An Overview of Email Marketing – the CAN-SPAM Act

Jan 8, 2022 | Business Law

An Overview of Email Marketing - the CAN-SPAM Act

Businesses use email marketing to engage prospects, clients and customers on a regular basis. If you’re one of these businesses, you should have some familiarity with the laws governing email marketing. Specifically the The CAN-SPAM Act, a law that establishes rules and requirements for unsolicited commercial email, gives recipients the right to have you stop the commercial email, and spells out the penalties for violations.

What is CAN-SPAM?

The “Controlling the Assault of Non-Solicited Pornography And Marketing Act” of 2003, “CAN-SPAM” for short, addressed unsolicited email and is enforced by the Federal Trade Commission.   It addresses unsolicited bulk email where the primary purpose is advertising or promotion.  It is not targeted at “relationship or transactional” email.

You certainly have seen unsolicited promotional email that complies with CAN-SPAM (for example, if you are reading this article as part of our newsletter).  Legally compliant bulk email has a visible and operable “unsubscribe” option. It also has a relevant subject line, an accurate “From” line and contains  a legitimate physical address of the publisher or entity whose products or services are being promoted.

If you sign-up or consent to marketing material by joining a newsletter, purchasing a product or providing your email address in any form, messages sent from that business are classified as “relationship” messages under the Act.

Does the CAN-SPAM Act Make SPAM illegal? Short Answer – No.

The CAN-SPAM Act does not ban unsolicited bulk email.  It regulates this form of communication.

The Act does ban deceptive marketing practices that are considered false or misleading and it creates standards for legal spam. The Act supersedes state anti-spam laws.  Some refer to it as the “YOU-CAN-SPAM Act” as it was seen as making most email spamming legal so long as the rules are followed.

As far as enforcement, the Federal Trade Commission can bring enforcement actions, but there is no private right of action.  The first conviction under the CAN-SPAM Act was Nicholas Tombros, a man who drove around Marina Del Rey connecting to unsecured wireless networks, a practice known as “war driving/spamming,” so that he could send thousands of sexually explicit spam emails. He was given three years of probation, at home detention for six months, as well as a fine of $10,000 as the result of a plea deal with federal prosecutors.

How To Be Compliant

How do you protect yourself and your business? The Federal Trade Commission summarizes their guidance in seven points:

  1. Don’t use false/misleading header text – The “From:” and “To:” fields in an email must be accurate and identify the person or business who initiated the message.
  2. Don’t use deceptive subject lines – The subject lines must reflect the content of the message
  3. Identify the message as an ad – you must disclose clearly and conspicuously that your message is an advertisement.
  4. Tell recipients where you’re located – Your message must include your valid physical postal address
  5. Tell recipients how to opt out from future emails – This is the most important CAN-SPAM requirement. Commercial emails must have a way for people to request to stop receiving those messages. A reply-email or internet based link where consumers can voice their request must be available.
  6. Honor opt-out requests swiftly – Once an individual opts out, senders have 10 business days to comply with the request.  In other words, your “opt out” widget has to work.
  7. Monitor what others are doing on your behalf – If you hire another company to handle email marketing tasks, you cannot contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message can be held legally responsible.

The anti-spam requirements of foreign countries and the laws related to unsolicited email that contains sexually explicit content are outside the scope of this article.

CAN-SPAM In the Future

Two years after the CAN-SPAM Act passed, the Federal Trade Commission assessed its effectiveness and enforcement through a report. They recommended no further modification to the Act, but to pass further Acts to track increase enforcement. The FTC also recommended continued education of consumers, especially in preventing pornographic images from reaching children through spam. Lastly, the Commission stated that anti-spam technology had significantly grown and assisted the objectives of the Act.  The Commission further concluded that reputation and accreditation systems needed to be broadened to help achieve the goals of the Act.

The Federal Trade Commission recognizes that regulation of internet-based communication is an international issue.  Malware, phishing scams and pornography are still sent out through hacked servers and computers without the knowledge of owners. The Commission called for international policies to be strengthened to further tackle this pernicious form of spam.


CAN-SPAM compliance is not difficult., Most of the guidance is consistence with common sense transparency. Follow the guidelines stated above.