2004 B2C CAN-SPAM Compliance Audit ByArialSoftware(www.ArialSoftware.com) Duringthefirstsixmonthsof2004,ArialSoftwaresecretlyauditedthefederalCAN-SPAMActcomplianceof1,057organizationswithaprominentonlinepresenceincludingmanyFortune500companiesandvariouspopularInternetfirms.Thiswasaccomplishedbysubscribingtotheemailnewslettersandsubscriptionofferingsofeachorganizationusingauniqueemailaddress,thentrackingtheiractualemailpracticesandnotingvariousprivacyandCAN-SPAMcomplianceattributes. Theresultsofthisstudyarerevealedinthisreport,whichrepresentsthemostcomprehensivebusiness-to-consumer(B2C)CAN-SPAMcomplianceauditeverconducted. Note:Thisreportmaybeposted,quotedordistributedaslongascreditisgiventoArialSoftwareandahyperlinkisplacedtowww.ArialSoftware.com.(Seethereprintguidelinesattheendofthisreportformoredetails.) 66% of Online Businesses Violate CAN-SPAM, But Few Send Spam Themostrelevantfindingofthisstudyisthatonlyone-thirdofonlinebusinessessendemailsthatareCAN-SPAMcompliant.Theothertwo-thirdsremaininviolationofCAN-SPAM,primarilybyfailingtoincludeunsubscribelinks(51%)andfailingtoclearlyidentifythesourceoftheemail(45%).Notethatthereisoverlapinthesetwofiguresasmanyorganizationsfailonbothcounts. Thislevelofnoncomplianceseemssurprising,giventhewidespreadpublicityofCAN-SPAMandtheeaseofbecomingcompliant.Somepossiblereasonsforthiswidespreadnoncompliancearediscussedinthisreport. Onthepositiveside,eventhoughthesebusinessesarenotincompliancewithCAN-SPAM, theyalmostneverengageinspamming.Onlythreeorganizationsoutof1,057engagedinemailbehaviorthatmostpeoplewouldconsiderspamming(highvolumecommercialemailsandanunsubscribefunctionthatdidn’twork),meaningthat99.6%ofonlineorganizationsdon’tspam,evenwhentheyaren’tCAN-SPAMcompliant. Or,putanotherway,compliancewithCAN-SPAMhasverylittlecorrelationwithwhetherornotanorganizationactuallysendsspamemails,aconclusionthatwillnodoubtsupportthecriticsofCAN-SPAM.
Figure 1. CAN-SPAM Compliant Email Only one-third of online businesses send emails that are CAN-SPAM compliant. The other two-thirds remain in violation of CAN-SPAM, primarily by failing to include unsubscribe links and failing to clearly identify the source of the email.