Consent is the foundation of legal email marketing. Without it, your emails risk being flagged as spam, blocked by ISPs, or subject to fines under laws like:
Not to mention, it’s just a bad/unprofessional look and will turn off prospects and customers.
NOTE: Below are common interpretations of the major compliance laws, but you should always work with your company’s legal expert/team to understand their interpretation of these laws and any local specifications that you also need to consider. The laws are not 100% clear in every circumstance, so there will always be some level of interpretation and risk tolerance decision involved.
(Did you find this helpful? Sign up for more MOPS content from Sara here: https://the-marketing-operations-strategist.beehiiv.com/)
| Type | Description | Best Practice | Required By |
|---|---|---|---|
| Explicit Consent | A user actively opts in (ex. checks a box, confirms via double opt-in) | Use for all marketing lists globally | GDPR, CASL, PECR |
| Implied Consent | Based on an existing relationship (ex. customer purchase or inquiry) | Valid only for transactional or limited-time B2B sends | CAN-SPAM, CASL |
| Soft Opt-In | Consent assumed for similar products after purchase | Use with clear opt-out & only for related services | PECR (UK) |
| No Consent Required | For transactional or service emails only (ex. receipts, password resets) | Still avoid promotional content. TO BE CLEAR: NO MARKETING OR SALES CONTENT WHATSOEVER!!! | All laws |
| Requirement | What It Means | Best Practice |
|---|---|---|
| Informed | People know what they’re signing up for | State clearly what kind of emails they’ll get |
| Freely Given | No pre-checked boxes or forced opt-ins | Use separate checkboxes, not bundled consent |
| Specific | Consent is tied to a particular use case | Separate consents for different types of messaging |
| Unambiguous | Users must take a clear, affirmative action | “Sign up” button, checkbox, or double opt-in email |
| Documented | You can prove when and how someone opted in | Store opt-in source, timestamp, and method |
| Area | Best Practice |
|---|---|
| Forms & CTAs | Be clear about what people are signing up for. Avoid vague phrases like “Stay in the loop.” |
| Double Opt-In | Send a confirmation email after sign-up to verify the address and consent. |
| Privacy Policy | Link to your privacy policy near every sign-up form. |
| Audit Trails | Store consent logs (timestamp, IP, method, form name). |
| Easy Opt-Out | Include a working unsubscribe link in every marketing email. No login should be required to opt out. |
| Preference Centers | Let users manage frequency, topics, or unsubscribe entirely. |
| B2B Considerations | In the U.S., CAN-SPAM allows cold emails, but you must include company address, opt-out link, and truthful subject lines. |
| Children’s Data | Obtain verifiable parental consent if targeting users under 16 (or younger depending on jurisdiction). |