Termly

Home Resources Articles CAN-SPAM Act – the CAN-SPAM Laws and Compliance

CAN-SPAM Act – the CAN-SPAM Laws and Compliance

| By | Reviewed By Masha Komnenic CIPP/E

In 2003, the Federal Trade Commission (FTC) approved the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM). Commonly referred to as the U.S. anti-spam law or spam act, CAN-SPAM sets the federal standards for commercial emailing.

Table of Contents
  1. What is the CAN-SPAM Act of 2003?
  2. CAN-SPAM Compliance – How to Follow the CAN-SPAM Rules
  3. What are the Penalties for Non-Compliance?
  4. What Do Compliant and  Non-Compliant Emails Look Like?
  5. Conclusion

1. What is the CAN-SPAM Act of 2003?

The CAN-SPAM Act of 2003 is made up of several rules which outline appropriate and inappropriate actions regarding commercial emailing. In the FTC’s CAN-SPAM guide, they define the act, stating that it:

…sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.

All U.S. businesses that send commercial emails – or employ third-party services to send emails on their behalf – are subject to comply.

2. CAN-SPAM Compliance – How to Follow the CAN-SPAM Rules

CAN-SPAM compliance is relatively simple, assuming your email strategy doesn’t rely on spam, dishonesty, or inappropriate materials.

However, CAN-SPAM rules can be added, removed, or amended by the FTC at any time. So, it’s important to understand what the current provisions of CAN-SPAM entail, and how you can ensure your business is in compliance with them.

1. Be honest

Like most of the privacy laws that have emerged with the rise of the internet, CAN-SPAM seeks to increase business-to-user transparency. One of the key provisions of the act is the requirement that information in emails be honest. The following details of your commercial messages should be clear and truthful:

  • Subject line – Before CAN-SPAM, “clickbait” subject lines ran rampant (e.g. “Attention Needed ASAP,” “You’re the Winner!” etc.). Now, it’s critical that the subject lines of your emails accurately reflect the content inside.
  • Email address and domain name – Don’t send emails from a fake or unrecognizable email address. Make your domain name clear and correct.
  • “To” and “From” – Another remnant of the wild west days of email marketing, addressing messages from fake senders is not permitted under CAN-SPAM requirements.

Complying with these requirements should not be difficult, as being dishonest in any of the above categories is likely a pointed effort.

2. Label the message as an ad

According to CAN-SPAM, messages sent for purposes of advertisement or solicitation need to be clearly and conspicuously labeled as an ad.

Questions often arise about this rule, as the guidelines are ambiguous in specifying the appropriate language or placement of this label. Responding to the confusion that has surrounded this rule, the FTC says:

Initiators of commercial email only have to identify the message as an ad in a way that is “clear and conspicuous.” The law gives you flexibility in how to do that effectively, but remember that deceptive subject lines are illegal.

As stated, there’s flexibility in how you accomplish this, but the “ad” label is commonly placed in the subject line or body of emails. Hiding it in a footer or other discreet location may lead to trouble in the event of a CAN-SPAM complaint.

Note that email recipients who have actively opted in to receiving advertising and solicitation emails from your company are exempt from this rule.  

3. Warn of explicit content

The Commission adopted a new CAN-SPAM rule in 2004 known as the Label for Email Messages Containing Sexually Oriented Material (Adult Labeling Rule). Under this rule, if you send any message containing sexually-geared content, you must:

  1. Indicate the presence of explicit content by writing “SEXUALLY-EXPLICIT:” at the start of the email subject line.
  2. Only make non-explicit media and information viewable upon the opening of the message.

Keep in mind that this rule even applies to email recipients who have given their consent to receive explicit messages.

4. Include your address

Every commercial message sent from your company needs to include your valid, registered postal address somewhere in the email. Most often, this means including your physical address, PO Box, or otherwise registered mailbox in the footer of all your emails.

5. Allow for opt out

Under the legislation, users have the right to opt out of receiving emails from your business at any time. There are four specific features of this rule that you must follow in order to comply:

  1. Present users with an obvious means of opting out – Include an easy-to-find link in the text or footer of every email you send that falls under the subjugation of CAN-SPAM. This link should clearly indicate that users can unsubscribe or opt out of receiving future messages.
  2. Honor opt-out requests in a timely fashion – Presenting users with a link or button that promotes opting out is pointless if you don’t honor those requests. In order to comply, you must address these requests by removing the user from your mailing list within 10 business days of receiving the request.
  3. Allow opt out for at least 30 days – After you’ve sent a message containing an opt-out function, users have at least 30 days to opt out of communications using that opt-out function.
  4. Users cannot be incentivized against opting out – The text specifies:

…an email recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single Internet Web page to opt out of receiving future email from a sender.

Opting out should be clear and easy for users, and you should make every effort to honor those requests quickly and without conflict.

CAN-SPAM isn’t the only law with opt-out requirements. Check out our comprehensive dive into the difference between opt in and opt out to learn when and how you need to use each.

6. Accept responsibility for your company

Even if your product or service is being promoted by a third party (such as a marketing agency), you are still responsible for holding messages promoting your business to the standards of CAN-SPAM.

Be careful when using third-party services – whether those are marketing agencies or email marketing platforms – and ensure that emails sent from or about your company comply fully with these requirements and your own email privacy policy. Otherwise, you’ll be the one paying the price.

3. What are the Penalties for Non-Compliance?

The cost of not complying with CAN-SPAM can quickly add up for an offending company, with threatened penalties as high as $42,530 per email in violation.

Furthermore, a CAN-SPAM violation can be classified as a criminal offense, meaning penalties – like jail time – are within the realm of potential consequences for non-compliance.

In 2006, an infamous spammer named Christopher William Smith was charged under CAN-SPAM and ordered to pay $5.3 million in damages to AOL for his violating email tactics. It doesn’t take much to avoid Mr. Smith’s fate by making simple efforts to comply with the regulation.

4. What Do Compliant and  Non-Compliant Emails Look Like?

To fully understand good and bad emailing under CAN-SPAM, let’s take a look at an email that complies with the rules and one that does not.

Example of CAN-SPAM compliant email

target ad email

What they did right:

  • Indicate that this email is an ad
  • Identify the company in the “from” line and email address
  • Give recipients a way to unsubscribe

If we scroll to the bottom of that same email, we can see that they continue to nail CAN-SPAM compliance:

target ad email preferences

What they did right:

  • Include a second avenue through which recipients can unsubscribe, and give the option of customizing their email preferences
  • Provide a valid mailing address

While Target got it right with their marketing email, plenty of others continue to get it wrong. Let’s take a look at what a non-compliant email looks like.

Example of CAN-SPAM non-compliant email

example of an email not compliant with CAN-SPAM

What they did wrong:

  • Subject line doesn’t honestly represent the content of the message
  • No indication that it is an ad
  • Dishonest sender name
  • No option to unsubscribe
  • No address

While making all of these mistakes in one email is likely a dedicated effort by a spammer, making one or two of these mistakes can happen to honest marketers. Be careful when crafting your emails to ensure that you have to necessary features in place to comply with CAN-SPAM.

5. Conclusion

Now that you know what the CAN-SPAM rules are, you may be wondering how relevant they still are, given their over 15-year reign.

In mid-February of 2019, the FTC reviewed the CAN-SPAM rules and determined that they are, in fact, still necessary and should remain in their current form. In other words – CAN-SPAM isn’t going anywhere. So if your business is subject to the guidelines of the spam act, the time to comply is now.

Written by KJ Dearie

KJ Dearie is a product specialist and privacy consultant for Termly, where she advises small business owners on how to comply with the latest data privacy laws and trends. She's been published in Business News Daily, Omnisend, ITProToday, MarTechExec, and more.

Reader Interactions

Leave a Reply

We’re looking forward to hearing your thoughts! Please keep in mind that all comments are moderated, and abusive or spammy comments will NOT be published.

Related Resources