> Really? Does it specific that the user dodoesn’t have to be logged in to the
> site?
>
> Do you have the law handy, I'd like to add it to some boilerplate.
It was part of the FTC's 2008 update to CAN-SPAM, using their rulemaking
authority, so it's not directly in the text of the original CAN-SPAM (which was
brought online in 2003). What the FTC said in that update in 2008 is:
"an e-mail recipient cannot be required to pay a fee, provide information other
than his or her e-mail address and opt-out preferences, or take any steps other
than sending a reply e-mail message or visiting a single Internet Web page to
opt out of receiving future e-mail from a sender."
It's this:
"or take any steps other than sending a reply e-mail message or visiting a
single Internet Web page to opt out of receiving future e-mail from a sender"
that creates the one-step rule.
Having to visit a page, and then enter a password, and then opt-out is 3 steps.
The somewhat plain English explanation of this and the other new 2008
rules/clarifications is here:
https://www.ftc.gov/news-events/press-releases/2008/05/ftc-approves-new-rule-provision-under-can-spam-act
The more in-depth version is here:
https://www.ftc.gov/sites/default/files/documents/federal_register_notices/definitions-and-implementation-under-can-spam-act-16-cfr-part-316/080521canspamact.pdf
Anne
--
Anne P. Mitchell, Esq.
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Former Counsel: Mail Abuse Prevention System (MAPS)
