Email opt-in laws for newsletters: Legal Requirements and Risks

Oct 1, 2017

Topic:  Online marketing
Time Investment: 12 Minutes
Suggested Product: Online Marketing Bundle

Build your list, they say!

But what are the the risks and email opt-in laws for newsletters?

Sending emails to your clients and prospects is only one way to do business of course — but, does that mean you can send emails to anyone you like?

Short answer: it depends on where the recipients are located, whether they have consented to receiving the email, and what your emails contain.

Whether you send a newsletter to a large list or an email to a single recipient to solicit business or promote your goods or services, you need to be in compliance with the legal requirements that apply.

If you have local clients, you will be able to focus on the requirements for that jurisdiction, but if you have individuals on your email list from any other country, then you may want to consider basing your company policies on the most demanding of the requirements.

To be clear, in addition to your own location, the physical location of your subscriber determines the legislation on which to base your procedures.

So, you will likely need to comply with the rules in more than one country.

We’re going to briefly discuss the requirements and risks for sending unsolicited emails to clients in the USA. The rules that apply are those in the jurisdiction where the recipient is located.

The legislation to governs business solicitation emails in the USA is the The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (often referred to as “CAN-SPAM Act”). This legislation covers business (or commercial) emails sent with the primary purpose of advertising or promotion of a product or service.

CAN-SPAM (15 USC Ch. 103) allows businesses to sent direct marketing emails to be sent to anyone, without permission or prior “opt-in,” until the recipient explicitly requests to opt-out (the want the emails to stop). If you failure to comply with the act, you may be subject to substantial fines and penalties. Those penalties can be substantial: every email (an email sent to multiple addresses is counted as separate emails) that violates CAN-SPAM can result in a penalty up to $16,000. The Federal Trade Commission provides a guide to help you comply.

There are specific guidelines CAN-SPAM provides for businesses:

  • The email address you send from must be real (not deceptive or fraudulent).Ideally it should contain a Business Name or the name of the individual sending the email.
  • The subject line must not be misleading about the content of the message. Don’t bait and switch. Acceptable subject lines include: “Thanks for signing up! Please confirm your subscription.” “New fandangled product, now $19”
  • A postal address must be included on each email. It must be accurate – a USPS address or post office box. In addition to being required by CAN-SPAM, including an address is to provide an additional means of opting out.
  • The email must include clear acknowledgement that it is a solicitation or advertising email. Exception: if all recipients have given you explicit permission to send them emails (an opt-in) you do not need to clearly acknowledge the solicitation/advertising aspect but you are still required to accurately have the sender and their domain and email address identified.
  • Every email must include an opportunity to opt-out that is clear and visible. Many businesses include a clear but simple “unsubscribe” or “opt-out” link at the bottom of their emails. However you do this, it must be considered to be easy to request to unsubscribe or not to receive further emails.
  • Businesses may not require “subscribers” pay a fee to opt-out, nor can they require “subscribers” provide any additional information other than their email address and opt-out preferences. In fact, businesses must not require “subscribers” to do anything other than replying to an email or visiting a hyperlinked webpage to opt out of the mailing list and to prevent any further emails from the sender. You also cannot sell the information of a “subscriber” who opts-out to another entity.
  • If a recipient of one of your emails makes an opt-out request, you must honor it within 10 days. Many email list services and applications include guaranteed action on the opt-out requests within the required time period as a standard practice.
  • You are responsible for what contractors do in your name. If a contractor does something illegal while sending emails from your business name you will be held responsible.

CAN-SPAM doesn’t provide guidance or restrictions on list building or collection. This means that providing you comply with the rules above you can send marketing emails to anybody without gaining consent. But even if you can legally send an email to anyone (until they explicitly opt-out) – including buying lists – this may not be the best business practice.


Some best practices

  • Clearly communicate that you are requesting an email address for the purpose of sending information about your goods and services.
  • Send a confirmation email to those who have given their addresses at an in person event.
  • Consider implementing double opt-in procedures (even though these are not required by CAN-SPAM.
  • Consider providing signup incentives – these could include discounts on a future purchase or bonus content.
  • Use clear and accurate subject lines. You can use A/B testing to see what subject lines lead to the highest likelihood of recipients opening them.
  • Create a checklist to ensure CAN-SPAM compliance (including opt-out/unsubscribe links, postal address, subject lines, to and from email addresses etc).
  • Some insurers provide an Advertising liability coverage as part of professional liability insurance – check to see whether your policy includes defense against CAN-SPAM violation allegations.



Many applications or service providers that provide email list administration and facilitation require opt-in (prior permission) as standard practice. It is more than US law strictly requires, but protects you and the service from liability that might arise because you don’t comply with the legal requirements in the jurisdiction where the recipient of your email resides.

Building a newsletter (or other kind of email marketing list) through organic means can have the added benefit of ensuring that you are going above and beyond what US law requires (those $16000 fines are something to be very hesitant about!


Explore more