Email Compliance
Checker
Check if your emails comply with CAN-SPAM (US), GDPR (EU), and CASL (Canada). Answer 14 questions to get your compliance score and identify issues before they become fines.
Does your email include a working unsubscribe link?
All three regulations require a clear, functional way for recipients to opt out. CAN-SPAM requires processing within 10 business days, CASL within 10 business days, and GDPR immediately.
Does your email support one-click unsubscribe (List-Unsubscribe header)?
Gmail and Yahoo require the List-Unsubscribe and List-Unsubscribe-Post headers (RFC 8058) for bulk senders since 2024. Without it, your emails may be rejected.
Does your email include a valid physical mailing address?
CAN-SPAM requires a valid postal address (street address, PO Box, or private mailbox registered with a commercial mail receiving agency).
Is the sender clearly identified (From name and email)?
All regulations require accurate sender identification. The 'From' name, email address, and 'Reply-To' must not be deceptive or misleading.
Is the subject line accurate and not misleading?
CAN-SPAM specifically prohibits deceptive subject lines. The subject must accurately reflect the content of the email.
Is the email clearly identified as an advertisement (if applicable)?
CAN-SPAM requires that commercial emails be identified as advertisements. This can be done through clear labeling, though the law is flexible on the method.
Did recipients give explicit, informed consent to receive emails?
GDPR requires explicit opt-in consent, not pre-checked boxes. You must be able to prove when and how consent was obtained. Legitimate interest may apply in some B2B contexts.
Do you keep records of when and how consent was obtained?
GDPR requires documented proof of consent: timestamp, method (form, checkbox), what was agreed to, and the version of your privacy policy at the time.
Does your email link to your privacy policy?
GDPR requires transparency about data processing. Including a link to your privacy policy in emails is a best practice for compliance.
Are you only using email addresses for the purpose they were collected?
GDPR's purpose limitation principle means you can only use data for the specific purpose stated when consent was given. Using a support email for marketing is a violation.
Do you have express or implied consent for Canadian recipients?
CASL requires express consent (opt-in) or implied consent (existing business relationship within 2 years, inquiry within 6 months). Implied consent expires.
Does your email include the sender's name, organization, and contact info?
CASL requires the sender's name (or the person on whose behalf the message is sent), mailing address, and at least one of: phone number, email, or web address.
Are SPF, DKIM, and DMARC properly configured for your sending domain?
While not explicitly required by law, Gmail, Yahoo, and Microsoft require SPF, DKIM, and DMARC for bulk senders since 2024. Missing authentication can cause rejection.
Is your spam complaint rate below 0.1%?
Gmail requires spam complaint rates below 0.1% (and never above 0.3%). High complaint rates trigger throttling and blocking regardless of legal compliance.