CAN-SPAM Act Compliance Guide

Ensure your commercial emails comply with US federal law and avoid costly penalties.

What is the CAN-SPAM Act?

The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography And Marketing) is a United States federal law enacted in 2003 that sets rules for commercial email and gives recipients the right to stop receiving unwanted messages.

The law applies to all commercial messages, defined as any electronic mail message where the primary purpose is commercial advertisement or promotion of a product or service.

Who Must Comply?

CAN-SPAM applies to:

  • Any commercial email sent to US recipients
  • Emails sent from the United States
  • Both B2C and B2B commercial messages
  • Marketing emails, promotional newsletters, and sales communications
  • Third-party email service providers sending on your behalf

Note: Transactional emails (order confirmations, shipping notifications, account updates) are exempt but must not contain marketing content.

Key Requirements

1. Accurate Header Information

The "From," "To," "Reply-To," and routing information must be accurate and identify the business sending the message.

2. Truthful Subject Lines

Subject lines must accurately reflect the content of the email. Deceptive subject lines are prohibited.

3. Identify as Advertisement

The message must be clearly identified as an advertisement (though this can be subtle and is often implied).

4. Physical Postal Address

Include a valid physical postal address (street address, P.O. box registered with USPS, or private mailbox registered with a commercial mail agency).

5. Clear Unsubscribe Mechanism

Provide a clear and conspicuous way for recipients to opt out of future emails. The unsubscribe link must be functional for at least 30 days.

6. Honor Opt-Outs Promptly

Process unsubscribe requests within 10 business days. You cannot require payment, personal information beyond email address, or multiple steps to unsubscribe.

Unsubscribe Requirements

The unsubscribe mechanism is critical for CAN-SPAM compliance:

  • Conspicuous: The unsubscribe option must be easy to find and recognize
  • Easy to Use: Simple one-click or reply-based unsubscribe (no login required)
  • 10 Business Days: Maximum time allowed to process opt-out requests
  • 30 Day Validity: Unsubscribe link must remain functional for 30 days after sending
  • No Fees: Cannot charge or require any information except email address
  • No Selling: Cannot sell or transfer email addresses of people who opt out

Learn more about implementing One-Click Unsubscribe (List-Unsubscribe header).

Penalties for Violations

CAN-SPAM violations carry severe penalties:

  • Up to $51,744 per email in violation (adjusted for inflation annually)
  • Each separate email can be a separate violation
  • Aggravated violations (harvesting addresses, using false headers) can result in criminal penalties
  • Criminal penalties include fines and imprisonment for willful violations
  • Both sender and company can be held liable

The Federal Trade Commission (FTC) enforces CAN-SPAM, and states can also bring civil lawsuits.

Best Practices for Compliance

Use Double Opt-In

While not required by CAN-SPAM, confirming subscriptions helps ensure valid consent and protects against spam traps and fake addresses.

Maintain Clean Lists

Regularly remove bounced addresses, process unsubscribes immediately, and never purchase email lists. Purchased lists often lead to spam complaints and CAN-SPAM violations.

Monitor Complaint Rates

Keep spam complaint rates below 0.1%. High complaint rates indicate you may be sending to uninterested recipients or not honoring unsubscribes properly.

Keep Records

Maintain records of consent, unsubscribe requests, and processing dates. These records are critical if you face a compliance audit or legal challenge.

Train Your Team

Ensure everyone involved in email marketing understands CAN-SPAM requirements. This includes copywriters, designers, and email platform administrators.

How to Implement CAN-SPAM Compliance

1. Review Your Email Headers

Ensure your From, Reply-To, and sender information accurately represents your business. Never use misleading or false header information.

2. Add Physical Address

Include your company's physical address in the footer of every commercial email:

Acme Corporation
123 Main Street, Suite 100
San Francisco, CA 94102

3. Implement Unsubscribe Link

Add a clear, visible unsubscribe link in your email footer:

<a href="{{unsubscribe_url}}">Unsubscribe</a> from this list

4. Add List-Unsubscribe Header

Implement the List-Unsubscribe header for one-click unsubscribe (required by Gmail and Yahoo):

List-Unsubscribe: <https://example.com/unsubscribe?id=12345>
List-Unsubscribe-Post: List-Unsubscribe=One-Click

5. Set Up Automated Processing

Configure your email platform to automatically process unsubscribe requests within 10 business days (ideally immediately). Most ESPs handle this automatically.

6. Test Your Compliance

Use our Compliance Checker to verify your emails meet CAN-SPAM requirements.

Common Violations to Avoid

Misleading Subject Lines

"RE:" or "FWD:" in subject lines when there's no prior correspondence, or clickbait subjects that don't match the email content.

Missing Physical Address

Forgetting to include a valid postal address in the footer is one of the most common violations.

Broken Unsubscribe Links

Unsubscribe links that don't work, expire too quickly (before 30 days), or require login to process.

Delayed Opt-Out Processing

Taking longer than 10 business days to honor unsubscribe requests, or continuing to send emails after opt-out.

Using Purchased Lists

Sending to purchased or harvested email lists almost always violates CAN-SPAM and damages sender reputation.

Next Steps

Verify your email compliance and implement best practices:

Test Compliance →One-Click Unsubscribe →