Chances are, Cyber Monday (and the days leading up to it) was a busy day for your inbox. Many retailers and brands took the major online shopping day as an opportunity to inform consumers of the deals they were offering, which resulted in a huge array of emails. Not too long ago, we told you about the legality – or better yet, the illegality – of spam emails, unsolicited emails, usually sent to large numbers of people at once. What we have yet to address is: How these companies got your email address in the first place and the legal implications at play in connection therewith.
Turns out, a fast and easy way to earn money online is selling the email addresses that you have collected as a result of having a mailing list of your own, and bloggers, fashion brands, public relations companies and others are utilizing this opportunity, which is likely why many of you – at some point in time – have received a slew of emails you never ‘opted in’ to receiving.
The Law: The CAN-SPAM Act
The initial question is thus: Is it legal to sell your mailing or email list? Unsurprisingly, the laws that govern the sale of email lists are not straightforward. The core legislation at play here is the CAN-SPAM Act, a law signed by President George Bush in 2003 and subsequently updated in 2008. The CAN-SPAM Act aims to stop the onslaught of spam that so regularly lands in everyone’s inboxes, and has provisions that govern the sending of commercial emails.
For instance, all commercial e-mails must contain the postal address for the person or business sending the email; subscribers must be able to easily opt-out (or unsubscribe) from such e-mails; requests to opt-out must be honored promptly; ads must be labelled as such; and subject lines must be free of false or misleading information (Customers have a right to know who the email has come from, so the “From”, “To”, and “Reply To” must represent the company; or specifically, the company or individual who sent the message).
Note: “Commercial emails” – as distinct from transactional emails – are sent to a list of recipients who have opted-in to receive them; they commonly come in the form of sale notifications, new products updates, newsletters, and event invitations, etc. Transactional emails, on the other hand, are those sent in response to a user’s interaction with a website or other digital entity (think: shipping notifications, ‘Terms of Service’ update alerts, e-receipts, and password reset-related mails).
What exactly does CAN-SPAM say about selling email lists – or what is commonly referred to as email harvesting? Well, it explicitly prohibits it by way of two provisions. The first prohibits “harvesting” – the purchasing or trading of an email list obtained from public data or by guessing. The second requires that all emails sent in bulk must be obtained using opt-in methods, in which new subscribers fill out a signup form agreeing to be added to a mailing list. Although CAN-SPAM technically allows for the “renting” of email lists, that is still a risky move.
Given that the specific rules in terms of buying/selling and/or sharing list lack total clarity, a general rule is that it is good practice to avoid buying or selling email lists. The buyer or seller of an email list can be liable for a CAN-SPAM violation – a criminal offense punishable by imprisonment. This arises when said buyer or seller either sells email addresses or sends emails to purchased addresses when he or she knew, or should have known by implication, that the list was the result of harvesting or was taken from a website or other service that warranted that it would not sell the users’ email addresses to third parties, the latter of which is commonly asserted in most websites’ ‘Terms of Service.’
Not merely limited to the U.S., legislation that frowns upon spam is going global. Other countries, such as the United Kingdom, have even stricter privacy laws that apply to selling emails without the permission of the people on the list. In the UK, the Data Protection Act and the Privacy and Electronic Communications Regulations give people specific privacy rights in relation to electronic communications, and as a result, require organizations to notify people if they plan to pass their contact information on to anyone else, including selling or sharing the data for marketing purposes, and are likely to need their consent to do so.
As such, if someone on your list lives in a country with heightened privacy laws, you could be in violation of that law by selling – or using – lists that contain addresses of people who have not explicitly given you permission to email them.
MailChimp, for instance, a popular email marketing service in the U.S., specifically notes that “by now, everyone should know better than to buy a ‘totally legitimate list of 30 million opt-in emails’ from a sketchy piece of spam they found in their inbox. That’s pretty obvious, but there are still some vendors out there selling ‘opt-in’ lists the old-fashioned way. They collect email addresses and ask members if they’d like to ‘receive special offers from third parties.’ Then, they sell those email addresses to other senders.”
The company goes on to state: “It’s not technically illegal, but many ESPs—MailChimp included—prohibit sending to purchased lists. MailChimp is a strict permission-based newsletter delivery service. This means we do not provide, sell, share, or rent lists to users, nor do we allow purchased, publicly available, third party, or rented lists in our system. No exceptions!”
In the same vein, if a sizable number of subscribers mark the emails you send them as spam (and chances are, they probably will if they did not agree to receive them), you will likely face ramifications from your email providers, which may or may not include a costly legal battle.
Moreover, if the great deal of insider insight into the subject suggests anything, it is that paid-for lists boast little actual value; they often lead to high bounce rates and low open rates. As one digital marketing source noted, quite bluntly: “The truth is, buying an email list is a really bad idea, and a huge waste of money. It’s one of those shortcuts that simply don’t work – and that may cause your business far more harm than good.”
One general takeaway – courtesy Mail Chimp – now that we have (hopefully) put the buying and selling of email list to bed: “Make sure you have received permission from all of your recipients before you send your first email. Permission ensures that your recipients want to receive email marketing content from you. Before investing your time and money in an email marketing program, start getting permission from your customers. It’s easier than you may think, and some of the benefits might surprise you. Not only will it result in fewer spam complaints and decreased legal liability, but you’ll also experience improved deliverability and increased open and click rates.”