commercial emails sent to Canadian residents, regardless of sender location.
- Avoid Re-Entry: Re-entering email addresses for unsubscribing should be avoided if an authenticated token is used.
Key considerations
- Legal Penalties: Non-compliance with CAN-SPAM and CASL can lead to significant fines and legal consequences.
- Sender Reputation: Failing to respect unsubscribe requests damages sender reputation.
- Third-Party Compliance: Ensure third-party email marketing vendors also comply with CAN-SPAM and CASL.
- Subscriber Consent: CASL requires either express or implied consent; unsubscribing revokes implied consent.
- List Hygiene: Regularly update subscriber lists to remove unsubscribed recipients to avoid penalties.
- Transparent Practices: Employ transparent unsubscribe practices, avoiding 'dark patterns' that trick users into staying subscribed.
- '+' Tag support: Make sure to implement '+tag' support in the email address logic
- Commercial emails: Make sure the email meets the requirements for commercial emails
What email marketers say
14 marketer opinions
CAN-SPAM and CASL regulations mandate clear and easily accessible unsubscribe mechanisms in commercial emails. These mechanisms must be honored promptly (within 10 business days under both laws), be functional for a specified period (30 days under CAN-SPAM, 60 days under CASL), and not require excessive steps or re-entry of information. Best practices include providing a one-click unsubscribe option, making the unsubscribe link obvious, avoiding dark patterns, and offering preference centers as an alternative to complete opt-out. Compliance is crucial for maintaining a good sender reputation and avoiding penalties.
Key opinions
- Easy Unsubscribe: Unsubscribing must be simple, ideally with a one-click option to reduce friction and complaints.
- Time Limit: Unsubscribe requests must be processed within 10 business days under both CAN-SPAM and CASL.
- Preference Centers: Offering a preference center where users can manage their subscriptions can reduce the number of complete unsubscribes.
- Global Unsubscribe: Unsubscribes should apply globally to all email types unless the user specifically chooses to manage preferences.
- CASL Scope: CASL applies to any commercial email sent to a Canadian resident, regardless of where the sender is located.
- Data Integrity: Ensure email addresses with '+' tags are properly handled during the unsubscribe process.
Key considerations
- Subscriber Rights: Respecting subscriber rights and preferences is essential for maintaining a good sender reputation.
- Legal Compliance: Failure to comply with CAN-SPAM and CASL can result in significant fines and legal consequences.
- Third-Party Compliance: If you hire a third party to handle email marketing, ensure they also comply with CAN-SPAM and CASL.
- Preference Updates: Do not require any action beyond visiting a webpage, entering an email address and taking a single action (clicking a button).
- List Hygiene: Regularly update subscriber lists to remove unsubscribed recipients.
- Transparency: Avoiding dark patterns and ensuring transparency in the unsubscribe process build trust.
Marketer view
Email marketer from Email Geeks explains that the harder it is to unsubscribe, the more complaints you will get. Having to re-enter the email address adds too much friction.
1 Jan 2023 - Email Geeks
Marketer view
Email marketer from Zoho states that under the CAN-SPAM Act, it is crucial to monitor what others are doing on your behalf. You're responsible for ensuring that anyone you hire to handle your email marketing complies with the law. Therefore, make sure they comply with all unsubscribe requirements.
1 Apr 2022 - Zoho
What the experts say
5 expert opinions
Experts emphasize the importance of straightforward unsubscribe processes in compliance with CAN-SPAM and CASL. While legislation might allow for requiring an email address to grandfather old lists, it's highly discouraged. An unsubscribe link should include a secure token to prevent unauthorized subscription modifications. Offering options to opt-down instead of out is acceptable, provided there's a clear option to stop all emails. Requiring more than a single click to unsubscribe is not permissible. CAN-SPAM mainly targets commercial messages. One-click unsubscribes are crucial, with a focus on minimizing friction to protect sender reputation and avoid deliverability issues.
Key opinions
- Discouraged Practice: Requiring email address entry for unsubscribing is discouraged, even if legally permissible for grandfathered lists.
- Security Tokens: Unsubscribe links should include secure tokens to prevent unauthorized modifications.
- Opt-Down Options: Offering opt-down alternatives is acceptable as long as a clear 'stop all emails' option exists.
- Single Click: CAN-SPAM focuses primarily on commercial messages and should not require more than a single click to unsubscribe.
- Commercial vs. Transactional: CAN-SPAM's unsubscribe requirements mainly apply to commercial emails, not transactional ones.
- Minimize Friction: Easy, one-click unsubscribes minimize friction, protect sender reputation, and improve deliverability.
Key considerations
- Token Security: Ensure the identity tokens used cannot be iterated through to dump your entire list.
- Intent: Assess your intent with requiring any further information to unsubscribing.
- Message Type: Determine if your message qualifies as a commercial email.
- One Click Emphasis: Offer a clear 'stop all email' button, preferably at the top, and easy unsubscribing to protect sender reputation.
- User Experience: Ensure it is clear the user experience for unsubscribing is of a good quality
Expert view
Expert from Email Geeks shares that offering to let people opt-down instead of out is fine as long as there’s a clear “stop all email” option. Asking for an optional “why did you unsubscribe” is fine, requiring it isn’t. You CANNOT require any action beyond visiting a web page, entering an email address and taking a single action (click the button). You SHOULD NOT require entering the email address.
9 Feb 2022 - Email Geeks
Expert view
Expert from Email Geeks mentions legislation allows requiring the email address to grandfather in old mailing lists with static unsubscribe pages but advises against it. If you don’t include an opaque or authenticated token in the unsub link, others can modify subscriptions if they know the email address. Asking for the email address when you have a token means you’re either incredibly incompetent or just being a dick about it.
9 May 2024 - Email Geeks
What the documentation says
5 technical articles
Both CAN-SPAM and CASL mandate clear and conspicuous unsubscribe mechanisms for commercial emails. CAN-SPAM requires honoring opt-out requests within 10 business days, with the mechanism active for at least 30 days. CASL also requires processing unsubscribe requests within 10 business days, but the mechanism must remain functional for 60 days. The process must be simple, free of charge, and shouldn't require logins or extensive personal information. Regularly updating subscriber lists and ceasing communication with those who have unsubscribed is vital to avoid penalties.
Key findings
- Opt-Out Clarity: CAN-SPAM mandates a clear and conspicuous explanation of how recipients can opt out.
- 10-Day Rule: Both CAN-SPAM and CASL require honoring unsubscribe requests within 10 business days.
- Mechanism Duration: CAN-SPAM: mechanism active for at least 30 days. CASL: mechanism active for at least 60 days.
- Simplicity: Unsubscribe processes must be simple, free, and not require logins or excessive data.
- List Hygiene: Regularly update subscriber lists to remove unsubscribed recipients.
- No Cost: There must be no fee to unsubscribe.
Key considerations
- Penalties: Continuing to email those who have unsubscribed can lead to significant penalties.
- Jurisdictional Scope: Understand whether CAN-SPAM, CASL, or both apply to your email marketing activities based on recipient location.
- Accessibility: Ensure the unsubscribe mechanism is easily accessible and usable for all recipients.
- Prompt Action: Prioritize prompt processing of unsubscribe requests.
- Process Visibility: Ensure unsubscribe mechanisms set out clearly and prominently.
- Commercial emails: Ensure the email meets the requirements for commercial emails
Technical article
Documentation from Federal Trade Commission explains that the CAN-SPAM Act requires a clear and conspicuous explanation of how the recipient can opt out of receiving future emails from you. The process can be by a return email address or another internet-based way. Also, the sender must honor opt-out requests promptly, within 10 business days, and the mechanism must be active for at least 30 days after transmission.
31 Jan 2025 - Federal Trade Commission
Technical article
Documentation from Canadian Radio-television and Telecommunications Commission specifies that the unsubscribe mechanism must be set out clearly and prominently, and be easy to use. The recipient shouldn't have to pay a fee, and the unsubscribe request has to be processed within 10 business days.
25 Jun 2021 - Canadian Radio-television and Telecommunications Commission
Are re-engagement email subject lines and practices deceptive and how should you deal with engaging with old leads and unsubscribes?
Are unsubscribe links in cold emails beneficial or harmful?
Can hiding an unsubscribe link that directs users to a login page cause deliverability issues?
Do commercial emails in the USA and Canada require a physical address?
Do email marketing opt-outs ever expire?
Do email unsubscribes negatively affect sender reputation?
