Subject lines accurately reflect content; no false urgency

Why it matters

CAN-SPAM §5(a)(2) prohibits subject lines that mislead recipients about the content or subject matter of the message. Prefixing promotional emails with Re: or Fwd: simulates a reply thread — a pattern FTC enforcement actions have specifically targeted. Using Action required or Your account for discount offers causes recipients to open under false pretenses, inflates spam complaints when they realize the deception, and permanently damages sender reputation scores. CASL Section 6 imposes parallel requirements for Canadian recipients: deceptive subject lines invalidate the implied consent that commercial email relies on.

Remediation

Audit every subject line template and rewrite any that use deceptive framing — thread simulation, false urgency, or transactional-looking labels on promotional content.

// Subject line review — apply to every template before sending:

// WRONG
// 'Re: Following up on your last visit'   // simulates reply thread
// 'Action required: Your account'          // false urgency for a promo
// 'Only 2 hours left!'                     // scarcity claim without a real deadline

// CORRECT
// 'Your February discount — 20% off until Friday'
// 'New: Dark mode is now available'
// 'Your March invoice is ready'            // transactional — accurate

For campaign-builder tools that generate subjects dynamically, add a mandatory review checkpoint before any send exceeding 50 recipients. A one-line rule: if the subject would be accurate on a transactional email, do not use it on a promotional one.

Detection

ID: email-sms-compliance.sender-identity.non-deceptive-subject
Severity: high
What to look for: Enumerate every relevant item. CAN-SPAM prohibits subject lines that "mislead recipients as to the contents or subject matter of the message." Audit every email subject line used in the codebase — look in email template files, hardcoded subject strings in send calls, and any subject generation logic. Common violations: "Your account has been compromised" when the email is a marketing promotion, "Action required" on newsletters, "Re:" or "Fwd:" prefixes on cold emails that simulate a thread, countdown timers or false scarcity claims ("Only 2 hours left!" when no actual deadline exists). Also check SMS message text for similar patterns — TCPA and FTC regulations prohibit deceptive content in commercial SMS.
Pass criteria: All email subjects accurately describe the email's content. No false urgency, fake reply-thread prefixes, or deceptive framing. Subject lines for promotional emails do not imply the email is transactional or urgent when it is not.
Fail criteria: Subject lines use "Re:" or "Fwd:" without a prior thread. Promotional emails use "Action required," "Your account," or similar transactional-looking subjects for marketing content. Countdown timers in subjects reference non-existent deadlines.
Skip (N/A) when: The application sends no email.
Detail on fail: Specify the misleading pattern. Example: "Newsletter subject template includes 'Re: Your last visit' prefix — simulates a reply thread for a cold marketing email." or "Promotional email uses subject 'Your account needs attention' for a discount offer with no actual account issue.".

Remediation: Review and rewrite all subject line templates:

// Email subject line audit checklist — apply to every template:

// WRONG — deceptive subjects
// subject: 'Re: Following up on your order'   // simulates reply thread
// subject: 'Action required: Your account'     // false urgency for a promo
// subject: 'Only 2 spots left!'                // false scarcity if not true

// CORRECT — accurate subjects
// subject: 'Your February discount — save 20%'
// subject: 'New feature: Dark mode is here'
// subject: 'Your invoice for March is ready'  // this one IS transactional

// If you use dynamic subject generation, add a review step
// in your campaign builder to confirm accuracy before sending.

Establish a subject line review process for any campaign that goes out to more than a small internal test list. A simple review checklist: Does the subject describe what is actually in the email? Does it contain any urgency that doesn't exist? Does it look like a reply, forward, or account alert when it is not?

Why it matters

Remediation

Audit every subject line template and rewrite any that use deceptive framing — thread simulation, false urgency, or transactional-looking labels on promotional content.

// Subject line review — apply to every template before sending:

// WRONG
// 'Re: Following up on your last visit'   // simulates reply thread
// 'Action required: Your account'          // false urgency for a promo
// 'Only 2 hours left!'                     // scarcity claim without a real deadline

// CORRECT
// 'Your February discount — 20% off until Friday'
// 'New: Dark mode is now available'
// 'Your March invoice is ready'            // transactional — accurate

Detection

ID: email-sms-compliance.sender-identity.non-deceptive-subject
Severity: high
What to look for: Enumerate every relevant item. CAN-SPAM prohibits subject lines that "mislead recipients as to the contents or subject matter of the message." Audit every email subject line used in the codebase — look in email template files, hardcoded subject strings in send calls, and any subject generation logic. Common violations: "Your account has been compromised" when the email is a marketing promotion, "Action required" on newsletters, "Re:" or "Fwd:" prefixes on cold emails that simulate a thread, countdown timers or false scarcity claims ("Only 2 hours left!" when no actual deadline exists). Also check SMS message text for similar patterns — TCPA and FTC regulations prohibit deceptive content in commercial SMS.
Pass criteria: All email subjects accurately describe the email's content. No false urgency, fake reply-thread prefixes, or deceptive framing. Subject lines for promotional emails do not imply the email is transactional or urgent when it is not.
Fail criteria: Subject lines use "Re:" or "Fwd:" without a prior thread. Promotional emails use "Action required," "Your account," or similar transactional-looking subjects for marketing content. Countdown timers in subjects reference non-existent deadlines.
Skip (N/A) when: The application sends no email.
Detail on fail: Specify the misleading pattern. Example: "Newsletter subject template includes 'Re: Your last visit' prefix — simulates a reply thread for a cold marketing email." or "Promotional email uses subject 'Your account needs attention' for a discount offer with no actual account issue.".

Remediation: Review and rewrite all subject line templates:

// Email subject line audit checklist — apply to every template:

// WRONG — deceptive subjects
// subject: 'Re: Following up on your order'   // simulates reply thread
// subject: 'Action required: Your account'     // false urgency for a promo
// subject: 'Only 2 spots left!'                // false scarcity if not true

// CORRECT — accurate subjects
// subject: 'Your February discount — save 20%'
// subject: 'New feature: Dark mode is here'
// subject: 'Your invoice for March is ready'  // this one IS transactional

// If you use dynamic subject generation, add a review step
// in your campaign builder to confirm accuracy before sending.

Subject lines accurately reflect content; no false urgency

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History

Subject lines accurately reflect content; no false urgency

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History