Deliverability

What counts as email consent?

Explicit opt-in is real consent; purchased and scraped lists are not. A practical look at CAN-SPAM and CASL basics and what they require.

Consent is permission from a recipient to email them. It's the foundation of deliverability and the law: mailbox providers reward senders whose recipients want their mail, and anti-spam statutes penalize those who mail people who didn't ask. This is general guidance, not legal advice — consult a lawyer for your specific situation.

  • Explicit opt-in — someone deliberately signed up: checked a box, filled in a form, or confirmed via email (double opt-in). This is the gold standard.
  • Confirmed opt-in (double opt-in) — they signed up *and* clicked a confirmation link. The strongest, cleanest form of consent; it also proves the address is valid.
  • Existing business relationship — in some jurisdictions, a recent customer can be emailed about related products, within limits. Narrower than people assume.

What does NOT count

Purchased, rented, or scraped lists are never valid consent. Those recipients never agreed to hear from you. They produce high complaints and bounces, wreck your reputation fast, and can land you on a permanent bad-sender footing with Gmail and Microsoft. MailBlastr is built for opt-in sending; don't import a bought list.
  • Buying or renting an email list.
  • Scraping addresses from websites or LinkedIn.
  • A business card dropped in a bowl, unless you clearly said you'd email them.
  • "They're a customer so they won't mind" — assumed consent isn't consent.
  • A clause buried in your Terms of Service that says users "agree to receive emails."
  • A pre-checked marketing checkbox on your signup form — consent must be an active opt-in, so the box has to start unchecked.
  • Treating someone as opted-in until they unsubscribe. Silence is not consent.

CAN-SPAM (United States)

CAN-SPAM doesn't require opt-in, but it does require:

  • No false or misleading headers or From addresses.
  • No deceptive subject lines.
  • A clear, working unsubscribe mechanism, honored within 10 business days.
  • A valid physical postal address in the message.
  • Identifying the message as an ad where applicable.

CASL (Canada)

CASL is stricter — it generally requires express or implied consent before you send, requires you to identify yourself, and requires a working unsubscribe. Penalties are significant. If you mail Canadian recipients, get explicit opt-in.

GDPR / e-Privacy (EU/UK)

For EU/UK recipients, marketing email generally requires freely given, specific, informed opt-in consent, with an easy way to withdraw it. Pre-ticked boxes don't count.

The simplest way to get real consent is to ask for it clearly and separately. Add an unchecked checkbox to your signup form with specific wording, for example:

Yes, I want to receive product updates and occasional marketing emails.
  • Keep it optional and unchecked by default.
  • Make the wording clear and specific about what they'll receive.
  • Place it outside your Terms of Service, not bundled into them.
  • Include a one-click unsubscribe link in every email you then send.

For an extra-strong record, use double opt-in: after signup, send a confirmation email the recipient must click before they're added. It proves the address is valid and that its owner actually wanted in — see keeping your audiences healthy.

Practical takeaway

Build your list with explicit opt-in, always include a working unsubscribe (MailBlastr campaigns do this for you — see Should I add an unsubscribe link?), include your postal address in marketing mail, and honor opt-outs immediately. Do that and you satisfy the law *and* keep providers happy.