CAN-SPAM Act
US law regulating commercial email. Requires opt-out mechanism and sender identification.
What is the CAN-SPAM Act?
The CAN-SPAM Act is a 2003 US law that sets rules for commercial email, establishing requirements for commercial messages, giving recipients the right to stop receiving emails, and imposing penalties for violations.
CAN-SPAM Acronym:
- Controlling the Assault of Non-Solicited Pornography M**arketing Act
Key Requirements:
- Accurate header information (no misleading from names)
- Valid subject lines (not deceptive)
- Opt-out mechanism must work
- Physical postal address in emails
- Clear identification that message is an advertisement
CAN-SPAM Requirements
Accurate Headers
No misleading sender information.
Requirements:
- Accurate "From" name
- Valid reply-to address
- No deceptive routing information
Subject Lines
Must be truthful, not misleading.
Prohibited:
- False or misleading subject lines
- Deceptive intent to disguise email content
Opt-Out Mechanism
Must include working unsubscribe.
Requirements:
- Clear and conspicuous opt-out link
- Opt-out must be free to the recipient
- Opt-out requests must be processed within 10 business days
- You may include a valid email address as opt-out
Postal Address
Include physical postal address.
Requirements:
- Valid physical postal address in email
- Can be in signature or body
- P.O. Box is acceptable
- Current address required
Commercial Identification
Clearly identify email as advertisement.
When Required:
- Secondary relationship (not transactional)
- Clearly and conspicuously displayed
CAN-SPAM vs GDPR vs CASL
| Regulation | Scope | Consent Required | Opt-Out Required |
|---|---|---|---|
| **CAN-SPAM** (US) | All commercial email | No | Yes |
| **GDPR** (EU) | All electronic communication | Yes | Yes |
| **CASL** (Canada) | Commercial electronic messages | Yes or implied | Yes |
GDPR is stricter:
- Requires explicit consent for B2B prospecting (with some exceptions)
- Broader definition of personal data
- Higher penalties for violations
CAN-SPAM Penalties
Civil Penalties
Per Email Violation:
- Up to $51,744 per email (as of 2025)
Amount Increases:
- Penalties adjust for inflation
- Increased from original $11,000 in 2003
Aggregate Penalties
For Multiple Violations:
- ISPs can sue for actual damages
- FTC can impose large fines for systematic violations
- State attorneys general can enforce
Criminal Penalties
For Fraudulent Activities:
- Up to 5 years imprisonment for aggravated violations
- Fines in addition to civil penalties
CAN-SPAM Compliance Best Practices
Email Content
Include required elements in every email.
CAN-SPAM Checklist:
- [ ] Accurate "From" name
- [ ] Valid reply-to address
- [ ] Truthful subject line
- [ ] Physical postal address
- [ ] Working unsubscribe link
- [ ] Clear identification if advertisement
Unsubscribe Process
Make unsubscribing easy and working.
Best Practices:
- One-click unsubscribe
- Process requests within 10 business days
- Honor opt-outs promptly (remove from lists within 10 days)
- Keep unsubscribe link valid for 30+ days
List Hygiene
Remove suppressed emails promptly.
Required Actions:
- Process opt-outs within 10 business days
- Maintain suppression list
- Never email opted-out addresses again
- Scrub suppression list from all campaigns
Record Keeping
Maintain compliance records.
Keep for 3 Years:
- Opt-out requests
- Suppression lists
- Consent documentation (for GDPR comparison)
- CAN-SPAM policy documentation
Cold Email and CAN-SPAM
Is Cold Email Legal?
Yes, when done correctly.
Legal Cold Email Requirements:
- Accurate sender identification
- Truthful subject lines
- Working opt-out mechanism
- Physical postal address
- No deceptive practices
CAN-SPAM regulates false and misleading email, not unsolicited email. Cold email is legal when it's truthful and includes opt-out.
Transactional vs. Commercial
Transactional (exempt from many requirements):
- Existing customer relationship
- Updates or service notifications
- Account information
- Marketing messages
- Promotional content
- Cold outreach
Common CAN-SPAM Mistakes
No unsubscribe link:
Every commercial email must include working opt-out.
Misleading subject lines:
"Re: our conversation" when no conversation exists violates CAN-SPAM.
Header from deception:
Using personal name instead of company name when acting in business capacity.
Missing postal address:
Physical address must be included in every commercial email.
Ignoring Opt-Outs:
Continuing to email after opt-out is illegal and carries serious penalties.
Key Takeaways
- CAN-SPAM = US law regulating commercial email with strict requirements
- Requirements: accurate headers, truthful subjects, opt-out mechanism, postal address
- Penalties: up to $51,744 per email violation (2025), plus potential criminal charges
- Cold email is legal when truthful, includes opt-out, and follows all requirements
- GDPR (EU) is stricter-requires explicit consent; CASL (Canada) requires consent or implied consent
- Always include: working unsubscribe, postal address, accurate sender info
- Process opt-outs within 10 business days; suppress permanently
- Cold email works legally when done transparently and compliantly
Sources:
Related Terms
Put these terms to work, on autopilot
FirstSales scrapes the web for your leads, writes every email, follows up automatically, and books meetings to your calendar. 87% inbox placement from $29/mo.
Start your AI SDR for $1Live in 8 minutes. Cancel anytime.