Legal basics of email marketing in the US

In the US, the primary law related to email marketing is the CAN SPAM Act of 2003. Each and every separate email in violation of the CAN-SPAM Act is subject to penalties of up to $42k.

For the most part, the law is in line with common sense and helps businesses with their relationships with their customers in the long-run. But here’s a breakdown of the main components.

Physical address

Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations.” – FTC compliance guide.

In order to send any mass email or email with an intent to market to customers, an organization must link their physical address in it. This is a big one people try to overlook or circumvent but if an email is from a legitimate business, their location is included (typically) in the footer of every mass email sent.

Note that as business, it is not required to attach a physical address to every single email sent out. Solely the commercial messages that are sent in bulk or are solely intended to promote or advertise products/services.

An opt-out link

Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. Give a return email address or another easy Internet-based way to allow people to communicate their choice to you. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you.” – FTC compliance guide.

The other big one that people overlook or try to ignore – emails must include a way to unsubscribe to emails. And not just opt-down or unsubscribe from a single segment, which many companies try to do instead of giving the option to unsubscribe from all. An organization must provide a way to unsubscribe entirely and totally from their commercial messages.

It is blatantly illegal to ignore opt-out requests. The more you know!

Honor opt-outs in a timely manner

And on that note –

Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request.

Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act.” – FTC compliance guide.

Ever unsubscribe and still get the email for several days afterwards? Sometimes, it’s understandable – some businesses with hundreds of thousands of email addresses use programs like Klaviyo or Listrak, which can truly take several days for your unsubscribe to sync up with the many lists and campaigns that are running.

However, the law clearly states set days by which a request must be honored.

A few other points worth noting

  • Don’t falsify the sender info – The “From,” “To,” and “Reply-To” lines must be accurate.
  • Keep your subject-line in line with the content – It must reflect the content of the email, which is a good goal for email marketing in the first place.
  • Follow international rules if your marketing goes beyond the US – Other countries have stronger, more specific laws than the US does. Canada, for example, has CASL and their legislation has many more requirements than CAN SPAM. Europe has GDPR, which we’ve touched on before. Businesses and organizations must adhere to the rules of other countries if data is being gathered in those countries.
  • Send an opt-in email or use double opt-in for offline subscribers – Technically speaking,  an organization can send emails without opt-in as long as they are transactional (part of the buying/shipping process) or if they are marked as advertisements. But legally, it is recommended that businesses keep proof of permission that someone has requested to be on the list. For example, if they signed up on a piece of paper in a store, it’s recommended that the business keep that sign-up paper as proof.
  • Don’t assume an agency knows what they’re doing – If an organization has hired an agency to send emails on their behalf, they are still liable for any transgressions that the agency may make.

If you’re unsure, MailChimp has a beautiful overview of what’s kosher and what’s not in the US.


Megan is a video game industry veteran and guest blogs at

Contact Us


4600 Marriott Drive, Suite 520
Raleigh, NC 27612


(919) 813-0090