You cannot use AWS to send spam emails or run email lists that don't comply with anti-spam laws — and AWS can shut down your account if you do.
This provision protects consumers from spam sent via AWS infrastructure, and businesses using AWS for email campaigns must maintain documented opt-in consent from all recipients to avoid account suspension and regulatory penalties under CAN-SPAM and GDPR.
How other platforms handle this
You may not use the Service if you are under the age of 13. If you are at least 13 but under the age of 18, you may only use the Service with permission of your parent or guardian as described in our Minors Policy (which is incorporated by reference into this Agreement).
We also don't tolerate anyone defrauding Shopify, other merchants, or buyers, using Shopify as a platform to send spam, or for other malicious practices.
We will reject apps for any content or behavior that we believe is over the line. What line, you ask? Well, as a Supreme Court Justice once said, "I'll know it when I see it." And we think that you will also know it when you cross it. Apps that present excessively violent or offensive content, adult...
Businesses using AWS Simple Email Service (SES) or other AWS infrastructure for email marketing must maintain strict opt-in consent records and CAN-SPAM/GDPR compliance, or risk account termination and regulatory enforcement.
(1) REGULATORY FRAMEWORK: This provision directly implements CAN-SPAM Act requirements (15 U.S.C. § 7701-7713, FTC enforcement), which mandate opt-out mechanisms, honest header information, and subject line accuracy for commercial email. GDPR Art. 6 and Recital 47, along with ePrivacy Directive 2002/58/EC Art. 13, require affirmative opt-in consent for direct marketing emails to EU recipients, going significantly further than CAN-SPAM's opt-out model. CASL (Canada's Anti-Spam Legislation) requires express or implied consent and imposes penalties up to CAD $10 million per violation. UK PECR (Privacy and Electronic Communications Regulations 2003) mirrors ePrivacy requirements. (2)
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.