4 Rules For Ensuring Your Marketing Emails are CAN-SPAM Law Compliant

The CAN-SPAM Act is a US Federal law that was passed in 2003. It lays out the rules under which an commercial email is said to be violating the law, thus subjecting the sender to fines up to $16,000 per email if you or your company is caught breaking it.

CAN-SPAM is often criticized by consumer advocates because it does not make sending unsolicited mass emails illegal per se, but only if they are deceptive, “materially false or misleading”, or fail to comply with the format and labeling requirements of the law.

If your company uses outbound email as a means of marketing, you need to understand the basics of CAN-SPAM and how, practically speaking, you need to format your company’s emails to ensure that the law is complied with. Below are four important requirements of the law, and a brief explanation on how you can comply with the requirement.

  1. Offer a Visible and Operable Unsubscribe Option

One of the most noticeable mandates in CAN-SPAM is the requirement that you offer readers a visible and operable means of unsubscribing from all future emails from your company.

Under CAN-SPAM you aren’t required to use a specific format, such as an unsubscribe button, to comply with the “visible and operable” requirement. So for smaller companies simply including the message that the recipient can unsubscribe by responding “Unsubscribe” is sufficient.

  1. Ensuring Unsubscribe Actually Operates

In addition to providing a visible and operable means of unsubscribing, you, as the email sender, actually have to honor such unsubscribe requests within 10 business days of the request under CAN-SPAM.

If you’re using a reputable third party email service provider like MailChimp, they will manage your unsubscribe list automatically, and the emails will be flagged and removed. If, however, your company is sending emails itself, you’ll need to maintain a reliable system for following through on removing unsubscribe email addresses. It doesn’t need to be fancy, in fact it can be as simply as a spreadsheet that you check all email addresses against before you send out an email blast. But the bottom line is that you need a system that actually functions.

  1. Listing a Legitimate Mailing Address

Perhaps the most surprising CAN-SPAM requirement for those not familiar with the Act, is that the sender must provide a valid postal address in the email. While it may seem strange that you need to list a physical mailing address in an email communication, the purpose of this requirement is to provide additional information for the recipient, as well as to facilitate enforcement of CAN-SPAM breaches.

You can use a PO Box instead of your actual business address. And if the email is sent by a third party on your behalf, the email should list the address of the company on whose behalf it is sent, rather than, for instance, MailChimp’s mailing address.

The easiest way of complying with this requirement is simply to put the name of your company, your mailing address and contact information at the bottom of the email in your email template so that you never forget to include it. 

  1. Using Relevant Subject Lines

Deceptive trade practices have been illegal under U.S. law for far longer than the CAN-SPAM Act has been in place. What CAN-SPAM did, however, was help define what was and what was not considered deceptive for the purposes of commercial emails. The two biggest issues are with deceptive subject lines, and misleading “From:” lines. For, example, a subject line which promises a free item that isn’t really free when you actually open the email, or a “From:” line that uses an email address that is confusingly similar to the person’s bank or a government official might both be considered deceptive.

In practice, you need to clearly identify the company sending the email in the “From:” line. You can comply with this mandate either by listing the sender’s company affiliation along with their name as the sender, or by simply having the email come from the company’s website domain. With respect to the deceptive title, the key is to communicate with reasonable accuracy what is actually in the email. If someone can predict with some accuracy the content of the email from the title, you’re probably safe.


The law is the law, and so as a company you should be aware of it and follow it, particularly high-profile or high-volume companies. However, it is also important to understand whether, how, and how vigorously a specific law is enforced.

While there are some extreme cases of spammers that have faced criminal prosecution and prison time for their acts under CAN-SPAM, the vast majority of violators have faced financial penalties. While, when enforced, these penalties can be substantial, the reality is that enforcement has been very spotty, with the vast majority of violators going unpunished. Because enforcement of the law is exclusively given to the FTC and Internet Service Providers (as opposed to individuals) there are few cases brought by anyone except the government, and those that have gone to trial have had mixed results. Again, that isn’t to say that you should ignore the law, but rather, appreciate that if you’re attempting to follow it in good faith but happen to make a mistake, the chances of having that mistake lead to action by the FTC is slim.

In summary, CAN-SPAM creates some definite requirements that company’s need to account for when sending emails. Given the lackluster way in which it is enforced, some smaller companies may be inclined to not do so when inconvenient. However, it is also important to remember that in addition to legal penalties, should you wish to take on investors, lenders, or a merger you will typically have to sign a representation that you haven’t violated any federal laws. Thus, violating the law may have consequences that extend beyond actual civil or criminal enforcement.

Rich McIver

Rich McIver is the founder of Merchant Negotiators, a leading online marketplace where business owners can compare discounted merchant services offers. Follow him on Twitter and Google+.