Search Menu

Electronic Marketing – Practical Tips for CAN-SPAM Act Compliance Print PDF


Direct marketing, which involves direct, personalized contact (often unsolicited) between the advertiser and a consumer, is one of the most persuasive forms of advertising.

Direct marketing includes the use of mail, telephone, text, email and social media, and avoids the traditional forms of advertising such as radio, newspapers and television. While direct marketing can provide advertisers with several advantages to traditional direct marketing (such as lower costs, immediate delivery and a more interactive experience), the high volume of unsolicited commercial communications (“spam”) can frustrate consumers and dilute the impact of the marketing.

Direct marketing is governed by several federal and state laws and regulations, and the provisions of these can sometimes be inconsistent. When used improperly, direct marketing can subject the sender to considerable fines and sanctions. Therefore, while direct marketing can be a powerful business tool, to avoid disastrous consequences, particular attention must be paid to the various legal requirements.

This article focuses on direct marketing by electronic means (primarily email), and provides practical tips for complying with the CAN-SPAM Act (which regulates such marketing).


In 2003, Congress enacted the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) to regulate unsolicited commercial communications. Rather than prohibiting all unsolicited commercial communications, the Act provides specific requirements relating to these messages.

While traditionally the Act has focused on email, it also covers certain forms of text messaging and the private messaging functions that are features of many social media platforms. A commercial electronic communication is generally defined as any electronic communication that has a primary purpose of commercial advertisement or promotion of a commercial product or service, including content on a website.

The Act’s main provisions include the following with respect to commercial electronic communications:

  • Ban on false or misleading header information (e.g., the “from,” “to” and “reply to” lines) and routing information (e.g., the originating domain name and email address);
  • Prohibition on deceptive subject lines;
  • Requirement that the sender clearly and conspicuously give recipients an opt-out method with easy to understand instructions; and
  • Requirement that the email be clearly identified as an advertisement and include the sender’s valid physical postal address.

An electronic message with a primary purpose to facilitate an agreed upon transaction or update a customer in an existing business relationship may not contain false or misleading routing information, but is otherwise exempt from most provisions of the Act (including the opt-out requirements).

With respect to wireless messages (such as text messages), a person or entity cannot initiate a mobile service commercial message without express prior authorization. Therefore, this requirement operates as an opt-in requirement as opposed to the opt-out requirement for email messages (but note that it does not eliminate the opt-out requirement, which still applies).

The Federal Trade Commission is the primary enforcer of the Act, and can seek civil penalties up to $16,000 for each separate email that violates the Act (if based on actual knowledge or knowledge fairly implied) and injunctive relief (even without a showing of knowledge).

However, the Act also allows various federal, state and private parties to bring claims for violations. For example, state agencies can seek: (i) injunctive relief; (ii) damages for actual loss or statutory damages up to $250 per violation, whichever is greater, with a maximum award of $2,000,000 (each separately addressed unlawful message is treated as a separate violation and claims for false or misleading headers are not limited by this cap); (iii) three times the amount of statutory damages for willful, knowing or aggravated violations; and (iv) costs of bringing the action and reasonable attorney fees. In addition, the Act also carries criminal penalties for fraudulent activities.


The following are tips to help your business structure and administer its direct commercial electronic communication messaging programs:

The Mailing List

  • The mailing list should include only persons who have opted in to receive commercial electronic communications from you.
  • The mailing list must not include any person who has previously opted out from receiving commercial electronic communications from you.
  • As soon as possible before distribution, the mailing list should be compared against your “do not email” list to ensure that there are no recipients that should be excluded. This is especially important if you have obtained a mailing list from a third party.

The Message

  • The message must include complete and accurate transmission and header information.
  • The “From” line must identify your business as the sender specifically enough for the recipient to understand who is sending the message (at least your name, trade name or product or service name).
  • The “Subject” line must accurately describe the message’s content.
  • The message must clearly include your valid, current physical postal address (a street address; a post office box accurately registered with the US Postal Service; or a private mailbox accurately registered with a commercial mail receiving agency established pursuant to US Postal Service regulations).
  • The message must clearly and conspicuously disclose that it is an advertisement or solicitation unless the email message is sent only to recipients who have opted in to receive these messages from you. This disclosure must be legible and stand out against the rest of the text, such as by putting in in a different text color and/or in italics or bold.

The Opt-Out Mechanism

  • The message must clearly explain that the recipient may opt out of receiving future commercial messages from you.
  • The message must include a mechanism that the recipient may use for opting out (such as a functional return email address or an opt-out link). The mechanism must not require the recipient to do anything more than reply to the email or visit a single web page to opt out, and must not demand any payment or personal information, including account information (other than an email address).
  • The opt-out mechanism must work for at least 30 days after the email is sent.
  • You must process all opt-out requests within 10 business days.
  • The explanation of how a recipient can opt out must be easy to read and understand.
  • You may include options that permit the recipient to select the types of commercial messages the recipient would like to continue receiving. However, one option must permit opting out of all commercial messages from you.
  • Opt-out requests do not expire. An opt-out is overridden only by the recipient’s subsequent express request to receive commercial electronic communication.
  • Do not sell, share or use your opt-out list for any reason other than to comply with the law.

Monitoring Opt-out Capabilities

You should implement procedures to ensure that your opt-out capabilities actually work, such as:

  • Establishing email accounts with several major private email account providers and adding these email addresses to your mailing list.
  • For each email address created for monitoring purposes, use your opt-out mechanism to remove the email address from the mailing list.
  • Repeat this procedure on a regular basis (at least every two weeks).
  • Examine the email received by the monitoring email account to confirm that: (i) the opt-out mechanism works; (ii) the opt-out request is honored within 10 business days; and (ii) those that have opted out no longer receive commercial messages from you.
  • Promptly address any issues.

Third-party Marketing Affiliates or Service Providers

Both the company whose product or service is advertised as well as the individual or entity sending the message are potentially liable for violations of the Act. Therefore, when using third-party service providers, including affiliate marketers:

  • Ensure that the written contract with the service provider includes representations and warranties regarding the service provider’s compliance with the Act and includes appropriate and adequate remedies for non-compliance (including indemnification provisions).
  • Actively audit the service provider’s compliance with the Act.

Additional Requirements for Messages Sent to Wireless Devices

When sending commercial messages to wireless devices:

  • Ensure that the recipient has opted in to receive the commercial message (oral, written or electronic). Ask for consent in a way that involves no cost to the recipient (e.g. avoid sending the request to the wireless device; allow the recipient to respond in a way that involves no cost—such as an online, email or postal mail sign-up).
  • When seeking consent, you must clearly disclose the identity of the sender and that the recipient:
  • is agreeing to receive commercial message on his or her wireless device;
  • may be charged to receive the commercial message; and
  • can revoke his or her consent at any time.

The foregoing information is provided only for general reference. It does not constitute legal advice. Legal advice may be provided based only on specific facts. Please consult Parker Ibrahim & Berg before relying on any general information stated herein. We are happy to discuss any questions you may have regarding legal issues related to direct marketing.

We use cookies to enhance your browsing experience. Please know that by continuing to explore our website, you consent to the use of cookies in accordance with our Privacy Policy.