Most insurance agents know they can get in trouble for how they call and text prospects. Far fewer think twice about email. That's a mistake. Email is governed by its own federal law — the CAN-SPAM Act — and the Federal Trade Commission can fine you up to $53,088 per individual email that violates it. Send one non-compliant blast to a list of 2,000 contacts and the theoretical exposure runs into the tens of millions.
The good news: CAN-SPAM is one of the most achievable compliance regimes you'll ever deal with. There are seven core requirements, all of them are common sense, and a properly configured CRM handles most of them automatically. This guide explains what the law actually requires, where insurance agents most often slip up, and how to build an email program that markets aggressively while staying firmly on the right side of the line.
A note before we start: this is educational information, not legal advice. CAN-SPAM is federal, but states layer on their own rules, and insurance is separately regulated by your state Department of Insurance. When in doubt, run your templates past a compliance attorney.
What Is the CAN-SPAM Act?
CAN-SPAM stands for "Controlling the Assault of Non-Solicited Pornography And Marketing." Despite the name, it governs virtually all commercial email — not just spam and not just adult content. If you send an email whose primary purpose is to advertise or promote a product or service, CAN-SPAM applies. For an insurance agent, that covers newsletters, quote follow-ups, cross-sell campaigns, annual review reminders that pitch additional coverage, and almost every drip sequence you run.
The law took effect in 2003 and is enforced by the FTC. Importantly, CAN-SPAM does not require recipients to opt in before you email them — this is a key difference from Canada's CASL or Europe's GDPR. It is an opt-out regime: you can email a commercial message to someone who hasn't asked for it, but you must honor their request to stop and follow specific formatting rules. That flexibility is why email remains such a powerful channel for agents, but it's also why the formatting rules are non-negotiable.
Does CAN-SPAM Apply to Every Email an Agent Sends?
Not quite. CAN-SPAM divides messages into three buckets, and the rules differ:
Commercial messages — content that advertises or promotes a product or service. A "Here are three reasons to review your life insurance this year" newsletter is commercial. Almost all agent marketing falls here, and the full rule set applies.
Transactional or relationship messages — content that facilitates an already-agreed transaction or updates a customer about an existing relationship. A policy renewal notice, a premium receipt, or a message confirming a scheduled appointment is transactional. These are largely exempt from CAN-SPAM's content rules, though they still can't contain false or misleading routing information.
Dual-purpose messages — emails that mix both. This is where agents get tripped up. If you send a "Your policy renews next month — and by the way, here's a great new annuity product" email, the FTC looks at the primary purpose. If a reasonable recipient would conclude the message is primarily an ad, you must treat the whole thing as commercial. The safe move is to assume any email with a marketing component is commercial and comply fully.
The 7 Rules of CAN-SPAM Compliance
Here is the entire law, distilled into the seven requirements the FTC actually enforces.
1. Don't Use False or Misleading Header Information
Your "From," "To," "Reply-To," and routing information must accurately identify who sent the message. The display name and email address must reflect your agency, not a spoofed or borrowed identity. Sending from "info@yourdomain.com" is fine; making it look like the email came from a carrier you don't represent is not.
2. Don't Use Deceptive Subject Lines
The subject line must reflect the content of the message. "Your claim has been approved" when you're actually pitching a new policy is a textbook violation. For insurance specifically, avoid manufacturing urgency that doesn't exist ("URGENT: Your coverage expires today" when it doesn't) — that crosses both CAN-SPAM and state unfair-trade-practice lines.
3. Identify the Message as an Advertisement
The law gives you latitude on how, but commercial email must be identifiable as an ad. A newsletter that's obviously promotional generally satisfies this through context. Cold outreach to a purchased or prospect list should be more explicit. A simple line such as "This is an advertisement" or clear branding that signals commercial intent covers you.
4. Tell Recipients Where You're Located
Every commercial email must include a valid physical postal address. This can be your street address, a registered P.O. box, or a Commercial Mail Receiving Agency address. For agents working from home who don't want to publish a home address, a P.O. box is the standard solution. This belongs in your email footer and should appear on every send.
5. Tell Recipients How to Opt Out
Every commercial email must include a clear, conspicuous explanation of how to stop receiving future email. A single unsubscribe link in the footer is the norm. It must be easy to see and easy to understand — burying it in eight-point gray text on a gray background defeats the purpose and invites scrutiny.
6. Honor Opt-Out Requests Promptly
You must process opt-outs within 10 business days. The unsubscribe mechanism must work for at least 30 days after you send the message. You cannot charge a fee, require any information beyond an email address, or make the recipient log in or visit more than a single page to unsubscribe. And critically — once someone opts out, you cannot sell, transfer, or share their email address with anyone else, except to a company you hire to help you comply with the law.
7. Monitor What Others Do on Your Behalf
If you hire a marketing agency, a lead vendor, or an FMO that emails on your behalf, you are still legally responsible. The FTC can hold both the company whose product is promoted and the company that actually sends the email liable. You cannot outsource your way out of compliance, so vet anyone who touches your list.
Where Insurance Agents Most Often Get CAN-SPAM Wrong
After working with hundreds of agents, the same handful of mistakes come up again and again.
Emailing from a personal Gmail or Yahoo account. Beyond the deliverability problems, personal accounts make it nearly impossible to manage opt-outs at scale, and they rarely carry your physical address in the footer. Use a proper domain and a sending platform.
Treating opt-outs as channel-specific without a system. A prospect who unsubscribes from email has opted out of email. That's distinct from a Do Not Call or text opt-out, which are governed separately under the TCPA. But you need a single source of truth that records the email opt-out and suppresses that address across every future campaign — including the new drip sequence you build six months from now. Manual list management is where addresses get re-added by accident.
Re-importing old lists. An agent buys a fresh batch of aged leads, imports them, and the import overwrites or ignores prior opt-out flags. Now you're emailing people who already told you to stop — which is exactly the scenario the FTC fines. Your lead management process has to preserve suppression status through every import.
Dual-purpose emails that hide the ad. Dressing up a sales pitch as a service notice to dodge the rules is the violation regulators look for most. Be honest about what the email is.
Forgetting the footer on automated sequences. Agents carefully format their newsletter, then build a 12-touch drip campaign where touches 4 through 12 quietly drop the address and unsubscribe link. Every commercial send needs the full footer — there are no "internal" exceptions once the message is commercial and going to a prospect or client.
CAN-SPAM vs. TCPA vs. State Insurance Rules
Email agents juggle three overlapping regimes, and conflating them causes real problems.
CAN-SPAM governs email and is opt-out based — you may email until told to stop. The TCPA governs phone calls and text messages and is far stricter, generally requiring prior express consent (and prior express written consent for marketing autodials and texts). That's why you can email a prospect a newsletter but should not fire an automated marketing text to the same person without documented consent. If your campaigns mix channels, each channel follows its own rulebook.
On top of both sit your state Department of Insurance rules and unfair-trade-practice statutes, which prohibit misleading advertising regardless of the medium. An email that's technically CAN-SPAM compliant can still violate state insurance advertising rules if it misrepresents a policy, uses a prohibited title, or makes guarantees you can't back. Building a habit of clean, accurate messaging keeps you compliant across all three. For a broader view of the regulatory landscape agents operate in, see our overview of NAIC compliance for insurance agents.
A Compliant Insurance Email Footer Template
Here's a footer that satisfies the address, opt-out, and identification requirements in one block. Adapt it to your agency:
You're receiving this email because you requested an insurance quote or are a client of [Agency Name]. This message contains advertising for insurance products.
[Agency Name] · [Agent Name], Licensed Insurance Agent · [Street Address or P.O. Box, City, State, ZIP]
Don't want these emails? [Unsubscribe instantly] — we'll remove you within 10 business days.
Three things make this work: it identifies the relationship and the commercial nature, it carries a real physical address, and it offers a one-click opt-out with no hoops. If your sending platform can't produce something like this on every send automatically, that's a tooling problem worth fixing.
How to Automate CAN-SPAM Compliance With a CRM
The reason CAN-SPAM violations happen is almost never bad intent — it's manual processes that break under volume. Once you're sending to hundreds or thousands of contacts across multiple sequences, you cannot reliably track opt-outs in your head or in a spreadsheet. The fix is to make compliance a property of the system, not a task on your checklist.
A purpose-built insurance CRM handles the heavy lifting in four ways:
Global suppression lists. When a contact unsubscribes, the platform flags the email address and suppresses it across every current and future campaign automatically. There's no way to accidentally email an opted-out address, even if you import a new list that happens to contain it. SalesPulse maintains this suppression at the account level, so an opt-out sticks permanently.
Automatic footers. Every email sent through your CRM's automation workflows — newsletters, drips, one-off blasts — carries your configured physical address and a working unsubscribe link by default. You set it once; the system enforces it on every send.
Opt-out within seconds, not 10 days. The law gives you 10 business days, but automated unsubscribe processing removes the contact instantly, which is both better practice and better for deliverability.
Channel-aware consent tracking. A good platform records email opt-outs separately from call and text consent, so you respect each channel's rules without manually cross-referencing. Pairing email automation with a compliant softphone and texting setup keeps your whole outreach program consistent.
If you're evaluating platforms, treat built-in compliance as a core feature, not a nice-to-have. You can compare how SalesPulse approaches this against alternatives on our pricing page, and see the full automation toolset on the AI automation features page.
What Happens If You Violate CAN-SPAM?
Penalties are assessed per email, not per campaign, which is what makes violations so expensive. As of 2026 the maximum civil penalty is $53,088 per non-compliant message. The FTC has pursued cases ranging from small businesses to large marketers, and aggravated violations — harvesting addresses, using automated dictionary attacks to generate addresses, or sending through hijacked computers — can also carry criminal liability.
For most agents, the realistic risk isn't a headline FTC enforcement action; it's a steady erosion of sender reputation. Mailbox providers like Gmail and Outlook watch complaint rates closely. When recipients can't find an unsubscribe link, they hit "report spam" instead — and once your complaint rate climbs, your legitimate emails start landing in junk folders, even for engaged clients. Compliance and deliverability are the same project. The cleaner your list hygiene, the more of your email actually reaches an inbox.
A Simple CAN-SPAM Compliance Checklist
Run every campaign through this before it goes out:
- Is the "From" name and address accurate and clearly tied to my agency?
- Does the subject line honestly reflect the content?
- Is it clear this is commercial/advertising content?
- Does the footer include a valid physical postal address?
- Is there a clear, one-click unsubscribe link?
- Will opt-outs be processed within 10 business days (ideally instantly)?
- Is my suppression list current, and does it survive list imports?
- If a vendor or FMO is sending on my behalf, have I confirmed they comply too?
Eight checks. If your CRM is configured correctly, items 4 through 7 are handled automatically, and you're really only verifying the subject line and content of each new campaign.
The Bottom Line
CAN-SPAM rewards agents who treat their email list with respect. Send accurate, clearly-labeled commercial email from a real domain, give people an easy way out, honor it immediately, and keep a clean suppression list that survives every import. Do that and you'll never think about the FTC again — while your competitors who cut corners watch their deliverability quietly collapse.
The agents who win at email aren't the ones who blast the most messages. They're the ones whose messages reach the inbox because they've earned the trust of both their recipients and the mailbox providers. Compliance is the foundation of that trust. Build it into your tools, and it stops being a burden and becomes a competitive advantage.
Ready to run email campaigns that are compliant by default? Start a free SalesPulse trial and see how built-in suppression lists and automatic footers take CAN-SPAM off your plate entirely.
This article is for educational purposes only and does not constitute legal advice. Consult a qualified attorney regarding your specific compliance obligations under federal and state law.
Ready to Transform Your Insurance Sales?
Join thousands of insurance agents using SalesPulse to automate follow-ups, power their dialers, and close more deals — all in one platform for $79/month.