top of page

Marketing: Email Compliance – Part 1

with Pamela Muldoon

The CAN-SPAM Act was enacted in 2003 to protect consumers from unsolicited, malicious emails. In Part 1 of our Email Compliance series, Anne and Pamela discuss the foundations of commercial email standards, and how to make sure your messages adhere to the seven main requirements of this important law.


Quick Concepts from Today’s Episode:

  1. Rules of the SPAM-CAN Act of 2003

  2. Unsubscribe compliance

  3. A visible and operable unsubscribe mechanism is present in all emails.

  4. Consumer opt-out requests are honored within 10 business days.

  5. Opt-out lists also known as suppression lists are used only for compliance purposes.

  6. Content compliance

  7. Accurate “From” lines

  8. Relevant subject lines (relative to offer in body content and not deceptive)

  9. A legitimate physical address of the publisher and/or advertiser is present.

  10. A label is present if the content is adult.

  11. Must make it clear that the email is an advertisement

  12. Sending behavior compliance

  13. A message cannot be sent without an unsubscribe option.

  14. A message cannot be sent to a harvested email address.

  15. A message cannot contain a false header.

  16. A message should contain at least one sentence

  17. A message cannot be null.

  18. Unsubscribe option should be below the message.

  19. If you violate the regulations of the CAN-SPAM Act, you can be subject to a fine of up to $43,000.

  20. You can use other domains that you own to send emails from. (Ie,

  21. Using an Email Service Provider helps ensure compliance.

  22. If someone has opted out of your list, you have to ensure you never email them again, or share their email address in any form.

Referenced in this Episode

Direct links to things we brought up ++

Visit Pamela Muldoon’s Website
Badass Editing By Carl Bahner
Recorded on ipDTL


>> It’s time to take your business to the next level, the BOSS level! These are the premier business owner strategies and successes being utilized by the industry’s top talent today. Rock your business like a BOSS, a VO BOSS. Now let’s welcome your host Anne Ganguzza.

Anne: Hey everyone, welcome to the VO BOSS podcast. I’m your host, Anne Ganguzza, and I’m here with marketing maven, content queen Pamela Muldoon. Hey Pamela, how are you?

Pamela: Hey Anne, I’m fantastic. I’m a maven, for goodness’ sake. I can’t get any better than that.

Anne: That’s right, it doesn’t get any better than a maven.

Pamela: That’s right.

Anne: A magnificent maven.

Pamela: Alliteration. You got to love it.

Anne: Magnificent Muldoon Maven. There you go.

[both laughs]

Anne: So Pam.

Pamela: Yes.

Anne: We’ve been talking to our listeners about email, all sorts of tips and tricks for sending communication and content out to your potential clients.

Pamela: Yes.

Anne: I think one thing that we really need to cover, and it’s not often a pleasant topic that people like to hear about, but email compliance, and that’s super, super important, especially when you’re first starting out and marketing, you want to make sure that you’re compliant in sending emails to your potential clients, because you certainly don’t want to incur any legal fines or anything of the sort, but you also don’t want to turn off your potential client, right?

Pamela: And this is, it’s a big topic. Even as we get started on this path, I think for the most part our intentions are always noble, and we don’t mean to do something out of sorts, right?

Anne: Exactly.

Pamela: Knowledge is power. Just being aware and being, you know, having that information in front of you in terms of what you should and should not do. I think you’re going to find that you’re probably doing all of these things, or your email service provider is making sure that you do all of these things.

Anne: Yes.

Pamela: It may not be, I don’t want to put scare, you know, [laughs] a fear into this conversation.

Anne: There should be a certain – well, there should be a certain level of respect. Because I think –

Pamela: Absolutely.

Anne: Sometimes when you send an email out, you’re not necessarily even thinking about the fact, am I being compliant, especially if you’re sending out a cold email. And this, by the way, compliance pertains to both an email coming from your Gmail, your personal account, as well as any of your email service providers. Know that these compliance laws are all in effect to protect people. Let’s go through a few of the compliance from the CAN-SPAM Act, which back in the day, I remember when it came out, because I’m like an old person. And I’ve been on the Internet since 1994.

Pamela: I remember it too, Anne, so are you saying I’m an old person? [laughs] Which I am, and that’s okay.

Anne: 1994, something like that. And I believe that’s when I, my first Gmail account was 1996 or something like that. I could be wrong. But anyway, I digress. I do remember when the Internet became a thing and email became a thing, that there was a period of time where you could just send email, and then obviously at some point, after a few years of growing in popularity, there became abuses of email.

Pamela: Yes.

Anne: And spamming and you know, that would be an interesting story. Do you know how the word spam came about?

Pamela: I don’t. No, I know I’ve heard it, I just at the moment don’t recall.

Anne: So CAN-SPAM came out in, I believe, 2003, is that what I just looked up?

Pamela: 2003, I think 2003, 2004. Something like that, yeah.

Anne: 2003, to help protect people from getting spammed. There are, by the way, if you’re in violation, you can be subject to a penalty of up to $43,280.

Pamela: Ouch.

Anne: Yeah, noncompliance, costly. [laughs]

Pamela: Very much so. That will put a little fear in your heart right there. [laughs]

Anne: But it’s not, but the rules are not that complicated. I think for the most part, these are ones that you probably just know from good email etiquette. But I would say that the very first one, which used to be, I think that’s probably one of the reasons why the rule came into play in the first place, because people were switching their from headers and their to headers and the reply to headers. Rule number one is to not send false or misleading header information. That would mean changing, that would mean changing your from address or your reply to address, to be something other than your actual email address, coming from a different domain. So why did that happen in the beginning, Pamela?

Pamela: Gosh, I don’t recall. [laughs] I don’t, I’m not, I wasn’t –

Anne: Was that from the Nigerian prince?

Pamela: Definitely we all remember those emails that went out. But I think to your earlier point, it was kind of the wild, wild west. Right? So it was building data and information for multiple email domains, right, and the passing of information or selling of information did not have the laws that it has today. The more folks that could have your one email was not a compliance issue at all. It’s a little bit of that bait and switch kind of approach as well.

Anne: Why would people change their from? That’s the question, right? Because they were trying to imply that they were from a different company maybe?

Pamela: Yeah. For sure, right, that whole identity of person, right? Like if you’re receiving it from someone who you think it is, that you already trust that domain, but it’s really not from them, or you know, kind of alludes to, again, it’s mining of data and information in a false way. Most of this stuff, you know again, this does definitely apply if you’re doing just a Gmail send, but if you’re one of those folks who has like a MailChimp, or an ActiveCampaign, or any email service provider, they’re going to have some of this stuff built in so that you have to comply. Does that make sense? [laughs] Which is helpful, I think, right, when you’re trying to put all this stuff together.

Anne: So Pamela, I own multiple domain names.

Pamela: Yes.

Anne: And I know that in my Gmail settings, they have something where you can actually have your from address be, you know, I have Anne@VOBOSS. I have Anne@AnneGanguzza, I have, and so you can actually allow your email to be changed from one to the other as long as you own those domain names, and you can verify that email comes to you. There’s a process. So if any of you’ve ever done that, to try to use one mail account and then send mail from different domains, then you basically have done something similar to this where you’ve had to verify that those domains do in fact belong to you and they’re validated. That would be the only way you can send an email from, let’s say, and maybe not your Anne@Gmail, because that doesn’t look as professional.

Pamela: Yeah, I have a similar setup, yeah, which I think a lot of folks probably do inside their Gmail. And what’s great about the larger organizations like Google or any of these email service providers is they’re building in kind of these catchalls, right, these notifications like what you’re mentioning, right? It’s trying to help us to ensure we’re staying compliant as well to the best of their ability. Of course free reign still can apply. [laughs] Just be cautious. And I think for the most part, those that are listening to VO BOSS are probably doing fine in this area, but it’s just something to be aware of, like you said, Anne, if you have multiple domains.

Anne: By the way, there’s seven rules for the CAN-SPAM Act, and that was rule number one. Don’t use false or misleading header information. So our next one is, don’t – and this one is – wow, there’s a lot of gray area here. Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message. There’s no click bait kind of stuff that should be happening here. As a matter of fact, we had talked about this before, Pamela, that if you’re using an ESP, a lot of times, they’ll have that sort of protection built in. They’ll just tell you, you can’t use all capital letters. You can’t use, well, maybe false advertising, deceptive subject lines to get people to open it up when in fact the content of the email is not necessarily what the subject is saying.

Pamela: And we talked too about how, just from a marketing perspective, you want to fulfill the subject with the message, right? You want that connection. This is also, to your point, click bait as well as bait and switch. Right, that you’re not going to be given some kind of promise in the subject line that’s not fulfilled in the message.

Anne: Right, they should really have that for web clicks like on social media platforms. So that every time I click on one of those, and then I realize [laughs] that it’s not –

Pamela: I know.

Anne: – advertised itself to being, it just makes me angry. So think, guys, you don’t want to do a deceptive subject line, because you don’t want to anger the person that’s going to be opening that message. Now this is interesting. I never really thought about this one, but the third, Pamela, is identify the message as an ad. It basically says, the law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.

Pamela: Which clearly and conspicuously, isn’t that a bit of [laughs] –

Anne: Yeah, right?

Pamela: Oxymoron? That’s where the leeway comes in, right? This is being implied throughout many ways, when we send promotional type emails.

Anne: Right.

Pamela: Right? So.

Anne: If you’re looking for this, or like if I can help you in any way, contact me here, or click here to hear my demos. It’s pretty much I think clear advertising right there.

Pamela: Yeah, it is. Again, you know, when you think back to what you said earlier, email sending, this was, you know, gosh, I wish I would have known then to screenshot or keep some of these things, right, [laughs] because there would be emails sent that you really thought were articles, then all of a sudden it turns into an advertising, but there was no indication. Right? It was just how that was done, or that’s when the big pop-ups were a big deal as well, right? Get those nasty pop-ups, like the really bad ones.

Anne: Well, interestingly enough, you know, all of those emails that look like they’re a personal email, that really come from people, at the very end of that email trying to sell you something, they just kind of skim by that, [laughs] so they may or may not identify the message as an ad, but at the end they’ll put, if I can help you out in any way, you know, click here. The promise is the content is in the email, and it does deliver the content in the email, and then at the end, it’s kind of like, if you’re looking for this, click here to let me help you, or click here to find out more. That’s a way of advertising without necessarily advertising in the subject line because you’re delivering the content that you’re specifying in the content line. Now people who send email, right, people who send email from Gmail or Yahoo! or whatever their personal email account is, this, I have a feeling a lot of voice talent are not aware of this. You have to tell recipients – this is number four, you have to tell recipients where you’re located. I’m going to read this word for word. “Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail receiving agency, established under Postal Service regulations.”

Pamela: Yes.

Anne: How many times have you sent a Gmail soliciting your services, when you did not put your physical address?

Pamela: Right, which could be done in your email signature, right, or right below it or even indicated in the italicized writing at the bottom, right? And of course if you’re using an email service provider, they’re going to demand an address.

Anne: They do.

Pamela: You have to have one. And this is where a lot of folks, especially if you’re freelancing and working out of your home, this is why a lot of folks get PO Box or something. And again, the idea here is I can respond or correspond with you outside of this email if I wanted to do so.

Anne: And BOSSes out there, if you’re communicating with potential clients, and you’re using a personal Gmail or whatever it is, you really need to have your businesses registered anyways, if you’re providing a business, and that includes an address, and you’re right, Pam, a lot of people will have a PO Box, and I know that myself, I purchased a PO Box, because every time I was using the ESP, it would ask me what’s the physical address. And that would have to be like legibly and clearly posted on the bottom footer of the email. So I can probably bet that there’s a number of people out there that really were not aware that you need to tell recipients where you’re located.

Pamela: Yeah, well and just like we’ve talked previously about, being very cautious, you know. Yes, you want to do your research, and we’ve talked about using LinkedIn, and then you go to the website, and if you find the email address, there’s a concern in just doing a blanket email to [laughs] someone at that email address. Right? There’s protocols in place. LinkedIn is a safer place because a lot of these are kind of built in through that third-party. It’s considered a third-party vendor. So just be aware of these things, guys. You know, I know that we talked about the penalty being $43,000 plus, and the odds honestly of something happening might be very slim, but I always like to remind folks, you don’t know what kind of mood you’re going to get them. [laughs]

Anne: Yeah, I’m just saying, like, in this current client, I never thought that maybe a person could object to something small, right?

Pamela: Right. [laughs]

Anne: But I think [laughs] without saying too much, I mean, if people can complain about things like they’re complaining about today, they can most certainly complain about potential spam that you sent them. Don’t put it past anybody. I would say err on the side of let’s comply and just, you know, tell recipients where you’re located. And I think that in your signature file, if you’re sending it from a personal account, that would be great. And I do know that whenever I get email from a potential client, and they don’t have contact information outside of their email address in their signature, the hair like stands up on the back of my neck because I want to make sure that you’re real, and I want to make sure that I can contact you outside of the email with a phone number or mailing address or for whatever it is. Guys, make sure if you’re sending it from your Gmail account, or any of your personal accounts, that you do have that location in your signature file at least. Next up is, and we’ve talked about this, giving people the ability to opt out of receiving future email. That’s number five, tell recipients how to opt out receiving future email from you. I know with ESPs, they’ll put that by default in the footer. You can put it in the header. I know you were talking about that as well, Pamela. Because if people don’t want to receive any future email, they’re able to opt out.

Pamela: If they don’t have an option to leave you, then they feel, there’s a sense of trapping. And kind of Anne’s earlier point is you just never know. I’ve been in this position in the past where people have literally opted in. I have the proof. And they’ll say, “why are you sending this to me?” [laughs] And the proof actually was off-line. It wasn’t a digital proof. It was attending a workshop, and then, you know, they marked the box that said that they would like to be added to my email list. You just got to make sure, right, give them a chance to opt out so of course when you receive these notices – some will not even opt out on the link. Right? You see the unsubscribe link. This also applies if they respond to you directly and say, please remove me from your email address. Make sure that you do that. [laughs] And we’re going to talk about that in a minute, but I just want to mention that because that’s probably going to be from your Gmail, you know, is where you would probably receive those more than likely, right, where if I emailed to you out of the blue, and then someone, “hey, how did you get my email address, why are you emailing me, please remove me.” Where if it’s an ESP, you should have the unsubscribes at the very least in the footer. Sometimes you can put them in the, both the header and the footer. Make it easy.

Anne: And if you’re doing this from a personal email, you will have to, however you put the person in your list, typically you’re gonna put it in a list, you’ll have to manually take that out for the most part, as opposed to if you’re working with an ESP a lot of times, if there’s an unsubscribe link and the people click on that to unsubscribe, it will automatically remove them from the list. But of course if somebody emails you and says, please take me off this list, or this person no longer works at the company, you want to make sure that you remove them on the list, and that you do so promptly because that leads us to number six, to honor opt out requests promptly. I believe here it’s talking at least 30 days. Make sure that you’re able to process opt out requests for at least 30 days after you send your message. You need to honor the opt-out request within 10 business days. Basically you can’t charge a fee to do so either or require the recipient to give you any –

Pamela: Right, right, right. You can’t come back and say, “okay, I’ll remove you, however can you send me your phone number?”

[both laugh]

Anne: Yeah, exactly.

Pamela: And what’s really important here is, when you’re using an ESP, this is why there are such things. Because they have put in protocols. They’ll automatically make sure that your subscriber gets unsubscribed. I just wanted to touch on that, the unsubscribe piece before we leave it. If you have segmented, we have all been recipients of this in some way, right, where we’ve gone to unsubscribe something, and then it will often, the sender will ask you, do you want to be unsubscribed from whatever their different lists are, that you are a part of.

Anne: Oh yeah, there’s multiple lists.

Pamela: Or it says all email correspondence or something like that. Again, that’s their way of kind of catching, just in case you wanted to, okay, I don’t want to receive this segmentation anymore, but I do want to keep getting your newsletter. That’s why you receive those segmented opt-outs sometimes as well, depends on how you segmented to opt them in.

Anne: Also you have to make sure that if they have told you they want to opt out, you also have to make sure that you never sell or transfer their email addresses even in the form of a mailing list. I know that we had talked about mailing lists before, and I think mailing list and purchasing lists are risky. You want to make sure that if you do that, that you absolutely know the origins and the process by which people get names on a list, if you’re going to purchase it, how many times they’ve sold that list, etc., etc. I make mention of the VO BOSS which is not done this way, everybody that signs up for a BOSS Blast will get their very own list. And when people opt out, I get those requests all the time from VO BOSS lists, if they want to opt out, it’s automatically done through the ESP. That’s kind of nice because they could be on multiple lists. So it makes it easier to have it automatically removed. And of course I can never sell that list again, and that person will never be on a list again.

Pamela: Which, you know, there’s the random time when someone will accidentally unsubscribe themselves from everything, and they did not mean to, it’s pretty rare, but that’s why again kind of going back, what if they really didn’t mean to unsubscribe and they want to still engage with you, that’s where your other marketing can be really powerful, right, your lead gen marketing, and your nurture marketing, seeing you on social media platforms and things like that, because you can always bring them back in. Right? They can always come back in if they find. But once they’re off, these systems are designed to no longer send.

Anne: Interesting. The next one in our last CAN-SPAM is number seven, monitor what others are doing on your behalf. So that means, if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. The company whose product is promoted in the message and the company that handles the sending of the messages may be held legally responsible. That’s very interesting because that means for VO BOSS Blast, this is why I am so adamant that we makes sure that every email that’s sent has the footer on the bottom that says, you know, they can opt out and unsubscribe, because it’s not only us, but we primarily are going to be responsible, but it’s also you, the client, that could be not in compliance with the law. So I’m completely adamant about following every antispam [laughs] law. As a matter of fact, last year we had to make an adjustment so that everybody now that sends a BOSS Blast out really is part of the VO BOSS domain. You’ll have your client name, so we’re sending that blast out on behalf of VO BOSS. And so we’re liable for everything. I make sure I’m compliant. I certainly don’t want to be fined $43,280.

Pamela: No, you don’t. No, you don’t. And yeah, it’s interesting that you mentioned the updated to using the VO BOSS domain, which really applies to that earlier item we were talking about, right, which is the sending from different domains.

Anne: Yes, absolutely, or the reply to.

Pamela: Yeah, you know, this way, it for sure covers that everything is consistent and compliant, right, without there being, what if it sends to someone else’s email, or they respond and then having to be able to prove that for some reason.

Anne: So everybody gets to be part of the VO BOSS domain, and then anybody who gets that email, it also gets forwarded to their personal email as well, so any reply to in the from is sent to the VO BOSS domain for the compliance. So.

Pamela: There you go.

Anne: Good stuff to know.

Pamela: Yes, stay compliant.

Anne: Good stuff to know, compliance. Guys, it may be not a pleasant thing to think about, but it’s super, super important when you start your marketing campaigns that you’re compliant, because I sure don’t want to get in trouble, and I know most BOSSes don’t want to get in trouble either. [laughs]

Pamela: And that’s just it, most of us are not doing this out of spite. We’re not doing it out of intent. And it’s just, you know, I think it can feel daunting, but I know in the show notes, we’ll have links to these sites as well so you can review this information because – or bookmark it, have it available. So again if you’re working with a VA, or somebody else is helping you, make sure they’re aware as well, right, that everybody on the team is just aware of the compliance. I know there’s a couple of other laws that have gone into effect since CAN-SPAM that may be affecting some of our audience as well. Should we cover those too, Anne?

Anne: Actually we’re going to touch on GDPR, but we’re actually out of time. So Pamela, GDPR might be another episode. [laughs]

Pamela: Compliance part two. We may have to do an email marketing catchall.

Anne: Email marketing compliance part two. So yeah, we’ll actually have to touch on that in a different episode.

Pamela: Sounds good.

Anne: Big shout-out to our sponsor. Love ipDTL where you can connect and chat and network as a BOSS. Find out more at You guys have a great week, and we’ll see you next week.

Pamela: Bye!

Anne: Bye!

>> Join us next week for another edition of VO BOSS with your host, Anne Ganguzza, and take your business to the next level. Sign up for our mailing list at and receive exclusive content, industry revolutionizing tips and strategies, and new ways to rock your business like a BOSS. Redistribution with permission. Coast-to-coast connectivity via ipDTL.


Anne: Hey everyone, welcome to the VO BOSS podcast. I’m your host, Anne Ganguzza, with email marketing, content marketing –

[both laugh]

Anne: Specialist maven. All right.

Pamela: [laughs] Don’t make me laugh so hard. Oh my God.

Anne: That’ll be an outtake.