CAN-SPAM Compliance Checklist: Every Requirement in One Page

The CAN-SPAM Quick-Reference Checklist

Use this as a pre-send check for every commercial email campaign.

1. Accurate Header Information

• "From" name is your real business or personal name
• "From" email address is a real, monitored address
• "Reply-To" address is functional and monitored
• Routing information (domain, IP) is accurate

2. Non-Deceptive Subject Line

• Subject line accurately reflects the email content
• No misleading "Re:" or "Fwd:" prefixes on non-replies
• No false urgency ("Your account has been compromised")

3. Ad Identification

• Email is clearly identifiable as a commercial message
• This can be done through content, layout, or a disclosure statement

4. Physical Address

• Valid physical postal address is included
• This can be a street address, PO Box, or registered commercial mail receiving agency address

5. Opt-Out Mechanism

• Clear, conspicuous unsubscribe link or instructions
• Opt-out mechanism is functional at time of sending
• No fee, personal information requirement, or steps beyond sending a reply or visiting a single page

6. Opt-Out Processing

• Opt-outs processed within 10 business days
• Opt-out list maintained and applied to all future sends
• No selling or sharing of opt-out addresses with third parties

7. Third-Party Monitoring

• If others send email on your behalf, you're monitoring their compliance
• Both the company and the sender can be held liable

Practitioner note: The physical address requirement catches people off guard. If you're a solo consultant working from home, get a PO Box or use a registered agent address. Don't put your home address in every email footer.

What CAN-SPAM Does NOT Require

Common misconceptions:

• CAN-SPAM does not require opt-in consent. It's opt-out only. (GDPR and CASL are stricter.)
• CAN-SPAM does not apply to transactional email. Order confirmations, shipping notifications, and account-related messages are exempt from most requirements.
• CAN-SPAM does not prohibit all commercial email. It regulates how you send, not whether you can.

Transactional vs Commercial Email

Commercial email promotes a product, service, or content. CAN-SPAM applies.

Transactional email facilitates an agreed-upon transaction or relationship. Most CAN-SPAM requirements don't apply, but you still can't use false header information.

If an email contains both commercial and transactional content, the primary purpose determines the classification.

Practitioner note: I see SaaS companies add promotional content to transactional emails (like product recommendations in order confirmations) and then claim they're exempt from CAN-SPAM. If the primary purpose becomes commercial, the exemption doesn't apply. Keep transactional emails transactional.

CAN-SPAM and Deliverability

Legal compliance is the floor, not the ceiling. CAN-SPAM allows up to 10 business days to process opt-outs — but if you email someone 9 days after they unsubscribed, they'll report you as spam. Process immediately.

CAN-SPAM allows unsolicited commercial email — but sending without consent will get you blacklisted and spam-filtered regardless of legality.

For our complete compliance guide with more detail on each requirement, see CAN-SPAM Act: Complete Compliance Guide.

If you need a compliance review of your email program, schedule a consultation.

Sources

• FTC: CAN-SPAM Act Compliance Guide
• FTC: CAN-SPAM Penalty Amounts
• 15 U.S.C. § 7701-7713: CAN-SPAM Act
• FTC: CAN-SPAM FAQs

---

v1.0 · April 2026