The CAN-SPAM Act was signed into law by President George W. Bush on December 16, 2003, and took effect on January 1, 2004. The Act requires that all commercial emails meet certain standards to be considered legal. The Federal Trade Commission (FTC) is responsible for enforcing this law.
The CAN-SPAM Act is designed to regulate commercial emails and protect recipients’ rights. It imposes penalties for violations and gives recipients the right to stop receiving messages. The main focus of the act is on emails that promote content on websites or products. It covers both bulk email campaigns as well business-to-customer correspondence with the primary purpose of advertising or promoting goods/services sold by another party (the sender).
There are heavy fines for spammers who do not adhere to the law, which can be quite costly (up to $46,517). Therefore, it is important to comply with the law to avoid these penalties.
The CAN-SPAM Act is a bit more relaxed with transactional messages. These types of emails have only informational content or updates about transactions already agreed upon between two parties. For example, if you send someone their purchase receipt by email after they order something off your website.
As the problem of spam grows, governments have enacted email compliance laws to protect their citizens from unsolicited emails. Email marketers should be aware of these local laws, as failure to comply can result in damage to their reputation and costly penalties. If you are sending emails across borders, you must make sure to comply with all relevant international regulations.
If you market to people living in the US, follow the basic provisions of the CAN-SPAM Act:
Canada has very strict anti-spam laws. These laws apply to any communication sent by a Canadian company, to another Canadian company, or any message that is routed through a Canadian server. Thus, if you send emails into or out of Canada, you must follow the requirements of Canada’s Anti-Spam Legislation.
The General Data Protection Regulation (GDPR) is a set of laws that were enacted in 2018 in order to protect the personal data of individuals in the European Union. Under the GDPR, all electronic messages sent to or received from individuals or companies in the EU must comply with the regulation. This regulation will create a standard way of handling these types of communications across all EU member states.
There are some key similarities between these three laws regulating digital marketing and communication. They all emphasize transparency and choice for consumers, require thoughtful internal processes, come with substantial fines for non-compliance, and make it clear that businesses are accountable for their conduct. Understanding these commonalities can help businesses navigate the requirements of each law and avoid hefty penalties.
To have a better understanding of these laws, see the table below:
| CAN-SPAM Act | CASL | GDPR | |
| Field of action | The law specifically regulates how companies can legally send out certain types of advertisements, like those that are primarily intended to advertise products or services. | The law covers everything from spam email and text messages to phishing for sensitive information like passwords. | The law deals with the collection, keeping and using of personal data. |
| Action | The law extends to U.S-based businesses but it is unclear as to whether businesses outside of America have the same obligations when it comes to contacting their citizens. | The law is applicable to everyone who sends or receives emails or any other form of electronic communication in Canada. | These regulations apply not only to those who sell goods and services within Europe, but also to any company that collects or processes personal data on behalf of commercial enterprises with offices in one of these member states (or anywhere else). |
| Consent | Businesses have no legal obligation to obtain consumer consent before sending them emails, but they can opt out if desired. | Businesses must get consumers’ permission before collecting, using, or sharing their data. Consumers can change their minds about allowing businesses to use their data at any time. | Businesses need to get permission from consumers before using their data. This permission can be in the form of opting in or taking some other positive action. |
Keeping your emails in line with the law is important. The following checklist will help ensure that you are not breaking any laws while sending out messages, so make sure to follow these key points:
Your email’s “From”, “To” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message. Don’t use a fictional name or misrepresent your identity.
When creating an email, it is optimal to use your name and the name of your company in the “From” section. This allows people to easily see who the email is from and why they may be receiving it. For example, in Selzy, emails are sent on behalf of the person who wrote the letter.
The subject line must accurately reflect the content of the email. This seems like a small thing, but it’s one of the most important CAN-SPAM requirements. Your subject line should not be misleading in any way. That means not using “Re:” when there was no initial email to begin with, and no promises of free stuff that are ultimately broken.
Some examples of non-compliant subject lines include: “Get rich quick!” or “You’ve been chosen!”
And here is an example of an email whose subject line is compliant with the CAN-SPAM Act:
The subject line for this email is simple and to the point. It tells the reader that the email is about the latest seasonal collection from Storksak. This subject line is effective because it is clear and concise, letting the reader know exactly what to expect from the email.
Commercial emails are those that have an advertising or solicitation purpose. To get recipients to know about the presence of advertisements, include “Ad” labels in your messages.
The CAN-SPAM Act requires that any commercial email message sent include a valid physical postal address for the business. This can be either an office or home address, as well as PO Boxes and international mailing addresses if they are based outside of America.
The Act requires that commercial email senders give recipients the option to opt-out of receiving future emails from them. This means that you must include a way for people to unsubscribe from your emails in every email you send.
There are a few different ways you can do this, but the most important thing is that it is clear and easy to find. Some good places to put an unsubscribe link are at the top or bottom of the email, or in the footer.
Commercial emails are those that contain advertising or solicitation. To let recipients know that there are advertisements in the email, include “Ad” labels.
The CAN-SPAM Act applies to any person or business that initiates commercial email messages. This includes anyone who sends or procures the transmission of such emails, as well as anyone whose product, service, or website is advertised in the message. If a company outsources its email marketing campaign to a third-party vendor, it is still considered the sender of the messages and must comply with all aspects of the CAN-SPAM Act. However, the third-party vendor would only be considered an initiator if it does not advertise its own services in the email. Both the sender and the initiator must comply with the law.
The CAN-SPAM Act enforcement is handled by the Federal Trade Commission (FTC) as well as state agencies with assistance from ISPs who could face their own penalties. If someone violates the CAN-SPAM Act, they could face various consequences, such as fines and imprisonment. In some cases, the Department of Justice (DOJ) may get involved and file criminal charges. The different types of CAN-SPAM enforcement and penalties are outlined below.
The Federal Trade Commission has the authority to take legal action against anyone who violates the CAN-SPAM Act, which prohibits sending spam emails. The FTC can impose a fine of up to $16,000 per spam email, with no maximum limit. The FTC can also seek other types of relief, such as an injunction.
State agencies can bring lawsuits against companies who violate the CAN-SPAM Act. These cases often result in:
ISPs can bring claims against people or entities who violate the CAN-SPAM Act for things like false header information or failure to place warning labels with sexually oriented material in commercial emails.
ISPs can seek different types of relief, including injunctive relief, damages, and attorney’s fees and costs. The amount of damages that can be sought depends on the violation but can be up to $1 million. ISPs can also seek three times the amount of damages for willful, knowing, or aggravated violations.
Email marketing content is subject to some pretty strict laws. And it doesn’t matter if you send mass emails or if it’s a commercial message to one person. It’s important to understand the rules and regulations before embarking on an email marketing campaign, as violations can lead to legal trouble.
The email laws and regulations vary depending on the recipient’s country. Sending emails must follow the email laws and regulations of the recipient’s country in order to be compliant. The main jurisdictions and laws to be aware of are:
Each of these laws dictates the requirements for commercial emails, including what information must be included and how consent must be obtained from recipients. These laws also establish the procedures that must be followed if someone opts out. Understanding these regulations is essential to avoid any penalties or legal issues.
Here are some things you need to do to stay compliant with CAN-SPAM Act:
So, before you start your next email marketing campaign, be sure to brush up on the rules and regulations. A little bit of research can go a long way in keeping your campaign on the right side of the law.
10 Best Online Quiz-Making Software Websites in 2025
The Ultimate Guide to Millennials Email Marketing
ChatGPT for Email Marketing: Best Prompts and Use Cases
9 Social Media Marketing Trends You Need To Watch in 2025
7 Things I Do as a Marketer To Adapt to the Ever-Changing Social Media Algorithms
A Definitive Guide on Email Marketing for Dentists
Check your email — the guide is on it’s way to your inbox.
