Skip to main content

Are you a legal professional? Visit our professional site

Search for legal issues
For help near (city, ZIP code or county)
Please enter a legal issue and/or a location

The CAN-SPAM Act: Trying to Protect Consumers From Unsolicited Commercial E-Mail

Spam: we all get it. Although there are also different names describing it (unsolicited commercial e-mail, junk mail), the fact remains that we often find ourselves spending too much time trying to sort out legitimate business and personal e-mails from bad. Spam e-mails are frustrating and can make your blood boil. What's a consumer to do?

Although it is five years-old, a federal law designed to punish spamming has resulted in only a handful of prosecutions. Unfortunately, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, or the "CAN-SPAM Act," has not stopped the deluge of unsolicited junk mail.

Here's what you need to know about the law.

  • The CAN-SPAM Act does not give consumers the right to file their own private lawsuit for damages if they've received unsolicited junk e-mail. Instead, it lets the Federal Trade Commission (FTC) or state attorneys general sue spammers on their behalf to recover damages, impose civil penalties, and to stop the e-mails.

  • The federal law applies to any business that uses e-mail as part of its marketing activity.

  • Companies are prohibited from using legitimate domain names they might hide behind. If you receive an e-mail that appears to be from eBay asking you to update your e-mail account, but the real sender is not that company, CAN-SPAM could hold the sender liable.

  • Misleading and deceptive e-mail subject headers are also banned under the CAN-SPAM Act. A "brown paper wrapper" requirement also applies to sexually explicit e-mail, requiring the sender to warn the recipient in the e-mail header that the message contains "sexually explicit" material.

  • Every piece of unsolicited commercial e-mail must give you the choice to "opt-out," by telling the sender that you don't want their e-mail anymore.

    Once a consumer sends a business an "opt-out" request, a company has ten (10) business days to comply. If it doesn't, the business can be held liable under CAN-SPAM for $250 every time that it sends another e-mail to a person who already made an "opt-out" request. A court can increase the amount of damages up to three times if it can be proved that the spammer "willfully and knowingly" refused to stop the e-mails after the consumer's request.

  • Since spammers like to hide, CAN-SPAM requires businesses sending unsolicited commercial e-mails to have a "valid physical postal address" in their e-mail where consumers can write. The FTC clarified this requirement last year by enabling businesses to use a street address, a P.O. Box, or a private mailbox address as long as it complies with U.S. Postal Service registration requirements.

San Francisco technology lawyer Eric Sinrod notes that unfortunately, laws like the CAN-SPAM Act "generally work only as to legitimate businesses that inadvertently make mistakes and run afoul of the anti-spam laws when not having the intent to violate the law."

Some e-mail providers and ISPs have filed private lawsuits in state and federal courts against senders of spam e-mails, wanting to hurt spammers where they think it hurts most: in their bank accounts.

What can you do to protect yourself from spam e-mail?

First, make sure that you have up-to-date versions of anti-virus software that can detect malicious e-mail "worms" and "bots" from infecting your computer.

Second, use e-mail filter tools available in your e-mail software, or in web-based e-mail accounts like Yahoo!, Gmail, and Hotmail.

Third, think about whether e-mail you've received passes the sniff test. Is it full of misspellings? Is it from a company or person that you don't know? Does the e-mail ask you for money or to buy something when you've never had any contact with the company before?

Finally, if you believe that a company is still sending you unwanted e-mails after you've notified them in writing to stop, you can file a complaint with the FTC by going to, and contact the Attorney General's office in your state to learn about local anti-spam laws and your rights.

Related Resources:


FTC: Spam for Consumers

Spam, Spam, Spam, Spam, by Eric Sinrod (

Bingham: FTC Clarifies CAN-SPAM Rules (May 19, 2008)

Next Steps

Contact a qualified consumer attorney to assist with the hazards and stress accompanying identity theft and online scams.

Help Me Find a Do-It-Yourself Solution

Find a Lawyer

More Options