So you’ve decided to start an email marketing campaign, and know there are laws regarding to whom you can send. But what are those laws? Finding the right answers can be a tough nut to crack, unless you know where to begin.

For starters, open up the CAN-SPAM Act. CAN-SPAM outlines what can and can’t be done with regards to email marketing, and imposes requirements on the use of commercial email (including emails from non-profits).

The Act prohibits sending a commercial email without:

1. Conspicuous indication that the message is an advertisement or solicitation
2. Clear notice of the opportunity to decline to receive further commercial email messages from the sender
3. A valid physical postal address of the sender
   

There are no restrictions against a company emailing existing customers or anyone who has inquired about its products or services (these messages are classified as relationship or transactional). As long as you’ve followed the above 3 rules and obtained the email address through legitimate means, you should be in the clear.

As far as what not to do, the Act specifies 4 “aggravated violations” which compound any penalties:

1. Address harvesting
2. Dictionary attacks
3. Automated creation of multiple email accounts
4. Relaying or retransmitting through unauthorized access to a protected computer or network
   

In 2008, the following revisions and clarifications were added:

1. Liability may attach to any “person” (including non-natural persons), meaning companies can also be held liable.
2. When a single email has multiple contributors, they may designate a single sender (identified in the from-line of the email) whose physical address appears in the email, and whose products or services are promoted in the message. The sole sender assumes all responsibility.
3. A physical address no longer needs to be included in every email, as long as an accurately registered P.O. or private mailbox is.
4. Making the opt-out process intentionally difficult is a violation.  You also run the risk of users marking your email as spam, and you could eventually be blacklisted at the IP level.
   

If a recipient opts out, you have 10 days to stop sending them emails, and can only use the address for compliance purposes. The law also requires that the unsubscribe mechanism must be able to process opt-out requests for at least 30 days from the day the commercial email was sent. Additionally, the legislation prohibits the sale or transfer of an email address after an opt-out request.

Lastly, if you do get into hot water, the Act does not allow e-mail recipients to sue you or file class-action lawsuits, but allows enforcement by the FTC, State Attorneys General, Internet service providers and other federal agencies.