The one-click unsubscribe email law (sometimes referred to as the “one-step unsubscribe rule”) is part of CAN-SPAM. The CAN-SPAM unsubscribe rules include that a recipient be able to effectuate their opt-out with a one-click unsubscribe, whether that is by replying to the email or by visiting a single web page. The one-click unsubscribe law is part of our Federal law, and so applies to any and all mailing lists and mailing list email.
CAN-SPAM is the Federal law governing email marketing in the United States, and so the email marketing unsubscribe law, which is part of CAN-SPAM, applies to anyone within the U.S. who sends email marketing or other bulk (i.e. one-to-many) email, and part of that email opt-out law is that senders must provide their recipients with a single-click opt-out method. Here’s what the law actually says:
Text of the One-Click Unsubscribe Email Law
§ 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out.
- Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient’s electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or
(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).
(If you’re a law or policy geek, you may want to read the original source here.)
So let’s tease this apart. First, don’t be distracted by the “Prohibition on charging a fee” in the first part of the title of the section. While of course it’s true that you cannot charge someone a fee to remove them from your mailing list, that’s not what we’re talking about right now and besides, you wouldn’t do that, would you?
The part that we want to focus on for this discussion is the “imposing other requirements on recipients who wish to opt out.” Specifically, the CAN-SPAM Federal law requires that anybody who wishes to be removed from your mailing list be able to do so in one step. That one step can be replying to your email, however in this day and age very few businesses run an email list where someone can opt out by simply replying.
It’s easier to parse if we remove the extraneous parts, which leaves us with no “sender may require that any recipient take… any other steps except sending a reply …or visiting a single Internet Web page.”
Now, no matter how you slice it and dice it, when a subscriber clicks on an unsubscribe link and is confronted with a log in page because they have to log into their account in order to unsubscribe, that violates the “visiting a single Internet Web page” in order to opt out” requirement of the law (hence it being known as the “one-click unsubscribe law”).
The law is very, very clear on this (surprisingly so, given how often law is anything but clear). And yet, many – oh so many – companies are in violation of this part of our Federal email marketing law, even though it’s one of the easiest requirements with which to comply!
So why do so many companies fail to comply with this part of CAN-SPAM? Perhaps it’s because they genuinely don’t know what the law requires. Or perhaps they know what the law requires, but they don’t care because retaining people on their email list is more important to them (how many times have you been confronted with having to log in to unsubscribe, couldn’t remember your password, and decided that you can’t be bothered to do a password reset, and so never finalized your unsubscribe request?)
If you are an email sender reading this, we hope that this has clarified things for you (and we hope that you are already following the law!) If you are an email recipient who is frustrated by a company that is not following the law, you can take out your frustration by reporting them at sp**@uc*.gov. The FTC also advises that:
“If you get an unwanted email, there are two ways to report it.
Forward unwanted or deceptive messages to:
your email provider (like Gmail, Hotmail, or Yahoo). Most email services include buttons to mark messages as junk mail or report spam.
the sender’s email provider, if you can tell who it is. Most web mail providers and ISPs want to cut off spammers who abuse their systems. Again, make sure to include the entire spam email and say that you’re complaining about spam.
You can also report it to the FTC at ReportFraud.ftc.gov.”
(To read our knowledge resource on this topic see A One-Step Unsubscribe is Required by Federal Law.)
Let us help YOU get to the inbox like we've helped these others!
18 Responses
How do I get a company to remove me from the list even after I have unsubscribed? I still continue to get emails after many times going through the process.
Hi Kristy, it can be really frustrating when this happens, and we feel your pain. Unfortunately, while this may mean that the company is violating Federal law, you yourself have no legal recourse (only the FTC or a state attorney general can go after such a company under the CAN-SPAM Federal law). Have you tried calling the company, and/or reaching out to their management through something like LinkedIn, and complaining loudly to them?
Depending what email tool you’re using, you can mark it as spam which will add it to a list of emails you don’t want to receive. as such your email provider should filter those emails from your inbox to a spam folder
A lot of times I will see the infuriating, and I’m sure in many cases disingenuous, message that it will be “24 or so” hours before you are removed from the subscription. Sometimes I have unsubscribed and I am still getting messages from them a week later. Does CAN-SPAM specify any guidelines that addresses how long it takes the vendor to comply? Given the level of automation involved I simply cannot understand how this is not immediate.
However I could imagine a situation where emailings are batched through a cloud provider that they have already scheduled and paid for a job to run. Curious how nuanced the law is.
Hi Andy! You hit the nail on the head: CAN-SPAM allows the sender 10 days to stop emailing you, and in part it is because there might be a situation where the email is already queued up. However, everyone in the receiving industry agrees that 10 days is way too long, and really by now (2022) there is no excuse for not removing and email address immediately; the way most ESPs work is that even if an email is queued up, if you remove the email address of the person who unsubscribed from your list, that queued up email will not go to them.
Hello! Please provide the link to the FTC site to report it!
Hello Aria, there is an email address at the end of the article for reporting it, however we have just updated it for those who want a link.
What about in cases where I unsubscribe and they take me to a page with a “one last chance” to stay subscribed or opt out? Is having to make a selection on this page and confirming again in violation of the one page rule?
Yes, technically it violates the letter of the law, as the law dictates a “one-step” unsubscribe method, and in order to unsubscribe in that scenario you would have to 1. click the link in the email, 2. make a selection on that page, and 3. click submit or some other step. Of course, nobody has ever been hauled into court because of this. Most similar scenarios end up being two steps (click on the link in the email, then the link takes you to a page where you click to confirm); with each additional step that is added and required for someone to effect their opt-out, the organization hosting the mailing list gets further away from compliance with the law.
What addresses the multiple hundreds of spam email that “unsubscribe” doesn’t even function. I get many like that. Or the mass of emails all hawking the same thing with one use email addresses (I suspect) ton of those and NO unsubscribe button on those.
These are typically straight up scam-type spammers. There is no unsubscribe option because there is nothing about them that is legitimate.
CAN SPAM was, for some people at least, was the beginning of their journey of disgust with what is often erroneously called “their government”. CAN SPAM does nothing, because as you noted, *you* may do nothing if they violate the law, and must rely on the government to do so.
Which it will never do.
As such, CAN SPAM is simply an illusion, as it was always meant to be. The government could not care less about you.
I mean, it’s a federal crime to lie to an Insurance Company. It is no crime whatsoever for them to lie to you.
It is a federal crime to lie to a Banking Institution. It is no crime whatsoever for them to lie to you.
It is a federal crime to lie to a Credit Reporting Agency. It is no crime whatsoever for them to lie to you.
It is a federal crime to lie to a Police Officer. It is no crime whatsoever for them to lie to you.
The government could not give a clinging turd about you.
If you SPAM 1 million people, law enforcement actually can and will go after you. If a large corporation does so, law enforcement will do nothing.
The new ruse most companies use is subscribing you to 20 different lists, and requiring you to “opt-out” to each and every one individually.
You know, in case “opt-out” wasn’t a big enough farce already, now no doubt remains.
Now pay your taxes and shut up.
Does the spam email mentioned at the bottom of the article still work? It looks like they may have retired it, but I can’t quite tell.
Hi Sam, the link at the bottom of the page isn’t an email link, it goes to the FTC site.
I keep getting emails like the one below:
no*****@sp.com on behalf of alatus.xxxxxxx (I can’t find the rest of the address – it disappeared)
Quite often they are from some politician or political group. When I try to unsubscribe, my antivirus jumps in and tells me not to – that this email has a virus or something similar attached. So I can’t even unsubscribe, and I continue to get more and more of these emails.
Quite often the politicians ask for money. I am familiar with some of the politicians, and might contribute through their websites, but absolutely not through these emails they send. Are they fake emails, or don’t the politicians know their name is being used, or do they know, and they think it’s ok??? All I know is that I’m tired of getting these, but can’t get rid of them.
Hi Deb! It’s really impossible to know without researching; they could scams, or they could be legitimate but something is triggering your anti-virus software. Either way, if you are unable to unsubscribe your best bet is to report them as spam (click the “this is spam” button in your email program) and to set up a filter in your email program to delete them on sight.
We turned on an “unsubscribe” link as a test on some emails once a couple of years ago and found that some email servers were set to click on unsubscribe links before it reached the intended recipient for them to make a decision about clicking on unsubscribe. The recipient never saw the email. (that they wanted to see). I am guessing this is why companies need to incorporate at least 2 steps, assuming the servers cannot navigate just a small bit of complexity on the landing page before effectively unsubscribing. (?)
Hi Cliff! That would be very unusual, and grounds for complaining to them. Are you able to share which organizations were doing this? That said, a one-click link that goes to a page where one has to click submit to confirm, while perhaps arguably not in keeping with the words of the law, would be very unlikely to ever get anyone in trouble (if only because the FTC has bigger fish to fry).