You cannot use AWS to send spam, bulk unsolicited emails, or run denial-of-service attacks — and you cannot help others do these things through AWS infrastructure.
Businesses that use AWS for email marketing must ensure their campaigns include working unsubscribe mechanisms, accurate sender information, and physical mailing addresses as required by CAN-SPAM, or they risk both account termination and FTC enforcement action.
Cross-platform context
See how other platforms handle Prohibition on Spam and Unsolicited Communications and similar clauses.
Compare across platforms →This provision aligns with federal CAN-SPAM obligations and means businesses using AWS Simple Email Service (SES) or EC2 for email campaigns must maintain full compliance with opt-out mechanisms, sender identification, and content requirements.
1) REGULATORY FRAMEWORK: This provision directly implements the CAN-SPAM Act (15 U.S.C. § 7701 et seq.), which requires commercial email to include opt-out mechanisms, accurate headers, and physical postal addresses. GDPR Article 6 and Recital 47 govern consent requirements for email marketing to EU data subjects, and the ePrivacy Directive (2002/58/EC) requires prior opt-in consent for electronic marketing in most EU member states. CASL (Canada's Anti-Spam Legislation) applies to messages sent to Canadian recipients. Primary enforcement authorities are the FTC (CAN-SPAM), FCC (robocall/robotext), and EU national DPAs (GDPR/ePrivacy). 2)
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.