All Articles CAN-SPAM Act Compliance Guide for Effective Email Marketing

CAN-SPAM Act Compliance Guide for Effective Email Marketing

A mouse cursor hovering over an email spam folder.

The CAN-SPAM Act is a United States law that establishes certain rules for emails. The Federal Trade Commission (FTC), enforces the CAN-SPAM Act and the associated CAN-SPAM Rule. The FTC is an independent US federal agency based in Washington, D.C.

In this article, we provide a compliance guide to keep you on the right side of the law and CAN-SPAM compliant from your subject lines to your content for your marketing campaigns. CAN-SPAM Act email marketing compliance is doable and hassle-free if you read our easy summary.

Applicability of the CAN-SPAM Act to Different Types of Email

The CAN-SPAM Act regulates the use of emails by companies. The law applies both to messages from companies to end customers (B2C) and to emails from companies to companies (B2B). The Act distinguishes between different types of emails. The strictest rules apply to commercial emails, which we will therefore discuss first.

Requirements of the CAN-SPAM Act for Commercial Emails

Commercial emails advertise a product or service and are an essential part of email marketing campaigns. An example would be an email from an online store advertising a new sale or a new product, like this:

Subject: "Big Summer Sale – 70% off all outdoor items!"

Content: "Hello! Get ready for summer with our big sale. All outdoor items are now reduced by 70%. Visit our online store today."

Email marketing flyer with watermelons, promoting a 70% off summer sale with a 'Shop Now' button.

Below you will find an overview of the most important requirements for commercial emails in the context of CAN-SPAM compliance.

  • You may not use false or misleading header information in your emails. Your "From", "To", "Reply-to" and routing information, including the sender's domain name and email address, must be accurate and identify the person or company from whom the message originated.
  • Email headers must contain additional fields with technical information, such as when the email was sent, from which email address and via which servers. As this information is generally less important for the recipient, it is usually hidden by modern email clients, but can be displayed if required.
  • The email's subject line must accurately reflect the content of the message and must not be misleading.
  • The email must clearly state that the message is an advertisement.
  • The email must contain the sender's physical postal address.
  • In commercial emails, it is necessary to clearly explain to recipients how they can unsubscribe from future emails. These instructions should be easily recognizable and understandable, possibly supported by eye-catching font sizes, colors and placement. An option to unsubscribe can be offered via a reply email or a simple online link. In addition, recipients can be given the choice to unsubscribe from only certain types of messages, as long as it is also possible to completely unsubscribe from all marketing emails. It is important that these unsubscribe requests are not blocked by spam filters.

Keyboard with a large 'Unsubscribe' button being pressed, symbolizing email opt-out compliance.

  • Companies must ensure that their unsubscribe mechanism accepts and processes unsubscribes for at least 30 days after an email has been sent. This gives recipients enough time to make their unsubscribe requests. This Act takes unsubscribe compliance very seriously.
  • Subscribers and members of services also have the right to unsubscribe from marketing emails. This applies even if they have subscribed to a service or taken out a membership. If a message is sent without an unsubscribe link, it must be ensured that it corresponds to one of the legally defined categories of transactional or relationship messages.
  • Companies must honor opt-out requests and respond to unsubscribe requests within 10 business days at no additional cost or request for personal information other than email address. Email addresses of individuals who no longer wish to receive communications may not be sold or shared. The exception to this is sharing with companies that help with legal compliance.
  • Companies must ensure that all legal requirements are met, even if they work with other companies for their email marketing. Both the company promoting a product and the company sending the message can be prosecuted if they violate the law.

Other types of emails under the CAN-SPAM Act

Emails that do not have commercial intentions are generally subject to significantly lower requirements. The FCC distinguishes between transactional or relationship content and other content and keeps an eye on content compliance.

Transactional or relationship content

A transactional or relationship email is a message whose purpose is to facilitate, confirm, or inform about aspects of an existing commercial relationship or transaction.

This type of email may include the following content:

  • Information that facilitates, completes or confirms a commercial transaction to which the recipient has already agreed.
  • Important information about products or services, such as warranty, recall, safety, or security, that the recipient has already purchased.
  • Updates on terms or features of a membership, subscription, account, credit or other ongoing business relationship.
  • Information that informs the recipient of changes to their status in an ongoing business relationship, or regular updates on account balances.
  • Information about an employment relationship, employee benefits, or deliveries of goods or services made as part of an agreed business activity.

If an email contains only transactional or relationship-related content, it may not contain false or misleading routing information, but is otherwise exempt from most provisions of the CAN-SPAM Act.

Please note the strict legal delineation of the individual categories. It is not a given that every message to recipients who have an ongoing business relationship with you, such as subscribers or membership program participants, automatically counts as a transactional or relationship message.

For each email, check carefully whether an average customer would recognize or evaluate the main purpose of the email as a "transactional email" or "relationship email." If in doubt, your message must meet the full requirements of the CAN-SPAM Act for commercial messages if you want to stay compliant.

Example of transaction content

Payment confirmation for your order no. 78910

Hello. We confirm receipt of your payment for order no. 78910. The total amount of €59.99 has been successfully debited. Your order is now being prepared for shipment. Thank you for shopping at ElektroMarkt.

Example of relationship content

Changes to our privacy policy

Dear customer, we would like to inform you that our privacy policy has been updated to ensure even better protection of your data. You can view the new guidelines on our website. Thank you for your trust in ServicePlus .

Other content

This category includes emails that are neither commercial nor transactional or relationship-related. An example could be a newsletter from a company that contains general information or advice without directly promoting a product or service.


Monthly news from TechTrends: Tips & Tricks

Welcome to our monthly issue of TechTrends! In this issue you will find helpful tips to improve your computer skills, exciting technology news, and exclusive interviews with industry experts. Enjoy reading! Your TechTrends team.

Unfortunately the FCC does not provide any further information on "Other content". However, it can be assumed that the same rules apply to this as to transactional or relationship-related emails.

Keep these things in mid when planning your email marketing strategy!

Assessing Commercial and Non-Commercial Content under the CAN-SPAM Act

In practice, it is common for companies to mix commercial content with non-commercial content in their emails. In such mixed messages, the primary purpose determines whether or not the email is subject to the commercial message provisions of the CAN-SPAM Act. Determining the primary purpose depends on two main factors:

The interpretation of the subject line

If a recipient interprets the subject line as a message that appears to be an advertisement for a commercial product or service, the message will be classified as commercial.

The placement of the content in the message

A message is also considered commercial if the commercial part is at the beginning and the transactional or relationship part only appears towards the end of the email.

Example 1

TO: John Smith

FROM: TechWorld Inc.

SUBJECT: Your order #12345 and exclusive offer!

CONTENT: Dear Mr. Smith, we are pleased to inform you that your order #12345 for three Model X smartphones has been successfully shipped. Delivery is expected within the next three working days.

As a valued customer, we would also like to share with you an exclusive offer: 20% discount on our latest tablet model Y, valid until the end of the month. Visit our website for more information!

This email is probably a transactional or relationship message, as the main content contains information about the order. The commercial part at the end - the offer for the tablet - is present but does not dominate the entire message.

Example 2

TO: Lisa Johnson

FROM: Trendy Fashion House

SUBJECT: New summer collection now available - and update on your order

CONTENT: Discover our brand new summer collection with exclusive discounts just for our subscribers! Browse through our selection of summer dresses and accessories.

By the way, your order #67890 has been processed and is expected to be delivered on Friday.

This email is more of a promotional message as the focus is on promoting the new summer collection. The information about the order at the end of the message is a smaller part and seems to be more of an additional update.

Commercial Emails with Content from Multiple Companies

In cases where an email promotes information from multiple companies, there is a clear method for determining who is responsible for compliance with the CAN-SPAM Act as the "sender."

The marketers whose products or services are advertised in the email can designate one of them as the official "sender" who will comply with the rules of the CAN-SPAM Act. This is possible as long as this designated sender meets the following criteria:

  1. The designated sender initiates the email to promote their own products, services or websites.
  2. The specified sender is clearly named in the "From" line of the email.
  3. The specified sender complies with all provisions of the CAN-SPAM Act, which means that the email does not contain misleading information on the transmission or subject line. In addition, the email must contain a valid mailing address, a working unsubscribe link, and proper labeling as a commercial or sexually explicit message.

If the specified sender does not fulfill these obligations, all marketers named in the email can be held jointly responsible for not complying with the law.

Responsibility for Emails with a Forwarding Function

Some emails offer the option to forward them to other people via a "forward to a friend" link. The question of whether the original company that sent the email is still responsible for complying with rules such as the CAN-SPAM Act depends on certain factors.

Flyer with a megaphone and 'REFER A FRIEND!' speech bubble, highlighting email forwarding feature.

The determining factor is whether the sender of the original email is offering a reward or benefit to the person forwarding the message. For example, if the sender offers money, coupons, discounts, prizes or other incentives for forwarding, the sender may be responsible for compliance. The same applies if the sender rewards someone or provides benefits to drive traffic to a website or make recommendations.

However, if there are no clear benefits for forwarding, the responsibility for the forwarded email usually no longer lies with the original sender.

Penalties for Violations of the CAN-SPAM Act

Violations of the CAN-SPAM Act can result in significant penalties. Each individual email that violates the CAN-SPAM laws can result in a fine of up to $50,120.

In concrete terms, this means that if you send a newsletter campaign to 1000 email recipients and do not comply with the requirements of the CAN-SPAM Act, this can result in a fine of up to 50 million US dollars.

Referee holding up a big red card, symbolizing penalties for CAN-SPAM violations in email marketing.

Both the company whose product is advertised in the message and the company from which the message originates can be held legally responsible. Emails that make misleading claims about products or services may also fall under laws that prohibit misleading advertising.

The CAN-SPAM Act provides for certain serious offenses that can result in additional fines. In addition, there are criminal penalties, including imprisonment, for activities such as unauthorized access to computers to send spam, using false information when registering for email accounts or domain names, deception about the origin of spam messages, harvesting email addresses or lists through unauthorized methods, and unauthorized use of open relays or proxies.

In addition to civil penalties, email marketers may be required to pay compensation to affected consumers under Section 19 of the FTC Act. This compensation may include the amount consumers have paid as well as the value of their lost time. It is therefore of utmost importance to carefully comply with the provisions of the CAN-SPAM Act to avoid legal consequences.

Rules for Emails with Sexually Explicit Content

For marketing emails with sexually explicit content, special rules have been established by the FTC in the CAN-SPAM Act. These rules are intended to ensure that recipients can consciously decide whether they want to see the sexually explicit content, for example by scrolling down or clicking on a special link. This ensures that such content is not displayed unexpectedly or unintentionally.

Note, however, that these rules do not apply if the person receiving the message has already given their consent to receive such email messages from the sender.

To comply with this rule, emails containing sexually oriented material must contain the warning "SEXUALLY-EXPLICIT:" at the beginning of the subject line. In the body of the message, the first visible email contents must also contain the warning "SEXUALLY-EXPLICIT:" as well as the standard information of a commercial email, such as a reference to advertising, the sender's postal address and the option for the recipient to opt out of receiving further messages from this sender.

CAN-SPAM Act compared to the GDPR

The CAN-SPAM Act allows direct marketing emails to be sent to anyone without permission until the recipient explicitly asks not to do so (opt-out).

Dark blue background with binary code, European map, and 'GDPR' in white, symbolizing data protection.

In contrast, the General Data Protection Regulation (GDPR) goes much further:

Direct marketing emails may only be sent to recipients who have given their prior consent (opt-in). Consent must be freely given, specific, informed, and unambiguous by a clear affirmative action, which means that ticked boxes or other types of implied consent are not sufficient. In addition, the recipient must be told exactly how their data will be used. Senders must keep evidence of consent and provide proof in the event of a challenge to their emailing behavior.

Maildroppa: Your Ally in Compliant Email Marketing

Maildroppa is a vital tool for businesses aiming to meet email marketing regulations like CAN-SPAM and GDPR. It ensures compliance while maintaining the effectiveness of email campaigns.

Young boys using a tin can telephone, symbolizing secure and compliant communication in email marketing.

For CAN-SPAM adherence, Maildroppa automatically includes essential sender information, such as a physical mailing address, in every email. This feature ensures transparency and trustworthiness in communication. Users can customize their sender name and email, enhancing their emails' recognizability and reducing spam flags. Every sender address is verified, adding credibility to the emails.

Under GDPR, Maildroppa enforces a mandatory double opt-in for all customers. This not only secures explicit subscriber consent but also boosts delivery rates and credibility. The platform provides customizable GDPR consent options and agreement texts, catering to diverse subscriber bases from regions like the EU, UK, and Switzerland.

Furthermore, Maildroppa’s commitment to data protection is underscored by its hosting with Hetzner in Germany, aligning with strict German data protection laws. The option to disable customer tracking respects privacy and aligns with current digital marketing trends.

Maildroppa stands out as a comprehensive solution for businesses to navigate the complexities of legal compliance in email marketing, merging regulatory adherence with marketing efficacy.