Anti-Spam Policies are commonly seen with email marketing automation companies that help other companies send bulk marketing emails, such as MailChimp, Mailigen and GetResponse. However, any company that engages in email marketing can benefit from having one.

There are a number of anti-spam laws in effect around the world. While none of them require you to have an Anti-Spam Policy, they do have a number of other important requirements.

By having an Anti-Spam Policy in place, your business can enforce the requirements of the laws when engaging in email marketing.

In other words, anti-spam laws have requirements and your Anti-Spam Policy will let you put these requirements in place at your business, as well.

Anti-Spam Laws

Anti-Spam Laws

Anti-Spam Policies are used mainly to:

  1. Define spam
  2. Discuss acceptable and unacceptable use of the service
  3. Explicitly require opt-in and opt-out methods for email communications
  4. Let clients know what happens if they use the service for spamming
  5. Mention what anti-spam law/s are being complied with
  6. Waive your responsibility for clients who violate anti-spam laws with your service

Anti-Spam Laws can be found globally, from the US and Australia to Finland, France, Israel and beyond. These laws dictate rules and requirements for sending commercial and marketing emails.

Let's take a deeper look at a few of them.



CAN-SPAM is a law from the United States that applies to commercial email messages, which are email messages that promote or advertise a product or service.

Even if you're advertising a free product, you'll still need to comply with CAN-SPAM.

Here's an example email from Authors Publish that's considered to be a commercial message under CAN-SPAM, even though the book is free.

Authors Publish email is commercial email under CAN-SPAM

CAN-SPAM applies to American-based businesses, but can potentially apply to foreign businesses that market heavily to American citizens as well.

To comply with CAN-SPAM, your commercial emails will need to:

  • Have accurate transmission data and non-deceptive subject lines
  • Include a physical address
  • Include a clear way to unsubscribe/opt-out
  • email footer: Company information

You should also make sure you:

  • Get users to opt-in to receiving your emails

While this isn't a specific requirement from CAN-SPAM, it's a requirement of other anti-spam laws, including the one we're about to talk about next. It's a recommended best practice to do this if you send commercial emails to anyone outside of the United States, which you probably do.

Getting an opt-in can be as simple as having a user click a "sign me up" button after voluntarily entering his email address. This shows consent and that the person definitely wants to receive your emails.

Example of email address opt-in form

CASL - Canada

CASL - Canada

CASL is Canada's anti-spam law. It applies to any business or individual that uses email to promote or advertise something to Canadian citizens.

It doesn't matter where your business is operating from. If your EU-based business emails a Canadian citizen with an advertisement email, CASL applies to you.

CASL has three main requirements:

  1. You must get express or implied consent before sending a commercial email to someone.

    Similarly to CAN-SPAM, the best way to accomplish this is by having someone enter an email address and click a box to show she absolutely is consenting to receiving your emails.

  2. Example of Subscribe for More Form at Juliet Fay

  3. Each commercial message must clearly identify the sender and include business contact information.

    Including your business' name and physical address at the bottom of your email is a good way to do this.

  4. Each commercial message must include an unsubscribe method.
  5. Opt-out Link in Amazon Email Campaign

As you can see, CAN-SPAM and CASL are pretty similar in their requirements. This means that if you're complying with one, you're likely going to be in compliance with the other.

While each anti-spam law will vary slightly, the main goal of these laws is to regulate:

  • Opt-in and opt-out requirements - Getting consent before sending emails, and giving recipients a way to opt out at any time
  • Content of emails - Including contact information, unsubscribe links and not using misleading subject lines, for example

Because of this, Anti-Spam Policies tend to cover the same rules and requirements that the laws cover.

Examples of Anti-Spam Policies

Examples of Anti-Spam Policies

Here are examples of some of the most common and important clauses for Anti-Spam Policies.

We're going to cover the 6 categories mentioned above:

  1. Defining spam
  2. Acceptable and unacceptable use of the service
  3. Opt-in and opt-out requirements
  4. What happens if the service is used for spamming
  5. Anti-spam laws
  6. Waiver of responsibility for violating laws

1. Defining Spam

Anti-Spam Policy: Defining spam

Most Anti-Spam Policies start out with a basic definition of what spam is. This helps let readers know exactly what the Policy covers.

Here's an example from Mailigen's Anti-Spam Policy.

Mailigen Anti-Spam Policy: What is Spam? Clause

Here's a shorter and more concise example of this type of clause from GetResponse.

GetResponse Anti-Spam Policy: What is Spam?

2. Acceptable/unacceptable use

Anti-Spam Policy: Acceptable - unacceptable use

This is where you'll put all of the requirements and restrictions for using your service.

The requirements and restrictions come from both legal requirements as well as your own requirements for your users.

There are many different formats for getting this information across. Here are a few ways that companies are doing this.

First, Fuel Cycle has two separate clauses in its Anti-Spam Policy: One for Email Requirements, and one for Email Restrictions.

The Email Requirements clause covers everything from opt-in requirements and unsubscribe links to termination of services. As you'll see later in the article, you can go this route with including everything in one general clause, or you can break this information down into separate clauses for added clarity.

Fuel Cycle Anti-Spam Policy: Email Requirements clause

Fuel Cycle's Email Restrictions clause includes things like not using harvested mailing lists, not collecting email addresses by scanning and not sending messages that include copyright infringement.

Here's an excerpt.

Fuel Cycle Anti-Spam Policy: Email Restrictions clause

As part of your requirements clause, you can include requirements about how emails must be structured in accordance with anti-spam laws.

For example, Zoho's Anti-Spam Policy requires that users don't use misleading subject lines, do include a valid physical postal address in all emails sent through its service, and include a conspicuous notice that the message is an advertisement.

Zoho Anti-Spam Policy email requirements

GetResponse chooses to put some of these requirements under their own headings. This helps them stand out. However, as long as the information is in your Policy, you can structure it however you want.

GetResponse Anti-Spam Policy: Content of Messages and Postal Address clauses

Cakemail's Anti-Spam Policy includes a clause called "Mandatory content" that makes it clear what every email you send using the service must include.

Cakemail Anti-Spam Policy: Mandatory Content clause

3. Opt-in and Opt-Out

Anti-Spam Policy: Opt-in and Opt-Out

Anti-spam laws require that you get some sort of opt in or permission from users before emailing them. You're also required to include an unsubscribe method with every email so users can easily opt out at any time.

Your Anti-Spam Policy needs to address these two points.

You can add them in their own sections, like Flexmail has done in the example below. The "Unsubscriptions" clause states that every email message sent with the service must contain an "unsubscribe" link.

Flexmail Anti-Spam Policy: Unsubscriptions clause

Here's another example of an opt-out clause from Freshmail that's given a creative header to help draw attention to it.

Freshmail Anti-Spam Policy: Unsubscribe requirement

Or, you can include opt-in and opt-out information as part of your general requirements and restrictions as with the all-inclusive Email Requirements clause we looked at from Fuel Cycle.

In Zoho's list of requirements it covers both opting-in or permissions, as well as unsubscribing or opting-out. These two requirements are listed along with all of the others in a general clause.

Zoho Anti-Spam Policy email requirements with Opt-in and Unsubscribe highlighted

4. What happens if the service is used for spamming

Anti-Spam Policy: What happens if the service is used for spamming

The point of your Anti-Spam Policy is to make sure that your users know what they can and cannot do with when it comes to adhering to anti-spam laws.

Let your users know what happens if they violate your Policy and engage in spamming.

Here's an example of a clause from Mailigen's Anti-Spam Policy. It lets clients know that if a Mailigen account is used to send spam, the account will be shut down, no refunds will be given and legal action may be taken.

Mailigen Anti-Spam Policy: If you Spam, what happens?

Zoho takes a simpler approach by putting a sentence in its Anti-Spam Policy intro that simply says, "If we discover that you are sending emails or messages to people without their permission, we reserve the right to terminate your user account."

Zoho Anti-Spam Policy intro maintaining the right to terminate accounts

5. Anti-spam laws

Anti-Spam Policy: Anti-spam laws

While Anti-Spam Policies aren't required by law, the things these Policies require from users are.

Most Anti-Spam Policies will make mention at least briefly of any applicable anti-spam laws that the Policy works to enforce.

For example, GetResponse puts a Legal Requirements clause as its very first section of its Anti-Spam Policy. In this clause, it states that all GetResponse users must comply with specific laws including CAN-SPAM.

GetResponse Anti-Spam Policy: Legal Requirements clause

Swiftpage includes a clause specifically for CAN-SPAM Compliance. This clause explains that because CAN-SPAM requires an opt-out method on every email, Swiftpage's service automatically adds an opt-out link to the footer of every email sent through its service.

Swiftpage Anti-Spam Policy: CAN-SPAM Compliance clause

While it isn't a requirement to provide automatic compliance features, if your service offers any features or functions such as this, you should let your users know about it and what laws it complies with.

Cakemail includes a clause specific to Canada's Anti-Spam Law -- CASL.

Cakemail Anti-Spam Policy: CASL Compliance clause

It also includes a general anti-spam legislation clause. This clause lets users of the service know that it's their responsibility to determine whether they're subject to anti-spam laws and if so, to comply.

Cakemail Anti-Spam Policy: Other Anti-Spam Legislation clause

6. Waiver of Liability

Anti-Spam Policy: Waiver of Liability

One of the most important perks of having an Anti-Spam Policy is that you can use it to limit your liability. When you let your users send emails through your service, you don't want to be held legally responsible for sending those emails if they violate global anti-spam laws.

To protect yourself from being held liable for any spamming your clients may do through your service, include a clause that states you will in no way be held responsible for any anti-spam law violations your clients may commit.

Maybe you noticed that sentence at the end of the last example dealing with anti-spam legislation.

Cakemail Anti-Spam Policy: Other Anti-Spam Legislation clause with liability waiver highlighted

Another way to protect yourself from liability is to include a reference to your Terms of Service, where you'll likely have included a limitation of liability clause.

Here's how Fuel Cycle lets users know at the beginning of its Anti-Spam Policy that its Terms of Service also applies.

Fuel Cycle Anti-Spam Policy: Terms of Service reference

Displaying your Anti-Spam Policy

Displaying your Anti-Spam Policy

After you create your Anti-Spam Policy, you'll need to make it accessible as you do with other important legal agreements, like your Privacy Policy and Terms of Use.

You should provide a link to your Policy in your footer, like FreshMail does. Your users know to look here for important legal agreements, and it will be available from any page of your website.

FreshMail Anti-Spam Policy footer link

You should also include your Anti-Spam Policy in other areas where you place legal agreements.

Here, Fuel Cycle includes its Policy in its Legal section along with a Privacy Policy and its Terms of Service.

Fuel Cycle Anti-Spam Policy link in Legal menu

Anywhere you provide a menu or list of legal agreements, include your Anti-Spam Policy.

Here's how Flexmail includes its Policy along with other agreements that relate to its service.

Flexmail Legal Agreements menu with Anti-Spam Policy highlighted

To summarize:

If your business facilitates email marketing for your clients, you should have an Anti-Spam Policy in place.

Your Anti-Spam Policy should cover requirements from anti-spam laws your business must comply with. While each law will differ depending on your location, a good place to start for general compliance is to include clauses that:

  • Define spam clearly and concisely
  • List requirements and restrictions for emails sent through your service
  • Require your clients to get clear opt-in or permission before sending emails
  • Require your clients to provide an opt-out/unsubscribe method
  • Make it clear what happens if your Policy is violated
  • Make mention of anti-spam laws, specifically or generally
  • Waive your liability for legal violations of your clients

Display your Anti-Spam Policy along with your other legal agreements.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy