The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM or the CAN-SPAM Act) establishes rules for sending commercial email messages whose primary purpose is advertising or promoting a product or services.  CAN-SPAM also requires that businesses provide consumers with the ability to opt out of receiving such messages.1

The key steps for CAN-SPAM compliance include:

  • refrain from using false or misleading header information or deceptive subject lines;
  • identify commercial messages as advertisements;
  • provide consumers a valid physical address;
  • clearly explain how consumers can opt out of receiving commercial emails and promptly honor opt-out requests;
  • provide an online opt-out mechanism that (i) is easy to use and (ii) does not require more than one step; and
  • ensure third-party service providers that send commercial messages on your behalf are compliant with CAN-SPAM.2

Transactional or relationship email messages, such as messages necessary to complete a transaction or provide a consumer with notice of updates to the company privacy policy, are not subject to CAN-SPAM.  Determining whether a message is transactional or commercial hinges on the primary purpose of the email.  Emails that contain both commercial and transactional or relationship content are commercial messages if a recipient reasonably interpreting the subject line and the body of the message would likely conclude that its primary purpose is to advertise or promote a product or service.3


1 15 USC §§ 2701-2712.

2 Id.

3 FTC, CAN-SPAM Act: A Compliance Guide for Businesses, FTC: Guidance, available here (last visited Feb. 23, 2019).

More topics in this series