The one-click unsubscribe email law (sometimes referred to as the “one-step unsubscribe rule”) is part of CAN-SPAM. The CAN-SPAM unsubscribe rules include that a recipient be able to effectuate their opt-out with a one-click unsubscribe, whether that is by replying to the email or by visiting a single web page. The one-click unsubscribe law is part of our Federal law, and so applies to any and all mailing lists and mailing list email.
CAN-SPAM is the Federal law governing email marketing in the United States, and so the email marketing unsubscribe law, which is part of CAN-SPAM, applies to anyone within the U.S. who sends email marketing or other bulk (i.e. one-to-many) email, and part of that email opt-out law is that senders must provide their recipients with a single-click opt-out method. Here’s what the law actually says:
Text of the One-Click Unsubscribe Email Law
§ 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out.
- Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient’s electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or
(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).
(If you’re a law or policy geek, you may want to read the original source here.)
So let’s tease this apart. First, don’t be distracted by the “Prohibition on charging a fee” in the first part of the title of the section. While of course it’s true that you cannot charge someone a fee to remove them from your mailing list, that’s not what we’re talking about right now and besides, you wouldn’t do that, would you?
The part that we want to focus on for this discussion is the “imposing other requirements on recipients who wish to opt out.” Specifically, the CAN-SPAM Federal law requires that anybody who wishes to be removed from your mailing list be able to do so in one step. That one step can be replying to your email, however in this day and age very few businesses run an email list where someone can opt out by simply replying.
It’s easier to parse if we remove the extraneous parts, which leaves us with no “sender may require that any recipient take… any other steps except sending a reply …or visiting a single Internet Web page.”
Now, no matter how you slice it and dice it, when a subscriber clicks on an unsubscribe link and is confronted with a log in page because they have to log into their account in order to unsubscribe, that violates the “visiting a single Internet Web page” in order to opt out” requirement of the law (hence it being known as the “one-click unsubscribe law”).
The law is very, very clear on this (surprisingly so, given how often law is anything but clear). And yet, many – oh so many – companies are in violation of this part of our Federal email marketing law, even though it’s one of the easiest requirements with which to comply!
So why do so many companies fail to comply with this part of CAN-SPAM? Perhaps it’s because they genuinely don’t know what the law requires. Or perhaps they know what the law requires, but they don’t care because retaining people on their email list is more important to them (how many times have you been confronted with having to log in to unsubscribe, couldn’t remember your password, and decided that you can’t be bothered to do a password reset, and so never finalized your unsubscribe request?)
If you are an email sender reading this, we hope that this has clarified things for you (and we hope that you are already following the law!) If you are an email recipient who is frustrated by a company that is not following the law, you can take out your frustration by reporting them at sp**@uc*.gov. The FTC also advises that:
“If you get an unwanted email, there are two ways to report it.
Forward unwanted or deceptive messages to:
your email provider (like Gmail, Hotmail, or Yahoo). Most email services include buttons to mark messages as junk mail or report spam.
the sender’s email provider, if you can tell who it is. Most web mail providers and ISPs want to cut off spammers who abuse their systems. Again, make sure to include the entire spam email and say that you’re complaining about spam.
You can also report it to the FTC at ReportFraud.ftc.gov.”
(To read our knowledge resource on this topic see A One-Step Unsubscribe is Required by Federal Law.)
How do I get a company to remove me from the list even after I have unsubscribed? I still continue to get emails after many times going through the process.
Hi Kristy, it can be really frustrating when this happens, and we feel your pain. Unfortunately, while this may mean that the company is violating Federal law, you yourself have no legal recourse (only the FTC or a state attorney general can go after such a company under the CAN-SPAM Federal law). Have you tried calling the company, and/or reaching out to their management through something like LinkedIn, and complaining loudly to them?
Depending what email tool you’re using, you can mark it as spam which will add it to a list of emails you don’t want to receive. as such your email provider should filter those emails from your inbox to a spam folder
A lot of times I will see the infuriating, and I’m sure in many cases disingenuous, message that it will be “24 or so” hours before you are removed from the subscription. Sometimes I have unsubscribed and I am still getting messages from them a week later. Does CAN-SPAM specify any guidelines that addresses how long it takes the vendor to comply? Given the level of automation involved I simply cannot understand how this is not immediate.
However I could imagine a situation where emailings are batched through a cloud provider that they have already scheduled and paid for a job to run. Curious how nuanced the law is.
Hi Andy! You hit the nail on the head: CAN-SPAM allows the sender 10 days to stop emailing you, and in part it is because there might be a situation where the email is already queued up. However, everyone in the receiving industry agrees that 10 days is way too long, and really by now (2022) there is no excuse for not removing and email address immediately; the way most ESPs work is that even if an email is queued up, if you remove the email address of the person who unsubscribed from your list, that queued up email will not go to them.
Hello! Please provide the link to the FTC site to report it!
Hello Aria, there is an email address at the end of the article for reporting it, however we have just updated it for those who want a link.
What about in cases where I unsubscribe and they take me to a page with a “one last chance” to stay subscribed or opt out? Is having to make a selection on this page and confirming again in violation of the one page rule?
Yes, technically it violates the letter of the law, as the law dictates a “one-step” unsubscribe method, and in order to unsubscribe in that scenario you would have to 1. click the link in the email, 2. make a selection on that page, and 3. click submit or some other step. Of course, nobody has ever been hauled into court because of this. Most similar scenarios end up being two steps (click on the link in the email, then the link takes you to a page where you click to confirm); with each additional step that is added and required for someone to effect their opt-out, the organization hosting the mailing list gets further away from compliance with the law.
What addresses the multiple hundreds of spam email that “unsubscribe” doesn’t even function. I get many like that. Or the mass of emails all hawking the same thing with one use email addresses (I suspect) ton of those and NO unsubscribe button on those.
These are typically straight up scam-type spammers. There is no unsubscribe option because there is nothing about them that is legitimate.