Email Compliance

CAN-SPAM Act & Email Marketing Best Practices

What is CAN-SPAM?

The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography And Marketing Act) is a US law regulating commercial email.

Key Requirements:

  • Accurate header information (From, To, Reply-To)
  • Truthful subject lines
  • Identify message as advertisement
  • Include valid physical address
  • Provide clear opt-out mechanism
  • Honor opt-outs within 10 business days
  • Monitor what others do on your behalf

7 CAN-SPAM Requirements

1. Accurate Header Information

The "From," "To," "Reply-To," and routing information must be accurate and identify the person who initiated the email.

  • Use a legitimate email address you control
  • Domain name must match your actual domain
  • Reply-To must be monitored and functional

2. No Deceptive Subject Lines

Subject lines must accurately reflect the email content. Do not mislead recipients about what's inside.

❌ BAD Examples:

  • "Re: Your Order" (when no order exists)
  • "Urgent Account Issue" (when nothing is urgent)
  • "You won!" (when they didn't)

✅ GOOD Examples:

  • "Your Monthly Newsletter"
  • "Special Offer: 20% Off"
  • "New Products Available"

3. Identify as Advertisement

Commercial messages must be identified as advertisements. This can be done with:

  • Clear statement in email body
  • Subject line prefix like "[AD]" or "[PROMOTIONAL]"
  • Prominent header or footer notice

4. Include Physical Address

Every commercial email must include a valid physical postal address. This can be:

  • Street address
  • Post office box registered with USPS
  • Private mailbox registered with commercial mail receiving agency

Example Footer:

INTERMEDIATE HOLDINGS OF NEW JERSEY LLC
[Street Address]
[City, State ZIP]

5. Clear Opt-Out Mechanism

Must provide:

  • Clear and conspicuous unsubscribe link
  • Functional for at least 30 days after sending
  • Process opt-out within 10 business days
  • Cannot charge a fee or require login
  • Cannot require more than email address

6. Honor Opt-Outs Promptly

  • Cannot sell/transfer opted-out emails
  • Cannot require recipient to pay or provide info beyond email
  • Cannot make recipient go through multiple steps

7. Monitor Third Parties

If someone sends email on your behalf (agencies, contractors, platforms), YOU are legally responsible for compliance. Monitor what they send.

Transactional vs. Commercial Emails

Transactional Emails

Primary purpose is to complete a transaction or provide account information:

  • • Order confirmations
  • • Shipping notifications
  • • Password resets
  • • Account statements
  • • Product recalls
  • • Security alerts

⚠️ Still must have accurate headers and cannot contain only advertising

Commercial Emails

Primary purpose is to advertise or promote:

  • • Marketing campaigns
  • • Product announcements
  • • Sales and promotions
  • • Newsletters with ads
  • • Event invitations

⚠️ Must comply with ALL 7 CAN-SPAM requirements

Best Practices

  • Get Permission: Even though not legally required, getting opt-in consent improves engagement
  • Double Opt-In: Send confirmation email before adding to list
  • Clear Expectations: Tell subscribers what type and frequency of emails to expect
  • Easy Unsubscribe: Make it one-click, no login required
  • Preference Center: Let users choose email frequency and topics
  • List Hygiene: Remove bounces and inactive addresses regularly
  • Segment Lists: Send relevant content to interested subscribers
  • Test Before Sending: Check links, images, and formatting
  • Monitor Metrics: Track opens, clicks, and complaints

Penalties & Enforcement

  • $51,744 per violation (each email can be a separate violation)
  • FTC enforcement actions
  • State attorney general actions
  • Internet service provider lawsuits
  • Email blacklisting (hurts deliverability)

GDPR & International Compliance

If sending emails to EU recipients, you must also comply with GDPR:

  • Lawful Basis: Need consent, contract, or legitimate interest
  • Explicit Consent: Clear affirmative action (no pre-checked boxes)
  • Right to Access: Users can request copy of their data
  • Right to Erasure: Users can request deletion
  • Data Processing Agreement: With email service providers

Notifyra Email Features

What Notifyra Provides:

  • Automatic unsubscribe link insertion
  • Suppression list management
  • Bounce and complaint handling
  • Email delivery tracking
  • Compliance templates

Your Responsibilities:

  • Email content compliance
  • Accurate header information
  • Valid physical address
  • Obtaining permission (best practice)
  • Legal liability for violations

Additional Resources

Disclaimer: This guide is for informational purposes and does not constitute legal advice. Consult an attorney for specific guidance.