Spam is serious business. So serious, in fact, that it sometimes results in expensive lawsuits. If you’re a MailChimp customer, chances are you already know this. But maybe you recently started an email-marketing project for a client—or, worse, your boss—who told you, “Look, we’re not spammers here, so we don’t have to worry about those CAN-SPAM laws.” Next time, you can hand them this guide. Or maybe just print it out and quietly put it on their desk. Your secret’s safe with us.

Obviously, you should never, ever send emails to a purchased list . You should also never dump your address book into your email-subscriber list. This is all common sense. But there are subtle mistakes that can get you into trouble as well. Whether it’s simple, human forgetfulness that caused you to leave out a physical mailing address in your email footer or the innocent misuse of the word “free” in a subject line, it’s easier than you might think to get pulled over by a spam cop. This guide runs through some big brands who’ve had to pay huge settlements to the FTC for seemingly harmless mistakes. Read it, pass it on, and stay out of trouble.

Rules and Regulations

Sending email marketing comes along with quite a few guidelines and laws. They’re often complicated, and they frequently change. Stay on top of these rules and regulations, and consult a lawyer if you’re ever in doubt.

Understand CAN-SPAM

The CAN-SPAM act is the best place to start. Understanding the rules laid out in this landmark act of 2003 is the essential first step to sending a clean campaign. Consult your lawyer. Consult your physician before you consult your lawyer. Consult whoever it takes. Just learn these rules, because they are the basis on which you can get sued.

ISPs have rules, too

Unfortunately, the rules don’t stop at CAN-SPAM. If you send bulk email, even if its permission-based, to recipients who have email accounts at major ISPs, you need to abide by the ISPs’ rules too. You can usually find them at their postmaster pages. For example, postmaster.yahoo.com.

Know where your email is going

Many countries have different spam laws, which means that, even if you’re sending from the United States, if your email goes to Europe, Canada, the United Kingdom, or Australia, then you have to abide by different regulations. Even sending to and from certain U.S. states (*cough* California *cough*) entails different rules. The bottom line is that if you’re sending to or from these territories, you should make sure you know their specific rules or consult with a lawyer who knows them.

A Few Notable Spam Lawsuits

“C’mon, it’s just an email. What’s the worst that can happen?” Actually, you’d be surprised. Below is a list of email-related lawsuits that have made headlines in recent years, and what you, as a MailChimp customer, can learn from them.

Simple, innocent mistakes can be costly

Lawsuit: Kodak Imaging Network, $32,000

“The Federal Trade Commission has charged two internet marketers with violating the CAN-SPAM Act by failing to offer an opt-out method or honor consumers’ right to opt out of receiving future marketing mailings within 10 days of making the request. One marketer also failed to include a valid physical postal address, which also is required by the CAN-SPAM Act.”

Takeaway: It’s been said that the Kodak incident was an accident, where someone mistakenly sent a campaign before it was complete with unsubscribe links and postal address. Simple, innocent mistakes can be costly

Links are safer than “Reply To” unsubscribes

Lawsuit: YesMail, $50,000

“The FTC’s complaint alleges that Yesmail’s spam filtering software filtered out certain ‘reply to’ unsubscribe requests from recipients as ‘spam,’ which resulted in Yesmail failing to honor unsubscribe requests by sending thousands of commercial email messages to recipients more than 10 business days after their requests.”

Takeaway: Using the “reply-to us and we’ll remove you” method is legal, but if those replies get accidentally deleted by your company’s spam filter, you could get sued. Have you ever seen a legit email get flagged by your company’s spam filter? It happens all the time. Safer to use a link that instantly removes people from your list.

Creative subject lines can be deceptive

Lawsuit: Jumpstart, $900,000

“’These defendants intentionally used personal messages as a cover-up for commercial messages,’ said Lydia Parnes, Director of the FTC’s Bureau of Consumer Protection. ‘Deceptive subject lines and headers not only violate the CAN-SPAM Act, but also consumer trust.’”

Takeaway: In your effort to “get the sale” and make people open your emails, it’s important to not get overly creative with your subject lines to the point of deception.

Your third parties are your responsibility

Lawsuit: Optin Global, $475,00

“In April 2005, the FTC and the Attorney General of California charged that the defendants used third-party affiliates or ‘button pushers’ to send spam hawking mortgage loans and other products and services.”

Takeaway: Do you use third party affiliate marketers to sell your product? Do you closely monitor how they send and collect email addresses?

Free can be expensive

Lawsuit: ValueClick, $2.9 million

“According to the FTC, ValueClick subsidiary Hi-Speed Media used deceptive emails, banner ads, and pop-ups to drive consumers to its Web sites. The emails and online ads claimed that consumers were eligible for ‘free’ gifts, including laptops, iPods, and high-value gift cards…”

Takeaway: Nothing sells like free. But are there any catches to your offer? If so, using “free” in your subject line might be seen as deceptive.

Correctly identify yourself

Lawsuit: Balsam v. Trancos, Inc., $87,000

Trancos sent out several email campaigns identifying the sender in the from line as various nonexistent organizations, including “Paid Survey, Your Business, Christian Dating, Your Promotion, Bank Wire Transfer Available, Dating Generic, and Join Elite.” The court held that “header information in a commercial e-mail is falsified or misrepresented for purposes of [California Law] when it uses a sender domain name that neither identifies the actual sender on its face nor is readily traceable to the sender using a publicly available online database such as WHOIS.” The court awarded the individual plaintiff $7,000 in damages and more than $80,000 in attorney fees.

Takeaway: It’s not just federal law you have to worry about. You also need to comply with state laws. Creativity is great for campaigns but a bad idea for the From field or really any part of the header.

The boss isn't always right

Inet Ventures Pty Ltd., $15.15 million

The FTC said that individual officers of a company can be liable if they participate directly in the spamming or if they knew or should have known about the deceptive practices. “The FTC charged that, using the 'Canadian Healthcare' brand name and other labels, the defendants’ spam messages deceptively marketed a male-enhancement pill, prescription drugs, and a weight-loss pill in violation of federal law. They falsely claimed that the medications came from a U.S.-licensed pharmacy that dispenses FDA-approved generic versions of drugs such as Levitra, Avodart, Cialis, Propecia, Viagra, Lipitor, Celebrex, and Zoloft. In fact, the defendants do not operate a U.S.-licensed pharmacy, and the drugs they sold were shipped from India, had not been approved by the FDA, and were potentially unsafe.”

Takeaway: Just because your boss says it’s ok, does not mean it's ok. If something seems like it could be deceptive, speak up and stop participating.

CAN-SPAM can't be skimmed

ATM Global Systems, Inc., $442,900 (2008)

Emails contained false originating email addresses, failed to include clear and conspicuous notification to recipients of their ability to unsubscribe, and did not include a valid physical postal address.

Sili Neutraceuticals, LLC, $2.5 million

“Judge Coar found that the defendants violated the FTC Act by falsely claiming that the hoodia products cause rapid and substantial and permanent weight loss, and that the HGH products contain human growth hormone and/or cause a clinically meaningful increase in growth hormone levels and/or will turn back or reverse the aging process. The CAN-SPAM Act violations were sending commercial e-mail messages that have misleading subject headings, and that fail to provide clear and conspicuous notice of the opportunity to decline to receive further spam from the sender, and/or a functioning return e-mail address, and the senders’ valid physical postal address.”

Takeaway: Each of CAN-SPAM’s requirements are there for a reason. Leaving out any of them opens you up to liability. Luckily, the requirements are pretty easy: Always have a working unsubscribe link, a valid address, and accurate information in your header.