What is CAN-SPAM?

CAN-SPAM is the US law that sets rules for commercial email, requiring truthful headers, a valid opt-out, and a physical address.

CAN-SPAM, the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003, is the United States federal law governing commercial email. Contrary to what the name suggests, it does not ban unsolicited email; instead it sets requirements that any commercial message must meet, enforced by the Federal Trade Commission.

The core rules are practical. Header information — the From, To, and routing data — must be accurate and not deceptive; subject lines must not mislead; the message must identify itself as an advertisement where applicable; and it must include the sender's valid physical postal address. These provisions aim to keep commercial email honest and traceable.

Opt-out is central to compliance. Every commercial message must offer a clear, working way to unsubscribe, and the sender must honor opt-out requests within ten business days and stop sending. Selling or transferring the address of someone who has opted out is prohibited. These rules apply to each message and to anyone whose product is promoted, not just the sender.

CAN-SPAM is notably more permissive than the EU's GDPR: it allows cold B2B email without prior consent as long as the message is truthful, identifies the sender, and provides opt-out. Penalties for violations can be substantial per email, so senders operating in or emailing the US treat compliance as a baseline rather than an afterthought.

Examples

  • Including a valid physical mailing address in every commercial email footer
  • A clear, functioning unsubscribe link honored within ten business days
  • Accurate From and Subject lines that do not deceive the recipient

Frequently asked questions

Free tools for working with CAN-SPAM

Related terms