What Is the CAN-SPAM Act?

The CAN-SPAM Act essentially dictates what can and cannot be done in regards to commercial messaging, including what can happen if you’re noncompliant. Formally referred to as The Controlling the Assault of Non-Solicited Pornography And Marketing Act, the act was passed in 2003 in direct response to the increasing number of spam emails that were being sent out. Although spam is commonly related to bulk emails, the act uses the traditional sense of the word, meaning unsolicited or undesired emails.

To quote the actual document (available here) the Act is in place to “To regulate interstate commerce by imposing limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet.”

CAN-SPAM Act Requirements

So how is this done? The Act imposes certain requirements on senders to help prevent unwanted emails. Compliance to the CAN-SPAM Act is relatively simple and perhaps intuitive for those already practicing proper email etiquette. However, to help you out, we’ve highlighted some of the key takeaways and put them in layman’s terms

1.Unsubscribe Options

An important component to not receiving unwanted mail is to be able to tell the sender to stop sending you email. As such, every message must include a “clear and conspicuous” unsubscribe or opt-out option. This isn’t necessarily a button, but can simply include instructions to reply “stop” to unsubscribe at the bottom of your message. No being sneaky here. If you make the text color the same as the email, decrease the font size, or some other method of obscuring the opt-out, it doesn’t count!

In the unsubscribe process, you cannot ask for any information from the individual other than the email address that is being unsubscribed. You also cannot require a fee or any type of incentive in exchange for removing their email.

Last, opt-out requests must be honored within 10 business days. That means you have ample time to properly move these emails to your Do Not Contact list, remove them from any campaigns, or even send them another email such as notifying them they are successfully unsubscribed. Once the party has opted-out, you are not allowed to transfer, sell, or exchange their email address.

2.No Deception

A primary goal of the CAN-SPAM Act is to increase business-to-user transparency. As such, commercial emails must be honest and obvious. The first component of this is the subject line of the email. The subject must accurately reflect the content within the message, so that means no clickbait, for example, “congratulations!” unless they actually won a contest you were hosting. If sexually explicit material is being sent, it must clearly be stated at the start of the subject line as “SEXUALLY-EXPLICIT.” This rule was added later in 2004.

Messages must also be “clear and conspicuous” (here’s that phrase again) that they’re an advertisement or solicitation. Does this mean you have to say “this is an ad!”? No. However, honesty goes along way if you begin by stating how you found the person’s email address or why you’re contacting them. Unless you’re actively trying to deceive someone, it should be fairly obvious that the email is an advertisement through the language you use.


The Act mandates, along with an unsubscribe option, each email must include a valid postal address. The location isn’t specified, but most often you’ll see people include this in either their signature or the footer of their email. This can be a physical address that you have a registered mailbox at or even a PO Box. It’s important to note that even if a third-party sends the email on your behalf, the message should include the address of the company advertising the product or service.

Lastly, you need to include a valid email address that the recipient can respond to in order to opt-out. If your sending address is different than one that is monitored or accepting responses, include that email in your message.


If you obtain consent from a recipient, you’re exempt from the mandate of identifying your message as an ad or solicitation. In this scenario though, you’re still bound to all other requirements. Sorry.

Clearly understanding whether your email qualifies as a commercial message will be crucial in determining if the CAN-SPAM Act applies to you. Generally, an email is commercial if it’s an advertisement or promotion for a product or service. If that describes your email, you need to follow these rules.

The other type of email is defined as transactional or relationship messaging. This would be more along the lines of sending an update on a previously purchased product, a tracking number, or a digital receipt.


According to the FTC, each individual violation is subject to penalties of up to $43,280. For companies sending bulk email campaigns, that fine can quickly become overwhelming. In 2006, the FTC agreed to a whopping $900,000 settlement with Jumpstart Technologies for their repeated violations of the CAN-SPAM Act.

Violators can also be classified as criminal offenders under the Act, meaning potential jail time on top of whatever fines you may accrue. It may be worth your time to review your emails.

Is it Enough?

It’s a big step for 2003, but compared to today, not really. Despite great intentions, the Act is often (At least in the marketing world) referred to as the “You CAN-Spam” Act because it does not require explicit permission from the addressees prior to sending them email. Canada’s Anti-Spam Legislation (CASL), for example, is one of the world’s strictest anti-spam laws. Businesses are only permitted to send emails to individuals who have given consent to receive emails. Given this, companies are essentially allowed a free opportunity to reach out to whoever they want within the United States. The Act even allows purchasing contact lists, provided that the list is reviewed and any previously unsubscribed addresses are removed.

In 2019, the Act had its first regulatory review and the FTC unanimously decided to keep the Act in place without any modifications. You can read more about the review process here.

RiskWatch for CAN-SPAM Compliance

Utilize RiskWatch to monitor and ensure compliance to the CAN-SPAM Act. Designate which users will go into the platform to answer questions related to commercial messaging, and the software will mark these as compliant or non-compliant. Data is analyzed automatically, available on dashboard charts, and ready to be populated into custom reports. Any non-compliant responses are flagged for review and offer corrective action.

Compliance to the CAN-SPAM Act shouldn’t only be viewed as following rules.  Implementing these requirements are all positive contributors to a successful email campaign. As mentioned previously, these steps are pretty easy if you’re not actively trying to deceive someone. Treating potential customers with respect and transparency will always have a positive impact on business.

Get started today and complete your first compliance assessment for free. Why wait?

Subscribe for our latest posts


Try any of our products, free.

Riskwatch products are easy to use, free to try, and can be customized to fit your business needs.

Leave a Reply

Your email address will not be published. Required fields are marked *