Compliance

CAN-SPAM Act Email Signature Requirements

The Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM) is the primary U.S. federal law governing commercial email. It mandates specific requirements for email signatures including sender identification, valid physical postal address, and opt-out mechanisms — enforced by the Federal Trade Commission under 16 CFR Part 316.

$50,120

Maximum fine per non-compliant email (adjusted for inflation, 2024)

All Commercial

Applies to every commercial email message sent in the U.S.

10 Days

Maximum time allowed to honor opt-out requests (Section 5(a)(4))

CAN-SPAM Requirements for Email Signatures

Physical Address Requirement

Section 5(a)(5)(A)(iii) requires every commercial email to include a valid physical postal address of the sender — email signatures are the standard place to fulfill this requirement.

Accurate Sender Identification

Section 5(a)(1) prohibits false or misleading header information. Email signatures must accurately identify the person or business that initiated the message.

Opt-Out Mechanism

Section 5(a)(3) requires a clear and conspicuous mechanism for recipients to opt out of future commercial emails, typically placed in the email footer or signature area.

Subject Line Accuracy

Section 5(a)(2) prohibits deceptive subject lines. While not in the signature itself, promotional banners within signatures must not make misleading claims.

Advertisement Identification

Section 5(a)(5)(A)(i) requires clear identification that the message is an advertisement if it contains promotional content, including marketing banners in signatures.

Understanding CAN-SPAM

The CAN-SPAM Act of 2003 (15 U.S.C. 7701-7713) established the first national standards for sending commercial email in the United States. Enforced by the Federal Trade Commission (FTC) with additional enforcement authority granted to state attorneys general and Internet Service Providers, CAN-SPAM applies to any electronic mail message whose primary purpose is the commercial advertisement or promotion of a commercial product or service.

Email signatures are directly regulated by CAN-SPAM because they typically contain the sender identification and physical address elements required by Section 5(a)(5). For organizations that include marketing banners, promotional links, or calls-to-action in their email signatures, additional CAN-SPAM requirements around advertisement identification and opt-out mechanisms come into play.

A critical distinction under CAN-SPAM is between "commercial" and "transactional or relationship" messages. Transactional emails (order confirmations, account notifications) are largely exempt from CAN-SPAM's content requirements but must still contain accurate sender information. When organizations use the same email signature template across both commercial and transactional emails, the signature should be designed to meet the more stringent commercial message requirements.

The FTC has adjusted CAN-SPAM penalties for inflation multiple times, with the current maximum penalty at $50,120 per non-compliant email. In 2024, the FTC issued updated guidance reinforcing that physical address requirements cannot be satisfied by a P.O. Box alone for certain entity types, and that opt-out mechanisms must function for at least 30 days after the message is sent.

CAN-SPAM Email Signature Compliance Checklist

Include a valid physical postal address in every commercial email signature (Section 5(a)(5)(A)(iii))

Ensure the sender name and email address accurately identify the initiating person or business (Section 5(a)(1))

Provide a clear and conspicuous opt-out mechanism for commercial messages (Section 5(a)(3))

Process opt-out requests within 10 business days as required by Section 5(a)(4)(A)

If email signatures contain promotional banners, include advertisement identification (Section 5(a)(5)(A)(i))

Ensure the opt-out mechanism remains functional for at least 30 days after the message is sent

Do not require recipients to pay a fee, provide personal information, or take multiple steps to opt out

Monitor that signature banners and CTAs do not make deceptive claims that would violate Section 5(a)(2)

If using a third party to send emails, establish that both parties understand CAN-SPAM obligations

Maintain records of consent and opt-out requests to demonstrate compliance during FTC inquiries

How Siggly Ensures CAN-SPAM Compliance

Mandatory Address Fields

Siggly's signature templates include a required physical address field that cannot be removed, ensuring every commercial email automatically complies with Section 5(a)(5)(A)(iii).

Banner Compliance Controls

When marketing banners are added to signatures, Siggly provides compliance prompts to ensure proper advertisement identification and opt-out links are included.

Centralized Identity Management

By synchronizing signature data with your corporate directory, Siggly ensures that sender identification in signatures always matches the actual sender, preventing Section 5(a)(1) violations.

Audit-Ready Documentation

Siggly maintains records of all signature deployments, banner campaigns, and template changes, providing the documentation needed to demonstrate CAN-SPAM compliance during regulatory inquiries.

"We send over 500,000 commercial emails monthly across 12 departments. Siggly's enforced address fields and banner compliance controls eliminated the CAN-SPAM violations our legal team was constantly flagging."

Denise Morales-Stein

Director of Marketing Operations, Apex Commerce Group

Frequently Asked Questions

Does CAN-SPAM apply to all business emails?

CAN-SPAM applies to all "commercial electronic mail messages" — emails whose primary purpose is commercial advertisement or promotion. Transactional or relationship messages (order confirmations, account updates) are exempt from most content requirements but must still contain accurate sender information.

What counts as a valid physical address for CAN-SPAM?

Section 5(a)(5)(A)(iii) requires a valid physical postal address. This can be a current street address, a registered P.O. Box (for certain entities), or a private mailbox registered with a commercial mail receiving agency per USPS regulations.

Do email signature marketing banners trigger CAN-SPAM requirements?

Yes. If a signature includes promotional banners or calls-to-action for products/services, the entire email may be classified as a commercial message, triggering full CAN-SPAM requirements including opt-out mechanisms and advertisement identification.

Can I be fined for each non-compliant email?

Yes. CAN-SPAM penalties apply per violation (per email). At $50,120 per email, an organization sending thousands of non-compliant commercial emails could face millions in aggregate fines. Multiple individuals and entities can be held liable for the same violation.

Does CAN-SPAM preempt state spam laws?

CAN-SPAM generally preempts state laws that regulate commercial email, except for state laws that prohibit falsity or deception (Section 8(b)). Some states, like California, maintain additional protections that supplement CAN-SPAM.

Who enforces CAN-SPAM?

The Federal Trade Commission (FTC) is the primary enforcement agency. State attorneys general, Internet Service Providers, and other federal agencies (like the FCC for wireless spam) also have enforcement authority under Section 7.

Achieve Compliance Today

Siggly's built-in compliance features make meeting regulatory requirements effortless.