Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) is a U.S. federal law that places restrictions on commercial email messages.


CAN-SPAM applies to emails sent for the purpose of advertising or promoting a commercial product or service. The law requires that:

  1. Email header information (the “From,” “To,” “Reply-To,” and routing info) be accurate and identify the person or business sending the message.
  2. The email subject line accurately reflect the purpose of the message.
  3. The email conspicuously identify the message as an advertisement.
  4. The message include the sender’s valid physical postal address.
  5. The message conspicuously provide a way to opt-out of future emails.
  6. The sender honor opt-out requests within 10 business days and not further sell the information of an individual who has opted out.

Compliance Tip: Companies can be held liable under CAN-SPAM for what third parties do on their behalf, e.g. marketing firms hired by the company to promote a product or service.


The Federal Trade Commission (FTC) enforces CAN-SPAM.


Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $43,792.