Is CAN-SPAM Now Meaningless?
The US’s anti-spam law, The Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act, was passed way back in 2003. That was well before much stronger anti-spam laws were passed in other countries, most notably CASL in Canada and GDPR in the EU, which have set email marketing standards for multinational American brands. But more importantly, CAN-SPAM was passed before mailbox providers upped their spam filtering game so much that they effectively eradicated traditional, malicious spam.
With spam almost entirely blocked before reaching even consumers’ spam folders, much less their inboxes, consumers were left with a Report spam button that they didn’t quite know what to do with. With no malicious messages they didn’t request from unknown senders to report as spam, consumers started using the Report spam button to complain about other messages. For instance, they used it to nix unwanted emails from brands they knew—and even to banish emails they gave brands permission to send to them.
Of course, that’s just one way in which mailbox providers have led the way on fighting spam and, indeed, establishing the rules of engagement for email marketers. Last month, for instance, in an unprecedented collaboration, Google and Yahoo released joint email standards on authentication, spam complaint rates, and more that go into effect in February 2024.
That announcement made one of my colleagues ask, “I wonder what the FTC thinks about this?” Of course, as private businesses, mailbox providers are allowed to set higher standards. But as I thought more about everything major mailbox providers have done, I asked a different question: Is CAN-SPAM now meaningless?
Let’s answer that question by exploring the core tenets of CAN-SPAM and what the major inbox providers require of senders.