Three CAN-SPAM Myths: CAN-SPAM is the US Federal Anti-spam law. If you're sending commercial email in the US, or you're a savvy spam filterer, you probably already know a bit about the law. But, did you know these specific points? Here are three common myths that I have run into, where people misunderstand what CAN-SPAM does or doesn't do.
Keep in mind I'm not a lawyer, and this is not legal advice.
Today in my third of three posts in the series, I'll address CAN-SPAM Myth #3: That password protecting the unsubscribe page is acceptable.
Have you ever received an email advertisement, where you click on the unsub link, and then it says, please enter your username and password to continue? Did that upset you? Yeah? It appears that the FTC doesn't like it all that much either. They clarified this point specifically in May, 2008: Senders may NOT require that somebody login before they can unsubscribe.
The FTC explains: As proposed and adopted here, Rule 316.5 provides: "Neither a sender nor any person 239 acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient's electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic message or visiting a single Internet web page, in order to: (a) use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or (b) have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4)."
In the commentary associated with the May 2008 rule updates, they affirm that this rule now stands. In short, a sender cannot require that a recipient take any other step beyond sending a reply email message, or visiting a single web page. Period. End of story.
(Note that this applies specifically and only to commercial messaging.)