Skip to main content

Just because consumers sign up for a membership or subscription doesn’t mean they sign up to get unwanted marketing email. A proposed $650,000 settlement with Experian Consumer Services just filed on the FTC’s behalf by the Department of Justice reminds businesses that they can’t “unsubscribe” from their legal obligations under the CAN-SPAM Act.

Under the Fair Credit Reporting Act, consumers have a right to place a free security freeze on their credit report or lift it once it’s in place. Experian Consumer Services, which shares a parent company with the credit bureau Experian, requires consumers who want to manage their Experian credit report information online – for example, to freeze or unfreeze their report – to create an online membership account using an email address.

According to the FTC, once consumers signed up for a free membership account with Experian, the defendant sent them multiple emails that used phrases like this to describe why it was contacting them: “This email was sent because it contains important information about your account” and “This is not a marketing email – you’re receiving this message to notify you of a recent change to your account.”

That’s what the company claimed, but a closer look at the emails included in the complaint reveals that the messages weren’t providing consumers with “important information” about their accounts. Rather, the FTC says the defendant sent those emails to promote credit card offers, products to improve consumers’ credit scores, discounts on auto-related services, and upsells for various Experian products – content the complaint alleges was decidedly commercial in nature. Put in the plainest terms, they were sales pitches. 

The purpose of those messages is of critical importance under the CAN-SPAM Act. In the statute, Congress defined “commercial electronic mail message” as email “the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.” And if the message meets that definition – which the FTC alleges the defendant’s emails most certainly did – the law requires companies to take certain steps to protect consumers from receiving unwanted marketing messages in the future. And that, says the FTC, is where the defendant opted out of its legal obligations.

Take a closer look at the promotions included in the complaint to see what we mean. The emails featured bright colors, eye-catching graphics, and promises of “insurance savings” and a “fabulous, newly boosted FICO score.” But according to the complaint, there were two glaring omissions in those Experian messages: “[T]he emails do not provide notice of consumers’ ability to opt out of receiving further promotional messages or a mechanism for doing so.” In other words, the defendant didn’t include the opt-out information and the “unsubscribe” link, both required by the CAN-SPAM Act.

What’s more, the defendant allegedly set up a roadblock to stop consumers who didn’t want to receive further marketing messages. The emails told consumers. “You can update some alerts and communications preferences any time on your . . . profile, but you’ll continue to receive notifications like this one on the status of your account.” In effect, the defendant conveyed to consumers that even if they wanted to opt out, tough luck. They would continue to receive sales pitches masquerading as messages about “the status of your account.”

CAN-SPAM Compliance Guide for Business


The proposed settlement includes a $650,000 civil penalty for CAN-SPAM Act violations and injunctive provisions to change the defendant’s practices in the future.

Now is a good time to take a closer look at your company’s email practices. Do they line up with the FTC’s updated publication, CAN-SPAM Act: A Compliance Guide for Business? In addition, consider these takeaways.

The CAN-SPAM Act applies even if your business operates on a subscription or membership model. Are you under the impression that your CAN-SPAM obligations go out the window once people sign up as “subscribers” or “members”? Wrong. Your customers retain their legal protections under the law regardless of their status as subscribers or members. That means your marketing emails: 1) must clearly tell consumers they can opt out of getting those messages from you in the future; and 2) must include an unsubscribe link that works.

Don’t be too quick to categorize your emails as “transactional or relationship” messages. The CAN-SPAM Act’s definition of “commercial electronic mail message” doesn’t include a “transactional or relationship message,” but don’t click that send button just yet. As the statute and Section 316.3 of the FTC’s CAN-SPAM Rule make clear, the definition of that term is specific and narrow. And simply having a relationship with a consumer as a subscriber or member doesn’t transform a marketing message –  an email with the primary purpose of an promoting a commercial good or service – into a “relationship” message.

Read the revised CAN-SPAM Act: A Compliance Guide for Business for updated guidance.

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

Kristin B Carroll
August 16, 2023

Thank You

More from the Business Blog

Get Business Blog updates