Email marketing is incredibly powerful offering exceptional flexibility but there are several legal guidelines you should know about. That’s right, we are referring to GDPR and the CAN-SPAM Act. While the focus may be on all the rules, they can actually help you manage your mailing list more effectively.

There is so much you can do to tailor your email marketing strategy but before we get to that, it’s important to learn the relevant laws to make sure you comply. Getting subscribers to explicitly opt-in (give permission) to send emails is only the tip of the iceberg. From a business’ perspective and that of your customers, it’s the right thing to do.

Recap Of GDPR And CAN-SPAM Act

You may recall one of our earlier blogs, ‘A New Era For Email Marketing With GDPR And BIMI’. To give you some background on where it all began, we have to go back to 2003.

At that time, President George Bush signed the CAN-SPAM Act into law which included very clear guidelines. It outlined how marketers were allowed to contact consumers and the type of information they must disclose in their emails. In addition, it stipulated how customers’ requests should be handled regarding their personal information.

More recently, the European Union introduced the General Data Protection Regulation (GDPR) which took effect in May 2018. This is their data protection law with several regulations email marketers must also comply with. It’s important to understand what these ‘rules of engagement’ mean whether your target audience is in the EU or abroad.

CAN-SPAM And GDPR Regulations For Email Marketing

Brands of all types and sizes should know by now the importance of complying with email marketing rules. Considering the strict regulations and hefty penalties for non-compliance, it’s best to provide full transparency, be respectful of audience privacy and offer relevant, engaging content. Let’s take a look at some of the rules and regulations.

Have Permission To Send Emails

Without explicit permission to email someone, you are in breach of the core principles of GDPR and CAN-SPAM Act. While the term ‘permission’ may vary between the different country’s laws, the accepted two types are implied permission and express permission.

When we talk about implied permission, we refer to people you have an existing business relationship with. This can be existing customers, those who have donated to your charity or people who actively participate on your website, club or online communities.

If none of the above applies to your mailing list, you’ll need to get express permission. This is when someone explicitly gives you permission to send them emails whether they enter their email address into an online registration form or by giving you their information in-store or at an event.

Clear Subject Lines And Headers

As part of the CAN-SPAM Act, emails should contain valid ‘To’ and ‘From’ domain names and email addresses. The email must show the real business name or the person sending the message. Under no circumstances should anyone pretend to be a celebrity or a fictional character.

In terms of honesty and transparency, subject lines should clearly indicate the contents of the email. The subject line cannot state that a prize or free tickets to a show are up for grabs but then it never appears again in the email.

Clearly State If The Email Is An Advert

Not all brands send adverts via emails as many only send newsletters, educational content or company announcements. Others send emails to confirm an online order or thanking customers for their purchase. However, if you are sending an email with commercial content you have to clearly indicate somewhere in the email that it is an ad.

According to the CAN-SPAM Act, commercial content is defined as “[content which] advertises or promotes a commercial product or service, including content on a website operated for a commercial purpose”. You also shouldn’t add it in small print hidden somewhere at the bottom; it has to be clear and obvious.

Include Your Company Address

Email marketing laws from most countries stipulate that you must include a valid business address in the email footer. It can either be a PO Box or a street address. If you are using an email marketing or marketing automation platform like SharpSpring, HubSpot, MailChimp or Campaign Monitor, it becomes an essential part of the setup.

Once the process is complete, every email template will include a space in the footer to add the required information. Depending on the software, you either click to edit the information in the email before sending or it appears automatically once it has been sent.

Provide An Unsubscribe Or Opt-Out Option

GDPR and the CAN-SPAM Act are very strict about correctly handling unsubscribe requests. To start, you must provide all your subscribers with an option to unsubscribe. The messaging must be included in every email and the unsubscribe link easy for readers to find.

According to the CAN-SPAM laws you must honour an opt-out request within 10 business days and may not charge a fee to unsubscribe them. In terms of GDPR, you must keep proof of consent to send them emails in the first place. It should include who, when, and how for each interaction. You also need to keep record of the messaging you sent them at the time of consent.

Take Responsibility

According to the law, you are responsible to maintain anti-spam rules even if you hire someone to do your email marketing for you. Make sure that they are up to date on all the laws as you will be held liable and could face a hefty fine. Both the marketer and your company may be held responsible for failing to adhere to the laws. The only exception to anti-spam rules are transactional emails and this includes order or shipping confirmations and password resets.

How Can BIMI Help With Your Email Marketing Campaigns?

An industry wide standard known as BIMI or Brand Indicators for Message Identification aims to further improve trust and email deliverability by including the company logo in the email. It is one of the latest developments in email authentication and while the focus is on preventing fraudulent emails, it is also a golden opportunity for companies to put their brands in front of their customers.

According to Marcel Becker, Director of Product Development at Verizon Media, “For a BIMI logo to be able to be displayed, the sender needs to be authenticated DMARC, SPF and DKIM for us to trust that source. Then, the brand needs to publish the logo in the DNS record.”  (Source:

For a broader overview and helpful tips, read ‘Why BIMI Is Important For Email Deliverability?


One thing is certain, email marketing is so much more than just sales or promotions. Think about how much more you can offer your target audience in terms of relevant and interesting content that educates them or helps them solve a pressing issue. It’s vital to conform to the regulations from a legal standpoint but also to build trust with your customers.

If you would like to review the effectiveness of your email marketing strategy, get in touch today for a free consultation. We can help tailor specific solutions for your brand including Marketing AutomationMobile MarketingPPC, SEOSocial Media Management and more.

Related Post

Take Charge of Your Email...

Email marketing is still one of the most effective marketing strategies but it’s not as...

Harnessing the Power of...

With the digital world growing exponentially, it’s not surprising that more than 40%...

5 Elements for Successful...

The marketplace is getting more crowded by the day and standing out is harder than ever....

Back to Basics: Fundamentals...

Creating a successful marketing email is more important than ever before. So much data is...

Mastering The Marketing...

When it comes to successfully managing and improving your marketing and sales results,...

7 Ways To Master Email...

A new year gives the opportunity to tell your story in a different way and perfect your...

Leave a Comments