Email Marketing and Spam Laws

Every year, governments tighten anti-spam laws. New restrictions mean tougher penalties for lawbreakers. In this article, we’ll review spam laws both nationally and internationally. And you will get to know how your company can avoid costly mistakes.


This 2003 law defines commercial email messages and sets guidelines for sending behavior, content, and subscription compliance (which are different from transactional or relationship-based emails).

One rule is to make “unsubscribe” both functional and visible to readers. Companies must also have valid physical addresses, “From” information, and subject lines. This Act also prohibits sending emails from a purchased list.

But the rules don’t end there. Let’s look at a few that affect any international email your marketing team sends.


Compliance with global laws is critical for businesses larger than mom and pop. These laws apply to any entity sending emails to citizens of a specific country.


This is why the Canadian Anti-Spam Law (CASL) threatened millions in fines when American companies sent emails to their northern neighbors. Contrary to CAN-SPAM, which is an opt-out law, CASL is opt-in.

Pre-checked boxes do not constitute consent. Businesses must obtain consent via opt-in, where subscribers voluntarily grant permission. A new wave of anti-spam legislation is on the way, with transitional periods ending on July 1, 2017.

GDPR: General Data Protection

It is expected that the General Data Protection Regulation (GDPR) will be approved by the European Union Parliament within a month (GDPR). On expects the revised directive to become law in all 28 EU member states in 2018. The legislation contains detailed requirements for obtaining consent, as well as guidelines for storing and using collected data.

The GDPR also aims to simplify the regulatory environment for international businesses by combining EU regulations. GDPR replaces the 1995 data protection directive.

Compliance Best Practices

With these laws in place, best practices for email marketing help businesses stay compliant.

1. Never Buy a List

Whether you use single or double opt-ins is entirely up to you, but never, ever buy a list. Buying an email list puts you in a spam trap.

Most purchased lists contain inaccurate and out-of-date data, and there is no way to verify the age of the email addresses. Each year, 22.5 percent of email addresses expire. Companies that send to invalid email addresses risk being marked as spam or blacklisted. Businesses lose deliverability and sender scores when they send to thousands of people who never opted in.

2. Use Double Opt-in

Double opt-in lists not only comply with international spam laws, but also help increase email open rates. MailChimp chose 30,000 users from its database who had sent at least ten emails to test double opt-ins’ impact on email marketing stats. The email service provider found that double opt-in increased email opens by 72.2%. A 114 percent increase in clicks over single opt-in lists!

3. Make Smart Choices for Name and Subject Lines

According to Convince & Convert, 43% of email recipients report spam based solely on “from” names or email addresses. And 69% said they would report spam based on the subject line. As a result, businesses must be clear about who they are and what their emails say. This is the only way to keep the people you worked so hard to get on the list.

4. Purge dirty lists

Data maintenance is a critical component of CASL and GDPR, so keep an eye out. A pre-filled checkbox does not constitute valid consent. Keep track of who gave you permission. Keep in mind that ISPs use engagement metrics to monitor spam, so keeping your list clean is critical. Clean lists also engage more than old or purchased lists.

CASL’s implied consent expires in about two years. For example, someone who buys a product impliedly consents to be added to your mailing list. But you should confirm their consent every two years. Run a re-engagement campaign where recipients click a button to confirm they want to hear from you.

The GDPR gives recipients the “right to be forgotten” if their data is no longer needed for the original purpose. That means you can’t use one company’s list to advertise for another.

5. Easy Unsubscribe

While it may seem obvious, we are constantly surprised by how often “unsubscribe” links are forgotten or broken in daily email campaigns. When a recipient clicks on a link, businesses can learn why they clicked. So make the process simple and remove them quickly from your list (within 10 business days is required in the United States).


It’s difficult to follow these rules and laws while also building a list using strict opt-in methods, but perseverance pays off. Quality over quantity in email marketing. Engaged lists lead to better campaign performance, deliverability, and long-term results for your brand and bottom line.

Leave a comment