What is the CAN-SPAM Act?

"CAN-SPAM" stands for "Controlling the Assault of Non-Solicited Pornography And Marketing". After email became popular and commonly used, spam quickly followed and needed to be regulated, thus the creation of the CAN-SPAM Act of 2003. The CAN-SPAM Act includes a number of regulations that are designed to protect consumers from unethical marketing emails. Fines of over $40,000 per email in violation of the CAN-SPAM Act can be delivered to individuals and businesses responsible for the emails. Identifying marketing emails that are not compliant with the CAN-SPAM Act isn't hard if you know what to look for, and we will block those emails if they're forwarded to, but we won't block marketing emails that do follow CAN-SPAM regulations unless the email is malicious in some way.

Why does it exist?
Email spam has been around for decades, and has grown from being a rare occurrence in the early 1990's to making up roughly half of all email traffic today. The amount of spam grew exponentially from the early 1990's to the early 2000's, and as the amount of spam grew, so did the complexity of spam. To curtail the efforts of unethical spammers, the CAN-SPAM Act of 2003 was proposed and later signed into law December of 2003 by President George W. Bush.

How does it regulate spam?

While it doesn't necessarily prevent spam, it at least regulates spam. For an email to be compliant with the CAN-SPAM Act it must adhere to a number of regulations:

  • An email cannot be sent to an email address that's been harvested, which means the email address was collected without any consent from the person who the email account belongs to. 
  • The email must show an authentic, valid email address that represents where the email is actually being sent from.
  • The subject line cannot be misleading and must give an accurate description of what is inside the email.
  • If the email is an advertisement, it must clearly identify itself as an ad somewhere in the email.
  • A working unsubscribe option must exist, and must be easy to view and use.
  • Unsubscribe requests must be honored within 10 days of the request being made.
What happens if someone violates the CAN-SPAM Act?
Each email sent that violates the CAN-SPAM Act could cost the sender over $40,000 in fines. It's rare that individuals are held criminally accountable for their actions when violating the CAN-SPAM Act, but criminal punishments of 5 years in prison and a maximum of a $2 million fine are possible. Typically, businesses that violate the CAN-SPAM Act settle before a civil trial takes place.
How can I tell if an email follows the CAN-SPAM Act?
Just because you didn't subscribe to receive a marketing email doesn't mean that email is in violation of the CAN-SPAM Act. There are other easy ways to tell if an email doesn't follow the guidelines, though. If a marketing email is sent to you without an unsubscribe option, they are in violation of the CAN-SPAM Act and will be blocked at the system level if you forward the email to Other things to look out for include a misleading subject line or from address, if the email is an advertisement but doesn't identify itself as one somewhere in the email, and if there is an unsubscribe option, but it doesn't work or isn't honored within 10 days after unsubscribing.
Can emails that follow the CAN-SPAM Act be blocked?
While you may not want to see certain marketing emails, others might. If marketing emails follow the CAN-SPAM Act we won't block them at the system level except in rare cases. If you don't wish to receive further marketing emails from a particular sender, unsubscribe using their unsubscribe method usually found at the bottom of the email. You may also block a particular sender through your personal Fortinet account.