4 Laws You Need to Know About if You Use Email
4 Laws You Need to Know About if You Use Email

4 Laws You Need to Know About if You Use Email

05/19/2023 by Katharine Atwood
What rights do we have when it comes to marketing messages, and what restrictions are in play to protect them?

Since the advent of email, a number of different regulations intended to protect recipient rights have been created by various countries. Marketers working with email or text automation need to know about them — and in addition to marketers, it's good for recipients to understand we have the rights we do too. 

These different regulations are frequently shortened into acronyms: GDPR, CAN-SPAM, TCPA, and CASL.  Add text messages into the mix with so many similar-looking terms and the murky legal landscape for digital marketers hoping to reach the right audience with the right message can seem muddier than ever.  

What do those acronyms stand for and why does it matter? Let’s explore.  

(Disclaimer: Nothing in this post is legal advice. We suggest you consult with a lawyer if you have questions or need specific recommendations for your work.)

Getting Your Digital Marketing Message Rights Right

Recipients have legally protected rights when it comes to what email and text messages they receive. It’s one thing to know we have rights and marketers have responsibilities — understanding the actual protections and limitations of those regulations can be a different story. The full text of a regulation is often a dry read and legal lingo can be tiresome to translate.

While almost all modern marketing automation platforms have safeguards in place so users can abide by regulations, those safeguards are often ignored or misused, whether intentionally or not. 

It is true that many platforms have created guidance to further explain privacy regulations for their users, often in the form of help text or support sites. Still, if you're a marketer, it’s not a matter of if — but when — you or a team member will wonder, “Do we really need to include our mailing address in an email?” or “Why shouldn’t I just manually re-subscribe this contact?” 

Working with at least a high-level understanding of these four laws and their practical applications is fundamental to not spamming your list members, damaging your brand, and exposing your organization to fees. 

And if you're not a marketer, but just wondering if the organizations sending you mail are respecting your rights — it can be valuable to know what others are required to do or not do. 

The 4 Email and SMS Marketing Message Laws to Know 

We’re going to look at 4 laws and key areas in each that apply to marketing automation messages, namely SMS and e-mail. 

  1. CAN-SPAM - Controlling the Assault of Non-Solicited Pornography and Marketing
  2. TCPA - Telephone Consumer Protection Act
  3. GDPR - General Data Protection Regulation
  4. CASL - Canadian Anti-Spam Law

This list includes laws passed in Canada and the European Union because those regulations can impact companies sending or receiving messages in these locations, even if the other party is not in that country. 

Many of those laws also include restrictions on cookies and data collection as these relate to privacy protection and anti-spam practices. Cookies are a major consideration and beyond the scope of this post. 

At a high level, all four laws include content related to two basic requirements: for consent and disclosure. What does that mean? Generally, companies are required to obtain consent (and then respect it) and allow someone a clear way to revoke that consent. Companies must also disclose their terms related to these processes and other basic information. 


This United States law, short for Controlling the Assault of Non-Solicited Pornography and Marketing, has been in place since 2003. It was created to deter unsolicited and misleading emails sent from commercial emails.

CAN-SPAM regulates digital marketing messages of all kinds, not just email. There is some gray area in the application of the law to nonprofit and education organizations. It does not apply to transactional or operational emails. 

CAN-SPAM Basics: 

  • Requires companies to receive opt-in for marketing emails.
  • Requires a clear way to unsubscribe.
  • Requires curated subject lines and sender information. 

CAN-SPAM Resources:

Read more about CAN-SPAM on the .gov website. 

2. TCPA (Telephone Consumer Protection Act)   

This United States law, short for Telephone Consumer Protection Act, regulates a number of things related to phones. This includes SMS messages. 

TCPA basic requirements; companies must: 

  • Obtain written consent to communicate via text
  • Provide opt-in message with terms and conditions
  • Provide the business name in all messages
  • Provide consumers with a clear way to opt-out
  • Communicate only during business hours 8 am - 9 pm 
  • Respect the National Do Not Call Registry and honor opt-out

Read more about TCPA

3. GDPR (General Data Protection Regulation)

This is a European Union law, Short for the General Data Protection Regulation. It applies to all organizations collecting data from citizens in the European Union and the United Kingdom. This law applies to all data collected about a person, including web tracking demographics, IP addresses, etc. 

GDPR outlines 8 data rights people in the EU and UK have: 

  • Right to access
  • Right to portability
  • Right to be informed
  • Right to be forgotten
  • Right to objection
  • Right to restriction
  • Right to notification
  • Right to rectification

This post is intended to be a very simplistic guide and you can dive more into the GDPR details using the links below. The law also offers clear guidance on requiring explicit opt-ins, and every message must include opt-out instructions. 

GDPR Resources: 

4. CASL (Canadian Anti-Spam Law)

This Canadian law, short for Canadian Anti-Spam Law, contains many restrictions and applies to anyone who is sending communications to individuals in Canada.  

  • CASL prohibits Canadian companies, and those sending communications to individuals in Canada, from sending commercial electronic messages to others without their consent. This includes email, social media, and text messages. 
  • CASL prohibits the alteration of transmission data in an electronic message so the message is sent to a different destination without the express consent of the recipient, and the collection and/or use of email or other electronic addresses without permission, also known as harvesting addresses.
  • Every message must include opt-out instructions. 
  • Subscribers must be able to easily opt-out from further messages at any time at no cost. This could be, for example, through an unsubscribe link clearly visible in an email that allows the recipient to remove themselves from the list by simply clicking it. Senders are required to honor the opt-out request within 10 business days of receiving it.

Read more about CASL

Paper Marketing Mail Laws

I won’t go into detail on paper mail laws here, except to include a note that it is illegal to place mail that isn’t marked with postage or sent through a mail carrier into a mailbox. It is legal to place flyers and advertisements through door mail slots. 

Platform-Specific Policies 

In addition to government regulations, many software platforms enforce their own use policies. Typically, users can find more information about the specific policies of a platform they are working with in the user knowledge documentation or on a support site. 

Where to Go Next

Beyond a simplistic understanding of these four potentially mystifying laws, there are a multitude of ethical and practical considerations most marketers and end-users must mull over before sending any kind of message.

If nothing else, I hope you walk away from this just knowing there are laws in place humans have come together to create. As our digital landscape grows and changes, it's up to each of us to continue to advocate for the protection of our digital spaces, including our inboxes, from others who will willingly try to take away our time and attention.

For any legitimate business, it's wise practice to respect your contacts' preferences, up to and beyond legal restrictions. It might seem like there is room to get away with buying email addresses, hiding opt-ins, or sending texts you're just guessing a group of people will want to get, but increasingly consumers are onto the game and not impressed. 

At Arkus we believe in knowing and respecting the communication preferences of the community we’re interacting with first and foremost — we encourage others to do the same. 

Our Arkus marketing automation practice is here to support organizations navigating these sometimes confusing restrictions around automating communications. Reach out. We’re here to help. 

Questions? Connect with Arkus on LinkedIn, or connect with the Arkus team through our contact form linked in the far right of our top site navigation bar.