Klassroom Notes

The CAN-SPAM Act

The US rules for commercial email - what applies to your business and what to do.

What it is

CAN-SPAM is the US federal law that governs commercial email. Passed in 2003, it sets the baseline rules for any business sending marketing or promotional email to US recipients. There's no size exemption - it applies to a one-person shop the same way it applies to a major corporation.

What counts as "commercial email"

Email whose primary purpose is advertising or promoting a commercial product or service - newsletters, promotional announcements, sale notices, and similar content.

It does NOT cover "transactional" email - receipts, order confirmations, password resets, and similar messages where the primary purpose is completing a transaction the recipient initiated.

The main requirements

  1. No false or misleading header information. The "From," "Reply-To," and routing information must accurately identify who sent the email.
  2. No deceptive subject lines. The subject line must reflect what's actually in the email.
  3. Identify the email as an ad. It must be clear the email is commercial. Most businesses handle this in the footer.
  4. Include your physical mailing address. Every commercial email must include a valid postal address - a street address, PO Box, or private mailbox. This is the requirement most small businesses miss.
  5. Include a clear opt-out mechanism. Every email must include a way for people to unsubscribe. Easy to find and use.
  6. Honor opt-out requests promptly. You have 10 business days to process an unsubscribe. After that, you cannot send that person commercial email again.

Common misconceptions

  • "I only email people who gave me their business card." CAN-SPAM applies regardless of how you got the address. If you're sending commercial email, the rules apply.
  • "I don't need an unsubscribe link if my list is small." There's no size threshold. Every commercial email needs an opt-out option.
  • "CAN-SPAM requires opt-in." It does not. US law requires opt-out, not opt-in. GDPR and some state laws are stricter on this point.

Penalties and practical takeaways

Each individual email that violates CAN-SPAM can trigger a fine of up to $50,120. Most small business exposure comes from missing the physical address or not honoring unsubscribes.

Use a proper email marketing tool (Mailchimp, Constant Contact, and similar services handle the mechanics automatically), keep your physical address in your footer, and honor unsubscribes without delay.

View all Klassroom Notes

Want help applying this to your business?

The Small Business Efficiency Checkup covers this and more - a practical review of your systems, tools, and workflows with a plain-English action plan.

Learn About the Efficiency Checkup Book a Free 15-Minute Consultation

Get practical notes on small business operations in your inbox.

Practical notes on running a small business more efficiently - tools, workflows, and the occasional observation from 30 years of systems work. Short, useful, and infrequent.