Email Marketing

Quick Refresher of U.S. CAN-SPAM Requirements

New consumer privacy laws in the U.S. and elsewhere apply to many forms of digital promotion, including email marketing. Thus it’s worth reviewing the requirements of the CAN-SPAM Act of 2003, which sets rules for the use of commercial email to U.S.-based recipients.

I’ll do that in this post.

Commercial Email

President George W. Bush signed CAN-SPAM into law to help protect U.S. consumers from malicious, unsolicited email. The acronym stands for “Controlling the Assault of Non-Solicited Pornography And Marketing.”

The Act applies to any commercial electronic message to U.S. recipients — B2C and B2B. It includes transactional and marketing messages. Both fall under the CAN-SPAM rules, although transactional emails are subject only to truthful information, while marketing messages must meet all requirements, as summarized below.

For example, the transactional email message that follows is from Roto-Rooter, the plumbing company. The email confirms the details of a service appointment. CAN-SPAM requirements for this type of message are that the information must be truthful.

Screenshot of a Roto-Rooter service appointment confirmation.

The CAN-SPAM Act requires this transactional message from Rotor-Rooter to be accurate and not misleading.

CAN-SPAM and Ecommerce

CAN-SPAM does not require explicit permission from email recipients, unlike the Canadian Anti-Spam Legislation, which does.

Key CAN-SPAM requirements include:

  • Not misleading to the recipient. All emails must contain an accurate representation of the sender — individual, brand, or company — and a clear, non-deceptive subject line. For example, an ecommerce company cannot insert “Amazon” as the “From” name unless it is Amazon. The subject line must accurately describe the content, and marketing messages must also convey the purpose, such as an advertisement or promotion.
  • Includes a physical mailing address in the body of the email. An address where unsubscribe requests can be physically mailed is also a requirement.
  • Provides an unsubscribe link. The Act requires an obvious link for recipients to unsubscribe from all of the sender’s emails.
Screenshot of a financial services email with an unsubscribe link and a physical address.

Commercial email messages to U.S. recipients must contain an unsubscribe link and a physical mailing address.

  • Opt-out requests honored within 10 days. Commercial email senders have 10 business days to process unsubscribe requests. Email service providers typically do this automatically, requiring no additional action from the sender. However, a sender must maintain this global suppression list indefinitely, even when changing service providers.
  • Senders and their agencies are responsible. Agencies and consultants that send on behalf of clients are responsible for the email, as are the client-senders.


CAN-SPAM calls for fines up to $43,792 for each violation. Fortunately, most email service providers have built-in enforcement mechanisms to help senders avoid honest mistakes. For example, most providers will not send an email without an unsubscribe link and a physical mailing address.

For more, see the CAN-SPAM Act compliance guide from the U.S. Federal Trade Commission.

Carolyn Nye
Carolyn Nye
Bio   •   RSS Feed