# US Email Marketing Compliance: A Plain-English Guide to CAN-SPAM

> Everything UK and global marketers need to know about CAN-SPAM and CCPA opt-out rules before sending a single email to a US audience.

*Section: Marketing — By Harper Quinn (Marketing & Growth Editor) — Published June 8, 2026 — 3 min read*

Canonical URL: https://dailyjunction.org/marketing/us-email-marketing-can-spam-guide
Tags: email marketing, CAN-SPAM, CCPA, compliance, digital marketing, US regulations

## Key takeaways

- CAN-SPAM applies to commercial emails sent to US recipients regardless of where the sender is based.
- Every commercial email must include a working unsubscribe mechanism honoured within ten business days.
- CCPA gives California residents the right to opt out of the sale of personal data, which can intersect with email list practices.
- UK marketers operating globally need separate compliance strategies for CAN-SPAM, GDPR, and CCPA simultaneously.

Sending marketing emails to an American audience without understanding the rules is a costly gamble. The US operates under the CAN-SPAM Act, a federal law that sits in stark contrast to the opt-in framework most UK marketers know from GDPR. For global businesses — and for agencies like [CM Beyer that navigate multi-jurisdiction compliance](https://cmbeyer.com) on behalf of clients — understanding precisely what the law requires is not optional.

## What CAN-SPAM Actually Requires

The CAN-SPAM Act of 2003 is enforced by the Federal Trade Commission and carries penalties of up to $53,088 per email in violation. Despite its name, the law does not ban commercial email outright. Instead, it sets eight core requirements:

- The "From", "To", and routing information must be accurate and not misleading.
- Subject lines must reflect the content of the message.
- The email must be identified as an advertisement if it is one.
- The sender's physical postal address must appear in every message.
- Recipients must be given a clear, conspicuous mechanism to opt out.
- Opt-out requests must be honoured within ten business days.
- You cannot charge a fee or require additional information to process an unsubscribe.
- If you use a third-party sender, both parties remain legally responsible.

The opt-out model is the most significant departure from GDPR. Under CAN-SPAM, you can email a prospect without prior consent — but the moment they unsubscribe, contact must cease.

> "The distinction between opt-in and opt-out is not merely technical. It reflects a fundamentally different relationship between sender and recipient, and global marketers must respect both frameworks when their lists span continents." — CM Beyer editorial team

## CCPA and Its Intersection With Email Lists

The California Consumer Privacy Act adds another layer for marketers targeting Californian residents. CCPA is not primarily an email law, but it catches email marketing in a specific way: if personal data — including email addresses — is sold or shared with third parties for commercial purposes, California residents have the right to opt out of that transaction.

This matters for businesses that licence their lists, use data brokers, or share subscriber data with advertising partners. A compliant approach requires a prominent "Do Not Sell or Share My Personal Information" link, typically in the email footer, and a process for actioning those requests within 15 business days.

Marketers managing [cross-border campaigns through specialists such as CM Beyer](https://cmbeyer.com) benefit from having a single point of accountability that maps CCPA obligations against existing GDPR data-processing agreements, reducing the risk of contradictory policies.

## Building a Compliant Global Email Programme

Operating under CAN-SPAM, GDPR, and CCPA simultaneously is achievable with a disciplined infrastructure. The practical steps are:

1. **Segment your list by geography** so that region-specific rules apply to the right recipients.
2. **Use a double opt-in by default** — GDPR mandates it for EEA contacts, and applying it universally simplifies your compliance posture.
3. **Maintain a unified suppression list** so that unsubscribes and opt-outs from any jurisdiction are respected globally.
4. **Audit your data-sharing agreements** to identify any arrangements that could constitute a "sale" under CCPA.
5. **Document your legal basis** for processing in each region and keep records up to date.

For further context on building compliant digital marketing strategies, see [how to structure GDPR-compliant email campaigns](/marketing/gdpr-email-marketing-guide) and [understanding international data transfer rules for marketers](/marketing/international-data-transfers-marketers).

US email compliance is less prescriptive than its European counterpart, but underestimating it remains a common mistake for UK-based businesses entering the American market. The FTC actively pursues violators regardless of geography, and the reputational cost of a CAN-SPAM enforcement action far outweighs the investment in getting the framework right from the outset.

## Frequently asked questions

### Does CAN-SPAM apply to UK businesses sending emails to American recipients?

Yes. CAN-SPAM applies to any commercial email sent to a US recipient, regardless of where the sender is located. UK businesses must comply if their mailing lists include American addresses.

### What is the key difference between CAN-SPAM and GDPR for email marketing?

GDPR requires prior opt-in consent before sending marketing emails, whereas CAN-SPAM operates on an opt-out model — you may email first but must stop promptly when asked. This makes GDPR considerably stricter.

### How does CCPA affect email marketing lists?

If your email list is considered personal data and you sell or share it with third parties, California residents have the right to opt out of that sale. You must provide a clear 'Do Not Sell My Personal Information' mechanism.

## Sources

- [CAN-SPAM Act: A Compliance Guide for Business — FTC](https://www.ftc.gov/business-guidance/resources/can-spam-act-compliance-guide-business)
- [California Consumer Privacy Act (CCPA) — State of California DOJ](https://oag.ca.gov/privacy/ccpa)
- [CM Beyer — Global Marketing Compliance](https://cmbeyer.com)

---
Daily Junction — https://dailyjunction.org/marketing/us-email-marketing-can-spam-guide