CAN-SPAM Act

What is the CAN-SPAM Act?

The CAN-SPAM Act is a 2003 US law that sets rules for commercial email, establishing requirements for commercial messages, giving recipients the right to stop receiving emails, and imposing penalties for violations.

CAN-SPAM Acronym:
- Controlling the Assault of Non-Solicited Pornography M**arketing Act

Key Requirements:

• Accurate header information (no misleading from names)
• Valid subject lines (not deceptive)
• Opt-out mechanism must work
• Physical postal address in emails
• Clear identification that message is an advertisement

---

CAN-SPAM Requirements

Accurate Headers

No misleading sender information.

Requirements:

• Accurate "From" name
• Valid reply-to address
• No deceptive routing information

Subject Lines

Must be truthful, not misleading.

Prohibited:

• False or misleading subject lines
• Deceptive intent to disguise email content

Opt-Out Mechanism

Must include working unsubscribe.

Requirements:

• Clear and conspicuous opt-out link
• Opt-out must be free to the recipient
• Opt-out requests must be processed within 10 business days
• You may include a valid email address as opt-out

Postal Address

Include physical postal address.

Requirements:

• Valid physical postal address in email
• Can be in signature or body
• P.O. Box is acceptable
• Current address required

Commercial Identification

Clearly identify email as advertisement.

When Required:

• Secondary relationship (not transactional)
• Clearly and conspicuously displayed

---

CAN-SPAM vs GDPR vs CASL

Regulation	Scope	Consent Required	Opt-Out Required
**CAN-SPAM** (US)	All commercial email	No	Yes
**GDPR** (EU)	All electronic communication	Yes	Yes
**CASL** (Canada)	Commercial electronic messages	Yes or implied	Yes

GDPR is stricter:

• Requires explicit consent for B2B prospecting (with some exceptions)
• Broader definition of personal data
• Higher penalties for violations

---

CAN-SPAM Penalties

Civil Penalties

Per Email Violation:
- Up to $51,744 per email (as of 2025)

Amount Increases:

• Penalties adjust for inflation
• Increased from original $11,000 in 2003

Aggregate Penalties

For Multiple Violations:

• ISPs can sue for actual damages
• FTC can impose large fines for systematic violations
• State attorneys general can enforce

Criminal Penalties

For Fraudulent Activities:

• Up to 5 years imprisonment for aggravated violations
• Fines in addition to civil penalties

---

CAN-SPAM Compliance Best Practices

Email Content

Include required elements in every email.

CAN-SPAM Checklist:

• [ ] Accurate "From" name
• [ ] Valid reply-to address
• [ ] Truthful subject line
• [ ] Physical postal address
• [ ] Working unsubscribe link
• [ ] Clear identification if advertisement

Unsubscribe Process

Make unsubscribing easy and working.

Best Practices:

• One-click unsubscribe
• Process requests within 10 business days
• Honor opt-outs promptly (remove from lists within 10 days)
• Keep unsubscribe link valid for 30+ days

List Hygiene

Remove suppressed emails promptly.

Required Actions:

• Process opt-outs within 10 business days
• Maintain suppression list
• Never email opted-out addresses again
• Scrub suppression list from all campaigns

Record Keeping

Maintain compliance records.

Keep for 3 Years:

• Opt-out requests
• Suppression lists
• Consent documentation (for GDPR comparison)
• CAN-SPAM policy documentation

---

Cold Email and CAN-SPAM

Is Cold Email Legal?

Yes, when done correctly.

Legal Cold Email Requirements:

• Accurate sender identification
• Truthful subject lines
• Working opt-out mechanism
• Physical postal address
• No deceptive practices

Key Legal Principle:
CAN-SPAM regulates false and misleading email, not unsolicited email. Cold email is legal when it's truthful and includes opt-out.

Transactional vs. Commercial

Transactional (exempt from many requirements):

• Existing customer relationship
• Updates or service notifications
• Account information

Commercial (full CAN-SPAM applies):

• Marketing messages
• Promotional content
• Cold outreach

---

Common CAN-SPAM Mistakes

No unsubscribe link:
Every commercial email must include working opt-out.

Misleading subject lines:
"Re: our conversation" when no conversation exists violates CAN-SPAM.

Header from deception:
Using personal name instead of company name when acting in business capacity.

Missing postal address:
Physical address must be included in every commercial email.

Ignoring Opt-Outs:

Continuing to email after opt-out is illegal and carries serious penalties.

---

Key Takeaways

• CAN-SPAM = US law regulating commercial email with strict requirements
• Requirements: accurate headers, truthful subjects, opt-out mechanism, postal address
• Penalties: up to $51,744 per email violation (2025), plus potential criminal charges
• Cold email is legal when truthful, includes opt-out, and follows all requirements
• GDPR (EU) is stricter—requires explicit consent; CASL (Canada) requires consent or implied consent
• Always include: working unsubscribe, postal address, accurate sender info
• Process opt-outs within 10 business days; suppress permanently
• Cold email works legally when done transparently and compliantly

---

Sources:

• FTC - CAN-SPAM Act Compliance Guide
• HubSpot - CAN-SPAM Act Explained