Anti-spam compliance in email marketing

When you engage in email marketing, bulk mailing or send email campaigns there are some legal issues that you should be aware of.

Understanding the laws

There are several laws in place that govern how businesses can use email marketing. In the U.S., the CAN-SPAM Act sets the rules for commercial email, establishes requirements for commercial messages, and gives recipients the right to have businesses stop emailing them. In the EU, the General Data Protection Regulation (GDPR) has strict rules about how businesses can collect, store, and use personal data, including email addresses. Understanding these laws and how they apply to your business is the first step to compliance.

Disclaimer: since we are not lawyers the following information should be regarded as indicative. Laws vary by country. Therefore if you have any specific concerns about your compliance status or other law requirements we advise you to consult with a lawyer who’s familiar with your country's legislation.

Obtaining consent

Both the CAN-SPAM Act and the GDPR require businesses to obtain consent from individuals before sending them marketing emails. This means businesses must clearly ask for permission and cannot send unsolicited emails. Managing consent can be a challenge, especially for businesses with large email lists. Consider also that in some countries there is a distinction between implicit and explicit consent.

nuevoMailer has an opt-in verification system. Also called confirmed opt-in or double opt-in. The subscriber's IP address and time of confirmation are recorded.

Being transparent

Businesses must be transparent about who they are when sending emails. This means clearly identifying your business in the email, disclosing your physical address and not misleading recipients in any way. This includes the content of the email, the subject line (avoid clickbait tactics), and even the email address you send from.

  • The full and valid physical postal address of the sender must be included in every email message.
  • The subject line must describe the nature and the content of the email.
  • Subject lines must not be deceptive.
  • The "from" line should display the business name or the sender's name and it should not be a marketing buzzword.
  • A reply address that will be active for at least 30 days after sending the email must clearly exist.

Providing clear opt-out options

Both the CAN-SPAM Act, GDPR and practically every similar legislation that exists require businesses to provide a clear and easy way for recipients to opt out of future emails. This typically involves including an "unsubscribe" link in every email. Once someone has opted out, businesses must honor this within a certain time-frame.

nuevoMailer offers automatic opt-out mechanisms for your subscribers with a one click instant opt-out. In addition it offers the option to snooze / suspend emails for a time period and to ask your subscribers why they opt-out. All opt-outs are recorded in detail and they can be used as filters to prevent you from accidentally importing again subscribers who have opted out.

Keeping records

To prove compliance with these laws, businesses must keep records of consent and all email communications. This can be a logistical challenge, especially for small businesses without dedicated legal or marketing teams.

nuevoMailer keeps detailed records of the subscriber's IP and the time at opt-in, opt-out and verification steps.
In the context of GDPR it also has a setting (number of days) when all traces of a subscriber will be removed also from the opt-outs table.

International considerations

If your business operates internationally, you must comply with the email marketing laws in each country you operate in. This can be complex and time-consuming, as laws vary greatly from country to country. For example, a US entity sending emails to a European union based entity must comply with GDPR. Similarly an EU-based entity must comply with  the CAN-SPAM Act when emailing entities in US.

Can we still do cold mailing?

Basically it is still permitted under GDPR and CAN-SPAM Act but there is a fine print, some considerations and of course differences between these two laws. For example,
You can email those who may have a legitimate interest in hearing from you and they may be interested in your products or services.
At the same time disclose where / how you obtained the recipient’s email address (or other data) and how you will use it. Businesses or other entities publish their emails in their websites, social media or similar.
Provide a clear opt-out mechanism.
But in addition you could also ask for explicit consent before sending more emails in the future.
In nuevoMailer you can do this by "adding a confirmation link" and explain what will happen if they click it. E.g. By clicking this link you provide consent to send you further emails in the future.

Anti-spam laws and related links

CASL 2014

What we don't do

  • Designerfreesolutions offers email marketing software that customers install and use from their own servers (self-hosted, self-managed).
  • We do not provide mailing lists neither mailing services.
  • We only email our customers and newsletter subscribers. If and when we email you we will always provide you the option to opt-out from future mailings. True and original emails from will only be related to our products and related developments.
  • If you received an email that appears to be coming from kindly inform us. It is not from us. This is called spoofing where the sender of the email changes the <From-email> and <From-name> fields in order to hide his identity and use someone else s. Usually, by checking the Internet headers of such an email you can see the IP address of the sender, his real email and mail servers he used. Most of the times these will point to servers in countries where law enforcement, especially when it comes to the Internet, is practically non-existent.

See also,

Top of page