What are common misconceptions about CAN-SPAM?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Three things that many senders get wrong about CAN-SPAM.
Misconception: B2B emails are exempt. They're not. CAN-SPAM applies to all commercial electronic messages regardless of whether you're emailing a consumer or a business. Same requirements apply: accurate headers, non-deceptive subject lines, a physical address, and a working unsubscribe. No B2B exception exists.
Misconception: You need consent before you can email someone. Under CAN-SPAM, you don't. It's an opt-out framework. You can send commercial email without prior permission, as long as you identify who you are, give them a way out, and honor opt-out requests within 10 days. This is what separates CAN-SPAM from GDPR and CASL, which both require consent before sending. (Just because cold email is legal doesn't mean it performs well.)
Misconception: CAN-SPAM compliance means your email will reach the inbox. It won't, necessarily. Mailbox providers like Gmail and Microsoft Outlook enforce standards far stricter than what CAN-SPAM requires. Engagement rates, authentication (SPF/DKIM/DMARC), and list quality matter far more for inbox placement than CAN-SPAM checkboxes.
CAN-SPAM sets the legal floor, not the practical ceiling. Meeting minimum requirements while ignoring deliverability gives you a legally compliant program that lands in spam.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.