# What counts as email consent?

> Explicit opt-in is real consent; purchased and scraped lists are not. A practical look at CAN-SPAM and CASL basics and what they require.

**Consent** is permission from a recipient to email them. It's the foundation of deliverability and the law: mailbox providers reward senders whose recipients want their mail, and anti-spam statutes penalize those who mail people who didn't ask. This is general guidance, not legal advice — consult a lawyer for your specific situation.

## What counts as consent

- **Explicit opt-in** — someone deliberately signed up: checked a box, filled in a form, or confirmed via email (double opt-in). This is the gold standard.
- **Confirmed opt-in (double opt-in)** — they signed up *and* clicked a confirmation link. The strongest, cleanest form of consent; it also proves the address is valid.
- **Existing business relationship** — in some jurisdictions, a recent customer can be emailed about related products, within limits. Narrower than people assume.

## What does NOT count

> **Warning:** **Purchased, rented, or scraped lists are never valid consent.** Those recipients never agreed to hear from you. They produce high complaints and bounces, wreck your reputation fast, and can land you on a permanent bad-sender footing with Gmail and Microsoft. MailBlastr is built for opt-in sending; don't import a bought list.

- Buying or renting an email list.
- Scraping addresses from websites or LinkedIn.
- A business card dropped in a bowl, unless you clearly said you'd email them.
- "They're a customer so they won't mind" — assumed consent isn't consent.
- A clause buried in your **Terms of Service** that says users "agree to receive emails."
- A **pre-checked** marketing checkbox on your signup form — consent must be an active opt-in, so the box has to start unchecked.
- Treating someone as opted-in **until they unsubscribe**. Silence is not consent.

## CAN-SPAM (United States)

CAN-SPAM doesn't require opt-in, but it does require:

- No false or misleading **headers** or `From` addresses.
- No deceptive **subject lines**.
- A clear, working **unsubscribe** mechanism, honored within 10 business days.
- A valid **physical postal address** in the message.
- Identifying the message as an **ad** where applicable.

## CASL (Canada)

CASL is stricter — it generally requires **express or implied consent before** you send, requires you to **identify yourself**, and requires a working **unsubscribe**. Penalties are significant. If you mail Canadian recipients, get explicit opt-in.

## GDPR / e-Privacy (EU/UK)

For EU/UK recipients, marketing email generally requires **freely given, specific, informed opt-in** consent, with an easy way to withdraw it. Pre-ticked boxes don't count.

## How to collect consent cleanly

The simplest way to get real consent is to ask for it clearly and separately. Add an **unchecked** checkbox to your signup form with specific wording, for example:

> **Note:** Yes, I want to receive product updates and occasional marketing emails.

- Keep it **optional** and **unchecked** by default.
- Make the wording **clear and specific** about what they'll receive.
- Place it **outside** your Terms of Service, not bundled into them.
- Include a one-click unsubscribe link in every email you then send.

For an extra-strong record, use **double opt-in**: after signup, send a confirmation email the recipient must click before they're added. It proves the address is valid and that its owner actually wanted in — see [keeping your audiences healthy](https://www.mailblastr.com/docs/kb/audience-hygiene).

## Practical takeaway

Build your list with explicit opt-in, always include a working unsubscribe (MailBlastr campaigns do this for you — see [Should I add an unsubscribe link?](https://www.mailblastr.com/docs/kb/unsubscribe-link)), include your postal address in marketing mail, and honor opt-outs immediately. Do that and you satisfy the law *and* keep providers happy.
