Consumer Privacy: Some Email Marketing Best Practices

Without a doubt, consumer privacy is the No. 1 issue facing email marketers today. Given all that is written and discussed about privacy, it can be difficult to establish what the law dictates versus what is considered best practice. We are not lawyers, and you should not take this article as legal advice, but we are here reviewing some relevant laws and best practices related to email marketing.

First, it is important to understand what the letter of the law mandates. As of early 2000, 14 states within the U.S. had enacted unsolicited commercial email (UCE) or “antispam” laws, but any federal-level laws directly addressing email marketing have yet to be enacted. The various state laws describe each state’s requirements for commercial email messages that are delivered to individuals within that state. Violations may result in financial losses for the marketer because individual consumers or the state may sue the marketer for damages. <!–(Click here for a table that outlines the basic details of the UCE statutes for 14 states.)–>

As intelligent marketers know, sending unsolicited email to a group of individuals can have ramifications even worse than a lawsuit — including damage to brand credibility, loss of trust, poor response rates, and waves of unsubscribe requests. In addition to UCE laws, you should familiarize yourself with each state’s consumer protection laws. To minimize legal risk and avoid damaging customer relationships, every email marketer should, at the very least, follow the minimal requirements of all 50 states.

Many marketers have translated the laws into practice and assert that it is acceptable, but not recommended, to send email to an individual with whom they have an existing business relationship. However, the preferred approach from legal and consumer standpoints is to deliver email messages only to those individuals who have explicitly consented to receive the email. Gathering an opt-in from consumers is essential for gaining their trust, retaining their business, and minimizing legal risks.

So what classifies as an opt-in? It all boils down to proper notice and consent.


Email marketing practices should be fully disclosed prior to asking individuals to give their email addresses. If they are collected online, this should be done on the same web page on which the email addresses are collected. This page should provide an accurate description of how email addresses will be used. A link to a more thorough description of email marketing practices within the privacy policy should be placed near the point of opt-in as well.

If the marketer wants to do more with the email addresses than was stated in the opt-in verbiage, he or she should seek the permission of the audience again.


When an individual consents to having his or her email address used for marketing purposes, it is usually communicated by submitting a checked box on a web page. Debates continue about whether check boxes should be prechecked or not. Some advocates believe that prechecked boxes can mislead consumers into subscribing to mail they would not have otherwise requested, while others feel that consumers are observant enough to recognize when their email address is being captured. Whether a page for collecting email addresses features prechecked or unchecked boxes, it is essential to gather the consent of the individual.

Within the opt-in, marketers use varying degrees of consent, including single opt-in, confirmed opt-in, and double opt-in.

The single opt-in approach, the most popular form of opt-in, offers the user notice and the choice to say, “Yes, I want to receive email.”

With confirmed opt-in, consumers offer consent through the same process as single opt-in, but an email is sent to individuals to confirm that they have opted in to the marketer’s list and offers a chance to unsubscribe.

Some marketers even offer a double opt-in approach, in which individuals are asked to confirm their desire to receive commercial emails by clicking on a link or taking some other action within the confirmation email. Future emails are not sent to individuals unless they have given consent a second time.

A related decision facing countless marketers is whether to send email messages to their vast databases of legacy customer email addresses. These are addresses that have been stored by companies for years, but not on record is how each address was captured or whether the customer in question ever opted in to receive email in the first place. It is common practice for most marketers to send email to these addresses, the rationale being that there is an existing business relationship in place.

However, it is generally judged as an industry best practice for the marketer to offer notice and try to gather an opt-in within every email sent. Many marketers continue sending email to an individual who has not opted in because the existing business relationship means that there’s a reduced legal risk. This is an approach marketers should be careful about. If you choose to take it, remember that each email should bear an email-collection notice and provide the recipient a way to formally opt in or out of future mailings. If and when the user opts in, the notice and consent requirements may be removed from future messages.

Regardless of the method of opt-in used, the marketer should also offer the consumer the opportunity to opt out — to express a wish to be removed from future mailings — in every email message received. And, of course, the marketer should promptly honor every opt-out request.

It is clear that offering consumers explicit notice about email collection, gathering consent through an opt-in process, and providing the ability for an individual to opt out in every email sent will enable you to foster trust and ultimately retain your customers longer. Review your email marketing practices with your legal counsel, determine the level of risk you are comfortable with, and make sure you’re operating within the law and building trust and loyalty among your customers to maximize the effectiveness of your marketing program.

Related reading

Flat business devices communication with cloud services isolated on the light blue background.
Vector illustration with a magnifying glass focusing on a pie chart, a graph line trending upwards, and other metrics symbols.