EDU Compliance for Email Marketing

(As originally published in Career Education Review)

Email marketing is an important strategy to maximize your marketing ROI. Unfortunately, many schools don’t adequately monitor authorized and unauthorized email traffic. IntegriShield hosted a recent compliance webinar with guest speaker Adam Schimsa of LashBack. Our conversation explored regulations and best practices surrounding email marketing.

In a recent webinar survey, only 29% of respondents reported feeling very confident that their organization and its affiliates are following CAN-SPAM regulations. While there are plenty of ways to run into fines and litigation for compliance violations, this article will explore the important layers of email compliance that can help protect your brand and bottom line – plus we’ll share other elements to monitor.

What is CAN-SPAM?

The CAN-SPAM Act of 2003 outlines rules for commercial email, establishes requirements for commercial messages, and gives recipients the right to have you stop emailing them. What it does not do is require prior express consent. This makes email an extremely viable option for marketers who did not receive consent for text or calling. If your school’s email marketing campaign violates CAN-SPAM regulation it could quickly add up to costly fines.

Basic requirements:

  1. Don’t use false or misleading header information. Identify the person or business who initiated the message.
  2. Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message.
  3. Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
  4. Tell recipients where you’re located. Your message must include your valid physical postal address.
  5. Tell recipients how to opt-out of receiving future email from you. Again be clear and conspicuous on how the recipient can unsubscribe from your emails.
  6. Honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process requests for at least 30 days after you send your message. You must honor a recipient’s opt-out request within 10 business days.
  7. Monitor what others are doing on your behalf. The advertiser is responsible.

Regulations, Obligations, and Common Misconceptions

The Federal Trade Commission (FTC) says you can’t contract away your legal responsibility to comply with the law. So any agreements you have with third parties will not protect you, even if you don’t know what those third parties are doing. Penalties for FTC violations could cost you up to $16,000 for each email.

Many schools that use lead generators tend to think of these as domains where they have a branded page or directory listing. They don’t often consider how the lead was generated on the back-end. Unless the affiliate you are working with does not use email, you probably average about 10 email publishers working with each of your affiliates. Some have more or less and there are always those who generate strictly through organic or paid search advertising. It should be a question you ask during the vetting process.

There are several misconceptions that schools have about email. Many don’t believe they are using much email marketing to be at risk mainly because they are not shown or seeded on the emails that contain their brand. But the odds are you are probably using more than you think, and putting yourself at risk of more exposure than you may be aware. For example, if you’re running a traditional lead generation program with an affiliate and are delivered a genuine, quality lead that is interested in attending your school, he or she may have been driven to the initial lead form by a deceptive brand email generated by one of the affiliate’s publishers. In this case, there is legitimate exposure for the advertiser, the lead generator and all parties in-between.

On the other hand, many schools believe they are protected because they only use trusted partners and practice seeding, which eliminates their concerns. While seeding is important and necessary, it’s important to note your visibility is eliminated once that seed is deleted and you can’t monitor what you can’t see. It’s not worth the risk to rely on assurances.

Regulations to consider when sending email:

  1. CAN-SPAM Basics
    • Content Compliance
    • Unsubscribe Compliance
    • Sending and Data Compliance
  2. California Business & Professions Code
  3. Other State-Based Regulation
  4. Canada’s Anti-Spam Legislation
  5. EDU Standards and Best Practices
    • GE statements
  6. Corporate Policy/Specific Advertiser Requirements
  7. Obligation to Monitor Your Partners

Reasons to Love Email

There are several reasons email marketing should be making a come-back in your school’s marketing program. Year-after-year email has dominated the top spot for marketers in terms of median ROI and usage. According to McKinsey & Company, 91% of all US consumers still use email daily and email prompts purchases at a rate that is at least three times higher than social media.

No required prior consent is another benefit mentioned previously, but remember to keep your unsubscribe list up-to-date.

Common Pitfalls and How to Avoid Them

When marketers are found in violation of CAN-SPAM law, the following are issues that appear frequently in these SPAM cases:

  1. Misused “from” domains, which include third-party domains like prohibit spamming
  2. Misleading friendly “froms”, don’t use generic or misleading friendly from lines such as “Approval Department”
  3. Proxy-registered “from” domains, brands can’t use not-readily-traceable domain names
  4. Misleading subject lines, don’t use subject lines like “Approved” or “Your request has been accepted”

Remember to always consult your legal counsel for advice on how to protect your brand from compliance missteps. The following are common sense steps from non-lawyers.

Do not allow the use of major email provider “from” domains. Misleading subject lines – such as “Approved” or “Your request has been accepted”— are among the most common claims, closely followed by friendly “from” issues. At a minimum do not allow the use of the most egregious, frequently cited terms. Do not allow the use of proxy-registered domains because they are easily identified and addressed.

Compliance vs. Delivery Performance

According to LashBack data, analyzing more than 200 million email messages, the following chart illustrates trends and observations on email quality.

Messages with no compliance issues are 12% more likely to reach the inbox than those with at least one; emails with three or more issues are 34% less likely. Clean, relevant content gets delivered. This may be a shift in mentality for many tenured publishers. In fact, LashBack cites messages that are only missing a postal address makes your content 59% less likely to reach the inbox.

Take a look at the different violation subsets and observations on how often they occur among email marketers.

For Higher Education marketers, the data provided by LashBack in our recent webinar should be enlightening as to how much email is really being successfully delivered in the EDU sector – compared to other industries such as auto, loan, etc. Education messages ranked second by inbox percentage, meaning emails containing the keyword “education” experienced 74% delivery to recipient inboxes. Dating made up the greatest number of messages sent, but not necessarily delivered while Health led with the greatest number reaching the inbox.

  1. Across LashBack’s data since August 2016, mail being delivered to the inbox of Gmail users averaged 31% as compared to 56% for Yahoo and 53% for all other email providers.
  2. Looking at delivery, since August 2016, based on 6 keywords:

Can We Really Monitor?

Yes, we can. Monitoring email requires access to millions of emails daily across numerous internet and email service providers. Outsourcing is really the only way to go. An email monitoring company would have access to pull these emails into a database and filter in various ways allowing you to see what consumers are receiving from your brand. From there you would need to identify violations and research to identify the publisher who sent the email. To make your email monitoring process most effective, look for a vendor that has access to the most email service providers.

Most emails will link out to domains, such as landing pages or other lead gen sites. Publishers often exclude their name on an email which makes it challenging to identify who sent the communication. If you are already monitoring the web through a compliance monitoring company, they should be able to help you tie the publisher back to the affiliate. The benefit to this is not only speedy remediation, but it also gives you insight into your affiliate networks and their publishers.


Email marketing is an important strategy to maximize your marketing ROI. Fortunately, advertisers are becoming more aware of the risk involved with the use of third-party affiliates and publishers. Affiliates themselves are becoming increasingly persistent in their efforts to curb bad actors in their own networks. With businesses’ self-regulation efforts increasing, some marketers are just now getting a glimpse at the infringement and brand violations that exist.

The good news is there are tools to mitigate your exposure and risk, better manage your brand and reduce compliance costs by automating monitoring and remediation. As advertisers, we work hard to build brands. Driving a higher standard, for not only your proprietary marketing, but also for your third-party marketers is crucial to maintaining a positive brand image.

Hopefully you’ve gained new insight to help you better monitor authorized and unauthorized email traffic. As you work to implement more compliance email marketing practices it’s important to keep an eye on other channels that could be putting your brand at risk. Compliance and policy risks are manageable. Practicing a closed-loop compliance process will help protect your brand and bottom line. The information provided does not constitute legal advice. Contact your attorney for more information on the topics presented.

Source: IntegriShield and LashBack (Producer). (2017). Are you ready for a costly lawsuit? Compliance for Email Marketing [Video Webinar]

Get the Latest Updates

For compliance news and updates direct to your inbox, please subscribe here.

Newsletter and Updates