Understanding CAN-SPAM: U.S. Commercial Message Regulation

commercial messaging regulation

Now going on its 15th year as law, the 2003 CAN-SPAM act was originally signed by George W. Bush. As the internet, online businesses, and online marketing were growing, the law was meant to reign in some of the more insidious marketing practices that had become commonplace online.

While there is much debate about overall effectiveness of the CAN-SPAM act, its main regulations are fairly straightforward.

The intent of the law was largely a mechanism by which to define commercial messages and to enforce basic rules about how these messages are sent to consumers online.

Let’s dig into the specifics.

CAN-SPAM: The Basics

At the core, this legislation comprises a few basic components:

  1. Definition of “commercial message” — Outlines specifics of which messages should be considered “commercial” and which should not. This is then used to define which messages are subject to the requirements laid out afterward.
  2. Requirements for commercial messages — Sets a number of standard requirements that all commercial messages must meet in order to be in compliance with CAN-SPAM.
  3. Penalties and punishment for noncompliance — Spells out specific punishments and penalties for companies that run afoul of these regulations.

All told, this law is pretty narrowly focused. But it’s worth unpacking each section to understand how the rules define commercial messages and what that designation means for businesses.

What Is a “Commercial Message”?

Key to the CAN-SPAM act is the definition of a “commercial message.”

Although this designation may seem like a small detail, it is quite important. Commercial messages are subject to the specific regulations laid out in the CAN-SPAM act, while other types of messages — transactional, relationship, etc. — may be exempt from these requirements.

According to the legislation, the “primary purpose” of the message determines whether it is considered commercial or not. Commercial messages, then, include any message that  “advertises or promotes a commercial product or service, including content on a website operated for a commercial purpose.”

This is a fairly broad definition. Essentially, if your message promotes any kind of commercial activity — buying, scheduling, etc. — or directs a user to a website that does this, then it would likely to be considered a “commercial message.”

Bear in mind that only messages in which this is deemed to be the “primary purpose” or the message would qualify. We’ll cover this distinction in more detail later on in the guide.

Requirements for the Message

If your message is deemed to be “commercial,” then it must comply with specific requirements outlined in this bill.

The CAN-SPAM legislation lays out specific rules for different parts of the message and makes it clear as to how legitimate businesses should send their messages to consumers in order to remain in compliance.

Let’s break it down using an example.

Opt-Out Requirements

Another key component of the CAN-SPAM law is the requirement for businesses to include — and comply with — requests for an opt-out of future emails.

Most email service providers will, by default, allow users to opt out of messages.

It’s important to make sure that these links work and not do anything with the design or layout of the email that may obstruct, hide, or otherwise render the link inoperable. This could be a violation of CAN-SPAM.

Penalties and Punishments

The punishment for violating CAN-SPAM law can be quite steep.

Penalties can reach over $40,000 for each email message found to be in violation. So, total costs for breach of the CAN-SPAM regulations could easily reach millions of dollars.

It is important to know that one major limitation of CAN-SPAM is that individuals cannot file lawsuits for breach of the law. Instead, they must file complaints with the U.S. Federal Trade Commission (FTC). The FTC is then responsible for lawsuits and punishments to companies that violate regulations.

Of course, that shouldn’t be seen as an invitation to violate the rules. With such simple rules for compliance and such huge risks for noncompliance, it seems obvious that it’s worth any additional time and investment to make sure all emails are 100-percent compliant.

CAN-SPAM and Appointment Reminders

With all of these regulations and requirements, it’s fair to wonder how appointment reminders and other messages would or would not be subject to such rules.

Luckily, this seems to be fairly straightforward. Appointment reminders in and of themselves would not be subject to CAN-SPAM laws.

According to the law, these messages would be considered “relationship” or “transactional” messages (not “commercial”), which would eschew the need to meet full CAN-SPAM regulation.

Things do become a bit murkier when you combine a relationship/transactional message with elements of a commercial message — for instance, if your appointment reminders also included messages encouraging your patients/clients to book future services or to promote an upcoming special or promotion.

But the FTC has also given pretty clearly standards here as well.

Per the FTC’s guidelines for businesses with regard to CAN-SPAM, they make the following statement:

If a recipient reasonably interpreting the subject line would likely conclude that the message contains an advertisement or promotion for a commercial product or service or if the message’s transactional or relationship content does not appear mainly at the beginning of the message, the primary purpose of the message is commercial.

This tells us that, although subjective, there is a clear standard for what messages are subject to all of the CAN-SPAM regulations and those that are not. In the case of appointment reminders, even messages containing some commercial intent (e.g. an upsell or re-book offer) would still be considered a transactional or relationship message if the “primary purpose” of that email can be reasonably considered to be such.

So, as long as the appointment reminders that you’re sending place most of the emphasis on providing the details about the transaction or relationship, the inclusion of some commercial messaging would be permitted without necessarily meeting all the additional CAN-SPAM requirements.

Of course, it may still be worth the effort to make sure all your messages are fully compliant.


At the end of the day, while the CAN-SPAM act may seem like a complex beast, it does not represent a significant hurdle for most businesses.

The requirements are fairly straightforward and align with most good marketing and business practices, anyway. As such, compliance shouldn’t be a major issue, as long as businesses take the time to understand the basics of the law and act accordingly.