Consent is the foundation of legal email marketing. Without it, your emails risk being flagged as spam, blocked by ISPs, or subject to fines under laws like:
Not to mention, it’s just a bad/unprofessional look and will turn off prospects and customers.
NOTE: Below are common interpretations of the major compliance laws, but you should always work with your company’s legal expert/team to understand their interpretation of these laws and any local specifications that you also need to consider. The laws are not 100% clear in every circumstance, so there will always be some level of interpretation and risk tolerance decision involved.
| Type | Description | Best Practice | Required By |
|---|---|---|---|
| Explicit Consent | A user actively opts in (ex. checks a box, confirms via double opt-in) | Use for all marketing lists globally | GDPR, CASL, PECR |
| Implied Consent | Based on an existing relationship (ex. customer purchase or inquiry) | Valid only for transactional or limited-time B2B sends | CAN-SPAM, CASL |
| Soft Opt-In | Consent assumed for similar products after purchase | Use with clear opt-out & only for related services | PECR (UK) |
| No Consent Required | For transactional or service emails only (ex. receipts, password resets) | Still avoid promotional content. TO BE CLEAR: NO MARKETING OR SALES CONTENT WHATSOEVER!!! | All laws |
| Requirement | What It Means | Best Practice |
|---|---|---|
| Informed | People know what they’re signing up for | State clearly what kind of emails they’ll get |
| Freely Given | No pre-checked boxes or forced opt-ins | Use separate checkboxes, not bundled consent |
| Specific | Consent is tied to a particular use case | Separate consents for different types of messaging |
| Unambiguous | Users must take a clear, affirmative action | “Sign up” button, checkbox, or double opt-in email |
| Documented | You can prove when and how someone opted in | Store opt-in source, timestamp, and method |
| Area | Best Practice |
|---|---|
| Forms & CTAs | Be clear about what people are signing up for. Avoid vague phrases like “Stay in the loop.” |
| Double Opt-In | Send a confirmation email after sign-up to verify the address and consent. |
| Privacy Policy | Link to your privacy policy near every sign-up form. |
| Audit Trails | Store consent logs (timestamp, IP, method, form name). |
| Easy Opt-Out | Include a working unsubscribe link in every marketing email. No login should be required to opt out. |
| Preference Centers | Let users manage frequency, topics, or unsubscribe entirely. |
| B2B Considerations | In the U.S., CAN-SPAM allows cold emails, but you must include company address, opt-out link, and truthful subject lines. |
| Children’s Data | Obtain verifiable parental consent if targeting users under 16 (or younger depending on jurisdiction). |
To maintain compliance and prove lawful email sending, your MAP (ex. HubSpot, Marketo, Pardot, ActiveCampaign) and CRM (ex. Salesforce, HubSpot CRM, Dynamics) should include the following fields: