My friend Bryan asked me “When is it ok to send an email without an unsubscribe link?”.
Well Bryan, there’s a lot of nuance when it comes to laws and ethics around sending emails. Since we make email software, we want to help you adhere to the laws in your jurisdiction (at a minimum). Beyond legal compliance, I want you sending emails that recipients want to receive. That’s better for you and better for your audience.
I’m not surprised you were confused about laws around unsubscribe links. Understanding CAN-SPAM is a good place to start if you have US audience.
Keep in mind that if you’re a US company sending to Canada, CAN-SPAM does not apply at all and instead you need to look at CASL. Spam laws tend to be based on the recipient’s rather than sender’s country.
This is going to be fun. Let’s dig in.
We’re going to look at 3 different types of email and see how they fall within CAN-SPAM rules:
- Cold emails
- Opt-in marketing emails (permission marketing)
- Transactional emails
1. Do cold emails need an unsubscribe link?
You mentioned you were considering doing outbound sales. So let’s start by looking at “Cold emails” – unsolicited commercial emails. Most of the time people will send these from a personal email account like Google Apps / Outlook from their company’s mail server. Or they’ll use CRM software like Salesforce.
Just to be clear, you’re not allowed to use Customer.io to send cold emails..
Here’s an example of an email I received today:
This is an outbound sales email from a company who has identified me / Customer.io as a target customer.
What do you notice about this email?
- It appears as though it was written to me directly
- There’s no unsubscribe link for the email.
- It’s kind of boring. Don’t write boring emails.
Dig in to the email headers if you want to learn more about how other companies are sending their emails.
This particular email’s headers tell me it was composed in Microsoft Outlook (notice all of the Microsoft Office tags in the HTML). One thing conspicuously missing from the headers is an indication it was sent from a bulk system. I often see Salesforce somewhere in the header for a cold email :). This email might have been mail-merged using Microsoft Excel + Microsoft Outlook. Or it could have been composed in MS Word, and copied and pasted in to another email system.
Looking at the headers, this also appears to be coming from the Bangalore mail servers of Akamai. That contradicts the Boston area code in the body of the email.
If you have any doubt about whether an email was personally written to you, look at the headers! If people are using Google Apps, they may reach their sending limits quickly and have to find another way to send their outbound email.
Ok, so we’ve dissected this email. But was it legal within the bounds of US CAN-SPAM legislation?
CAN-SPAM is dependent on the type of content you’re sending, not the volume of email you’re sending. This email would be considered “Commercial”.
- He’s asking me to evaluate switching to using their business. There’s no doubt, that this message is commercial in nature.
- For the record, I don’t have a pre-existing relationship with the company and I haven’t purchased from them before.
You might be surprised to know that:
While CAN-SPAM regulation allows your business to send cold emails, Customer.io does not
And there are some strict guidelines for how to send unsolicited commercial email. This particular message fails on two accounts.
- There should be a physical mailing address.
- There should be a clear way to opt out (the easiest is an unsubscribe link).
So, just to clarify:
If you’re planning to send cold emails (unsolicited commercial email), you must include a way to opt out. It doesn’t need to be a link, but it needs to be clear and when people ask, you can’t ignore them
Also keep in mind that laws vary from country to country. In the UK, you may not cold-email individuals, but you may cold-email businesses.
Unsolicited commercial email is a really grey area. When we started the company, I would reach out cold to people to ask for advice and get feedback. We weren’t selling anything. At what point does unsolicited email turn in to unsolicited commercial email?
2. Do your newsletters need an unsubscribe link?
What if instead of sending through your personal email account, you’re using a bulk mailing tool?
There’s no difference in the eyes of the law in the US between a cold email and your newsletter. You still must have your mailing address and a way to unsubscribe.
However, most email marketing providers are stricter than the law and don’t allow sending emails unless people have explicitly opted in. It’s illegal in places like Australia and Canada to email without prior consent.
Some companies want to buy or rent a list and use an email marketing company to send emails to those people. Don’t do it! While this may be technically legal, it often damages the reputations of email marketing companies so this behavior is usually not allowed in their terms and conditions. Companies that send email (including us) require people to have opted-in to be emailed.
What constitutes an opt-in?
The gold standard is a double-opt-in process. Someone gives you an email address, you send a one-time email asking them to click a link and confirm their email address. If they do it, they’re opted in. For newsletter tools this works great.
For customer.io customers, the most common way to add people is that they signed up for a website or app. We don’t enforce a double opt in, but some customers build their own confirmation process for their apps.
What about if I automatically check a box to opt people in?
In the US, an automatically checked box opting in to marketing emails is a common occurrence. However, the best path is to give them a reason to opt-in and make that action explicit. If you sign up for Customer.io, you don’t automatically get articles from the blog. People need to explicitly opt in.
In the UK, retailer John Lewis was recently fined for automatically opting people in to their marketing.
So, here’s the summary of what we’d recommend:
Even when someone has opted in or purchased in the past, you must have a way to unsubscribe when sending commercial email. Many email marketing platforms require and enforce an unsubscribe link for all messages.
Rather than globally opting people out, consider people simple preferences for which emails they get. In Customer.io, you can store those as “attributes” and then when you send emails, you can explicitly send emails to people who want to receive “Product Updates”.
3. Do transactional emails need an unsubscribe link?
Nope, transactional emails don’t need an unsubscribe link. But we need to be really specific here about what a transactional email is:
A. The primary purpose of an email is transactional or relationship if it consists only of content that:
- facilitates or confirms a commercial transaction that the recipient already has agreed to;
- gives warranty, recall, safety, or security information about a product or service;
- gives information about a change in terms or features or account balance information regarding a membership, subscription, account, loan or other ongoing commercial relationship;
- provides information about an employment relationship or employee benefits; or
- delivers goods or services as part of a transaction that the recipient already has agreed to.
You don’t need to have an unsubscribe link on anything like a receipt, invoice, or anything relating to a purchase or transaction.
What’s the primary message?
Since transactional messages don’t need an opt-out process, you might be tempted to pack them full of sales offers.
Take it easy on those or risk being subject to CAN-SPAM regulations. If you remember it as well as John does, you’re in good shape:
- Huge receipt, small offer? No unsubscribe link needed.
- You bought something, now buy other things! You need an unsubscribe link.
Breaking the rules in a world with absolutes
Email products don’t always map well to what happens in the real world.
- Email Newsletter products absolutely won’t let you send an email without an unsubscribe link, or to people who have previously unsubscribed.
- Transactional email products don’t have unsubscribe links and don’t let you filter out people who have unsubscribed (or have more complex email preferences).
Imagine this situation:
- Someone signed up for your product last year.
- A few months ago they changed their email preferences to: “Opt-out of all email”.
- Today you have a security issue and they need to change their password - like right now.
Do you email people about security issues if they have unsubscribed?
Is that in violation of CAN-SPAM laws? Are you not respecting their wishes of an opt-out?
This exact case happened to almost every business on the internet when the Heartbleed vulnerability came out.
At the time, I asked people on twitter what they thought:
Re: Heartbleed. Should companies send a security email to people even if they have previously unsubscribed from correspondence?— Colin Nederkoorn (@alphacolin) April 10, 2014
I got some great responses.
@alphacolin Ooo. Tricky. I would say yes…? That’s a pretty critical account notification.— Matt Byrd (@mparkerbyrd) April 10, 2014
@alphacolin Emergency security issues supercede preferences, assuming current customer and it’s serious crap not “patch downtime tonight”— Jim Gray (@grayj_) April 10, 2014
@alphacolin Main reason: People that don’t know about this could affect service quality for other customers (e.g. leaked keys used for spam)— Thomas Fuchs (@thomasfuchs) April 10, 2014
@alphacolin seems transactional in nature to me, thus could be sent to all active customers.— Nick Francis (@nickfrancis) April 10, 2014
@alphacolin Yes, non-marketing important account notifications should always be able to go through.— Kalen Jordan (@kalenjordan) April 10, 2014
It’s not something that’s clearly obvious and consensus is that you should send the email. Luckily this case is covered under “CAN-SPAM”. Emailing someone about a security issue is considered a “Transactional or Relationship” message if it:
-2. gives warranty, recall, safety, or security information about a product or service;
If someone signed up and there’s a security issue that may affect them, you should send them an email regardless of their marketing preferences. You don’t need to put in an unsubscribe link and you also can ignore whether or not they have previously unsubscribed.
So Bryan, do you have a better idea of when you can send an email without an unsubscribe? Or did I just confuse you (and everyone else) even more!