With this talk of subscriptions, I just wanted to make a note that the CAN-SPAM Act affects small businesses. Really, it applies to anyone who sends out "bulk" emails, even if the recipients of those emails have requested to be on your list (and, you do only send your emails to people who have requested to be on your list, right?)

CAN-Spam laws have been revisited, debated and revised a couple of times in the past couple of years. Here's the current rules from this law:

(From Wikipedia: http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003)

CAN-SPAM defines a "commercial electronic mail message" as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)." It exempts "transactional or relationship messages." The FTC issued final rules (16 C.F.R. 316) clarifying the phrase "primary purpose" on December 16, 2004. Previous state laws had used bulk (a number threshold), content (commercial), or unsolicited to define spam.
"Commercial", by many industry standards, is defined by a combination of the content in the subject line and "above the fold content" in the body of the message. If this content contains a solicitation and it can be determined that the majority of the content is selling something- it is a commercial offer.
If the subject line and body content are majority invoicing information, a sales receipt, account information, etc. the offer is considered transactional. Note that an offer or advertisement can be placed in a transactional message so long as it is placed in a non-prominent position. Many in the email marketing industry utilize the 80/20 rule to define commercial vs. transactional email in order to be clearly in either category.
The bill permits e-mail marketers to send unsolicited commercial e-mail as long as it adheres to 3 basic types of compliance defined in the CAN-SPAM Act: unsubscribe, content and sending behavior compliance:
Unsubscribe compliance

    • A visible and operable unsubscribe mechanism is present in all emails.
    • Consumer opt-out requests are honored within 10 days.
    • Opt-out lists also known as suppression lists are only used for compliance purposes.

Content compliance

    • Accurate from lines (including "friendly froms")
    • Relevant subject lines (relative to offer in body content and not deceptive)
    • A legitimate physical address of the publisher and/or advertiser is present (this can be a post office box or private mailbox)
    • A label is present if the content is adult.

Sending behavior compliance
A message cannot be sent through an open relay

    • A message cannot be sent to a harvested email address
    • A message cannot contain a false header (the email details about where it's from must be accurate)

Note that falsifying header information is a serious violation of the CAN-SPAM Act and generally is an indicator of criminal or malicious intent which can bring the attention of other law enforcement agencies besides the FTC, including but not limited to the FBI, DOJ and US Postal Inspectors.
The content is exempt if it consists of:

    • religious messages;
    • political messages;
    • content that broadly complies with the marketing mechanisms specified in the law; or
    • national security messages.

There are no restrictions against a company emailing its existing customers or anyone who has inquired about its products or services, regardless of whether or not these individuals have given permission, as these messages are classified as "relationship" messages under CAN-SPAM.

More details about CAN-Spam are available here:

Wikipedia: http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003