What are the penalties for CAN-SPAM violations?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
You've heard that CAN-SPAM violations carry fines of "up to $50,000 per email." The actual figure is $53,088 per non-compliant email (adjusted for inflation from the original $16,000), and since each individual email in a campaign can be a separate violation, a single send to a large list can create enormous theoretical liability.
The FTC, state attorneys general, and internet service providers can all bring enforcement actions. Both the company whose products are being promoted and the email sender can be held liable. So if you hire a marketing agency that sends non-compliant email on your behalf, you're exposed too. Not just them.
Aggravated violations carry additional criminal penalties: using false identities to send, hijacking computers to send spam, or harvesting email addresses through automated means can result in fines and imprisonment.
That said: regulators tend to go after systematic violators, not senders making good-faith compliance mistakes. The penalty calculus also includes the fact that enforcement catches relatively few violations. The more immediate risk for most senders is deliverability damage. Spam complaints tank your sender reputation faster than regulatory action shows up.
If you want to check your setup against CAN-SPAM requirements, the free Email Header Analyzer covers the sending setup side. For anything more involved, the SOS call is free.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.