CAN-SPAM Act
The CAN-SPAM Act is the U.S. federal law governing commercial email. It does not require prior opt-in, but it does require accurate From and header information, non-deceptive subject lines, identification of the message as an ad where applicable, a valid physical postal address, and a working opt-out that is honored promptly. Violations carry substantial per-email penalties.
How it works
Every commercial email must let recipients unsubscribe and must honor that request within ten business days, must not use false headers or misleading subjects, and must include a legitimate physical mailing address. The rules apply to each message, and liability can reach the company whose product is promoted.
Why it matters
CAN-SPAM sets the legal floor for U.S. email. It is more permissive than GDPR (no prior consent needed), but the opt-out, honest-header and physical-address requirements are strict and enforced, with penalties that can run into thousands of dollars per non-compliant email.
How Autocloz handles it
Autocloz supports CAN-SPAM compliance with unsubscribe handling, a global cross-channel suppression list that honors opt-outs immediately, and an audit log of every outbound touch — so the required opt-out and record-keeping are enforced by the system.
FAQ
Does CAN-SPAM require opt-in before sending?
No. Unlike GDPR, CAN-SPAM permits sending commercial email without prior consent, provided you use honest headers and subject lines, include a valid physical address, and offer a working opt-out that you honor within ten business days.
Does CAN-SPAM apply to B2B email?
Yes. It covers commercial email broadly, including business-to-business messages. Every commercial email — B2B or B2C — must meet the identification, physical-address and opt-out requirements to be compliant.
Related terms
Cold email deliverability is the share of your outbound cold emails that actually reach the recipient's inbox (not spam, not blocked). It depends on domain authentication (SPF, DKIM, DMARC), sender reputation, mailbox warmup, list hygiene and content — not just whether the email was 'sent'.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email standard that tells receiving mail servers what to do with messages that fail SPF or DKIM checks — and sends you reports. It prevents spoofing of your domain and is now effectively required by Gmail and Yahoo for bulk senders.
SPF (Sender Policy Framework) is an email-authentication standard that lets a domain owner publish, in DNS, the list of mail servers allowed to send email on the domain's behalf. Receiving servers check the sending IP against that list to help detect spoofing and decide whether to trust the message.
DKIM (DomainKeys Identified Mail) is an email-authentication method that attaches a cryptographic signature to each message. The receiving server verifies the signature against a public key in the sender's DNS, proving the message wasn't altered in transit and genuinely came from the signing domain.