Growth Marketing Glossary

CAN-SPAM Act

CAN-SPAM act/kən spæm ækt/noun

The US rulebook for commercial email — honest sender info, an easy unsubscribe, and a real address, or face the fines.

no false headershonor opt-outreal addresscommercial emailUS rules every marketing email must follow
Schematic — US rules for commercial email
Term
CAN-SPAM Act
Is
US commercial-email law (2003)
Enforced by
FTC
Requires
Honest headers, opt-out, physical address

Forms & parts of speech

CAN-SPAM · noun
US commercial-email law.
"CAN-SPAM doesn't require opt-in, but it does require an honest 'from,' a working unsubscribe, and a real address."

Definition in plain terms

The CAN-SPAM Act is a 2003 United States law that sets the rules for commercial email, establishing requirements that senders of marketing email must follow and giving recipients the right to stop receiving it. The name is an acronym — Controlling the Assault of Non-Solicited Pornography And Marketing — and the law is enforced by the Federal Trade Commission (FTC). It applies to commercial email sent to US recipients regardless of where the sender is based.

The mechanics

CAN-SPAM's core requirements are practical: do not use false or misleading header information (the 'from,' 'to,' and routing must be accurate), do not use deceptive subject lines, identify the message as an advertisement where required, include a valid physical postal address for the sender, provide a clear and conspicuous way to opt out, and honor opt-out requests promptly (within 10 business days), without charging a fee or requiring anything beyond an email address or a single web page to unsubscribe. Notably, CAN-SPAM is an opt-OUT regime, not opt-in: it does not require prior consent before emailing (unlike the EU's GDPR or Canada's CASL, which generally require consent), but it does require an easy, honored exit. Violations carry significant civil penalties per email, and each separately non-compliant email can be treated as a separate violation, so the exposure scales fast. Compliance is a floor, not a strategy — meeting CAN-SPAM is the legal minimum, while good email practice (genuine permission, relevance, easy unsubscribe) goes well beyond it.

When it matters

CAN-SPAM matters for any business sending commercial email to US recipients — which is nearly every marketer — and non-compliance is both a legal and a deliverability risk. The discipline is to get the mechanics right on every send (honest headers and subject lines, a real physical address, a working one-click-simple unsubscribe honored promptly) and to remember that CAN-SPAM is the minimum: stricter consent-based laws apply elsewhere (GDPR in the EU, CASL in Canada), and best practice favors permission-based email regardless. Treating the law as the ceiling — doing only the bare minimum while sending unwanted mail — meets the letter of CAN-SPAM while still damaging reputation and deliverability.

Worked example. A US company assumes it can email any list it acquires as long as it includes an unsubscribe link — and is partly right under CAN-SPAM, which is opt-out, not opt-in. But its sends use a vague 'from' name, omit a physical address, and route unsubscribes through a multi-step form, all of which violate the law and expose it to per-email penalties. After fixing the basics — honest headers and subject lines, a valid postal address, and a one-step unsubscribe honored within the required window — it is compliant. The team also recognizes the law is only a floor and shifts toward genuine permission-based email, protecting deliverability and reputation that bare-minimum compliance alone would not.
Failure modes to watch. Treating CAN-SPAM as a marketing strategy rather than a legal floor; using misleading headers or subject lines; omitting a valid physical address; making unsubscribe hard or honoring it slowly; and assuming US opt-out rules apply abroad where consent-based laws (GDPR, CASL) govern.

Synonyms & antonyms

Synonyms

CAN-SPAM ActCAN-SPAMUS email law

Antonyms

opt-in consent lawGDPR consent regime

Origin & history

The CAN-SPAM Act — Controlling the Assault of Non-Solicited Pornography And Marketing Act — was signed into US law in December 2003 and took effect on January 1, 2004, establishing the first national standards for commercial email. It is enforced by the Federal Trade Commission and notably adopts an opt-out rather than opt-in approach, distinguishing it from later consent-based regimes abroad.

Etymology: source.

Usage trends

Search interest for this term over the last five years:

View interest-over-time on Google Trends →

Common questions

What is the CAN-SPAM Act?
A 2003 US law setting rules for commercial email — honest headers, no deceptive subject lines, a valid physical address, and an easy, promptly honored opt-out — enforced by the FTC.
Does CAN-SPAM require opt-in consent?
No. CAN-SPAM is opt-out: it does not require prior consent before emailing, but it requires a clear way to unsubscribe and prompt honoring of requests, unlike GDPR or CASL.
What are the penalties for violating CAN-SPAM?
Significant civil penalties, with each separately non-compliant email treated as a separate violation, so exposure scales with volume.

Related tools & calculators

Resources & people to follow

Curated, non-competitor resources verified per term.

Related training

Disciplines

Areas of marketing where can-spam act is a core concern:

Sources

  1. trendsGoogle Trends — "can-spam act"