Sending review request emails is an effective way to generate customer feedback and improve your online reputation. However, email marketing in the United States is governed by strict regulations under the CAN-SPAM Act. Violating these requirements can result in significant fines and legal consequences, even if your intentions are completely legitimate. Understanding and following CAN-SPAM rules is essential for any business requesting reviews via email.
What Is the CAN-SPAM Act?
The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act) is a federal law that sets standards for commercial email messages. Enacted in 2003, the law applies to all commercial email sent to or from addresses within the United States, regardless of where your business is located.
The law is enforced by the Federal Trade Commission (FTC) and other federal and state agencies. It doesn't prohibit commercial email, but it establishes clear rules that senders must follow. These rules apply equally to large corporations and small businesses, so ignorance of the law is not a defense.
CAN-SPAM Requirement One: Honest Subject Lines
Your email subject line must accurately reflect the content of the message. This sounds straightforward, but many businesses push the boundaries here. A subject line like "Check out this exclusive offer" when the email simply requests a review is deceptive and violates CAN-SPAM.
Your subject line should clearly indicate that you're requesting a review. Examples of compliant subject lines include "Please rate your recent experience with us" or "Tell us what you think about your visit." The goal is ensuring that anyone reading the subject line knows they're being asked for feedback without needing to open the email.
CAN-SPAM Requirement Two: Include Your Physical Address
Every marketing email must include a valid physical mailing address. This can be your business address, a post office box, or a private mailbox service. You cannot use just a virtual mail forwarding address without a legitimate physical location.
This requirement exists to verify that legitimate businesses are behind the email. When customers receive your review request email, they should be able to identify your business by its physical address. This is especially important if your business operates online or remotely. Including your address in the email footer or signature block is the standard practice.
CAN-SPAM Requirement Three: Provide an Unsubscribe Option
Your review request email must include a clear, easy way for recipients to unsubscribe from future emails. This is critical. Many business owners incorrectly believe that unsubscribe options reduce their ability to contact customers. In reality, providing an easy unsubscribe mechanism builds trust and demonstrates compliance.
The unsubscribe process must be simple and immediate. Include a link that allows recipients to opt out without having to provide additional information. Your unsubscribe mechanism should be processed within 10 business days. If someone clicks unsubscribe on your review request email, they've indicated they don't want marketing emails from you going forward.
CAN-SPAM Requirement Four: Identify the Email as an Advertisement
If your email is commercial in nature, you must clearly identify it as an advertisement or commercial message. While "review request emails" are technically transactional when they follow a purchase, they're marketing-adjacent and should be clearly labeled.
A simple statement in the subject line like "We'd love your feedback" or at the start of the email body indicating this is a request for customer feedback fulfills this requirement. The key is transparency so readers understand the email's commercial purpose.
CAN-SPAM Requirement Five: Honor Opt-Out Requests Promptly
When someone unsubscribes from your emails, you must honor their request immediately. While you have 10 business days to process the opt-out, industry best practice is to honor requests within 24 hours. Continuing to send emails to people who have unsubscribed is a clear violation.
This is where many businesses get into trouble. They rely on platforms that don't properly sync unsubscribe lists across different systems, or they continue sending emails from different business units without checking the master unsubscribe list. Implement systems to ensure that anyone who opts out remains opted out across all your communications.
Understanding CAN-SPAM Penalties
The penalties for CAN-SPAM violations are severe. The FTC can impose civil fines of up to $51,744 per violation. The term "per violation" is important. If you send 1,000 emails that violate CAN-SPAM, that's potentially 1,000 separate violations, not one violation with 1,000 emails.
Additionally, state attorneys general have the authority to pursue civil penalties and injunctions. Some states have enacted their own email laws with additional requirements. ISPs may also pursue legal action against bulk mailers who violate CAN-SPAM, and individual consumers can file private lawsuits.
The FTC has successfully pursued CAN-SPAM enforcement actions resulting in settlements of millions of dollars. More commonly, businesses receive warning letters and are required to implement compliance measures. However, the precedent is clear: CAN-SPAM violations are taken seriously.
Common CAN-SPAM Mistakes
Forgetting the Unsubscribe Link
This is the most common mistake. Business owners assume that because they're just requesting reviews, they don't need an unsubscribe option. In reality, every commercial email requires one. Make sure your unsubscribe link is visible and functional.
Using Misleading Subject Lines
Subject lines like "Action required" or "Urgent" when you're just asking for a review are deceptive. Keep subject lines honest and descriptive.
Failing to Honor Unsubscribe Requests
If you're managing your own email list, make sure you actually remove unsubscribed addresses from your system. Many small businesses send from spreadsheets and manually delete names, which is error-prone.
Not Including Your Physical Address
Some business owners believe they need to hide their address for privacy. However, CAN-SPAM requires it. Include your legitimate business address in every email.
Ignoring Consent Requirements
While CAN-SPAM doesn't technically require prior consent to send commercial emails, best practice is to only email customers who have interacted with your business or explicitly opted in. Sending unsolicited review requests to purchased email lists violates both CAN-SPAM and anti-spam norms.
Best Practices for Compliant Review Requests
Build Your Email List Naturally
Only email customers you have a legitimate relationship with. Request emails immediately after purchase or service delivery when the customer is most likely to respond and has consented to communication.
Use a Reputable Email Service Provider
Platforms like MyReviewPulse, Mailchimp, ConvertKit, and others have built-in CAN-SPAM compliance features. They automatically include unsubscribe options and manage list hygiene for you.
Make Unsubscribe Easy
Every email should include a clear unsubscribe link in the footer. Make it as easy as possible for people to remove themselves from your list.
Monitor Your Email Performance
Track bounce rates and unsubscribe rates. High bounce rates may indicate you're sending to invalid addresses, which violates CAN-SPAM. Elevated unsubscribe rates might indicate your messaging is off-target.
Document Your Compliance
Keep records showing that you're following CAN-SPAM requirements. Document when you obtained customer emails, what they opted into, and how you've honored unsubscribe requests.
Conclusion: Make Compliance Easy
CAN-SPAM compliance doesn't need to be complicated. By understanding the five core requirements and implementing a system to honor them, you protect your business from legal liability while building trust with your customers. Using a dedicated review management platform like MyReviewPulse ensures that compliance is built-in, allowing you to focus on generating more reviews without worrying about regulatory violations.