Why It Matters
Violating CAN-SPAM can cost up to $51,744 per email — that's per message, not per campaign. The FTC enforces it, and they've gone after companies of all sizes. Beyond the legal risk, CAN-SPAM compliance is table stakes for any email program. If your emails lack an unsubscribe link or use deceptive subject lines, you're breaking the law.
How It Works
CAN-SPAM applies to any commercial message — meaning any email whose primary purpose is advertising or promoting a product or service. Here's what it requires:
- No misleading header information (From, To, Reply-To must be accurate)
- No deceptive subject lines
- Identify the message as an ad (if it is one)
- Include your physical postal address
- Provide a clear way to opt out
- Honor opt-out requests within 10 business days
- Monitor what third parties do on your behalf — you're responsible for their compliance too
One thing that surprises people: CAN-SPAM doesn't require prior consent to send. It's an opt-out law, not an opt-in law. That's a key difference from GDPR and CASL, which are stricter.
Quick Tips
- Process unsubscribes within 24 hours, not 10 days. Just because the law gives you 10 days doesn't mean you should take them — subscribers expect instant removal.
- Your physical address can be a PO Box or registered commercial mail receiving agency. You don't need to publish your home address.
- If you have affiliates or partners sending email on your behalf, you're legally responsible for their compliance. Audit them.