Recently, I have been researching the laws about electronic and direct marketing communications, also called CEMs (commercial electronic messages). There are many countries that do not have laws that regulate the use of these marketing techniques, but it is important to understand how those that do work.
Being an Opt-Ortunist
The first thing to know is whether the jurisdiction you are marketing in requires explicit consent, an opt-in, from a subject (the person you send to) or not. This means they need to check a box, or perform a similar act, allowing you to send this kind of communication. The box cannot be pre-checked as it must be an explicit action for an opt-in to be valid.
Implicit consent is completely different. In fact, many countries allow you to send communications to a subject with which you have a “pre-existing business relationship”. For example, having done a business transaction with the recipient or the simple exchange of business cards may show implicit consent to be contacted for marketing purposes.
Once you know whether you have consent, you can start sending messages.
Content and Consequences
First and foremost, if you requested consent to send marketing materials or have a relationship that currently exists, be sure that your messages are relevant to those requests. Many laws state that you may only send information that is relevant and related to consent given. Make sure that if you are offering additional products or services that you get consent for that as well.
It should be further noted that some laws have very specific requirements for the subject and other content of a message. For example, the Controlling the Assault of Non-Solicited Pornography and Marketing Act (or CANSPAM) in the United States forbids you from using a misleading header or subject line. You might remember a lot of spam in the late 90s had vague subject lines only to be yet another poorly written email for pornography or other products. So if you are selling life insurance, make sure your subject line says that. You also need to be sure to include your company’s information, such as physical address, as well.
Another point is to make sure you offer a form of “opt-out.” This is often as simple as an unsubscribe mechanism. Of course it has to work as these laws also put the full burden of functionality and compliance on the sender.
The Good News
Luckily for us all as consumers, it was recently reported that spam emails in the U.S. are down 50% for the first time in years. It is theorized that the legal repercussions for running a botnet, or large group of controlled machines that malicious users can use to send mass emails, are the major deterrent. Either way, this is great news for consumers.
However, the same reports show a rise in other types of attacks. Still, spam remains a prominent and successful phishing tool for evil doers.
A List of Laws
Since we have discussed all the laws in a general sense, I thought it would be best to show you a list of real laws in different jurisdictions. Below you will find a list of laws from many countries. The links may not be translated. This information is relevant as of July 23, 2015.
Remember always check the law in the relevant jurisdictions before undertaking an CEM effort.