CAN-SPAM Compliance Checker

The CAN-SPAM Act carries penalties of up to $51,744 per non-compliant email, and enforcement has increased significantly in recent years. Even if you think your emails are compliant, small oversights like a missing physical address or a broken unsubscribe link can put you at risk. This checker reviews your email against all the major CAN-SPAM requirements so you can fix problems before hitting send.

The core CAN-SPAM requirements every sender must meet

CAN-SPAM has seven main requirements, and they are all mandatory. You need accurate "From" and "Reply-To" headers that identify who is actually sending the email. Your subject line cannot be deceptive or misleading about the email's content. You must include a valid physical postal address (a PO Box or registered agent address counts). You need a clear and conspicuous way for recipients to opt out, and you must honor those opt-outs within 10 business days. If the email is primarily an advertisement, you need to disclose that. And you are responsible for compliance even if a third party sends emails on your behalf.

Where most email marketers slip up

The most common violation is a missing or invalid physical address. Many marketers remove it because they think it looks bad in the email footer, but it is not optional. The second most common issue is unsubscribe links that do not work or require the recipient to log in to unsubscribe. Your opt-out mechanism must be functional for at least 30 days after the email is sent, and it cannot require the recipient to do anything beyond sending a reply email or visiting a single web page. Use our List-Unsubscribe header generator to add one-click unsubscribe support, which Gmail and Yahoo now require for bulk senders.

CAN-SPAM vs. GDPR and other email laws

CAN-SPAM is relatively permissive compared to other email regulations. It uses an opt-out model, meaning you can email people without prior consent as long as you provide a way to unsubscribe. GDPR (EU), CASL (Canada), and many other laws require explicit opt-in consent before sending any marketing email. If you email internationally, you need to follow the strictest law that applies to each recipient. A good rule of thumb: if you build your program around GDPR-level consent, you will be compliant with CAN-SPAM automatically. Validate your subscriber list with our email validator to make sure you are sending to real, deliverable addresses.

Building compliance into your email workflow

Rather than checking compliance after writing each email, build it into your templates. Set up a standard footer that always includes your physical address, an unsubscribe link, and a company identifier. Use email authentication (SPF, DKIM, DMARC) to ensure your "From" address is legitimate and not spoofable. Keep your unsubscribe process simple and immediate. And periodically audit your emails with this checker to catch any drift. The cost of compliance is tiny compared to the cost of a single violation.