The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM or the CAN-SPAM Act) establishes rules for sending commercial email messages whose primary purpose is advertising or promoting a product or services.  CAN-SPAM also requires that businesses provide consumers with the ability to opt out of receiving such messages.¹

The key steps for CAN-SPAM compliance include:

• refrain from using false or misleading header information or deceptive subject lines;
• identify commercial messages as advertisements;
• provide consumers a valid physical address;
• clearly explain how consumers can opt out of receiving commercial emails and promptly honor opt-out requests;
• provide an online opt-out mechanism that (i) is easy to use and (ii) does not require more than one step; and
• ensure third-party service providers that send commercial messages on your behalf are compliant with CAN-SPAM.²

Transactional or relationship email messages, such as messages necessary to complete a transaction or provide a consumer with notice of updates to the company privacy policy, are not subject to CAN-SPAM.  Determining whether a message is transactional or commercial hinges on the primary purpose of the email.  Emails that contain both commercial and transactional or relationship content are commercial messages if a recipient reasonably interpreting the subject line and the body of the message would likely conclude that its primary purpose is to advertise or promote a product or service.³

¹ 15 USC §§ 2701-2712.

² Id.

³ FTC, CAN-SPAM Act: A Compliance Guide for Businesses, FTC: Guidance, available here (last visited Feb. 23, 2019).