Do you use email for your business? The CAN-SPAM Act, a law that regulates commercial email, sets requirements for these messages, grants recipients the right to stop receiving emails, and imposes significant penalties for non-compliance. The FTC enforces the CAN-SPAM Act and the associated CAN-SPAM Rule.

Contrary to what its name might suggest, the CAN-SPAM Act isn’t limited to bulk email. It applies to all commercial messages, which are defined as any electronic mail message primarily intended to advertise or promote a commercial product or service, including emails that promote content on commercial websites. The law also applies to business-to-business email, meaning every email, such as one announcing a new product line to former customers, must adhere to CAN-SPAM regulations.

Each individual email that violates the CAN-SPAM Act can result in penalties of up to $51,744, making compliance crucial. Fortunately, following the law is straightforward. Here’s an overview of CAN-SPAM’s key requirements:

  1. Accurate Header Information: Ensure that your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – are accurate and clearly identify the person or business that initiated the message.
  2. Honest Subject Lines: The subject line must accurately reflect the content of the message.
  3. Identify the Message as an Ad: While the law gives flexibility in how you disclose this, you must clearly and conspicuously identify the message as an advertisement.
  4. Include Your Physical Address: Your email must contain a valid physical postal address. This can be your current street address, a registered P.O. Box with the U.S. Postal Service, or a registered private mailbox.
  5. Provide an Opt-Out Mechanism: Your message must clearly explain how recipients can opt out of receiving future marketing emails. The opt-out process should be easy to recognize, read, and understand. Use creative elements like type size, color, and placement to improve clarity. Provide a return email address or another easy internet-based way for people to communicate their choice. While you may offer a menu to opt out of certain types of messages, you must include an option to stop all marketing messages. Ensure that your spam filter doesn’t block opt-out requests.
  6. Allow Subscribers and Members to Opt-Out: Even if you run a subscription service or membership program, subscribers and members can still opt out of marketing emails. Before sending a message without an unsubscribe link to these individuals, ensure that the message’s primary purpose fits one of the five categories of “transactional or relationship” messages under the Act. If it doesn’t, you must include a way for recipients to opt out of future marketing messages.
  7. Honor Opt-Out Requests Promptly: You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to provide any information beyond an email address, or make the recipient take more than one step to opt out. Once someone has opted out, you can’t sell or transfer their email addresses, except to a company you’ve hired to help comply with the CAN-SPAM Act.
  8. Monitor Your Email Marketing Partners: Even if you hire a company to handle your email marketing, you remain legally responsible for compliance with the law. Both the company whose product is promoted and the company that sends the message can be held liable.

Frequently Asked Questions:

Q: How do I know if the CAN-SPAM Act applies to the emails my business sends? A: The law applies based on the “primary purpose” of the message. An email can contain three types of content:

  • Commercial content: Advertises or promotes a product or service.
  • Transactional or relationship content: Facilitates or updates an already agreed-upon transaction.
  • Other content: Neither commercial nor transactional/relationship.

If the message’s primary purpose is commercial, it must comply with CAN-SPAM. If it’s transactional or relationship-based, it must still avoid false or misleading routing information but is otherwise exempt from most CAN-SPAM requirements.

Q: How can I determine if an email is a transactional or relationship message? A: An email is transactional or relationship-focused if it:

  • Facilitates, completes, or confirms a transaction the recipient has agreed to.
  • Provides warranty, recall, safety, or security information about a purchased product or service.
  • Updates the recipient on membership, subscription, or account terms.
  • Provides regular account balance information.
  • Delivers goods or services as part of an agreed-upon transaction.

These categories are interpreted narrowly, so be careful when assuming that any message sent to subscribers or members is transactional or relationship-based. Consider whether a reasonable recipient would view the email’s primary purpose as fitting into one of these categories. If not, the email must comply with CAN-SPAM.

Q: What if an email combines commercial and transactional/relationship content? A: When an email includes both commercial and transactional/relationship content, the primary purpose determines its status. If the subject line leads a recipient to believe the message is primarily commercial or if the transactional/relationship content isn’t prominent at the beginning, the email is considered commercial and must comply with CAN-SPAM.

Need More Information? For more detailed guidance on CAN-SPAM compliance, refer to the full CAN-SPAM Act or consult the FTC’s resources.

Q: What if a message contains both commercial content and content classified as “other”?

A: If a message includes both commercial content and other types of content, the CAN-SPAM Act applies if the primary purpose of the message is commercial. This determination is made if:

  • A recipient, based on a reasonable interpretation of the subject line, would likely conclude that the message is promoting or advertising a commercial product or service; or
  • A recipient, after reading the body of the message, would likely conclude that its primary purpose is to promote or advertise a product or service.

Factors that influence this interpretation include the placement of the commercial content (e.g., whether it appears at the beginning of the message), the proportion of the message dedicated to commercial content, and how elements like color, graphics, and text style are used to emphasize the commercial aspects.

Q: What if an email includes content from more than one company? Who is responsible for CAN-SPAM compliance?

A: When an email promotes the products, services, or websites of multiple marketers, the responsible “sender” under the CAN-SPAM Act is typically determined by agreement among the marketers. The designated sender must:

  • Meet the definition of “sender” under the CAN-SPAM Act, meaning they initiate the commercial message to advertise or promote their goods, services, or website;
  • Be clearly identified in the “From” line of the email; and
  • Comply with all CAN-SPAM requirements for initiators, such as avoiding deceptive transmission information and subject lines, and ensuring the email includes a valid postal address, an opt-out mechanism, and proper identification of its commercial nature.

If the designated sender fails to meet these obligations, all marketers involved may be held liable as senders.

Q: My company sends emails with a “Forward to a Friend” feature. Who is responsible for CAN-SPAM compliance for these forwarded messages?

A: Whether a seller or forwarder is considered a “sender” or “initiator” under the CAN-SPAM Act depends on the situation. Typically, the Act applies if the seller offers an incentive for forwarding the message, such as money, discounts, or sweepstakes entries. In such cases, the seller is likely responsible for compliance. If a seller provides any benefit in exchange for forwarding an email or generating traffic, they are likely subject to CAN-SPAM regulations.

Q: What are the penalties for violating the CAN-SPAM Act?

A: Each email that violates the CAN-SPAM Act can result in penalties of up to $51,744, with the possibility of multiple parties being held responsible. Both the company whose product is promoted and the company that sent the message can be liable. Additionally, emails that contain misleading claims may be subject to other laws, like Section 5 of the FTC Act, which prohibits deceptive advertising. The CAN-SPAM Act also includes aggravated violations that could lead to additional fines and even criminal penalties, including imprisonment, for:

  • Accessing someone else’s computer to send spam without permission;
  • Using false information to register for multiple email accounts or domain names;
  • Relaying or retransmitting multiple spam messages to disguise their origin;
  • Harvesting email addresses or generating them through a dictionary attack; and
  • Exploiting open relays or open proxies without permission.

Civil penalties may also require restitution to consumers under Section 19 of the FTC Act, covering not just what consumers paid, but also the value of their lost time.

Q: Are there specific rules for sexually explicit marketing emails?

A: Yes, the FTC has rules under the CAN-SPAM Act for emails with sexually explicit content. These emails must start with “SEXUALLY-EXPLICIT:” in the subject line. The body of the email must initially display only this warning and the standard CAN-SPAM information: the message’s commercial nature, the sender’s physical address, and an opt-out method. No images or graphics are allowed in this part of the message, ensuring that sexually explicit content isn’t viewable without an affirmative action, like scrolling or clicking. This requirement doesn’t apply if the recipient has previously given consent to receive such messages.


About the FTC

The FTC is dedicated to preventing fraudulent, deceptive, and unfair practices affecting businesses and consumers. You can report scams and unethical business practices at ReportFraud.ftc.gov. For guidance on legal compliance, visit business.ftc.gov. Understanding and fulfilling your compliance obligations is smart business practice, regardless of your organization’s size or industry. For updates on cases and initiatives, subscribe to the FTC’s Business Blog.

Your Opportunity to Comment

The National Small Business Ombudsman and 10 Regional Fairness Boards collect feedback from small businesses regarding federal compliance and enforcement activities. The Ombudsman evaluates these activities annually and rates each agency’s responsiveness to small businesses. Comments can be submitted without fear of reprisal by calling 1-888-REGFAIR (1-888-734-3247) or visiting www.sba.gov/ombudsman.


Content updated January 2024.

Related Posts
Salesforce OEM AppExchange
Salesforce OEM AppExchange

Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more

The Salesforce Story
The Salesforce Story

In Marc Benioff's own words How did salesforce.com grow from a start up in a rented apartment into the world's Read more

Salesforce Jigsaw
Salesforce Jigsaw

Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more

Health Cloud Brings Healthcare Transformation
Health Cloud Brings Healthcare Transformation

Following swiftly after last week's successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

author avatar
wp-shannan