There are seven basic requirements of the CAN-SPAM act, as outlined by the Federal Trade Commission (FTC). Those requirements include:
1. Don't use false or misleading information in your email header.
This requirement refers to your "From" and "Reply-To" originating domain and email address. This information must accurately identify your business.
2. Don't use deceptive subject lines.
This requirement is a bit more subjective but ultimately means that your email subject line must accurately align with the message content. Using intriguing and creative subject lines is OK, as long as you're not misleading recipients.
3. Clearly identify advertisements.
CAN-SPAM requires that you identify a message as an advertisement clearly and conspicuously, but that doesn't mean you have to do so in the subject line. There are many ways to do so — check out the FTC's answers to CAN-SPAM questions for more information.
4. Include a valid postal address in your email.
CAN-SPAM requires that you share where you're located with email recipients. That means your message must include a valid physical address that is associated with your business. This information is typically included in the email footer so as not to distract from your message.
5. Provide opt-out information.
Your email must tell recipients how they can opt out of receiving further communication from your brand. Those directions might include clicking on an unsubscribe link in an email footer, responding to the email, or following a link to update email preferences.
6. Promptly comply with opt-out requests.
When a user opts out of communication, you must fulfill their request, without any conditions, within 10 business days.
7. You are ultimately responsible for compliance.
The law states that, even if you hire another company to handle your email communication, you are ultimately legally responsible for compliance with CAN-SPAM. That means it's essential to monitor communication that other companies are sending on your behalf and ensure that your Email Service Provider (ESP) supports compliance.