In a law rife with grey areas, the CAN-SPAM Act of 2003, one of the greyest is the requirements surrounding the handling of opt-outs, and the related creation of suppression (“do not email”) lists. This is a responsbility which falls squarely on the shoulders of the marketers..er, the postmaster..no, wait, the IT folks. Or is it the CTO?
At issue, among other things, is what exactly are the requirements for the handling of an email address once its owner has requested to be unsubscribed from a particular mailing? It is unclear whether you must remove the email address from all of your mailing lists, or just the one which generated the unsubscribe request. And are you obligated to pass on that request to affiliates whom might otherwise email the user about your product or services (in keeping with the CAN-SPAM requirement that makes it illegal for “any person acting on behalf of the sender to initiate the transmission to the recipient, more than 10 business days after the receipt of such request, of a commercial electronic mail message” and “for any person acting on behalf of the sender to assist in initiating the transmission to the recipient, through the provision or selection of addresses to which the message will be sent, of a commercial electronic mail message”?
Or, conversely, does providing the user’s email address to your partners and affiliates in order to comply with the above in turn violate the prohibition in CAN-SPAM which makes it illegal “for the sender, or any other person who knows that the recipient has made such a request, to sell, lease, exchange, or otherwise transfer or release the electronic mail address of the recipient (including through any transaction or other transfer involving mailing lists bearing the electronic mail address of the recipient)”?
Obviously, this isn’t clear cut, and many online publishers and marketers are, understandably, up in arms over trying to figure out how best to navigate the shoals of this Hobbesian dilemma. For the thoughts of one particular publisher, read what Paul Myers has to say in his Ramblings of a Marketing Geek. Note too, as Paul has, that the FTC is requesting input on this issue from the public.
All that said, it’s pretty clear that any organization which maintains mailing lists needs to put something into place, and pretty darned quickly, in order to at least attempt to comply with CAN-SPAM. So to whom does that task fall? The marketing org.? Customer service? IT? And, how do you implement it?
Most organizations are putting it in the hands of IT (and, I think, rightly so), to build some sort of system by which mailing lists are matched against an internally-maintained list of email addresses which should be removed (“washed”) from the organization’s mailing lists. While your organization can pay a consultant lots of money to develop this, or perhaps even pay for a package or service to do this (be very wary, you really don’t want to entrust those email addresses to a third party!), the simplest, and perhaps most effective, system is one you build yourself: a database of opted-out “do not email” addresses against which all of your house mailing lists are run either on a daily or per mailing basis.
As to the Great Question of whether to advise affiliates and partners of someone’s opt-out, my own take is this: if you provided the email address to the affiliate or partner in the first place, than advise them of the opt-out. If you haven’t ever provided the user’s email address to an affiliate or partner before, then for goodness sake, don’t do it now!