Email is an important marketing tool for many retailers, who need to be aware of the legal requirements regarding sending email to customers and potential customers.

Since its enactment in 2003, the Controlling the Assault of Non-Solicited Pornography and Marketing (“CAN-SPAM”) Act has attempted to curb the number of unwanted emails and impose some rules on a largely unregulated frontier.  In addition, at least thirty-seven states have laws regulating unsolicited electronic mail advertising. A state-by-state summary is available by clicking here.

When followed, the CAN-SPAM Act’s restrictions give email recipients some control over their inboxes and also maintain fairness in how emails present themselves.  All businesses, retailers included, can face penalties of up to $16,000 per violation for failure to follow the CAN-SPAM Act.

As a practical matter, many retailers use vendors for their email marketing and other email services, and those vendors often assist the retailers in complying with the requirements of the CAN-SPAM Act.  Nonetheless, the party whose content is promoted via email must supervise the conduct of its vendors and employees in abiding by CAN-SPAM, or else risk possible sanctions.

The basic questions to ask regarding CAN-SPAM compliance are:

  1. Does your email message include: (a) complete and accurate transmission and header information; (b) a “From” line that identifies your business as the sender; (c) a “Subject” line that accurately describes your message; and (d) an effective “opt-out” mechanism?
  2. Does your email either contain an email address, physical address, or other mechanism that the recipient may use for opting-out of future marketing emails?
  3. Is your opt-out mechanism effective for at least 30 days after your email is sent?
  4. Do you honor all requests to opt-out within 10 days?
  5. Does your mailing list include any recipient that has asked not to receive email from your business (opted-out)?
  6. Have you tested the effectiveness of your opt-out mechanism?
  7. Have you reviewed your vendor contracts to determine each party’s responsibilities with regard to CAN-SPAM compliance?
  8. Are addresses of people that have opted-out transferred outside of your organization?
  9. Does your organization use open relays or open proxies to send marketing email?
  10. Have you validated your CAN-SPAM compliance program annually?

Retailers should ensure they comply with the above, in order to reduce potential liability under the CAN-SPAM Act and similar state laws.

For questions or more information, contact the author, David Zetoony, at or 303-417-8530.