Valid physical postal address in every commercial email

CAN-SPAM §5(a)(5)(A) mandates a valid physical postal address in the body of every commercial email — not just on the website, in the email itself. Missing this element is one of the most mechanically detectable CAN-SPAM violations because it requires only inspecting templates, not behavior. CASL Section 6 adds the same requirement for Canadian senders. Unlike consent violations that require evidence of a recipient relationship, a missing address is a strict-liability violation that applies to every commercial email sent without it.

Add a physical address component to every commercial email footer template in src/emails/.

// src/emails/footer.tsx — shared footer for all marketing emails
export function EmailFooter({ unsubscribeUrl }: { unsubscribeUrl: string }) {
  return (
    <div style={{ color: '#999', fontSize: '12px', textAlign: 'center', marginTop: '40px' }}>
      <p>
        <a href={unsubscribeUrl}>Unsubscribe</a> from marketing emails at any time.
      </p>
      <p>
        {/* CAN-SPAM §5(a)(5)(A) — complete postal address required */}
        YourProduct, Inc. · 123 Main Street, Suite 100 · San Francisco, CA 94105 · USA
      </p>
    </div>
  )
}

City and country alone do not satisfy the requirement — a street address or registered P.O. Box is required. If the company uses a registered agent, that address is acceptable. Import this footer into every marketing template; transactional emails are exempt.

• ID: physical-address

• Severity: medium

• What to look for: Enumerate every relevant item. CAN-SPAM requires that every commercial email include a valid physical postal address for the sender — a street address, P.O. Box, or a registered mail drop. Check every email body template for a footer containing a physical address. The address must be: a complete postal address (not just a city and country), a real, reachable address (P.O. Boxes and registered agent addresses are acceptable), and included in the message body (not just a website footer — it must be in the email itself). Check templates in src/emails/, emails/, templates/, and any inline HTML strings used in email-sending code.

• Pass criteria: At least 1 of the following conditions is met. Every commercial email template includes a complete physical postal address in the footer. The address is real and belongs to the company or its registered agent.

• Fail criteria: No physical address in email templates. Address is incomplete (city and country only, no street or P.O. Box). Address is in the website footer but not in the email body template.

• Skip (N/A) when: The application sends no commercial email.

• Detail on fail: Example: "Email footer template at src/emails/footer.tsx includes company name and website but no physical postal address. CAN-SPAM requires a complete physical address in every commercial email.".

• Remediation: Add a physical address to every commercial email footer template:

  // src/emails/footer.tsx — shared footer for all marketing emails
  export function EmailFooter({ unsubscribeUrl }: { unsubscribeUrl: string }) {
    return (
      <div style={{ color: '#999', fontSize: '12px', textAlign: 'center', marginTop: '40px' }}>
        <p>
          You are receiving this because you signed up for updates from YourProduct.
          <br />
          <a href={unsubscribeUrl}>Unsubscribe</a> from marketing emails at any time.
        </p>
        <p>
          {/* CAN-SPAM required physical address */}
          YourProduct, Inc. · 123 Main Street, Suite 100 · San Francisco, CA 94105 · USA
        </p>
      </div>
    )
  }
  

  If your company uses a registered agent or P.O. Box, those are acceptable. The key requirement is a complete, deliverable postal address — city and country alone are insufficient. Import this footer component into every marketing email template.