CAN SPAM Act: Update


Table of Contents

During each of our Email Marketing Webinars, we get questions about CAN-SPAM regulations, so I thought it would be useful to review the CAN SPAM laws.  You will note in this post that, contrary to popular belief, ‘opt-in’ is surprisingly not a legal requirement.

Offering additional impetus for the timeliness of the topic: we just passed the five-year anniversary of the Controlling the Assault of Non-Solicited Pornography and Marketing Act becoming official.  It boasted overwhelming approval by the U.S. congress after six years of debate, creating the first federal law regulating spam.

The CAN SPAM law went into effect January 1, 2004. Here’s a quick rundown of the law’s main provisions to keep in mind while sending out your email marketing campaigns. We’re not lawyers,  but following these recommendations will definitely keep you clear of the 100 known SPAM operators list.  Here are the requirements:

  • Header information must be correct and legitimate. Your email’s “from” and “to” lines must be accurate, including the originating domain name, and identify the person who initiated the email.
  • The subject line cannot mislead your email recipients about the content within the email.
  • Your email recipients must have an opt-out method and it must be clear, easy to follow, and it must work to end any commercial messages.
  • The opt-out option must be available to recipients for at least 30 days after they receive your commercial email.
  • Opt-out requests must be handled within 10 business days.
  • It’s illegal for you to sell or share opt-out email addresses.
  • If your list is not double-opt in, your email must be identified as an advertisement and include a valid bricks-and-mortar postal address.
  • Don’t harvest emails and don’t use automated means to create email addresses.
  • If you share an email address with a third party, you must give the recipient “clear and conspicuous notice at the time the consent was communicated”.

The law also distinguished commercial emails from transactional emails, if the purpose of the email is to “facilitate, complete, or confirm”. Earlier this year, in May, the Federal Trade Commission updated the law.

Here are their four new provisions, cut and pasted directly from the FTC Web site: (For reference the full link is:

  • An e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender;
  • The definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements;
  • A “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and
  • A definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.

Keep in mind, CAN SPAM law is intended for the U.S., so email in other countries would be governed differently. The European Union, for instance, has a set of standards, but the actual SPAM laws are different throughout Europe.

If you’re just starting out with email campaigns, adhering to legal standards might seem overwhelming. In this case there’s no substitute for chatting with your legal team. But for many simple email campaigns, just using the features of software like Pinpointe’s On-Demand Email marketing system will help ensure you’re covered for opt-out mechanisms and ensuring your header information is correct.


He does not need any intro. Your know that he will only edit blog posts when it's needed.