The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography
and Marketing Act) establishes requirements for those who send commercial
email, spells out penalties for spammers and companies whose products are
advertised in spam if they violate the law, and gives consumers the right
to ask emailers to stop spamming them.
The law, which became effective January 1, 2004, covers email whose primary
purpose is advertising or promoting a commercial product or service, including
content on a Web site. A transactional or relationship message email that
facilitates an agreed-upon transaction or updates a customer in an existing
business relationship may not contain false or misleading routing information,
but otherwise is exempt from most provisions of the CAN-SPAM Act.
The Federal Trade Commission (FTC), the nation's consumer protection agency,
is authorized to enforce the CAN-SPAM Act. CAN-SPAM also gives the Department
of Justice (DOJ) the authority to enforce its criminal sanctions. Other
federal and state agencies can enforce the law against organizations under
their jurisdiction, and companies that provide Internet access may sue violators,
What the Law Requires
It bans false or misleading header information. Your email's From,
To, and routing information including the originating domain name and email
address must be accurate and identify the person who initiated the email.
It prohibits deceptive subject lines. The subject line cannot mislead
the recipient about the contents or subject matter of the message.
It requires that your email give recipients an opt-out method.
You must provide a return email address or another Internet-based response
mechanism that allows a recipient to ask you not to send future email messages
to that email address, and you must honor the requests. You may create a
menu of choices to allow a recipient to opt out of certain types of messages,
but you must include the option to end any commercial messages from the
Any opt-out mechanism you offer must be able to process opt-out requests
for at least 30 days after you send your commercial email. When you
receive an opt-out request, the law gives you 10 business days to stop sending
email to the requestor's email address. You cannot help another entity send
email to that address, or have another entity send email on your behalf
to that address. Finally, it's illegal for you to sell or transfer the email
addresses of people who choose not to receive your email, even in the form
of a mailing list, unless you transfer the addresses so another entity can
comply with the law.
It requires that commercial email be identified as an advertisement
and include the sender's valid physical postal address. Your message
must contain clear and conspicuous notice that the message is an advertisement
or solicitation and that the recipient can opt out of receiving more commercial
email from you. It also must include your valid physical postal address.