What is the CAN-SPAM Act? FAQs For Business Compliance

Author Headshot Written by Liz McDermott

what is the can spam act

Spam email is annoying, and in recent years it has become dangerous and impossible to opt out no matter how many times you click on the opt-out link of emails. Do you know what's in place to stop this unwanted form of email messages?

The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) is a United States law enacted in 2003 by the Federal Trade Commission to regulate commercial advertisement emails and protect consumers from unsolicited commercial emails. CAN-SPAM outlines the requirements and best practices for businesses that send commercial advertisement emails, ensuring transparency and consumer control, including ways to process opt-out requests.

This article lists 20 frequently asked questions about this marketing act to provide businesses with a comprehensive understanding of the CAN-SPAM Act, its requirements, and how to ensure compliance.


What Is The Purpose of CAN-SPAM Anti-Spam Laws?


The CAN-SPAM Act is the primary legislation regulating commercial emails in the United States. It aims to protect consumers from deceptive and unwanted electronic mail messages while allowing legitimate businesses to communicate with customers, including business-to-business email. The CAN-SPAM Act focuses on transparency, consent, and the right to opt out of future communications.


can spam requirements primary purpose


What Types of Messages Does the CAN-SPAM Act Apply To?


The CAN-SPAM Act applies to all commercial electronic mail messages, including business-to-business email messages, defined as any message primarily promoting a commercial product or service. Transactional or relationship messages, such as account updates, receipts, or warranty information, are exempt from most of the act's provisions.


What is an example of an electronic mail message?


CAN-SPAN defines an electronic mail message as but not limited to:

  • Advertisements for products or services
  • Promotions of commercial websites
  • Newsletters containing commercial content
  • Business-to-business communications


What is the difference between a transactional or relationship message and a commercial email?


A transactional or relationship message facilitates an agreed-upon transaction or updates a customer about an ongoing transaction. In contrast, commercial emails (marketing emails) promote products, services, and brand awareness.

Transactional emails are often one-to-one emails sent to individuals containing relevant information to complete a transaction or process initiated by the recipient. In contrast, commercial emails address commercial purposes sent to groups of prospects or customers. It is essential to adhere to local email-sending laws while sending either of these emails.


Does the CAN-SPAM Act apply to Forward-to-a-Friend email marketing campaigns?


In cases where a business encourages recipients to forward a commercial email to friends or contacts, the company may be held responsible for compliance with the CAN-SPAM Act. The regulation applies if the sender includes non-solicited pornography and offers any compensation or benefit for forwarding the message, such as discounts, coupons, or additional entries in sweepstakes.


commercial messages primary purpose


What is the difference between initiators and senders under the CAN-SPAM Act?


Under the CAN-SPAM Act, an "initiator" is a person or entity who originates or transmits a commercial email message. A "sender" is the person or entity whose product, service, or website is advertised or promoted in the message. The CAN-SPAM Act applies to both initiators and senders of email messages, who are responsible for complying with the act's requirements.


Is an internet website a Sender under CAN-SPAM?


Under CAN-SPAM, a sender is a person or entity whose product, service, or website is advertised or promoted in a commercial email message. In cases where multiple marketers are involved and send commercial messages together using various email accounts, the designated sender must meet the following criteria:

  1. Make it clear who the entity is that's initiating the commercial message advertising or promoting a commercial product, service, or website.
  2. Identify the entity in the "from" line of the message.
  3. Comply with the act's initiator provisions, such as using accurate header information, including a valid postal address, relevant subject line, and opt-out hyperlink to process the opt-out request.


What is false or misleading header information under CAN-SPAM?


The CAN-SPAM Act prohibits the use of false or misleading header information, including the "From," "To," "Reply-To," and routing information. Commercial purpose senders must ensure that their header information accurately identifies the person, entity, or internet website that initiated the message by including the originating domain name.

Commercial emails with a misleading subject line or false opt-out hyperlinks are also prohibited. The subject line should describe the message's intent and clarify that the content is a commercial email. The unsubscribe link should be visible and clickable, and process the opt-out request within 10 days.


primary purpose test


How do you check if the email message is a commercial message?


The primary purpose test is applied to determine if an email is a commercial message. This test examines the content of the message to establish if it is primarily promoting a commercial product or service. If the message contains only commercial content, it is considered a commercial message and must comply with the CAN-SPAM Act.


What are commercial message requirements for Senders under CAN-SPAM?


Senders of commercial messages must adhere to the following CAN-SPAM Act requirements:

  1. Do not use false or misleading header information.
  2. Do not use deceptive subject lines.
  3. Identify the message as an advertisement.
  4. Include a valid physical postal address.
  5. Provide a clear and conspicuous opt-out mechanism.
  6. Honor opt-out requests promptly.


What is a Sender's Valid Physical Postal Address under CAN-SPAM?


The CAN-SPAM Act requires that commercial messages include the sender's valid physical postal address. This mail address can be a street address, a post office box registered with the U.S. Postal Service, or a private mailbox registered with a commercial mail receiving agency.


Does the CAN-SPAM Act include commercial messages sent to wireless devices?


The CAN-SPAM Act also applies to commercial messages sent to wireless devices like mobile phones. The FTC has issued rules to protect consumers from unwanted mobile phone spam, requiring senders to obtain prior expressed authorization before sending commercial messages to wireless devices.


What are Transactional or Relationship Messages?


Transactional or relationship messages facilitate an ongoing commercial transaction or update a customer about an existing relationship. These messages are exempt from most provisions of the CAN-SPAM Act, but they must still contain accurate routing information.


Are transactional emails subject to the law under CAN-SPAM?


Transactional emails, such as order confirmations, account updates, or warranty information, are subject to the CAN-SPAM Act but are exempt from most provisions. They must still contain accurate routing information and not be misleading.


transactional or relationship content


How do you check for messages with Commercial Content and Transactional or Relationship Content?


The primary purpose test determines compliance requirements when an email contains commercial and transactional or relationship content. Suppose the subject line indicates a commercial message or the transactional content does not appear primarily at the beginning of the message. In that case, the email is considered a commercial message under the CAN-SPAM Act.


What are the Opt-Out Requirements for senders Under CAN-SPAM?


The CAN-SPAM Act requires that commercial emails include a clear and conspicuous opt-out mechanism, allowing recipients to opt out of future communications easily. Opting out can be a return email address, an unsubscribe link, or another Internet-based method. Businesses must honor opt-out requests within 10 business days and cannot charge a fee or require additional information beyond an email address for unsubscribing.


What are the requirements for opt-out Requests for mobile service commercial messages?


Senders of commercial messages to mobile devices must also provide a clear and conspicuous opt-out request mechanism, allowing recipients to opt out of future messages easily. This opt-out link can be a reply-to email address, a short message service (SMS) code, or another Internet-based method designed to opt-out recipients.


"CAN-SPAM Act violations can result in
penalties of up to $50,120 per email
." (FTC)


What are the penalties for violating the CAN-SPAM Act?


Violations of the CAN-SPAM Act can result in penalties of up to $50,120 per email, with the initiator and sender potentially held responsible. Criminal penalties, including imprisonment, may be imposed for aggravated violations, such as using false information to register multiple email accounts or harvesting email addresses without permission.


Are there Criminal Penalties under CAN-SPAM?


Criminal penalties, including imprisonment, may be imposed for aggravated violations of the CAN-SPAM Act, such as using false information to register multiple email accounts, relaying spam messages to mislead recipients about their origin, or harvesting email addresses without permission.


How can recipients report CAN-SPAM Violations?


Recipients can report violations of the CAN-SPAM Act to the Federal Trade Commission (FTC) by forwarding the offending email to spam@uce.gov or filing a complaint at the FTC's website.


Are there content restrictions under CAN-SPAM?


Commercial email messages must not contain false or misleading information and must be identified as advertisements. In addition, messages with sexually explicit content must include the warning "SEXUALLY-EXPLICIT:" at the beginning of the subject line and comply with the act's "brown paper wrapper" requirements.


What other federal agencies enforce CAN-SPAM?


In addition to the FTC, other federal agencies have enforcement authority under the CAN-SPAM Act, including the Federal Communications Commission (FCC) and the Department of Justice (DOJ).


Conclusion: Invest in CAN-SPAM Education


Providing CAN-SPAM Act employee education is important for employers in jurisdictions that require it, like California. Vubiz offers a CAN-SPAM Act training course to make it easier for businesses of all sizes to meet this requirement.

For more information, please contact us to inquire about our HR, Ethics, and Compliance training programs.