Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) is a U.S. federal law that places restrictions on commercial email messages.
CAN-SPAM applies to emails sent for the purpose of advertising or promoting a commercial product or service. The law requires that:
- Email header information (the “From,” “To,” “Reply-To,” and routing info) be accurate and identify the person or business sending the message.
- The email subject line accurately reflect the purpose of the message.
- The email conspicuously identify the message as an advertisement.
- The message include the sender’s valid physical postal address.
- The message conspicuously provide a way to opt-out of future emails.
- The sender honor opt-out requests within 10 business days and not further sell the information of an individual who has opted out.
Compliance Tip: Companies can be held liable under CAN-SPAM for what third parties do on their behalf, e.g. marketing firms hired by the company to promote a product or service.
The Federal Trade Commission (FTC) enforces CAN-SPAM.
Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $43,792.