What is the CAN-SPAM Act?

The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography And Marketing) is US federal law governing commercial email, enacted in 2003. Unlike opt-in frameworks, CAN-SPAM follows an opt-out model: you can email anyone without prior permission as long as you comply with the law's requirements and honor unsubscribe requests promptly.

The law's key provisions require: no false or misleading header information (accurate From, To, and routing), no deceptive subject lines, identification as an advertisement (though this requirement has flexibility), inclusion of valid physical postal address, a clear and conspicuous unsubscribe mechanism, and honoring opt-out requests within 10 business days.

CAN-SPAM is enforced by the FTC and can result in fines up to $50,000+ per non-compliant email. Critically, the law preempts state spam laws, creating unified national standards. However, CAN-SPAM is widely considered the minimum acceptable standard-mailbox providers and industry best practices demand more rigorous consent practices than CAN-SPAM requires. Legal compliance with CAN-SPAM doesn't guarantee deliverability; Gmail and Microsoft set higher bars than US law.