[hammock]

>If you do use a web link for unsubscribe, the form can't require the user to enter any information beyond their email address.

I don't get that from my reading of the actual law or FTC guidance. Can you explain how you came to your conclusion?

Full text of CAN-SPAM: http://www.gpo.gov/fdsys/pkg/BILLS-108s877enr/pdf/BILLS-108s...

[eli]

It's actually surprisingly difficult to find original, authoritative sources on what the law requires. You linked to the full text of the bill Congress passed, but that left all the implementation details up to the FTC. The rule I'm talking about was not in the original bill or in the original set of FTC rules, but was added later by the FTC in 2008.

From 16 CFR 316.5:

  > Neither a sender nor any person act-
  > ing on behalf of a sender may require 
  > that any recipient pay any fee, provide 
  > any information other than the recipi-
  > ent’s electronic mail address and opt- 
  > out preferences, or take any other 
  > steps except sending a reply electronic 
  > mail message or visiting a single Inter-
  > net Web page, in order to [...]

And you can view that from here: http://www.gpo.gov/fdsys/granule/CFR-2011-title16-vol1/CFR-2...

(The FTC also mentions it in their guidance for businesses: https://www.ftc.gov/tips-advice/business-center/guidance/can... under bullet #6)