Mailing Lists: Covering Your Caboose and Protecting Your Privacy
For an independent author, there is nothing more important than building your fanbase. There are lots of reasons for this, but the most important is that there is no one more likely to buy your next book than someone that already read and loved your last one. That’s why you want to make sure you have a list of as many of those fans as possible so that you can contact them to let them know about your upcoming releases – something you should be doing as part of a regular marketing strategy via your newsletter. But setting up a newsletter means first setting up a list that your readers can join, and while there are plenty of companies that provide mailing list services, there are some important things you need to consider first before you get started. Not only are there legal rules around what you can send and to who, but you probably want to do so in a way that also maintains your own personal privacy.
Being able to directly contact your readers via a mailing list is one of the best ways to market your books, especially since you’re able to choose when, what, and why you communicate. It’s also important for authors to maintain their personal privacy if they wish to, which is a reason why so many wind up using pen names and mailing addresses that don’t match their residences. Due to federal postal regulations and privacy laws, being able to contact your readers while maintaining your privacy can get a little confusing. Hopefully this post will help shed some light on a couple of the most common questions that get asked, but you’re more than welcome to leave more questions in the comments.
Just a few caveats before we get started, though. First, nothing in this post should be viewed as legal advice. It’s always a wise idea to cover your caboose as much as possible, and sometimes to do that requires you to sit down with a legal professional in your particular jurisdiction. Second, your USPS mileage may vary when it comes to the forms and regulations mentioned below. The letter of the law has changed quite a bit due to Homeland Security regulations and protocols, and while getting your paperwork in order shouldn’t be difficult, some people you might deal with might make it difficult. But more on that a little later. Third, this post focuses more on author privacy than on reader privacy, so there won’t be any discussion about the EU’s GDPR (General Data Protection Regulation). GDPR compliance is definitely an important factor to consider though, and most service providers (MailChimp, MailerLite, etc) will likely already have solutions in place.
All mailing list providers in the US are required to comply with the CAN-SPAM (Controlling the Assault of Non-Solicited Pornography And Marketing) Act of 2003. The act basically sets standards for commercial email, and empowers the FTC with enforcement. Among the standards that commercial (meaning the email we send to our readers) mail has to comply with are that we have to provide a legitimate physical address.
Can a PO box or virtual PO Box be used as a physical address?
Fortunately for us, the FTC specifically allows PO boxes and CMRA (commercial mail receiving agencies, like VPOs) to be used in lieu of a residential address as a part of a revision published in 2008:
“Accordingly, the Commission adopts final Rule 316.2(p), which provides that a ‘valid physical postal address’ means the sender’s current street address, a Post Office box the sender has accurately registered with the United States Postal Service, or a private mailbox the sender has accurately registered with a commercial mail receiving agency that is established pursuant to United States Postal Service regulations.”
A PO box is relatively simple to set up, and are available in almost all post offices and even in the storefront locations of some shipping services (like UPS). All will require your personal information, but any paperwork you fill out is not part of the public record. Here’s a list of identification that the USPS will and won’t accept.
Virtual PO boxes are just like regular PO boxes and they’re regulated very much the same way, at least in the US. That means that you can use a virtual PO box as a physical address because most (if not all) US-based VPO providers comply with USPS regulations and require a form 1583. You give your actual personal information (including your home address) on this form and must provide two forms of identification:
“Acceptable identification includes: valid driver’s license or state non-driver’s identification card; armed forces, government, university, or recognized corporate identification card; passport, alien registration card or certificate of naturalization; current lease, mortgage or Deed of Trust; voter or vehicle registration card; or a home or vehicle insurance policy.”
Many VPO and VO (virtual office) providers take things a step further in their TOS and require that your home address be listed on at least one of the IDs, and that it matches the address on the 1583. So basically, as long as the VPO you’re using is compliant with USPS regulations and all of your paperwork is in order, you’re safe. And you’ll get a handy “physical address” you can use to stay compliant with both CAN-SPAM and the TOS of all major mailing list players. The information on the 1583 is not publicly available.
Do not use a VPO or VO service that does not require the 1583, regardless of the price. The address they provide will be absolutely worthless.
Another thing to keep in mind as well if you intend to receive physical mail as your pen name at your PO box or VPO box: it’s possible that your jurisdiction will require a DBA for the mail receiver. Also, it’s possible to meet with an agent who is a stickler for the rules, and who will require that your pen name be listed as a mail receiver (along with the two forms of ID which I’m sure we all have for our pseudonyms) or they’ll reject your mail. If you don’t plan to receive physical mail, it’s not really an issue. The agent may also let it slide if you explain that the name is just a pseudonym for yourself.
What if I’m from another country? Do I have to comply with CAN-SPAM?
Generally speaking, if you do business with companies or individuals in the US, yes you do. Mailchimp for example makes it very clear right in their TOS that all users must comply with the US CAN-SPAM Act. And that’s in addition to laws in your home country. Some of them have punishments for non-compliance that are much scarier than fines, so do your due diligence and consult a legal professional in your jurisdiction.
Sure, the risks associated with CAN-SPAM non-compliance might be slight (and clearly not everyone cares since I don’t know about you, but I still get a mountain of spam), but it’s always best to be no risk instead of low risk whenever possible. As always, if you have any comments or questions, I’d be happy to hear from you. Happy marketing!