Building Trust 30 August 2017

Online Trust Alliance Responds to FTC Feedback Request with Suggested CAN-SPAM Act Modifications


Reston, VA – The Online Trust Alliance (OTA), an Internet Society (ISOC) initiative with the mission to enhance online trust, today announced it has submitted its response to the U.S. Federal Trade Commission’s (FTC) request for comments about the CAN-SPAM Act. While OTA believes the U.S. anti-spam law, combined with business self-regulation, have successfully slowed the growth of spam overall and provided consumer choice and control over email they receive, OTA recommends additional enhancements to further modernize and clarify CAN-SPAM.

“Better email filters, the mass adoption of email authentication technologies, increased sender sophistication and international regulations have forced companies to follow best practices or not make it to the inbox,” said Jeff Wilbur, director of the OTA initiative at Internet Society. “OTA’s most recent Email Marketing & Unsubscribe Audit found an encouraging 94 percent of the top retailers honored an unsubscribe request within three business days, while the remaining 6 percent did not honor the opt-out within the prescribed 10-day window. This is concerning since it is likely that smaller entities have even lower compliance rates.”

“We have seen tremendous evolution and innovation in the email channel worldwide since I helped with the development of the CAN-SPAM Act,” said Craig Spiezle, OTA founder and chairman emeritus. “Looking ahead it is imperative we take a global view, include embracing opt-in as prescribed by CASL and GDPR, and adopt email authentication and related best practices to maximize trust and confidence in the inbox.”

A number of companies contributed to OTA’s recommendations including Act-On Software, American Greetings, LashBack, OPTIZMO, PeopleConnect, PostUp, ValiMail and Yes Lifecycle Marketing.

“Our success depends as much on honoring our customers’ wishes regarding communication as it does on giving interested consumers valuable information,” said Brad Toney, senior vice president and general counsel at PeopleConnect (owner of and Intelius). “While the combination of CAN-SPAM and self-regulation has helped address key issues, it is apparent that the law’s guidance needs to be updated to reflect the evolution of email communication.”

“We focus extensively on email intelligence and compliance and are a proud member of OTA. As such, we were pleased to contribute to the OTA submission and join in a thoughtful and inclusive process,” said Peter Wilson, president and CEO of LashBack. “The ideas put forth by OTA help strengthen CAN-SPAM and ensure clarity for marketers and a good experience for consumers.”

Some of OTA’s recommendations about changes to CAN-SPAM include:

Clarity about “clear and conspicuous”. Additional guidance or examples about the placement, color/contrast, size and terminology of the unsubscribe or opt-out option, and what terms are used.

Mechanism to identify subscription address. Given that many consumers today forward multiple email addresses into a single inbox, it is important to inform them which email address was used to subscribe for a given message so that they can successfully unsubscribe.

Provide single opt-out to multiple mail streams. When consumers sign up to a specific company’s newsletter, it often generates multiple mail streams from that sender. Consumers should have a way to initiate an opt-out of all these mail streams with a single request.

Require opt-out links be text, not images. When opt-out links are presented as images, some do not correctly render or fail to remain persistent.

Clarify the definition of “from”. CAN-SPAM currently states that the “from” line should accurately identify the sender and not be materially false or misleading. We strongly agree, but because there are many “from” addresses in modern email headers or mass email services, we recommend clarifying the Act to specify the “from” that is actually presented to the user in their email client.

Extend opt-out requirements to high volume business-to-business communications. There are many examples of unsolicited business-to-business communications that are framed as personal engagements (e.g., “Can I help you with your website?”), yet have no opt-out provision.

Clarification/guidance about new types of messages. Recommendation to categorize “informational” messages as transactional in nature since they relate directly to the service or product that the consumer requested and clearly do not contain commercial content. Examples of such messages include alerts about certain news items, site activity and product updates.

Establish a longevity for opt-out lists. Amend CAN-SPAM to give opt-out lists a “lifetime” (e.g., 5 years), after which the names must be purged from the system but are not subject to rule enforcement unless the organization re-establishes a relationship with that consumer and therefore restarts the cycle. A secondary benefit is that this reduces the risk of suppression lists being exposed to breaches or abuse.

The entire OTA FTC response to CAN-SPAM can be seen here.

About OTA:

OTA is an initiative within the Internet Society (ISOC), a 501c3 charitable non-profit with the mission to promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world. OTA’s mission is to enhance online trust, user empowerment and innovation through convening multi-stakeholder initiatives, developing and promoting best practices, responsible privacy practices and data stewardship. To learn more about OTA visit and Internet Society

Related News

Building Trust 8 October 2019

OTA’s Trust Audit Scores U.S. Presidential Candidates’ Campaigns, Finds Major Failures in Privacy Statements

Reston, VA. – October 8, 2019 – The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy...

Building Trust 25 September 2019

The Internet Society’s Online Trust Alliance Announces Methodology for Eleventh Online Trust Audit and Honor Roll

Criteria updated to include increased focus on encryption and global privacy regulations; international retail segments added

Building Trust 9 July 2019

Internet Society’s Online Trust Alliance Reports Cyber Incidents Cost $45B in 2018

Reston, VA – July 9, 2019 – The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy...