Federal Can-Spam Act compliance
What is Can-Spam?
Can-Spam stands for Controlling the Assault of Non-Solicited Pornography And Marketing.
- The law regulates the sending of commercial email and text messages, including what you can send, to whom you can send it and how the recipient tells you to stop sending it.
- Can-Spam also sets penalties for those who break the rules, and each separate violation can cost $11,000 per contact.
- Spam guidelines don’t stop at the U.S. border — other countries also have anti-spam laws that are similar to Can-Spam.
Read more about the Federal Trade Commission Can-Spam Act.
Is your email commercial or transactional content?
Commercial content advertises or promotes a commercial product or service, including content on a commercial website.
- If the message contains only commercial content, it must comply with the requirements of Can-Spam.
- Examples of commercial content: promotion of programs or events, new product launch announcement, notification of sales.
Transactional or relationship content facilitates an agreed-upon transaction or updates a customer about an ongoing transaction.
- If the message contains only transactional or relationship content, it is exempt from most of the requirements of Can-Spam.
Examples of transactional or relationship content: Order confirmation, account updates, critical updates for students from their college or school.
Download Can-Spam compliance guidelines
What if my message combines commercial content and transactional or relationship content?
If an email contains both kinds of content, the primary purpose of the message is the deciding factor. Here’s how to tell:
- If the recipient would likely conclude the message contains an advertisement or promotion for a product or service, the primary purpose is commercial.
- Hint: How you craft the subject line should help you determine what the primary purpose of sending the email is.
Example: “Join us for an exciting event” is commercial. A more transactional approach would be, “It’s time to pick up your cap and gown.”
- Hint: How you craft the subject line should help you determine what the primary purpose of sending the email is.
- If the transactional or relationship content doesn’t appear to make up most of the message, the primary purpose is commercial.
Can-Spam do’s and don'ts
Don’t use false or misleading header information.
- Your “From,” “To,” “Reply-To” and routing information — including the originating domain name and email address — must be accurate and identify who initiated the message.
- Additionally, all official ASU communications should be sent from an asu.edu email address.
Don’t use deceptive subject lines.
- The subject line must reflect the content of the message (this provides a chance to be clear whether it’s commercial or promotional, or it’s transactional).
Don’t email people who have not opted in to receive communications from you.
- Can-Spam permits you to send a commercial email to someone who has not opted in, but each message sent to that person must clearly be labeled as an advertisement until they opt in.
Do tell recipients where you're located.
- You must include your physical postal address — for most ASU addresses, this is a P.O. Box.
Do tell recipients how to opt out.
- Each message must include a clear explanation of how to opt out of your emails.
- Provide an email address or a link to allow people to opt out.
- Make sure the language makes it easy to understand where recipients should click to unsubscribe. Don’t bury this utility with cute, tricky or obscure language.
- A menu that allows recipients to opt out of certain types of messages must include an option to stop all messages.
- Make sure your spam filter doesn’t block opt-out requests.
Do honor opt-out requests promptly.
- You must fulfill opt-out requests within 10 business days.
- You must be able to process opt-out requests for at least 30 days after you send a specific message.
Related training
- CAN SPAM law for commercial email use at ASU
- Follow legal compliance guidelines in Salesforce Marketing Cloud
Related Arizona State University policies
Additional information
- Can-spam tutorial and spam laws by country
- GDPR (General Data Privacy Regulation)