Confirm to unsubscribe?
A question comes in this morning:
Requiring the confirmation of an email address in an unsubscription is not CAN-SPAM compliant, right?
While I’m not a lawyer, to my understanding that is absolutely correct. The current implementing rules for CAN-SPAM state:
Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient’s electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or
(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).
(Federal Trade Commission 2008) (emphasis added)
My assumption in answering this question is that the issue here is that the sender wants to use a confirmed, or double, opt-out approach. This would be a violation of CAN-SPAM because requiring that confirmation step is requiring take steps other than sending a reply electronic mail message or visiting a single Internet Web page to effect the opt-out.
The technology exists to encode the recipient’s address into the URL or the reply-to field so that unsubscription shouldn’t take more than a single blank email or a visit to a single page. And since that’s what the law currently requires, that’s what you should be doing.
References
- Federal Trade Commission. 2008. “§316.5 Prohibition on Charging a Fee or Imposing Other Requirements on Recipients Who Wish to Opt Out.” Electronic Code of Federal Regulations. May 21, 2008. https://www.ecfr.gov/cgi-bin/text-idx?rgn=div5&node=16:1.0.1.3.40#se16.1.316_15.
- Help me see if there is a need for that I can fill - 23 September 2024
- Verkada: Data Protection Issues - 19 September 2024
- About Consent Decrees - 6 September 2024