USA e-mail marketing rules under the CAN-SPAM Act (Updaded 2025)
Key Takeaways
• Under the CAN-SPAM Act, businesses do not need prior consent to send commercial emails to U.S. recipients, which applies to B2C and B2B communications. However, all such emails must strictly adhere to the specific requirements detailed in the law.
• To comply with the CAN-SPAM Act, marketers must include accurate header information, avoid deceptive subject lines, and clearly state that the message is an advertisement. Additionally, they must provide a valid physical postal address, a precise opt-out mechanism, and honour unsubscribe requests within 10 business days.
• Non-compliance with the CAN-SPAM Act can lead to severe financial penalties, with each violating email incurring fines of up to $43,792. Furthermore, serious violations like using false information or harvesting email addresses can result in criminal charges, including potential imprisonment.
What is the CAN-SPAM Act?
The CAN-SPAM Act covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service”, including email that promotes content on commercial websites.
The law makes no exception for business-to-business [B2B] email. It does, however, exempt transactional and relationship messages. That means all emails, such as messages to former customers announcing a new product line, must comply with the law.
Under the FTC’s CAN-SPAM Act, you do not need consent before adding users located in the US to your mailing list or sending them commercial messages.
CAN-SPAM Act Requirements
Don’t use false or misleading header information. Your “From,” “To,” “Reply-To,” and routing information, including the originating domain name and email address, must be accurate, and the person or business who initiated the message must be identified.
Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message. Do not be deceitful, misleading or inaccurate with your subject lines to get people to open your email. Your subject line should contain a short explanation of the email’s contents.
Identify the message as an ad. The law gives you a lot of leeway in doing this, but you must disclose clearly and conspicuously that your message is an advertisement. You do not need to use the word “ad” in the subject line or create an image in the email that calls out that the recipient is opening an ad. But, per the CAN-SPAM Act, it is required that each business email sent say somewhere that it is an ad. This can be as simple as placing text at the bottom of the email saying, “This advertisement was sent by (your business name here).”
Tell recipients where you’re located. Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox with a commercial mail receiving agency established under Postal Service regulations.
Make opting out easy. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. Craft the notice in a way that’s easy for an ordinary person to recognise, read, and understand. Creative use of type size, colour, and location can improve clarity. Give a return email address or another easy Internet-based way to allow people to communicate their choice to you. You may create a menu to enable a recipient to opt out of specific messages, but you must include the option to stop all commercial messages from you. Make sure your spam filter doesn’t block these opt-out requests.
Honour opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honour a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honouring an opt-out request. Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act.
Monitor what others are doing on your behalf. The law clarifies that even if you hire another company to handle your email marketing, you can’t take away your legal responsibility to comply with the law. The company whose product is promoted in the message and the company that sends the message may be held legally responsible.
CAN-SPAM Act Fines
Each separate email violating the law is subject to fines of up to $43,792, and more than one person may be held responsible for violations. In addition, certain violations may give rise to additional fines. The law provides for criminal penalties, including imprisonment, for:
• Accessing someone else’s computer to send spam without permission,
• Using false information to register for multiple email accounts or domain names,
• Relaying or retransmitting multiple spam messages through a computer to mislead others about the origin of the message,
• Harvesting email addresses or generating them through a dictionary attack (the practice of sending email to addresses made up of random letters and numbers in the hope of reaching valid ones), and
• Taking advantage of open relays or open proxies without permission.
FAQs
Do I need permission to send marketing emails to U.S. customers?
No. Under the CAN-SPAM Act, you can send commercial emails to U.S. recipients without consent. However, your emails must follow strict rules, including an opt-out link and a physical mailing address, and you must avoid misleading subject lines. If you violate these rules, each email could cost you up to $43,792 in fines.
Can I keep emailing someone after they unsubscribe?
Absolutely not. Once a recipient opts out, you must stop sending them marketing emails within 10 business days. You also can’t make the opt-out process complicated; no login is required, and no extra info is needed. And you’re not allowed to sell or share their email with anyone else (except a company helping you manage your compliance).
Who’s responsible if I hire an agency to run my email marketing?
You are. Even if a third-party agency sends the emails, your business is still legally liable for violations. That means both the brand being promoted and the sender can face fines if the rules aren’t followed. Always work with reputable providers who understand CAN-SPAM compliance.