Email is ubiquitous in modern life with billions of emails – wanted and unwanted – sent each day. Since its enactment in 2003, the Controlling the Assault of Non-Solicited Pornography and Marketing (“CAN-SPAM”) Act has attempted to curb the number of unwanted emails and impose some rules on a largely unregulated frontier. When followed, CAN-SPAM Act’s restrictions give email recipients some control over their inboxes and also maintain fairness in how emails present themselves. Failure to follow the CAN-SPAM Act can lead to penalties of up to $16,000 per violation.

As a practical matter, many organizations use vendors for their email marketing and other email services, and those vendors often assist the organizations in complying with the requirements of the CAN-SPAM Act. Nonetheless, the party whose content is promoted via email must supervise the conduct of its vendors and employees in abiding by CAN-SPAM, or else risk possible sanctions. The following provides a snapshot of information concerning email marketing.


Average return on each dollar of email marketing investment.[1]

139.4 Billion

Projected number of daily business emails in 2018.[2]

2.5 Billion

Estimated number of email users.[3]


Number of complaints received by the FTC in a year concerning unsolicited email.[4]

The basic requirements of CAN-SPAM are:

  1. Does your email message include: (a) complete and accurate transmission and header information; (b) a “From” line that identifies your business as the sender; (c) a “Subject” line that accurately describes your message; and (d) an effective “opt-out” mechanism?
  2. Does your email either contain an email address, physical address, or other mechanism that the recipient may use for opting-out of future marketing emails?
  3. Is your opt-out mechanism effective for at least 30 days after your email is sent?
  4. Do you honor all requests to opt-out within 10 days?
  5. Does your mailing list include any recipient that has asked not to receive email from your business (opted-out)?
  6. Have you tested the effectiveness of your opt-out mechanism?
  7. Have you reviewed your vendor contracts to determine each party’s responsibilities with regard to CAN-SPAM compliance?
  8. Are addresses of people that have opted-out transferred outside of your organization?
  9. Does your organization use open relays or open proxies to send marketing email?