Sam Brotman, JD, LLM, MBA September 30, 2013 12 min read

The CAN-SPAM Act and Compliance Challenges for Startups


Sam Brotman, JD, LLM, MBA

Owner and Director of Legal
Brotman Law

As our techno-centric culture increasing depends on email as a form of communication, an increasing amount of regulatory attention has been devoted to policing unsolicited bulk electronic communication, much of it unwanted, also known as “SPAM.” Although bulk mail has been in existence for decades, mass electronic messages are extremely inexpensive to produce and distributed, especially when programmers use cookies[1] or other “trolling” features to obtain them. While direct email marketing (along with search engine marketing) is widely considered as the next evolution for early-stage companies looking to raise awareness of their product/service, SPAM is viewed as a considerable annoyance by the general public. Users are often inundated with unsolicited messages and have to waste a lot of precious time sorting through a sea of junk mail, often risking the possibility that legitimate or important email messages will be lost while deleting unwanted mail messages from their inboxes.[2] In addition, a vast majority of the messages received are for products of suspect legality, scams, chain letters, and often pornographic material.[3]

In response to increasing public outrage, in December of 2003, Congress enacted the “Controlling the Assault of Non-Solicited Pornography and Marketing Act,” otherwise known as CAN-SPAM. In order for a message to be regulated under the act, it requires the message to be of a commercial nature. CAN-SPAM creates a distinction between messages that are principally for a commercial purpose, as opposed to messages that are transactional or relationship building in nature. Although communications can and often do mix content, the determination of whether a message is commercial, and thus regulated under CAN-SPAM, lies in its primary purpose. A message will be deemd to be commercial if the principal reason for sending the message does not meet one of the following criteria:

1) to facilitate or confirm a commercial transaction that the recipient already has agreed to; 2) to give warranty, recall, safety, or security information about a product or service; 3) to give information about a change in terms or features or account balance information regarding a membership, account, or other ongoing commercial relationship; 4) to provide information about an employment relationship or employee benefits; or 5) to deliver goods or services as part of a transaction that the recipient already has agreed to.[4]

Enforcement action may be brought by citizens in federal court and also may be initiated by the Federal Trade Commission on a civil or criminal scale, depending on the provision violated.

With respect to unsolicited commercial email communications, CAN-SPAM does not prohibit them entirely, however it aims to control certain other unscrupulous marketing activity. Specifically, the act contains several provisions that could trigger civil or potential criminal liability depending on the severity of the offense. In addition, non-legal action and private enforcement against spam violators is becoming an increasingly effective tool for compliance and is now commonplace among most large Internet Service Providers. One of the more common results of abuse is that an internet service provider will actually blacklist your email domain at the request of their customers. [5] As the Small Business Association notes, “Blacklisting occurs when a customer or prospect determines that your email is or has the appearance of being unsolicited SPAM [and] they can choose to "Block Sender" or "Report SPAM" at the click of a button.[6]” Not only does this create a public relations problem for startups among and established customer base, but this also prevents potential customers from receiving communications from your organization. Once an organization has been blacklisted, companies are often forced to undergo rigorous compliance policies in order to be removed from the blacklist. For particularly egregious violations, often an internet service provider’s terms of use will contain provisions that will completely prohibit you from utilizing their services in the furture.

CAN-SPAM contains several provisions, which companies must follow in order to be compliant under the act. First, unsolicited messages that contain fraudulent subject lines (all subject lines must properly reflect the content of the message) or false header information are prohibited under CAN-SPAM.[7] Even if header information is technically accurate, if the information was obtained under false or misleading pretenses it is likewise prohibited under the act.[8] Essentially, the “to”, “reply to”, “from,” originating domain name and email address fields must clearly identify the sender and must be free of inaccurate information.[9]

CAN-SPAM also prohibits harvesting email addresses through electronic permutations, essentially criminalizing situations where the sender obtains the recipient’s email through an automated program or system that generates possible email addresses by generating possible electronic mail addresses.[10] These programs often use permutations of names, letters, and numbers to increase the number of legitimate email addresses that the target email can reach.[11] Finally, in accordance with the Federal Trade Commission’s Fair Informational Practice, under the CAN-SPAM act, unsolicited email marketing must contain an “opt-out” function, which disables future unsolicited communications to that user.[12] Additional regulations also exist under CAN-SPAM, which regulate pornographic and “wireless spam,” which encompasses mobile to mobile messaging and other electronic communications.

Go to Brotman Tax Resolution Services

Go to The Brotman Virtual Law Office

Go to Resource Blog Homepage

[1] A cookie is data sent to your computer by a Web server that records your actions on a certain Web site. It's a lot like a preference file for a typical computer program. When you visit the site after being sent the cookie, the site will load certain pages according to the information stored in the cookie. Last accessed December 12, 2009.

[2] Employee’s Expectation of Privacy in the Workplace. 10 A.L.R.6th 1 (2006).

[3] Id.

[4] The CAN-SPAM Act: A Compliance Guide for Business,, last accessed December 12, 2009

[5] The CAN-SPAM Act and Beyond: Improving Email Compliance, Deliverability, and Readability,, Last accessed December 12, 2009

[6] Id.

[7] 15 U.S.C.A. § 7704(b)(1)(A)(ii); 15 U.S.C.A. § 7704(a)(1)

[9] The CAN-SPAM Act: A Compliance Guide for Business,, last accessed December 12, 2009

[11] Employee’s Expectation of Privacy in the Workplace. 10 A.L.R.6th 1 (2006).

[12] CAN-SPAM Act, 15 U.S.C.A. §§ 7704(a)(3)(A), (4)(A), 7706(g)(1)

"Sam is a wonderful, results-oriented and extremely knowledgeable and talented attorney, who really has 'heart' in working on behalf of his clients, and explains options in a straightforward, respectful manner. He has assisted us with great outcomes which have added to our quality of life. I would not hesitate to recommend Sam for his services as he is an ethical, personable and expert attorney in his field. You will likely not be disappointed with Sam's work ethic, approach and his efforts."

-Aileen Dwight, Licensed Clinical Social Worker & Psychotherapist

Last updated: July 8, 2024

Receive the Best of
Brotman Law

Get this topic delivered straight to your inbox.

New call-to-action

Sam Brotman, JD, LLM, MBA

Owner and Director of Legal
Brotman Law



Our best stuff: secrets, tax saving tools, and tax defense strategies from the braintrust at Brotman Law.

  • Expanded benefits during your first consultation with the firm.
  • Priority appointment scheduling and appointment times.
  • Complementary access to our firm’s concierge services.
  • Receive updates and “insider only” tax strategies and tactics.
  • And many more benefits.

Not Sure Where to Start?

Step 1 Start Here

Start Here

These ten big ideas will change the way you think about your taxes and your business.

Start Here

Step 2 Learn About Your Situation

Learn About Your Situation

Find the articles and videos you need to make the right tax decisions in the learning center.

Visit the Learning Center

Step 3 Explore Our Services

Explore Our Services

It is not just about what we do, but who we are, why we do it, and how that benefits you.

View All Services

Step 4 Get Your Game Plan

Get Your Game Plan

Meet with us to outline your strategy. No further obligation, 100% money-back guarantee.

Book an Action Plan