5 of 7


By complying with our standards for consent, you commit to emailing only to subscribers who want your email and letting people out if they don’t want your email anymore. To see checklist of all requirements for the Consent standards category, click here.

Below, find detailed descriptions of each of the standards related to Consent. These standards include:


What is opt-in, or consent?OptIn_AcceptableForms

Certified senders only send email to people who want it. To make sure you’re doing this:

  • Only gather subscribers who opt-in through acceptable forms of consent
  • Tell users what email they will get from you, and what you’ll do with their email addresses through a privacy policy and a clear and conspicuous disclosure statement
  • Upon request, be able to provide proof of consent, including the date, time, originating IP address, and location (e.g., a URL) where you collected the address

What does it mean to opt in? Why do I need to allow users to opt in?

To opt-in is to choose to be a part of something. If a user opts-in to be on an email list, they have actively chosen to be on it.

Successful email marketers get permission to send emails to their subscribers and potential customers. When subscribers are not expecting your emails, complaints increase, response rates suffer, and deliverability rates drop.

Also, though CAN-SPAM allows senders to legally send email to recipients who have not opted-in, other laws do not. Make sure you send email legally by allowing users to opt-in.

What are acceptable forms of opt-in, or consent?

Below, find a list of the four acceptable forms of consent. In each of these situations, senders must clearly state that the emails sent will be commercial, and provide unsubscribe mechanisms.

Acceptable forms of consent:

  • Confirmed Opt-In: In this situation, subscribers take a single step to confirm their subscription, such as selecting a checkbox.
  • Double Opt-in: In this situation, the recipient receives a confirmation email once they opt-in. This helps you make sure everyone on your list actually wants your email (and did not accidentally sign up, feel pressured into signing up, or change their mind). This action helps decrease the possibility of anyone being on your list who does not want to be.
  • Pre-Selected Opt-in: In this situation, you pre-select users to receive your promotional emails by checking a box clearly stating this. By leaving the checked box intact, users consent to receive your email. This option is not foolproof, as not all users will notice the checkbox. This practice is not permitted for co-registration.
  • Pre-Selected Opt-in with Verification: This practice sends a confirmation email to any recipients who have left the pre-selected opt-in checkbox intact. This action helps decrease the possibility of anyone being on your list who doesn’t want to be.
  • Co-Registration: This practice gives users the option to sign up and receive email from a third-party. Co-registration is acceptable only if acceptable forms of consent and disclosure are present, and if the subscriber is only signed up to one list. Use co-registration with caution; it can be confusing to recipients if they did not remember leaving boxes checked and, in effect, accidentally signed up for emails they did not expect. To learn more about unacceptable forms of co-registration, click here.

Please note that even though these forms of consent are acceptable, subscribers may still complain if they accidentally opted-in to receive email they didn’t want. Always make extra sure subscribers are fully aware of all what commercial email they will receive — and who will be sending it.

What are unacceptable forms of gathering emails?

Certified senders must only send email to users who have opted-in to receive it. Some unacceptable modes of gathering emails are:

  • Renting/Harvesting/Purchasing lists: These modes of gathering email do not involve gaining active consent from recipients; therefore, they are not allowed.
  • Co-Registration: This practice gives users the option to sign up and receive email from a third-party. Co-registration is unacceptable only if the sender uses one check box to sign up users to multiple third-party email lists. Recipients must be able to opt-in to one list at a time, as well as manage all parties they want to receive email from.

Forward-to-a-Friend (FTAF)

What is FTAF?FTAF_1

Otherwise known as peer-initiated communication, FTAF emails are those forwarded from a subscriber on your list to a contact not on your list.

What do I need to know about consent for FTAF emails?

FTAF messages must follow the same rules as regular email messages — and a few more — because they were sent without the recipient’s consent.

For FTAF messages, make sure you comply with the acceptable forms of consent above, as well as these opt-in rules:

  • If a recipient of a FTAF email does not respond, you can only send one follow-up message, and no others
  • Though you can place the name of the friend in the From line of the FTAF email, the Return-Path and MailFrom domains must be your own
  • For FTAF emails, you must provide users the ability to globally unsubscribe

For FTAF best practices, see the FTAF best practices page.


An unsubscribe mechanism gives users a way to opt-out of receiving your emails. This can be a link to a website, a response to an email, or, even, a phone call.

Why do I need an unsubscribe mechanism?

To be CAN-SPAM compliant, all promotional or commercial email must have unsubscribe functionality. It also must be clear, straightforward, and easy. Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $16,000.

Also, if you make it hard for people to unsubscribe from your email, their only other choice is to complain by hitting “This is Spam.”

What do I need to know about unsubscribe mechanisms?

For Certified senders, all unsubscribe mechanisms need to be:


  • Make sure your unsubscribe mechanism is easy to find.
  • Make sure it’s easy for users to understand how to unsubscribe.
  • Don’t require users to log into their account in order to unsubscribe.

Click here for an example of an easy-to-use unsubscribe mechanism.


  • Respond to requests within three days.
  • Resolve requests within 10 days.


  • Once users have opted-out, don’t send them commercial or promotional emails.
  • Once users have opted-out, don’t sell, share, or lease their addresses and/or information.


  • Keep the unsubscribe link alive for at least 60 days following the sending of the commercial message
  • Do not contact users or add them back into your email list unless they choose to opt-in again


  • Allow the recipients of peer initiated email to globally unsubscribe, or opt-out of all your emails.

Click here for an example of a global unsubscribe process.


  • Let users unsubscribe through alternative methods, such as phone calls, postal email, and email accounts that don’t usually deal with unsubscribe requests.

CAN-SPAM Compliant (from the actions listed above, these listed below are necessary for CAN-SPAM compliance):

  • Handle unsubscribe requests within 10 days.
  • Don’t make the recipient take any step other than sending a reply email or visiting a single page on a website.
  • Make sure all peer-initiated emails offer let users unsubscribe from all future mailings.