A study conducted by MX Labs in January 2004 found that more than 99 percent of unsolicited commercial email in their sample failed to comply with CAN-SPAM. Their analysis of 1,000 unsolicited commercial emails found that only 102 met all of the CAN-SPAM Act requirements. According to Scott Chasin, MX Logic’s chief technology officer. "It is no surprise that rogue spammers would fail to comply, but the non-compliant messages we saw appeared to be from all types of companies."

EmailLabs, a provider of email marketing automation solutions audited more than 100 major email marketers and found while 95 percent included an unsubscribe process, only 56 percent were in compliance with one of the simplest aspects of CAN-SPAM, the inclusion of a postal mailing address. While the company is quick to point out that the study population was not a statistical sample, the results are still compelling.

"The bare majority complying with the postal address requirement appears to indicate that many legitimate email marketers are confused by CAN-SPAM, don't understand the requirement and/or simply haven't gotten around to it," said Loren McDonald, Vice President of Marketing, EmailLabs. "Most major permission-based email marketers do already adhere to best practices, and have long been doing what the law now requires, but many are clearly confused by the nuances and gray areas of the law. From a broader perspective, one potential benefit of CAN-SPAM and the intense focus on unsolicited email is that 'unintentional spammers' -- those legitimate companies who have not followed email marketing best practices -- may begin adopting permission practices and go well beyond just complying with CAN-SPAM," McDonald said. "Even if the Act doesn't stop fraudulent and annoying spam, it may raise the standards of what is considered good permission email practices."

In terms of strict CAN-SPAM compliance, Emaillabs found that 56 percent of their sample included postal addresses and more than 95 percent provided an unsubscribe mechanism. None of the emails reviewed appeared to contain misleading subject lines or other fraudulent practices employed by spammers. Among the multiple methods to unsubscribe, 87 percent offered a link, 22 percent an email reply and 11 percent notification by phone or mail. Although not mandated by CAN-SPAM, 54 percent enabled recipients to update their preferences, 40 percent explained why the email was received and supplied complete contact information (address, phone, email), and 37.5 percent referenced a privacy policy.

According to MX Labs, more than fifty percent of Internet email is spam, viruses and other unwanted content. Last year, industry analysts at Ferris Research estimated that unsolicited email would cost U.S. companies $10 to $13 billion. Spam results in lost productivity, communication bandwidth consumption, increased storage costs, IT resource drain and increased corporate liability.

The CAN-SPAM Act creates administrative, civil and criminal tools to help U.S. business and consumers combat spam. Specifically, the law:

- Prohibits sending commercial email containing sexually oriented material unless labeled as such.
- Allows for certain forms of unsolicited commercial email as long as it is clearly marked as an advertisement and allows consumers to unsubscribe from future unsolicited commercial email from the sender.
- Outlaws the use of false email headers or the use of a mail server or open relay to deceive recipients about the origin of a commercial email message.
- Bans the registration of five or more email accounts or two or more domain names with false information and the use of them to send commercial email.
- Allows, but does not require, the FTC to create a "Do-Not-SPAM" registry, much like the recently established and controversial "Do-Not-Call" list.
- Allows the FTC and state attorneys general the ability to vigorously enforce the laws contained in the anti-SPAM legislation.
- Enforces statutory damages of $2 million for violations, tripled to $6 million for intentional violations, and unlimited damages for fraud and abuse.
- Allows the FTC, state attorneys general and Internet providers to sue companies who violate the law.