Email Marketing Compliance: Understanding CAN-SPAM

CAN-SPAM is the federal law that governs every commercial email your title company sends — from agent newsletters to market updates to promotional blasts. Compliance comes down to a short list: tell the truth in your headers and subject lines, disclose that the message is an advertisement, include a real postal address, give recipients an easy way to opt out, and honor that request within 10 business days. The FTC can fine senders up to $53,088 per email that breaks the rules — and that liability is shared with whoever sends on your behalf.

Email is still one of the most cost-effective ways for a title company to stay in front of agents, lenders, and past clients. But the same tools that make it easy — Mailchimp, Constant Contact, and the rest — also make it easy to send something that quietly breaks federal law. The good news: CAN-SPAM compliance is straightforward once you understand it. The catch is that staying compliant while marketing effectively is where most do-it-yourself efforts come undone.

What is the CAN-SPAM Act?

The CAN-SPAM Act of 2003 is the U.S. law that sets the rules for commercial email. It's enforced by the Federal Trade Commission (FTC), and despite the name, it isn't limited to bulk "spam." It covers any email whose primary purpose is to advertise or promote a product or service — including a single message to a past client announcing something new. The law makes no exception for business-to-business email, so a newsletter sent to your network of real estate agents is squarely covered.

Does CAN-SPAM apply to title companies?

Yes — to more of your email than you might expect. Agent newsletters, market updates, holiday touchpoints, and promotional announcements are all commercial messages. So is a one-off email to a former client introducing a new service. If the message exists to market your firm, CAN-SPAM applies, whether you send it to one person or ten thousand.

What's the difference between a "commercial" and a "transactional" email?

This distinction matters enormously for title and escrow companies, because so much of your email is operational. The FTC separates email by its primary purpose:

  • Transactional or relationship email — closing updates, document delivery, escrow status, wire and settlement information, or anything facilitating an agreed-upon transaction — is exempt from most CAN-SPAM requirements. You don't need an unsubscribe link on a closing confirmation.
  • Commercial email — newsletters, promotions, marketing — must follow every rule below.

One requirement applies to both categories: you can never use false or misleading header information, even on a purely transactional message. And if an email mixes the two, the FTC judges it by its primary purpose — so don't bury a marketing pitch inside a closing update and assume it's exempt.

The seven rules of CAN-SPAM compliance

The FTC's requirements come down to seven practical rules:

  1. Don't use false or misleading header information. Your "From," "Reply-To," and routing details must accurately identify your firm.
  2. Don't use deceptive subject lines. The subject must reflect what's actually in the message.
  3. Identify the message as an advertisement. The disclosure must be clear, but it can live anywhere in the email — it doesn't have to be in the subject line.
  4. Tell recipients where you're located. Every commercial email needs a valid physical postal address.
  5. Tell recipients how to opt out. Include a clear, easy-to-find way to stop future email.
  6. Honor opt-outs promptly. Process requests within 10 business days, keep the mechanism working for at least 30 days after you send, and never charge a fee or require more than an email address.
  7. Monitor what others do on your behalf. If a marketing partner sends for you, their compliance is still your legal responsibility.

Your "From" line and sending domain: the easiest place to slip

The fastest way to fall out of compliance — and into the spam folder — is sending marketing email from a free consumer account like Gmail or AOL. Send from your own company domain instead, in a clear format such as [email protected]. A branded domain makes your identity unambiguous, satisfies the honest-header requirement, and is the single biggest factor in whether your message reaches the inbox at all. Pair it with proper authentication (SPF, DKIM, and DMARC) and you've removed the most common point of failure.

Writing subject lines that are honest and effective

You have wide creative latitude with subject lines, but one hard rule: the subject must accurately represent the content. A subject engineered to trick someone into opening — implying a closing is delayed, say, when the email is really a newsletter — is a deceptive practice and a violation. The skill is doing both at once: earning the open and telling the truth. You don't need to stamp "Advertisement" across the subject; you simply can't mislead.

What your email footer must include

Two things are required in the footer (or elsewhere in the body) of every commercial email:

  • A valid physical postal address. This can be your street address, a registered P.O. Box, or a private mailbox registered with a commercial mail-receiving agency.
  • A working way to unsubscribe. It must be clear, functional, and honored promptly.

A common myth — repeated in a lot of older guidance — is that you must state the reason the recipient is receiving the email. CAN-SPAM doesn't require that. It's good practice for trust and deliverability, but it isn't the law.

Does CAN-SPAM require opt-in consent?

No — and this is the most misunderstood part of the law. Unlike Europe's GDPR or Canada's CASL, CAN-SPAM is an opt-out regime. It does not require a recipient's prior consent before you send a commercial email; it requires that you give them an easy way to stop.

That said, "legal" and "smart" aren't the same thing. Never buy or harvest an email list. Harvesting addresses and dictionary attacks are aggravated violations that carry criminal exposure, and a purchased list is the fastest way to get your domain blacklisted — which sends even your one-to-one client email to the junk folder. Build your list with permission. It's better for compliance, deliverability, and results.

What about text messages?

CAN-SPAM governs email only. SMS marketing falls under a different and stricter law — the Telephone Consumer Protection Act (TCPA) — which generally requires prior express written consent before you text someone for marketing purposes. In other words, the opt-out model that works for email does not work for text. If your outreach spans both channels, the two have to be handled by different rulebooks. (More on building a compliant program on our email & SMS marketing page.)

What happens if you violate CAN-SPAM?

Each separate email that violates the law can carry a civil penalty of up to $53,088, a figure the FTC adjusts for inflation. The penalty is assessed per message, not per campaign, and there's no cap on the total — which is why even a modest blast can generate enormous theoretical exposure. Aggravated conduct like spoofing or harvesting can rise to criminal penalties, including imprisonment.

Two points title companies should sit with. First, enforcement is real: in recent years the FTC reached a $2.95 million settlement with one company over missing opt-outs and addresses, and a $650,000 settlement with another for disguising marketing as transactional email. Second — and this is the one most firms miss — liability is shared. CAN-SPAM holds both the company being promoted and the party that sends responsible. You cannot outsource the risk to a vendor. You can only choose a vendor who gets it right.

Why compliance protects your deliverability, not just your wallet

Fines get the headlines, but the more immediate cost of non-compliance is usually deliverability. The same behaviors CAN-SPAM prohibits — misleading headers, ignored opt-outs, purchased lists — are exactly what mailbox providers use to flag a sender as spam. Once your domain's reputation drops, your messages stop reaching inboxes, and that includes the routine client email your business runs on. Compliance and deliverability are the same discipline viewed from two angles: send honest, permission-based email, and both your reputation and your inbox placement take care of themselves.

How Ralston & Anthony keeps your email compliant

Because liability is shared, the marketing partner you choose has to know this law cold. We build email programs for title companies on authenticated, branded domains, with compliant footers, automatic opt-out handling, and permission-based lists — so you stay on the right side of CAN-SPAM and reach the inbox, without having to think about the FTC. Compliance isn't the ceiling of good email marketing; it's the floor it stands on.

This article is general information, not legal advice. For guidance on your specific situation, consult a qualified attorney.

Frequently asked questions

Is CAN-SPAM still in effect in 2026?

Yes. The law is more than two decades old but remains actively enforced by the FTC, with penalties adjusted for inflation each year.

How quickly do I have to honor an unsubscribe request?

Within 10 business days. Your opt-out mechanism must also keep working for at least 30 days after you send the email, and you can't charge a fee or require anything beyond an email address.

Do closing updates and escrow emails count as commercial email?

Generally no. Transactional and relationship messages tied to an agreed-upon transaction are exempt from most CAN-SPAM rules — but they still can't use false or misleading header information.

Can I email a purchased list of real estate agents?

CAN-SPAM doesn't outright ban cold commercial email, but harvested lists are an aggravated violation with criminal exposure, and purchased lists badly damage your deliverability. Build your list with permission instead.

What's the fine for a CAN-SPAM violation?

Up to $53,088 per violating email, per the FTC's most recent inflation adjustment. It's assessed per message, with no cap on the total.

If my agency sends the emails, who's liable?

Both of you. CAN-SPAM holds the company being promoted and the party that sends the email responsible — so choose a marketer who understands compliance.

Want email marketing that's compliant by design and built to reach the inbox? We handle the deliverability, the compliance, and the strategy so you can focus on closings. Reserve an appointment and let's review your email program together.

Christopher Skraba

Christopher Skraba

Christopher Skraba is the founder and Managing Member of Ralston & Anthony, a boutique digital marketing agency in Chicago, Illinois that has specialized in nationwide title insurance and legal marketing for over a decade. He works directly with title companies, escrow firms, and law firms to build websites, search strategies, and client-experience programs that turn reputation and relationships into measurable growth. He developed the firm's proprietary GRACE™ framework — a hospitality-inspired approach to client experience that few marketing firms in the legal and title space can match. Connect with Christopher on LinkedIn.