Skip to main content
CAN-SPAMcold emailemail compliance

CAN-SPAM Compliance for Service Business Cold Email (2026 Guide)

8 min read

The CAN-SPAM Act (15 U.S.C. § 7701) is the federal law governing commercial email in the United States. The good news for service businesses: B2B cold email is explicitly legal under CAN-SPAM as long as you follow the rules. The bad news: most service businesses send non-compliant emails without knowing it, risking $51,744 in fines per violation.

The 6 CAN-SPAM requirements for every commercial email

  • 1. Truthful "From" name and email address — your real name or business name
  • 2. Honest subject line — no "Re:" to fake a reply, no misleading teasers
  • 3. Clear identification as an advertisement (when applicable to non-transactional emails)
  • 4. Physical postal address — your real street address, PO Box, or private mailbox
  • 5. Opt-out mechanism — a way to unsubscribe must be clearly visible
  • 6. Honor opt-out requests within 10 business days — and keep them honored forever

Is B2B cold email legal under CAN-SPAM?

Yes — CAN-SPAM explicitly covers commercial email sent to businesses. There is no prior consent requirement for B2B cold email under federal law (unlike GDPR in the EU or CASL in Canada). You can email a business you have never contacted before, as long as you follow the 6 requirements above. What you cannot do: buy lists of personal email addresses, use deceptive subject lines, or ignore opt-out requests.

The physical address requirement — what counts?

Every commercial email must include a valid physical postal address. Options: your business street address, a USPS P.O. Box registered in your name, or a private mailbox through a registered commercial mail receiving agency (CMRA) like The UPS Store. A general city name alone does not satisfy this requirement — you need a full, deliverable address in every email footer.

Managing opt-outs correctly

CAN-SPAM requires you to: (1) provide a functioning unsubscribe mechanism (link or reply instruction) in every email; (2) process opt-out requests within 10 business days; (3) never charge a fee, require login, or ask for more than an email address to opt out; (4) keep suppression records — once someone opts out, they must never receive commercial email from you again, even from a different address.

Common CAN-SPAM violations service businesses make

  • Missing or fake "From" address (sending from Gmail without business domain)
  • No physical address in the footer
  • No unsubscribe link
  • Continuing to email someone after they asked to stop
  • Using "Re:" to fake a reply chain
  • Buying or renting email lists without checking for prior opt-outs

How Bolsivo enforces CAN-SPAM automatically

Bolsivo blocks email sending if: your account is missing a physical postal address (set in company settings), the lead has opted out at any point, the email subject line is empty, or the lead email is missing. Every email includes a CAN-SPAM-compliant unsubscribe link and your postal address automatically. The suppression list is permanent — opted-out contacts never receive emails again, regardless of which campaign sends them.

Send CAN-SPAM compliant cold email with Bolsivo →
See the compliance dashboard →

Frequently asked questions

Does CAN-SPAM apply to B2B emails?
Yes. CAN-SPAM applies to all commercial email messages regardless of whether the recipient is a consumer or a business. There is no B2B exemption. However, B2B cold email does not require prior consent under CAN-SPAM — you just need to follow the 6 requirements.
What is the fine for violating CAN-SPAM?
Each separate email in violation can trigger penalties up to $51,744 (as of 2024, adjusted for inflation). The FTC, state attorneys general, and ISPs can all bring action. In practice, enforcement targets bulk senders and repeat violators — but a single complaint from a recipient can trigger an investigation.
Do I need a lawyer to send cold email?
For basic B2B cold email following the 6 CAN-SPAM requirements, no. For mass email campaigns above 500 emails/day, email to EU residents (GDPR), or email to Canadian addresses (CASL), consult a lawyer who specializes in digital marketing compliance. The rules differ significantly outside the US.
What's the difference between CAN-SPAM and GDPR?
CAN-SPAM (US): no prior consent required for B2B email; opt-out model. GDPR (EU): explicit prior consent required for most commercial email; opt-in model with strict data processing rules. If you have any EU recipients, apply GDPR standards (prior consent) regardless of where you are based — GDPR has extraterritorial reach.

Ready to find your first commercial leads?

Bolsivo finds and qualifies leads for service businesses. Free to start.

Get started free →See the demo
Back to Resources