Do my emails have to comply with CAN-SPAM?

Mandrill serves users throughout the world, and different laws govern email in various countries. It's best to consult a professional in your area about what laws or regulations apply to the emails you're sending. Failure to comply with the rules governing the email you're sending can result in legal consequences such as fines of hundreds of dollars per recipient.

In the United States, it's important to know and understand U.S. CAN-SPAM Act rules. This includes a requirement for an unsubscribe link or process, as well as a physical contact address. Click here for a guide from the FTC about the rules and when they apply.

If you're in another country, below is information about other laws and regulations.

International Requirements By Country

These are either links to anti-spam legislation in countries outside the US or the name of the country's anti-spam law.

Canada- C-28

Is now termed Canada’s Anti-Spam Legislation (CASL) which amends the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act. It is very similar to CAN-SPAM but has some minor differences and covers all electronic messages not just email.

Australia

Spam Act 2003, Act No. 129 of 2003 as amended.

EU

Article 13 of DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications).

The EU body that addresses spam is The Contact Network of Spam Enforcement Authorities (CNSA).

The Directive is implemented by each member state independently so you will want to check with your particular country law for more details.

UK

The Privacy and Electronic Communications (EC Directive) Regulations

Austria

Telecommunications Act 2003

Belgium

Commission de la protection de la vie privée, Le spam en Belgique Etat des lieux en juillet 2003, July 4, 2003

Cyprus

Section 06 of the Regulation of Electronic Communications and Postal Services Law of 2004 (Law 12 (I) / 2004 deals with unsolicited communications (spam)

Czech Republic

Act No. 480/2004 Coll., on Certain Information Society Services

Estonia

Information Society Service Act

France

Falls under the Commission Nationale de l'Informatique et des Libertés (CNIL) [National Data Processing and Liberties Commission], Electronic Mailing and Data Protection (Oct. 14, 1999) (French) CNIL Guidelines on email marketing.

Germany

Art. 7 German Unfair Competition Law (Gesetz gegen Unlauteren Wettbewerb) (UWG)

Art. 202a, 263, 303a, 303b of the German Criminal Code Art. 6 of the German Law regarding Information Society Services Art. 28 Par. 4 of the German Data Protection Act

Italy

Italy's anti-spam laws are very strict. You can even be imprisoned for sending spam. If you're sending to Italian recipients, you'd want to follow these guidelines as well.

Personal Data Protection Code (legislative decree no. 196/2003)

The Code transposed EC Directive 95/46 on the protection of personal data and EC Directive 2002/58 on privacy in electronic communications; it consolidated all Italian pre-existing laws and regulations in this sector.

DL 196/2003 Personal Data Protection Code • DL 675/1996 on privacy protection states, inter alia, that a company must have authorization from each user whose personal data (such as e-mail) they want to use. • DL 171/1998 (deriving from the European Community directive 97/66/CE) on telecommunications privacy protection: this put outlaws all automatic systems to call a user and says that all the expenses of an advertising must be paid by the company and not the user (faxes and e-mails are instead paid also by the user).

DL 185/1999 (deriving from the European Community directive 97/7/CE) on customer protection with respect to long-distance contracts: this obliges companies to seek the permission of the user for virtual or telephone sales.

Netherlands

Article 11.7 of the Dutch Telecommunications Act and Dutch Data Protection Act.

Sweden

Swedish Marketing Act (Swedish Code of Statutes, SFS 1995:450).

Personal Data Act (Swedish Code of Statutes, SFS 1998:204), in so far as spam activities involve processing of personal data.