Email is ubiquitous in modern life with billions of emails – wanted and unwanted – sent each day. Since its enactment in 2003, the Controlling the Assault of Non-Solicited Pornography and Marketing (“CAN-SPAM”) Act has attempted to curb the number of unwanted emails and impose some rules on a largely unregulated frontier. When followed, the CAN-SPAM Act’s restrictions give email recipients some control over their inboxes and also maintain fairness in how emails present themselves. Failure to follow the CAN-SPAM Act can lead to penalties of up to $16,000 per violation.

As a practical matter, many organizations use vendors for their email marketing and other email services, and those vendors often assist the organizations in complying with the requirements of the CAN-SPAM Act. Nonetheless, the party whose content is promoted via email must supervise the conduct of its vendors and employees in abiding by CAN-SPAM, or else risk possible sanctions.


246 Billion

244.5 Million


Average return on each dollar of email marketing investment.1

Projected number of daily business emails in 2020.2

Estimated number of email users in the US at the end of 2017.3

Number of complaints received by the FTC in a year concerning unsolicited email.4

The basic questions to ask regarding CAN-SPAM compliance are:

  1. Does your email message include: (a) complete and accurate transmission and header information; (b) a “From” line that identifies your business as the sender; (c) a “Subject” line that accurately describes your message; and (d) an effective “opt-out” mechanism?
  2. Does your email either contain an email address, physical address, or other mechanism that the recipient may use for opting-out of future marketing emails?
  3. Is your opt-out mechanism effective for at least 30 days after your email is sent?
  4. Do you honor all requests to opt-out within 10 days?
  5. Does your mailing list include any recipient that has asked not to receive email from your business (opted-out)?
  6. Have you tested the effectiveness of your opt-out mechanism?
  7. Have you reviewed your vendor contracts to determine each party’s responsibilities with regard to CAN-SPAM compliance?
  8. Are addresses of people that have opted-out transferred outside of your organization?
  9. Does your organization use open relays or open proxies to send marketing email?
  10. Have you validated your CAN-SPAM compliance program annually?