This will be the most un-sexy thing you’ll read on the internet today.

But the un-sexy things set us apart. Like my client who waited on hold with GoDaddy to learn what DNS means and how to configure her email address correctly.

Or spending a Saturday night planning your content while everyone else is drinking cocktails.

Email compliance might win the business award for being the most un-sexy part of marketing.

Which is why we hired it out at Bowflex and had a Compliance agency with a hefty retainer. They advised us on all the latest laws and the 30 lines of fine print for our ads.

You and I don’t have that luxury, but it’s important we know these rules to protect ourselves and run our businesses with integrity.

I’m also throwing out a disclaimer — I am not a lawyer. This is not legal advice. The laws change frequently and come with gray area. Your email provider (Mailchimp, ConvertKit, etc) is always the best resource for the latest information…who will also tell you to check in with your lawyer.

There are four basic laws you need to understand and I’ve outlined what you need to know about each one.


1. Get permission

You can’t just add people to your email list without someone giving you express consent.

Express consent means the person has given direct permission for you to email them marketing emails.

For example, say you have 10 personal training clients and you email with them from your Gmail account and have a great relationship. You can’t just add them to your marketing email list (Mailchimp, ConvertKit, etc). You have to ask them directly if they want to be on your email list and receive your marketing emails.

Another scenario I’ve seen happen: using an old spreadsheet of names from past clients or past class attendees and loading them into your email tool. You have to get permission from each and every person.

For this reason, it’s always best to send someone the link to your email list and have them sign up directly. This covers you for the rest of the rules.

See more permission examples with gray areas here.


2. Can-Spam Act

This is the main law for emailing U.S. subscribers. It went into effect in 2003 and was updated in 2008.

Here are the basic guidelines you need to follow:

  • Tell your subscribers who your email is “FROM” using your name or your Brand/Company. I recommend using your personal name (ie Tara Arndt ) because people want to do business with people.

    If you have more than one person at your business, choose someone to be the lead, or personalize the first name of the sender from your business, such as “David @ Whole Nutrition” or “Coach Ramona @ Farm Girl Fit”. 

  • Write honest subject lines. This one boils down to being an honest human. For example, you can’t say “Free Gift” in your subject line and then not offer a Free Gift in your email.
  • Include your physical address. Email providers require this and it’s automatically baked into templates. If you’re using a legit email provider (Mailchimp, ConvertKit, Active Campaign, etc), your emails will have this automatically.

If you’re worried about using your home address, you can get a P.O. Box, or if you contract at a physical building, ask your business partners (if you’re close with them) for permission to use their location.

I use my home address and keep my burly husband and guns close by.

  • Include an Unsubscribe link. Like your physical address, the unsubscribe link is standard and will be included automatically when you send emails. The unsubscribe process must be easy and the link needs to be clear.

I’ve seen some businesses change the name from “Unsubscribe” to “Manage your preferences.” Don’t do this. Those can be two different links, but you want it to be easy for people to unsubscribe so they don’t do the other option, which is mark your email as spam. Getting flagged as spam affects ALL of your emails.

You have 10 days to process the opt out. Your email tool will do this for you and should also filter the unsubscribed names from your future email sends.

Here are all the Can-SPAM rules from the FTC.


3. CASL – The Canadian Anti-Spam Law (CASL)

This is the law for Canada and went into effect July 1, 2014.

This one boils down to getting express consent from someone to join your list. If you’re using a clear opt in and telling people what you will be emailing them and when, you’re covered.

For example, when you have a Lead Magnet (freebie) featured for signing up, you want some additional text calling out that when they sign up, they’ll be getting your regular emails.

Here’s an example from one of my favorites, Ramit Sethi.


When someone makes a purchase from you, and they did not previously join your email list, their purchase gives you implied consent. You have permission to email them for 24 months with implied consent.

Some shopping carts have an option to add a checkbox so the customer can opt-in to receive marketing emails. This opt-in gives you express consent so you’re covered beyond the 24 month period.

You can read more about CASL here.

So far, so good…and now for the doozy. Stick with me here, it’s not as bad as it sounds.

4. GDPR – General Data Protection Regulation (GDPR)


This law is for the European Union (EU) and went into effect May 25, 2018. It gives people in the EU more control over their personal data and how it’s used, and calls for more transparency from businesses.

This law was created for the EU, but affects nearly everyone, because it applies when someone who lives in the EU subscribes to your list.

When this law came about, there were multiple headlines screaming “Email is Dead!”

It didn’t kill email like many marketers thought it would, but it did change how we collect and store emails.

The main impact is on your opt-in forms and getting very clear consent. You not only need permission to email someone, you need proof they gave it to you.

Here’s what you need to know:

  • You cannot pre-check “yes” on a box on your opt-in form. The subscriber must take action themselves to check a box.
  • You can only ask for personal information needed for the channel you’re opting the person into. For example, you can’t ask for a mailing address on your email opt-in form, without giving the person the option to opt-in to email and mail with separate check boxes.
  • For your Newsletter, you need to clearly spell out they are signing up to receive your ongoing newsletter. Adding the frequency is even better. Ex: “When you sign up, I’ll be sending you more helpful tips and additional free content every week. Unsubscribe at any time.”
    Here’s my sign up form and I added additional language at the bottom of my form to tell my subscribers I’ll be sending more emails.


  • If someone signs up for your Newsletter, and you plan to use automation based off their site behavior, such as sending them an email promotion for a product they view later on your website, you have to call this out and they must opt-in for promotional emails separate from your newsletter.
  • If someone signs up for your Lead Magnet (eBook, eCourse), you can’t automatically add them to your automation (Welcome Sequence). You need to get separate consent for any emails beyond the Lead Magnet delivery.

The last bullet point might affect how you’re currently doing things.

In my case, I offer a Free Guide for my email list. I don’t currently have a general newsletter sign up, and use my Free Guide as the only way to sign up for my email list.

I deliver the Free Guide to everyone, but for anyone in the EU, I get additional consent before I add them to my Welcome Sequence. I’m using ConvertKit to do this.

ConvertKit makes it very easy. They provide an account setting you can turn on so anytime someone from the EU subscribes, they send a follow up email getting extra consent. It’s essentially a Double Opt-In, but it only goes to the EU subscriber. This way, I can still offer my Freebie without needing any extra boxes on my form, and I’m able to handle the GDPR consent for additional emails afterwards.

If your email tool doesn’t offer a similar process, the easiest way to cover yourself and eliminate any gray area is to include a Double Opt-In. This means after someone signs up for your Newsletter or Freebie, they will get an email asking them to confirm their subscription. Within the Double Opt-In, you can restate what the person is subscribing to and they must click “confirm” to receive your emails. Their confirmation is recorded, which covers you for GDPR because you have proof of their consent.

There are pros and cons for a Double Opt-In. Your data will be clean which means you will inbox better, your list may be more engaged and you’re covering all the rules.

However, your list will grow much slower. The user experience can be clunky depending on your tool.

If you’re using Mailchimp, there are GDPR fields you can add to your forms. The process is pretty involved and you need to set up segments by marketing permission, which is way too complicated in my opinion, so I’d use a Double Opt-In instead.

Bottom line with all of these laws: There is a lot of gray area.

I see some very well known online marketers who don’t have every little thing buttoned up. Do your absolute best to set up your email list so you’re following the rules. This will show your subscribers you take their privacy seriously, and it will help keep you from any fines because you’re marketing with good intentions.

In summary:

  1. Don’t add someone to your list without them signing up directly through your sign up link
  2. Be very clear about what someone is signing up for
  3. Tell someone how often you’ll email them
  4. Use a Double Opt-In if you know you’ll have EU subscribers (or a tool that offers an easy way to manage EU sign ups)



What should you do next with your email list?

Take my 8-question assessment and find out what’s missing from your email list. I’ll send you a blueprint with the next three proven methods to add to your email marketing (and why they matter). No 7-layer funnels or 10-persona segmentation. Real, battle-tested methods I’ve used for years and with my private clients.