While the CAN-SPAM Act, strictly speaking, applies only to commercial email, anyone sending out bulk email (such as email lists) would be well advised to follow the guidelines.  Most are quite reasonable anyway, are are good overall best practices.
- Emails must have accurate information: From and to addresses, email headers, and all routing information must be accurate and identify the sender.
- No deceptive subject lines
- Online Opt-out must be available
- Unsubscribe system must work and be available for at least 30 days after the mailing
- Unsubscribe requests must be processed within ten business days
- Requires clear notice email is an advertisement
- Postal address must be included
If you run an affiliate program, be advised your affiliates must comply with CAN-SPAM or you will be held responsible! Being held responsible would not be fun. Read Gray Matters of CAN-SPAM for Affiliate Managers for an extremely helpful breakdown in the impact of various changes (by @affiliatetip and @MissyWard).
There are additional penalties for a variety of shady dealings, like harvesting email addresses from web pages to spam, falsifying domain registration info to spam, auto generating email addresses to spam, etc. There are also special rules governing sexually-explicit commercial email.
A few additional rules were added in the CAN-SPAM Update in 2008–Highlights include: Opt-out must not require a fee or require information other than an email address and mailing preferences . Street Addresses or PO Boxes are sufficient for physical address requirements. For multiple sender emails, at least one entity of the group is required to comply with opt-out requirements.
The bottom line is pretty simple: If you’re email is primarily commercial (and not about a transaction, like an invoice, for example), it needs to be labeled as commercial, include your snail-mail address, and sport an single-step online opt-out option that’s easy to find. The email itself needs to sent directly from your or your mailing list software, without any tracking/from address or routing info tomfoolery afoot. 
While opt-in  requirements are not a part of the official CAN-SPAM act, Opt-in IS part of our requirements for any bulk mailing from Good Karma Host Double opt-in–where the recipient both subscribes and verifies the subscription before receiving email–it even better. See, the thing to remember about CAN-SPAM is that it’s the minimum requirements for commercial emailing, not complete best-practice recommendations.
Email Marketing Tips & Info
- FTC CAN-SPAM Guidelines for Commercial Mailers
- FTC Press Release on the 2008 CAN-SPAM Update
- Marketing Sherpa on the CAN-SPAM Update
- Smashing Magazine’s Best Practices for Bulletproof Email Delivery–Info on how to send your email without getting flagged as spam
- Downloadable Guidelines on CAN-SPAM compliance and related Opt-Out Requirements in our Support Center Documentation Downloads
photo credit: hegarty_davidFootnotes