CAN-SPAM Act and TCPA compliance for commercial emails and text messages covering unsubscribe mechanisms, sender identity, consent, and content delivery rules.
This audit evaluates 20 checks across unsubscribe and opt-out mechanisms (one-click unsubscribe, 10-day processing, SMS STOP handling), sender identity and transparency (accurate From, non-deceptive subjects, physical address, SMS sender ID), consent and opt-in (prior express written consent for SMS, confirmation, consent records, separate per-channel consent), and content delivery rules (no misleading headers, transactional vs. marketing distinction, frequency disclosure, suppression lists). For any application that sends commercial emails or SMS, this audit identifies CAN-SPAM and TCPA compliance gaps.
20
Total Checks
3
Delivery Formats
6
Categories
6
Versions
Quality hardening: added counting/enumeration, numeric thresholds, anti-sycophancy patterns, cross-references to all checks. Manifests tightened to exact tolerances.
2026-04-03
Added chunked format for browser-based tools
2026-03-01
Improved Step 3: paste URL is now primary submission method
2026-03-01
Tightened no-misleading-headers check definition: clarified header injection as the primary fail pattern (user-supplied display names interpolated without sanitizing \r\n\0), distinguished from accurate-from domain check. Updated bare-minimum fixture to include header injection vector for consistent adversarial testing.
2026-03-01
Hardened curl commands with -sS -L flags for redirect following and error visibility. Added response validation guidance to Step 3.
2026-02-23
Initial release
2026-02-22