CAN-SPAM Act explained: What it means for your inbox

The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act is a U.S. law passed in 2003 that sets rules for commercial email messages. The law gives recipients the right to opt out of marketing emails and aims to reduce deceptive or misleading email practices. It also includes specific requirements for commercial emails containing sexually explicit content.

This article explains how the CAN-SPAM Act works, what recipients can expect from commercial emails, and what you can do if you believe the law has been violated.

Why the CAN-SPAM Act was created

As email became a dominant form of digital communication, there was a significant increase in email-based online advertising. By 2003, it was estimated that over half of all email traffic was spam. This raised concerns about:

• Financial costs: Storing and handling unwanted emails imposed high costs on recipients, internet service providers (ISPs), businesses, and educational and nonprofit institutions.
• Wasted time: Recipients had to spend time accessing, reviewing, and discarding spam.
• Reduced usefulness of email: Important messages could be lost, overlooked, or discarded amid the volume of unwanted messages.
• Disguised sender identity: Many spam senders deliberately obscured the source of their messages.
• Misleading subject lines: Many senders tried to trick recipients into opening messages.
• Lack of opt-out options: Some senders provided no opt-out mechanism, refused to honor opt-out requests, or both.
• Sexually explicit content: Some commercial emails contained material that many recipients considered vulgar or pornographic.

What types of emails the law covers

The CAN-SPAM Act applies to commercial emails whose primary purpose is to promote a product or service. This includes both bulk marketing emails and individual commercial messages. The law applies to emails sent to consumers as well as businesses. It also covers emails promoting content on commercial websites.

The CAN-SPAM Act doesn’t apply to personal messages, such as everyday emails between friends and coworkers. It also excludes transactional or relationship messages, including account updates, order confirmations, or other service-related emails connected to an existing customer relationship.

Learn more: Read our ultimate guide to phishing detection.

What the law means for everyday email users

The CAN-SPAM Act functions as a consumer protection law that makes it easier to:

• Unsubscribe from unsolicited marketing emails.
• Identify who sent a commercial email.
• Recognize promotional emails.
• Know when a commercial email contains sexually explicit material.

The CAN-SPAM Act was intended to curb deceptive commercial email practices and give recipients more control over unwanted marketing messages. However, it doesn’t function as a technical spam-filtering system and doesn’t, by itself, prevent unwanted emails from reaching inboxes.

What CAN-SPAM means for marketing emails in your inbox

The Federal Trade Commission (FTC) lists several requirements for commercial emails. From a recipient’s perspective, these are useful signs to look for when deciding whether a marketing email may be deceptive or non-compliant.

1. Marketing emails must use accurate sender information

Commercial emails must clearly show who sent them. The "From," "To," and domain name all need to accurately identify the person or business behind the message, so a company called "ExampleTech" should be sending from an address like "newsletter@exampletech.com," not a disguised or unrelated address. Emails must also include a valid physical postal address.

These rules help improve transparency and limit deceptive practices that senders may use to disguise the origin of a message.

2. Subject lines should not be misleading

The subject line must reflect what's actually in the email. An antivirus company, for example, can't use a subject line like "Security alert: Your computer may be infected!" if the email is really promoting a paid upgrade. Misleading subject lines designed to trick people into opening a message are prohibited.

3. Promotional emails must be identified

Commercial emails must clearly disclose when they are advertisements, though the law gives senders some flexibility in how they do this.

4. Every marketing email should offer a way to unsubscribe

Every commercial email must include clear, easy-to-find instructions for opting out of future messages. This applies to all commercial emails, including those sent to existing subscribers or members. Burying the unsubscribe link or making it unnecessarily hard to use is not permitted.

5. Companies must honor unsubscribe requests

When someone opts out, the request must be honored within 10 business days. Businesses also can't make the process unnecessarily burdensome.

6. Commercial emails containing sexually explicit material must follow strict labeling rules

Commercial emails containing sexually explicit material are subject to stricter requirements. The email’s subject line must begin with “SEXUALLY-EXPLICIT:” in capital letters as the first 19 characters.

When the email is opened, it can display only a warning label, a notice identifying the message as an advertisement, opt-out information, the sender’s physical address, and instructions for accessing the content. It must also clearly state that recipients who do not want to view the material should delete the email without following those instructions.

How to report a potential CAN-SPAM violation

Please note: This information is for general educational purposes and not legal advice.

If you receive a commercial email that you suspect violates the CAN-SPAM Act, it's a good idea to save key details before taking action, such as the sender's address, the date received, and a copy of the email itself. This can be useful if you decide to file a report.

You can report the email to:

• The FTC at reportfraud.ftc.gov
• Your email provider or ISP, by marking the message as spam or junk, or through their preferred reporting method.

FAQ: Common questions about the CAN-SPAM Act