Sometimes it seems like the Internet is the Wild Wild West, and we’re all mysterious sharpshooters operating outside the law just trying to survive in this tougher world.

Wild West
You don’t look like you’re from around these here parts. Gif credit

But in reality, email marketers have to operate inside international email regulations when we send out our newsletters and drip campaigns. Some, like CAN-SPAM, have been around so long that email marketers probably don’t even think about it anymore — they just know how to follow it. But newer ones like CASL and GDPR might require further studying before you know them like the back of your hand.

You might think that email regulations will make an email marketer’s life more difficult. However, email marketing only works if your audience actually wants to hear from you. Email regulations do their best to keep everyone’s information safe and inboxes unclogged.

Email marketing can return an impressive ROI, but you don’t want to get sued or blacklisted because you didn’t know about a new law. Let’s take a look at the most critical email regulations you should know about.


Unfortunately for a lot of people, CAN-SPAM doesn’t mean that you’re allowed to spam everyone. In 2003, the US Congress passed CAN-SPAM, which is the Controlling the Assault of Non-Solicited Pornography and Marketing Act.

If you’re using an email service provider like Mailchimp or Constant Contact, then there are systems put in place that make it difficult to violate CAN-SPAM.

The main requirements are:

Don’t use false or misleading header information

Your “from,” “to,” “reply-to,” and routing information must be accurate and clearly identify who is sending the message. If you are misleading in that regard, you are violating CAN-SPAM.

For example, if you put a different name in the “From” to make it seem like it’s someone’s grandma emailing them instead of a company, then that is both incredibly misleading and in violation of CAN-SPAM.

Don’t use deceptive subject lines

When you work in email marketing, writing subject lines people will open is half the battle. But you also have to take into consideration the CAN-SPAM requirement of avoiding deceptive subject lines.

Sure, you could probably get more opens if you lie in the subject line, but it isn’t going to help you in the long run. Not only is it violating the law, but it doesn’t exactly make your audience trust you or want to open your emails ever again. For example, if you’re adding “Re:” to the subject line to make it look like they’ve emailed with you before, that’s deceiving your audience. If you say “Open for a 50% off coupon!” in the subject line, and then you don’t include that coupon in the email, you will be marked as a deceiver.

Tell recipients where you are

The email has to include your valid, physical postal address. Email service providers like Mailchimp or Constant Contact make this regulation easy to comply with by automatically adding it to the footer of your email for you. When you set up your account with them, they require this information from you, and then they’ll take care of the footer information.

Honor opt-out and unsubscribe requests promptly

Most systems these days can take people off your list immediately if they get an unsubscribe lists, but some people are still doing it manually, or maybe they’re using an older system that is programmed to clean their lists only a few times a month.

Not only is honoring unsubscribe requests quickly a good idea from a customer service and user experience perspective — there is nothing more annoying than unsubscribing from something and still receiving emails from them — but it’s also the law.

You have to be able to process opt-out requests within 30 days of the request, but we suggest you do it immediately.

Monitor what others are doing on your behalf

If you hire another company to handle your email marketing (like us! Hi!), you can’t contract away your legal responsibility to comply with the law.

Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.


Canada got into the email regulation game in 2014 when they passed Canada’s Anti-Spam Legislation (CASL). If you’re in Canada or you send emails to Canadian residents, you need to comply with CASL.

CASL regulations apply to any “Commercial Electronic Message (CEM)” sent from or to Canadian devices in Canada.

The legislation defines a CEM as any message that:

  • is in an electronic format
  • is sent to an electronic address
  • contains a message encouraging recipients to take part in some type of commercial activity

CASL defines two types of consent: implied and express.

Let’s take a look at both types of consent.

Implied Consent

Implied consent is a looser interpretation, whereas express consent requires action from both sender and recipient.

Consent is implied when:

  • the recipient purchased a product or service with your organization in the past 24 months
  • you are a registered charity or political organization, and the recipient has made a donation or gift, volunteered, or attended a meeting organized by you
  • a professional message is sent to someone whose email address was given to you or is conspicuously published, or who have published or told you that they don’t have unsolicited messages

If they don’t meet the above criteria, then you need express consent before you can send campaigns to them.

Express consent

Consent is considered “express” if there is a written or oral agreement from the recipient to receive specific types of messages.

Express content is considered valid if the following information is included:

  • a clear and concise description of your purpose in obtaining consent
  • a description of the messages you’ll be sending
  • the requester’s (i.e., your) name and contact information
  • a statement that the recipient may unsubscribe at any time

Additional CASL requirements

  1. You must retain a record of consent confirmations
  2. When requesting consent, checkboxes cannot be pre-filled to suggest consent. Each subscriber must check the boxes themselves for the consent to be valid.
  3. All messages sent must include your name, the person on whose behalf you’re sending (if any), your physical mailing address, and your telephone number, email address, or website URL.
  4. All messages sent after consent must also include an unsubscribe mechanism, and unsubscribes must be processed within ten days.


Remember around May 2018 when your email inbox was full of privacy policy updates?

That was the GDPR’s fault.

The GDPR stands for General Data Protection Regulation. It’s Europe’s new framework for data protection laws.

GDPR changes how businesses and public sector organizations can handle their customer information, and it gives individuals more control over their information.

Understanding the new GDPR requirements can be daunting, so let’s take a look at some of the key requirements.

Lawful, fair, and transparent processing

Companies that process personal data have to treat the data lawfully, fairly, and transparently. But what do those words even mean in this context?

  • Lawful means that all processing must have a legitimate purpose.
  • Fair means companies take responsibility and don’t process data for any other purpose than legitimate and necessary purposes. For instance, they may save data for tax purposes or if it’s necessary for the service you’re providing. Illegitimate reasons to keep someone’s information includes saving a customer’s payment information after you’ve already processed it and no longer need it.
  • Transparent means that the companies must inform data subjects (A.K.A. people whose data they have) about the processing activities on their personal data.

Limitation of purpose, data, and storage

Companies are only allowed to process and collect data that is necessary, and they cannot keep personal data once the processing purpose is completed.

Data subject rights

People have the right to ask a company what information it has about them and what the company does with that information. They also have the right to ask for a correction, object to processing, lodge a complaint, or ask for their personal data to be deleted or transferred.


If a company intends to process your personal data beyond the legitimate purpose for which the data was collected, the company must obtain clear and explicit consent from you. The consent must be documented, and you can withdraw your consent at any time.

Data Protection Officer

If an organization requires a significant amount of personal data processing, the organization should assign a Data Protection Officer. They have the responsibility of advising the company about GDPR compliance.

If you don’t know, now you know

Email regulations are one of those things that you probably don’t think much about unless you’re knee-deep in email marketing every day.

There are definitely more email regulations than what we talked about today. But if you’re emailing people in Europe, Canada, and the United States, you need to know about the big three laws above.

And if you need help creating a comprehensive email marketing strategy? Well, you know you can always call Digital Strike for a personalized plan.

Digital Strike

Learn more about Digital Strike

Recent Posts

Content marketing expert turns wooden cubes and changes the word 'push' to 'pull'

Push vs. Pull Marketing Content

Before you create that next piece of content—whether it’s a blog, social media ad, or email newsletter— stop and ask yourself, “Why am I writing this?” … Read More

Google’s Helpful Content Update, Explained in 2 Parts

Another day, another Google update. The latest core update to the Google algorithm for SERP is here. Curious as to what that means for you and … Read More

Understanding User Intent (Without a Psychology Degree)

Life is often one big mystery, but figuring out what customers and search users are really looking for doesn’t have to be mysterious at all. And … Read More

What Makes Content Authoritative? 5 Ways to Rank Well

You want your site to rank well on any given search engine results page (SERP). One of the best ways to achieve that? Have incredible, authoritative … Read More


Content Migration Grows Site Traffic By 211%

At Digital Strike, we often partner with companies that express a number of needs. Sometimes, those needs can only be fulfilled by content — but not … Read More

Content + Links: Why You Need Both to Succeed Digitally

To succeed in today’s digital world, your site needs to contain valuable content and earn quality inbound links. The most important word in that sentence is … Read More

Writing Subject Lines Your Fans Will Click For

It doesn’t matter how fantastic your content or design is inside your email if no one even opens it. If you can’t get them to open … Read More

Writing for Email & Social Media

Writing for different platforms isn’t exactly easy. A professional writer might be able to transition between writing for social media to a blog post to email … Read More

7 Writing Tools for SEO Copywriters

Writing is hard. It doesn’t matter if you do it professionally or you have somehow become the main writer in the office without knowing how you … Read More

Email Marketing Has a Fantastic ROI


You want your marketing dollars to generate new leads and engage current customers, but you also need that strategy to be cost-effective. Email marketing is the … Read More

Organic Search Opportunity

Organic Search Opportunity is Changing (Again)

Is SEO opportunity actually shrinking? Organic search opportunity has always been a constantly changing field.  Algorithm changes send everyone into a tizzy a few times a … Read More

How long does SEO take to work?

How Long Does SEO Take to Work?

TL;DR: SEO results take more time than you think. Almost every SEO client we have asks us, How long does SEO take for my website to … Read More

Marketing Trends in 2018

3 Digital Marketing Trends to Watch for in 2018

Ah, the end of the year: a time to reflect on the previous 12 months and a time to look to the future. 2017 brought us … Read More

Does PPC Affect Organic Rankings?

A Digital Marketing Misconception: Does PPC Affect SEO?

In the digital marketing world, there are a lot of misconceptions and myths (myth-conceptions, if you will) about how organic search engine optimization and pay-per-click campaigns work together. We’ve heard and seen it all. … Read More

Calling all writers: We’re looking for a hungry, strategy-driven content creator to join our team!

Content Creator/Content Strategist Here’s the 411: We’re looking for an experienced content creator/content strategist to work directly with our strategy team to develop, modify and execute … Read More

Why you aren’t ranking first in Google for [INSERT KEYWORD] … And why that’s okay

You might be wondering: “Why am I not ranking first in Google for [INSERT KEYWORD]?” It’s not a bad question—it shows you value your business’ position … Read More

Local SEO ranking factors: What gets you into the game, and what makes you stand out

Just because you’re on the track doesn’t mean you’ll win the race. Maybe you bought the shoes and paid the entrance fee, but if you didn’t … Read More

A Digital Marketer’s Guide To Website Redesign

Jealous of a competitor’s new website? Annoyed with poor performance month over month? Many website owners encounter a point in their website’s life when they just … Read More

5 Must-Have Elements of Every Small Business Online Marketing Plan

Image Credit Of course, this is by no means an exhaustive list, but the following could be considered the most conducive to the budget of even … Read More