Does CAN-SPAM apply to transactional emails?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
CAN-SPAM distinguishes between two types of email, and it matters which category yours falls into.
Commercial messages (advertising, promotions, marketing) get the full CAN-SPAM treatment: accurate headers, non-deceptive subject, physical address, unsubscribe mechanism, 10-day opt-out processing. Transactional and relationship messages (order confirmations, shipping notifications, password resets, account alerts) are partially exempt. They don't need unsubscribe links, advertisement disclosure, or a physical address. Though including a physical address is still good practice.
What transactional emails must still have: accurate routing information and non-deceptive subject lines. You can't use false headers regardless of email type. A shipping notification with a fake return address still violates the law.
The tricky part is hybrid emails. An order confirmation that's 80% promotional content with a brief shipping update doesn't get transactional protection. Regulators evaluate based on primary purpose: what would a reasonable reader think this email is fundamentally about? If it's about selling, it's commercial, even if it has transactional elements.
This matters practically: stuffing promotions into your order notifications to avoid consent requirements is a pattern regulators know about. It also annoys customers who expect functional receipts. Keep transactional emails genuinely transactional, and use separate promotional emails for your marketing goals.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.