The Complete CAN-SPAM Compliance Checklist For Email Marketers

can-spam compliance checklist

B2C email marketing is one of the best ways to reach your audience but complying with anti-spam laws is critical. In the United States, the CAN-SPAM Act sets the rules and requirements for commercial email. The Federal Trade Commission (FTC) enforces these requirements, and penalties for non-compliance can lead to fines and other penalties. Fortunately, the law is easy to understand, and this CAN-SPAM compliance checklist will help you stay within the rules.

CAN-SPAM Act Penalties for Non-Compliance

Each email that violates the CAN-SPAM Act is subject to a fine of up to $43,792, and the FTC may hold multiple parties accountable. For example, your company and the marketing agency that sent the email can be held legally responsible. Other factors can lead to additional fines and even criminal penalties (including imprisonment).

Which Emails Are Subject to the CAN-SPAM Act?

CAN-SPAM regulates all commercial emails. In other words, it doesn’t just apply to bulk or unsolicited email. According to the law, a commercial email advertises or promotes a product or service. When using email for advertising or promotion, you must follow CAN-SPAM rules—even if the recipient has consented to receive your emails.

According to CAN-SPAM’s provisions, there are three types of email content:

  • Commercial content. A commercial email “advertises or promotes a commercial product or service, including content on a website operated for a commercial purpose.” Commercial content is subject to all CAN-SPAM regulations.
  • Transactional or relationship content. A transactional email “facilitates an already agreed-upon transaction or updates a customer about an ongoing transaction.” In other words, transactional emails are related to an existing transaction and provide information relevant to that transaction (e.g., confirmation emails or messages about warranties or recalls). Transactional and relationship emails are exempt from many, but not all, CAN-SPAM rules.
  • Other content. Messages that don’t promote a product or a service or provide transactional information fall in this catch-all category.

If an email contains commercial and non-commercial content, the main purpose of the email will determine what rules apply. The FTC recommends considering the following factors:

  • Would the recipient assume the email is promotional based on the subject line? If so, that suggests that the primary purpose is commercial.
  • Is the non-commercial content at the beginning of the email? If so, this suggests that the primary purpose is non-commercial.

Are Unsolicited Commercial Emails Illegal?

No, unsolicited commercial emails are not illegal. You can send commercial email messages to anyone, even if they haven’t opted into your email list. According to FTC attorney Christopher Brown, “The CAN-SPAM Act doesn’t require initiators of commercial email to get recipients’ consent before sending them a commercial email. In other words, there is no opt-in requirement [emphasis added].”

As long as you comply with the CAN-SPAM Act, you can send anyone unsolicited commercial email and use email acquisition tools like website visitor identification to send emails to anonymous website visitors who don’t fill out a form on your website.

But you must give them an easy way to opt out of receiving future emails from you and make sure you honor all opt-outs.

Yes, CAN-SPAM applies to all commercial emails, even if you have consent from the recipient. Brown said, “If recipients have given their prior affirmative consent to get messages from you, you’re exempt from the requirement of identifying the message as an ad or solicitation–but that’s it.”

The CAN-SPAM Compliance Checklist

In this section, we’ll cover the legal requirements for email marketing in the United States. This CAN-SPAM compliance checklist is based on the FTC’s CAN-SPAM compliance guide. The guide covers the main requirements, but it’s not exhaustive. When in doubt, consult an expert.

1. Is the header information correct and easy to interpret?

The Rule: “Don’t use false or misleading header information.”

Your header should accurately identify the sender. In other words, the “From,” “To,” and “Reply-To” fields and other routing information shouldn’t be misleading or deceptive. The sender can be a person or your business, but recipients should be able to identify it quickly and accurately, together with the domain name.

2. Does the subject line give a clear indication of the content of the email?

The Rule: “Don’t use deceptive subject lines.”

Your subject lines should give recipients a clear indication of what the email should contain. For example, don’t use deceptive subject lines such as “Your account details” or “An update on the status of your order” to try to increase your open rates.

3. Are recipients able to identify that your message is promotional?

The Rule: “Identify the message as an ad.”

Recipients should be able to determine whether the content of the email is promotional. That means you need to make it clear that the message is an ad, but the law doesn’t specify how to do it. You don’t have to include “Advertisement” or “Promotional content” in the subject line. The CAN-SPAM Act’s Adult Labeling Rule does, however, require that the subject line begins with “SEXUALLY-EXPLICIT:” if the email contains adult content.

4. Have you included a valid physical address?

The Rule: “Tell recipients where you’re located.”

You need to provide a postal address in each promotional email message. As long as it’s a valid postal address, it can be a post office box that you have registered with USPS or a private mailbox provider.

5. Is it easy for recipients to opt-out of receiving future emails?

The Rule: “Tell recipients how to opt-out of receiving future email from you.”

The CAN-SPAM Act requires that you give your recipients the option to opt out of future emails. Include an unsubscribe button or link in your email messages, and make sure it’s easy to identify (typically, opt-out links are located in the message’s footer).

Alternatively, you can simply provide an email address to which recipients can send a message to opt-out. Either way, opting out of receiving promotional emails must be easy and either require no more than visiting a single webpage or sending an email.

6. Are you honoring recipients’ requests to be unsubscribed?

The Rule: “Honor opt-out requests promptly.”

Promptly take steps to make sure recipients who opt out don’t receive further commercial emails from you. You must honor their request within ten business days.

Most email marketing platforms like Mailchimp and Klaviyo handle that automatically. If you change platforms, make sure to transfer that information.

7. Are you able to make sure other contractors or agencies you work with comply with the law?

The Rule: “Monitor what others are doing on your behalf.”

If someone else is handling your email marketing, such as a marketing agency or a contractor, make sure that they’re respecting the CAN-SPAM Act’s rules. Even if you’re not the one who’s sending the emails, you’re still responsible for compliance.

Other Considerations

In addition to federal regulations, companies like Google are also imposing more stringent rules regarding bulk email.

Effective February 2024, bulk email senders (those exceeding 5,000 emails daily to Gmail accounts) will face stricter regulations. These include:

  • Mandatory sender authentication. Implementing protocols like DMARC, DKIM, and SPF becomes essential to combat phishing and spoofing attempts.
  • Seamless unsubscribe options. Recipients must be able to unsubscribe with a single click, and their requests must be processed within 48 hours.
  • Maintaining a low spam complaint rate. Staying below a 0.3% threshold becomes critical to avoid deliverability issues.

Staying Compliant with CAN-SPAM Regulations is Simple

This CAN-SPAM compliance checklist illustrates how easy it is to continue to get the most out of your email marketing campaigns without breaking the law. Ensuring CAN-SPAM compliance is a straightforward process. Just make sure:

  1. No elements of your campaigns are misleading,
  2. You make it clear how to opt-out, and
  3. You honor opt-out requests

As long as you follow the guidelines provided by the FTC, you should be able to use all the latest tactics—from visitor identification to email retargeting—without any trouble.