CAN-SPAM governs whether the email you send is considered a legal communication or an illegal piece of unsolicited spam. If you don't abide by it, you're subject to fines and penalties from the U.S. federal government.
Be Who You Say You Are
The email address that you send from (the "from" address and the reply-to address) must be your own. The domain that you promote in the email must either be your own or be one that you are authorized to promote, and it MUST be the domain that you say it is (i.e.: you can't tell people that they are going to a site that sells coffee and then send them to an adult entertainment site). Basically, the information that a customer sees in the email has to actually be you or your business.
Don't Lie in the Subject Line
You can't use a subject line that promises a discount on groceries and then present an email that promotes anything other than a discount on groceries. In short, your subject line has to be truthful. The terminology of the law is that your subject line can't be "misleading".
Tell Them That You're an Advertisement
It may seem obvious to you, but the law says that you need to make it explicit at least once in the email.
You Need to Have an Actual Physical Location
This ensures that you are not a scammer and also allows customers a way of sending a verified communication to you to remove themselves from your mailing list.
You Have to Let People Know How to Opt-Out
This is called allowing email Opt-Out of your email list. This is typically done at the bottom of the email. The only actual CAN-SPAM Compliance requirement is that it be easy for an ordinary person to recognize and read this information.
Also important is the "universal unsub rule". If you have multiple newsletters or email lists, you may allow a person to unsub from only one list. However, you MUST provide the option of unsubscribing from ALL future marketing email of any kind. Unsubscribing from all future marketing email is called a "universal unsub".
When People Want Off Your Email List, Take Them Off
When you send an email, the information or link to unsubscribe from that email must be valid for 30 days. You're not allowed to charge a fee for removal from the list or require any information other than the user's email address. Most importantly, the user can't be required to do anything other than send you a reply email or visit a SINGLE webpage to unsubscribe.
Finally, once a user has unsubscribed, you may not under any circumstance sell or rent that person's email to anybody else. This is the most complicated part of the law, but it's also the most important. And, if you don't honor it, it's the easiest to get in trouble for because people will get upset if they continue to receive unwanted email from you.
Make Sure You Know What Your Marketing Agency is Doing
You are legally responsible for the actions of anybody you hire or authorize to send marketing email on your behalf.