Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act), 15 U.S.C. §§ 7701–7713

Published: Apr 20, 2019   |   641 words with about 3 minutes reading time   |   ©2022 by Bob Smith
Category: Technology   |   Tags: FTC SPAM


The CAN-SPAM RULE Title 16: Commercial Practices PART 316 implements the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM), PUBLIC LAW 108-187–DEC. 16, 2003; 15 U.S.C. 7701-7713 regulating any entity initiating or sending email containing a Commercial Message to any email address.

Primary civil enforcement falls to The Federal Trade Commission (FTC) with penalties up to $16,000 per violation with no aggregate maximum. In February 2019 the FTC reaffirmed the Rule..

Key Definitions and Standards

Message in this context are electronic email messages

Recipient is the authorized user of the email address to which the message was sent. Each email address is considered a separate recipient.

Initiators originate or transmit messages. More than one person or entity may be considered to have initiated a message.

Commercial Messages are those reasonably inferred as advertising or promoting a product or service and complying with the following:

Transactional or Relationship Messages must comply with at least one of the following reasons as reasonably inferred by the recipient:

Valid Physical Postal Address is either street address, Post Office box registered with the United States Postal Service, or a private mailbox registered with an agency established under United States Postal Service regulations.

Mixed Commercial / Transactional or Relationship Message primary purpose standards:

Mixed messages are considered Commercial unless the following standards are met:

Opt-Out Mechanisms allow Recipients to terminate future messages. Commercial messages must use one of the following conspicuous methods and acti within 10 business:

Opt-out mechanism must function for 30+ days after sent date; however, legitimate and unintentional technical issues beyond sender control does not violate CAN-SPAM if diligently corrected within a reasonable time period.


While the CAN-SPAM Act is enforced primarily by the FTC, other federal and state agencies and Internet service providers (ISPs) are also granted enforcement authority. There is no private right of action for consumers.

Violations penalties vary based on enforcement entity and aggravated violations may enhance penalties. Department of Justice (DOJ) may seek criminal penalties in certain circumstances.


FTC enforces CAN-SPAM violations as unfair and deceptive trade practices granted under the act creating the agency. Civil penalties up to $16,000 per CAN-SPAM violating email with no maximum aggregate penalty with injunctive relief.

Other Federal Agencies

When violations fall outside of FTC’s regulatory and jurisdictional mandate, other federal agencies step in to enforce CAN-SPAM like Securities and Exchange Commission (SEC) and Federal Communications Commission (FCC). Penalties for non-compliance vary depending on the agency and the statutes/regulations at issue.


State attorneys general and other agencies can bring CAN-SPAM violation claims affecting state residents. Such agencies can seek to recover:

Latest Content