CAN-SPAM Act

What is the CAN-SPAM Act?

The CAN-SPAM Act is the primary law governing commercial email in the United States. Enacted in 2003 and enforced by the Federal Trade Commission (FTC), it sets rules for commercial messages, gives recipients the right to stop unwanted emails, and spells out penalties for violations. Despite its name suggesting it targets only spam, the law actually permits unsolicited commercial email while regulating how it must be sent.

For email marketers and sales professionals, understanding CAN-SPAM is essential. Violations can result in penalties of up to $50,120 per non-compliant email. For a campaign sending 10,000 emails, theoretical penalties could reach $501 million - though enforcement typically targets egregious violations rather than minor technical non-compliance.

Key CAN-SPAM Requirements

The law establishes specific requirements for commercial emails:

1. Accurate Header Information:

• "From," "To," "Reply-To" and routing information must be accurate
• Must identify the person or business who initiated the message
• Cannot use false or misleading header information

2. Non-Deceptive Subject Lines:

• Subject line must accurately reflect email content
• Cannot use misleading or deceptive subject lines
• "RE:" prefix on non-reply emails is technically a violation

3. Commercial Message Identification:

• Must disclose that message is an advertisement
• Disclosure must be "clear and conspicuous"
• Transactional and relationship emails are exempt from this requirement

4. Valid Physical Postal Address:

• Must include sender's valid physical postal address
• Can be current street address, PO Box, or private mailbox registered with commercial mail agency
• Must be where sender can receive mail

5. Clear Opt-Out Mechanism:

• Must provide clear, conspicuous way to unsubscribe
• Opt-out mechanism must work for at least 30 days after sending
• Cannot require fee or personal information beyond email address to unsubscribe
• Cannot make unsubscribe process difficult or confusing

6. Honor Opt-Out Requests Promptly:

• Must process opt-out requests within 10 business days
• Cannot sell or transfer email addresses of people who unsubscribed
• Exception: Can share with companies helping you comply with CAN-SPAM

What CAN-SPAM Allows

Importantly, CAN-SPAM does NOT require:

• Prior consent (opt-in) - You can email people who have not subscribed
• Double opt-in - No confirmation requirement for subscribers
• Specific unsubscribe method - Link, reply, or other mechanism is fine

This makes CAN-SPAM less restrictive than GDPR or CASL. B2B cold email is explicitly legal under CAN-SPAM when you follow the requirements above.

Message Types and Requirements

CAN-SPAM distinguishes between message types:

Commercial Messages:

• Primary purpose is advertising or promoting a product, service, or commercial website
• Must comply with all CAN-SPAM requirements

Transactional/Relationship Messages:

• Primary purpose is facilitating agreed-upon transaction or updating customer about ongoing relationship
• Examples: Order confirmations, shipping notifications, account statements
• Exempt from most CAN-SPAM requirements except accurate headers and routing

A message with both commercial and transactional content is classified based on primary purpose. When commercial content is primary, full CAN-SPAM compliance required.

Penalties for Violations

CAN-SPAM violations can be costly:

• Up to $50,120 per non-compliant email
• Criminal penalties for certain violations (up to 5 years imprisonment)
• Enforcement by FTC, state attorneys general, and ISPs
• Additional penalties for harvesting addresses or using automated tools to generate addresses

Practical Compliance Checklist

Ensure every commercial email includes:

1. Accurate "From" name and email address
2. Honest subject line matching content
3. Valid physical postal address in the footer
4. Clear, working unsubscribe link
5. Disclosure that message is an advertisement (if required)
6. Process to honor opt-outs within 10 days

Common Misconceptions

Many believe CAN-SPAM makes cold email illegal - it does not. Cold email is explicitly permitted; you just must follow the rules. Others think the physical address requirement is optional or can use a fake address - this is a core requirement with no exceptions.

A dangerous misconception is that business-to-business emails are exempt - they are not. All commercial emails must comply regardless of whether recipients are consumers or businesses.

WarmySender helps ensure CAN-SPAM compliance with built-in unsubscribe handling, proper tracking of opt-outs, and templates that include required elements. At $49 lifetime, you get compliant email infrastructure without monthly fees.