CAN-SPAM §5(a)(5)(A) mandates a valid physical postal address in the body of every commercial email — not just on the website, in the email itself. Missing this element is one of the most mechanically detectable CAN-SPAM violations because it requires only inspecting templates, not behavior. CASL Section 6 adds the same requirement for Canadian senders. Unlike consent violations that require evidence of a recipient relationship, a missing address is a strict-liability violation that applies to every commercial email sent without it.
Medium because the violation is strict-liability and affects every commercial email sent, but the business impact is lower than consent or opt-out failures since recipients can still exercise their unsubscribe right.
Add a physical address component to every commercial email footer template in src/emails/.
// src/emails/footer.tsx — shared footer for all marketing emails
export function EmailFooter({ unsubscribeUrl }: { unsubscribeUrl: string }) {
return (
<div style={{ color: '#999', fontSize: '12px', textAlign: 'center', marginTop: '40px' }}>
<p>
<a href={unsubscribeUrl}>Unsubscribe</a> from marketing emails at any time.
</p>
<p>
{/* CAN-SPAM §5(a)(5)(A) — complete postal address required */}
YourProduct, Inc. · 123 Main Street, Suite 100 · San Francisco, CA 94105 · USA
</p>
</div>
)
}
City and country alone do not satisfy the requirement — a street address or registered P.O. Box is required. If the company uses a registered agent, that address is acceptable. Import this footer into every marketing template; transactional emails are exempt.
ID: email-sms-compliance.sender-identity.physical-address
Severity: medium
What to look for: Enumerate every relevant item. CAN-SPAM requires that every commercial email include a valid physical postal address for the sender — a street address, P.O. Box, or a registered mail drop. Check every email body template for a footer containing a physical address. The address must be: a complete postal address (not just a city and country), a real, reachable address (P.O. Boxes and registered agent addresses are acceptable), and included in the message body (not just a website footer — it must be in the email itself). Check templates in src/emails/, emails/, templates/, and any inline HTML strings used in email-sending code.
Pass criteria: At least 1 of the following conditions is met. Every commercial email template includes a complete physical postal address in the footer. The address is real and belongs to the company or its registered agent.
Fail criteria: No physical address in email templates. Address is incomplete (city and country only, no street or P.O. Box). Address is in the website footer but not in the email body template.
Skip (N/A) when: The application sends no commercial email.
Detail on fail: Example: "Email footer template at src/emails/footer.tsx includes company name and website but no physical postal address. CAN-SPAM requires a complete physical address in every commercial email.".
Remediation: Add a physical address to every commercial email footer template:
// src/emails/footer.tsx — shared footer for all marketing emails
export function EmailFooter({ unsubscribeUrl }: { unsubscribeUrl: string }) {
return (
<div style={{ color: '#999', fontSize: '12px', textAlign: 'center', marginTop: '40px' }}>
<p>
You are receiving this because you signed up for updates from YourProduct.
<br />
<a href={unsubscribeUrl}>Unsubscribe</a> from marketing emails at any time.
</p>
<p>
{/* CAN-SPAM required physical address */}
YourProduct, Inc. · 123 Main Street, Suite 100 · San Francisco, CA 94105 · USA
</p>
</div>
)
}
If your company uses a registered agent or P.O. Box, those are acceptable. The key requirement is a complete, deliverable postal address — city and country alone are insufficient. Import this footer component into every marketing email template.