Because of public vehemence toward SPAM communication, small businesses and startup must exercise extreme caution when engaging in electronic marketing or any other communication that is not specifically solicited by the user. Failure to do so, in addition to regulatory and civil penalties, can expose a new business to significant damage to their goodwill, which depending on the nature of the business could be fatal to an early-stage company. However, early stage companies can avoid violation of the CAN-SPAM act by engaging in good business practices related to electronic communications. Messages that are advertisements or that otherwise solicit business should identify themselves as an advertisement. The Federal Trade Commission has not issued guidelines on how to achieve disclosure, given the variance in messages and their layout it might be difficult to do so, but communicating in a manner that is clear to the recipient will generally comply with the requirements of the statute. In addition, the message must provide to the recipient the identity of its sender, including critical contact information, such as physical address or registered post-office box and some other means of communication with the sender, such as telephone number or reply email address.
Companies should also ensure compliance with the notice and opt-out provision guidance of the Federal Trade Commission. Opt-out provisions must include an option to stop all commercial messages from the sender and companies should ensure that they have proper systems in place to ensure that opt-out requests will be properly processed. Even if a company does not receive the request because of their own internal SPAM control or other electronic filtering, the sender may still be held liable under the provisions of the act. Early-stage companies should also be stringent about the monitoring of any third parties they outsource communication to. The act makes clear that organizations cannot contract or indemnify themselves from the responsibility to comply with CAN-SPAM. Both the company that requested the ad and the company that promulgated the communication can be held liable. In particular, startups should run tests of their third-party marketers to ensure opt-out provisions are being complied with in proper fashion. Companies that originate unsolicited communications are required to process opt-out requests for at least a month after the message has been sent. In addition, any user who initiates an opt-out request must have their request processed and honored within ten days. Opt-out provisions must be a simple mechanism that involves nothing more than a reply email or transfer to a single opt-out page. In addition, companies are prohibited from selling or transferring email addresses to any third party for any other purpose than complying with the requirements of the CAN-SPAM act.
 The CAN-SPAM Act: A Compliance Guide for Business, http://www.ftc.gov/bcp/edu/pubs/business/ecommerce/bus61.shtm, last accessed December 12, 2009