Email Marketing – Implied vs Explicit Consent

PropelGrowth Blog - Financial Services Marketing and Content Strategy

It's important to understand how various countries view consent in email marketing.

In an earlier blog post, Complying With Anti-spam Laws, I gave a breakdown of the various email marketing laws by region. I also promised that this week I would provide greater detail on the concepts of implied consent and express consent as they relate to the different regions. So, here goes:

A High Level Comparison

On a basic level, implied consent is when an individual provides his or her email address to you during some form of business communication, but not necessarily for the purpose of signing up for your email marketing list. For example, say one of your prospects wants to download a white paper and enters his or her email address into your online form or a new customer buys a product. Under implied consent, you could infer that because this person was interested in your paper or product, he or she might also be interested in your weekly newsletter, so you decide to start sending it to him or her. Under some countries’ laws, it may also be inferred that since your contact likes your company’s products, he or she may also like your partner company’s products. So your partner may then start emailing your prospect. (Disclaimer: We do not recommend this as a best practice. Even if it’s legally permitted in some jurisdictions, it’s a bad idea to share your email list with partners).

By contrast, express consent is when you explicitly ask your potential contacts for permission to send them email, and they agree. This is really your safest option, particularly if you are targeting a global audience where various countries may have different laws. Below we’ll explore these concepts giving four examples by region.


The US is perhaps one of the most lenient regions when it comes to email marketing requirements. Under the CAN-SPAM Act of 2003, you don’t need implicit or explicit permission to email anyone. Really, the only requirements you have under US email laws are to represent your business accurately, include your physical location, and clearly display a way for people to opt-out of receiving future emails. Get more information here.


Recently, Canada has gotten much stricter with their anti-spam laws. Under the updated legislation, prospects must either give express or implied consent to receive emails.

Under Canadian law, express consent means that you must explicitly ask your contacts for permission before you start emailing them and they must agree to receive your communications. To comply with the express consent provisions under the Act, a positive or explicit indication of consent is required. With implied consent, you can email contacts without their consent if there is some kind of pre-existing business relationship between you and the contact, if they gave you their email address, or if their email address is conspicuously published. Specifically, under Canada’s laws, a person who is considered to fall under implied consent must have done one of the following:

  • Purchased a product, service or made another business deal, contract, or membership with your organization in the last 24 months.
  • Made a donation or gift, has volunteered, or attended a meeting organized by you if you are a registered charity or political organization.
  • Gave you their email address or published their email in a conspicuous and public place (for example – on their website contact page). In this case, implied consent is only assumed if your message to the recipient’s function in a business or official capacity.

Bear in mind, that there is an expiration timeline on implied consent. If you have captured your contacts prior to July 1, 2014, then you have three years from that date until you will need to demonstrate express consent from these individuals. If you’ve captured your contacts after July 1, 2014, you only have two years from date of capture to gain their express consent.

The Canada Anti-Spam Law (CASL) states fines from $1M for individuals and up to $10M for businesses that violate the law. Companies that install software programs on people’s computers or mobile devices need to pay careful attention to get their express consent, or otherwise may be subject to the largest fines. Get more detail on the law here.


The UK has perhaps one of the strictest policies regarding email marketing, as it requires an opt-in approach. This means that no direct marketing email can legally be sent to a recipient without first obtaining that recipient’s express consent. This rule has one small exception and that pertains to businesses’ previous customers. These organizations can email former customers without their express consent, but as with all email communications, they must include a very obvious way for these contacts to opt out. This resource may give you further insight.

UPDATE:  Please note that the UK is covered under the EU’s GDPR rules, which are far more extensive than the former spam rules. Please review the requirements of GDPR and ensure you are in compliance if you plan to email anyone in the UK or the EU. 


Australia’s Spam Act of 2003 prohibits marketers from sending unsolicited commercial email messages with an Australian link. Instead, all commercial emails must be sent based on either express or inferred consent.

Under Australian email policies, express consent is when your contact has deliberately opted-in to receiving your emails, whereas inferred consent is based on the relationship your contact has with your business. For example, say you are a FinTech company offering FIX connectivity solutions and your partner is a FIX testing vendor. You may legally hand over the email address of one of your contacts (who has given you express consent) to your partner. The thinking is that your contact is interested in your FIX products, and so may also find your partner’s related products of interest.

Under the law, there are certain organizations that can send email without any consent—express or inferred. They include: government bodies, registered charities and political parties, and educational institutions. Their messages are considered non-commercial. Find more information on Australia’s spam legislation here.

Importance of Compliance

Complying with the many different regional email marketing laws can be challenging, particularly if you are marketing to a global audience. But making this a priority can save you from being subject to costly fines and possibly a tarnished reputation.

We have not covered GDPR in this article. It’s very important that you review these regulations and determine how you will comply. Anyone on your list who resides in the EU is protected by these laws, and they do have cross-border jurisdiction.

To be on the safe side, when emailing to a global audience, I recommend an express consent, double opt-in approach whereby your email members sign themselves up for your communications, then you send them a link to reaffirm this opt-in action. This best practice will likely be strict enough to apply to any country you may market to.

However, there are certain times when a double opt-in approach may not be appropriate. For instance, say you’re planning to exhibit at a trade show and want to advertise your presence by emailing attendees prior to the show. In rare cases, an event organizer may provide you with a list of attendees and permit you to email them once or twice from your own system. In this case, a double opt-in approach is not going to be possible. But a single opt-in approach is. You can email the individuals on the list (excepting those residing in the UK or EU), requesting that they click your opt-in button to continue receiving your communications. (Note, it’s not legal for a conference organizer to transfer a list of emails from the EU to you without those email owners’ express consent). It’s also crucial under almost all email laws that you have a highly visible unsubscribe link for people to stop receiving your emails if they are uninterested.

Another (and better) option for marketing to those conference registrants would be to pay the conference organizer to send an email to the list with information about an offer on your website. That landing page should contain a way for the recipients to opt into receiving email from you. From there, follow the double opt-in methodology to confirm their desire to receive your communications.


Email marketing continues to decline in effectiveness for many firms. Simultaneously, email and data privacy rules are getting more strict. 

We’ve had impressive success using LinkedIn to engage with our target audience and convert contacts into prospects. Our lead conversion rates are pretty compelling. We’re seeing the following stats:

  • 76% connection acceptance rate
  • 71% of connections engage with us via LinkedIn’s messenger
  • 25% of the new connections book calls to get acquainted
  • 21.6% of the appointments convert to new opportunities

If you’re interested in learning how we achieved these conversion rates, check out this site and watch our free webinar

For more insight on effective email marketing approaches, check out our related blog: Email Marketing – 5 Steps for Building an Awesome List.