In a law rife with grey areas, the CAN-SPAM Act of 2003, one of the greyest is the requirements surrounding the handling of opt-outs, and the related creation of suppression (”do not email”) lists. This is a responsbility which falls squarely on the shoulders of the marketers..er, the postmaster..no, wait, the IT folks. Or is it the CTO?

At issue, among other things, is what exactly are the requirements for the handling of an email address once its owner has requested to be unsubscribed from a particular mailing? It is unclear whether you must remove the email address from all of your mailing lists, or just the one which generated the unsubscribe request. And are you obligated to pass on that request to affiliates whom might otherwise email the user about your product or services (in keeping with the CAN-SPAM requirement that makes it illegal for “any person acting on behalf of the sender to initiate the transmission to the recipient, more than 10 business days after the receipt of such request, of a commercial electronic mail message” and “for any person acting on behalf of the sender to assist in initiating the transmission to the recipient, through the provision or selection of addresses to which the message will be sent, of a commercial electronic mail message”?