Email Compliance Rules for 2023: Ensure You Are on Safe Side

Email Compliance Rules for 2023: Ensure You Are on Safe Side

Vladyslav Podoliako
Apr 13, 2023
Reading duration
19 min

Did you know that seemingly spam trigger words could trip spam filters or breach anti-spam regulations? Or that failing to comply with data protection regulations could result in hefty fines or land you in legal hot waters?

Compliance goes beyond security—it encompasses spam, record-keeping, and a myriad of legal requirements.

In a world where privacy has become such a hot-button topic, you want to send emails with the privacy of your recipients in mind. Just as you wouldn't want unwelcome guests in your house, ensuring your emails respect recipients' digital spaces is crucial (based on today's email outreach trends).

This is the essence of email compliance; following rules and guidelines that make your email communication secure, private, and legally compliant. Opposite to it,  neglecting this crucial aspect has cost businesses an average of $5.87 million.  Case in point: Binance Australia was slapped with a $2 million fine for sending millions of difficult-to-unsubscribe or non-consensual emails.

Non-compliance doesn't just hit your wallet; it tarnishes your company's reputation, making it harder for users to trust future emails. 79% of Americans are troubled with their personal data use.  

The solution is clear: adhere to email laws, treat customer data with the utmost care, and communicate professionally and legally with your customers. So, With prominent laws like the CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing Act) and the GDPR (General Data Protection Regulation), and the CASL (Canada’s Anti-Spam Legislation), you want to keep an eye out for compliance touchpoints.

This guide is your map to navigating the complex world of email compliance laws, arming you with the most crucial and up-to-date information you need to stay above board.

The Article Walkthrough: 

What Is Email Compliance (And Who Is Responsible?)

Think of email compliance as the ropes surrounding a boxing ring—you can punch as hard as you want to, with just as many body and head movements, but you must do so ONLY within that perimeter. 

Email compliance means adhering to rules and regulations spelling out how emails should be sent, received, and managed. It entails a patchwork of compliance codes by which you want to run all your email communications. 

Compliance covers (and goes beyond) three cardinal touchpoints: consent, content, and freedom to unsubscribe. Summarily, a sender should obtain (legally valid) consent from recipients before hitting the send button. Then, the content of your email must also be accurate, transparent, and comply with anti-spam laws. Finally, the email must include a visible unsubscribe option to allow recipients to opt out of future emails. 

As this Mailchimp study puts it, the average industry unsubscribe rate is 0.19%. Unsubscribers can be helpful in that they help to retain an audience that is interested in what you offer and filter out excess. 

For better quality in your lead list and email compliance, you want your unsubscribe option to be tough to miss—billboard-type visibility’, if you will.

When it comes to email compliance, different stakeholders have different roles and responsibilities: 

The senders are organizations that send commercial emails and are responsible for obtaining consent and ensuring compliance with email laws.

The Email Service Providers (ESPs) provide the technology and infrastructure for sending and managing email campaigns. They are responsible for providing their clients with tools and resources to maintain compliance.

The Internet Service Providers (ISPs) deliver email to users' inboxes. They use spam filters to identify and block unwanted or non-compliant emails.

Then of course, we have the email recipients who have the right to control how their personal information is used and who they receive emails from.

Is cold emailing legal?

This is the question we often get at Folderly. The good news is that cold emailing is legal, if the email sent meets compliance laws.

Did you just sigh in relief? Us too. But it’s important to note that email compliance wasn’t designed to ‘clip your marketing wings’ when emailing clients. Rather, it is about protecting your receiver’s personal data. 

The CAN-SPAM Act doesn’t make it illegal to send cold emails, even though a recipient did not opt into your emails. The reason for that is that you send a personalized, value-oriented message and carefully select your TA, unlike when you send bulk emails without spamming

Compliance can be tricky, as there aren’t always specifics on how long you can keep people's data. Still, cold emails and follow-up emails are 100% acceptable.

To get the best email delivery with cold emails, you want to ditch the sales-y pitch (especially for first-time cold emails!) and trigger your users’ interest. Rather than shoveling marketing spiel down their throats, show them real value. 

So, as long as you connect smartly, you are on the safe side.

Email Compliance & Email Deliverability

Every marketer’s dream is to reach your audience's inbox and generate a flood of clicks and conversions. But non-compliant emails are why nearly 49% of emails end up in the dreaded spam folder yearly instead of the intended recipients' inbox.

It’s bad enough that your grit and wittily crafted messaging heaps on the pile of debris in the digital wasteland, with no chance of being read or acted upon. But things could get even worse: if you continue to send non-compliant emails, email service providers will add you to their blacklist. 

Being blacklisted is like being de-platformed — your emails will be blocked, with your reputation in tatters. Even if you clean up your act and remove domain from blacklist, it can take a long time to regain your email sender's reputation and privileges, and the email deliverability checker might show a poor rate for some time.

At Folderly, we get how important it is to adhere to data privacy regulations, which is why we’ve gone the extra mile to apply email compliance best practices to safeguard users' data and ensure compliance with these regulations.

Key Important Email Laws and Regulations

Depending on the location of the target audience, you’ll need to take a deeper look at one of these regulations:

GDPR (as applicable to the EU) 

Overview: The General Data Protection Regulation (GDPR) covers all data uses in the EU region and requires proper encryption and security measures to prevent data leaks. 

Area: While it's crucial to understand and adhere to the GDPR when conducting email marketing campaigns in European countries, marketers worldwide must be well-equipped to comply with these regulations. 

Key requirements: The GDPR requires that email marketing be clear and that subscribers give explicit permission before any content is sent. It involves key aspects, including obtaining consent, data protection, and the right to be forgotten:

Obtaining Consent: The GDPR requires organizations to obtain explicit consent from individuals before collecting and processing their personal data. According to the conditions for consent, consent must be informed, freely given, and withdrawable by users at any time. 

However, there are other legal bases for sending emails, even if a recipient has not given an explicit consent, such as if there is a relevant and proportionate relationship between the target recipient and you (and this is where we talk about the legitimacy of cold emails). 

Data Protection: The GDPR requires organizations to implement technical measures to safeguard the personal data they collect and process. 

The right to be forgotten: The GDPR allows people to request that their personal data be erased or removed from an organization's database. Organizations can build trust, improve customer relationships, and avoid hefty fines by respecting individuals' right to be forgotten.

Penalties: Up to 10 million euros, or, in the case of an undertaking, up to 2% of its entire global turnover of the previous fiscal year.

CAN-SPAM Act for the US


Overview: The CAN-SPAM Act is the law that sets the rules for commercial email gives recipients unsubscribe rights and lays out penalties for violations. It was enacted by the United States Congress in 2003. One of the main objectives of the CAN-SPAM Act is to prevent misleading and fraudulent emails from reaching your inbox. 

Area: It is a requirement for all commercial email senders in the US.

Key requirements: The law prohibits using deceptive subject lines, false or misleading information in the body of the email, and the use of harvested or purchased email addresses. Also, other requirements include identifying your email as an ad, sharing your location, honoring opt-out requests, and monitoring how others use personal data.

Penalties: The penalties for violating the CAN-SPAM Act can be severe, with fines of up to $43,280 per email. 

CASL for Canada

Overview: Canada's Anti-Spam Legislation (CASL)  is a law that sets the rules for sending commercial electronic messages (CEMs) in Canada, with the primary goal of reducing the amount of spam that Canadians receive in their inboxes. The laws require you to obtain recipients’ consent before sending any CEMs.

Area: If you’re looking to promote your products or services through email campaigns in Canada, it's crucial to familiarize yourself with CASL.

Key requirements: Your emails must contain certain information, including your contact information, a clear and accurate subject line, and allow recipients to opt-out of future emails. Ensure to keep records of your consent, as you may need to provide evidence of consent if requested by the Canadian Radio-television and Telecommunications Commission (CRTC).

Penalties: Penalties can be up to $1M per violation for an individual and up to $10M per violation for companies. For instance, $75,000 penalty was issued to an individual Scott William Brewer for violating Canada’s anti-spam legislation.

Australia’s Spam Act

Overview: The Australian Spam Act 2003 is a law that regulates commercial email communication in Australia. Its primary goal is to prohibit the sending of unsolicited CEMs or spam.

Area: It is a requirement for all commercial email senders in Australia. 

Key requirements: Under the Spam Act, businesses must ensure that they have consent from recipients before sending them emails, text messages, and instant messaging services used for commercial purposes. The Spam Act requires businesses to include accurate information about themselves in any CEM sent, including their name, physical address, and contact information. They must also provide a way for recipients to unsubscribe from further messages.

Penalties: Violating the Spam Act can cause businesses significant fines of up to AUD 2.1 million daily. In addition, individuals can take legal action against businesses that breach the Spam Act.

HIPAA Email Compliance

Overview: The Health Insurance Portability and Accountability Act (HIPAA) is a set of regulations designed to protect the privacy and security of patient health information. 

Area: HIPAA applies to all healthcare providers, including doctors, hospitals, and insurance companies. It also applies to any third-party vendors who handle patient health information, including email service providers.

Requirements: To comply, there’s a laundry list of requirements healthcare providers and their business associates must follow. For example, they must ensure that any email containing patient health information is sent securely. Point being, emails must be encrypted to prevent unauthorized access along with regular risk assessments.

Healthcare providers must ensure that they send patient health information to only authorized individuals. Thus, recipients’ email address must be accurate to ensure emails are sent to the intended recipient. They must also obtain written consent from patients before sending emails that contain their health information.

Penalties: The consequences of failing to comply with HIPAA email regulations can be severe and far-reaching. Healthcare providers and their business associates can face significant fines, and damage to reputation with loss of digital trust from patients. As of 2020, a data breach cost an insurance company $6.85 million in fines. The OCR investigated the health insurance provider after hackers stole the PHI of almost 10.5 million people.

Your Guide to Staying Compliant: Essential Rules

Staying compliant with regulations and laws that apply to your business can be a challenge, but it’s not impossible. While regulations can vary between countries and industries, there are some common rules to follow to keep you on the safe side of email sending. Here are some regulations to take note of and stay on the compliant side of email sending.

Getting explicit consent

When it comes to email marketing, there are two types of consent: implicit and explicit. Implicit consent is when a recipient hasn't explicitly given permission to receive emails but has given some indication of interest. Explicit consent, on the other hand, is when a recipient has clearly given permission to receive emails.

To ensure compliance with regulations and best practices, it's always best to obtain explicit consent from recipients. This means providing a clear opt-in process, giving recipients the option to unsubscribe at any time, and recording their consent for future reference.

You also want to be transparent about how your business will use the recipient's information and ensure that they are only collecting information that is necessary for their marketing purposes. Once you do this and regularly updating consent records to ensure they remain accurate is the best way to ensure compliance and build recipients trust.

Avoid misleading information in subject line

Skip the clickbait and build trust with your audience by focusing on transparency and accuracy in your emails.  

Instead, craft honest subject lines. Keep them short, relevant, and enticing without resorting to deceptive tactics. Capture attention with a creative, yet truthful, hook.

To create compelling and honest subject lines, follow these guidelines:

Keep it short and sweet: Aim for a subject line length of 6-10 words, so it's easily digestible and displays correctly on various devices. A report by Retention Science found that subject lines with 6 to 10 words are associated with the highest open rate.

✅ Prioritize relevance: Ensure your subject line accurately reflects the email content, setting the right expectations and preventing disappointment.

✅ Spark curiosity: Develop an enticing hook that piques interest without resorting to deception. Play with word choice, ask questions, or highlight a benefit to grab attention.

✅ Personalize when appropriate: Tailor subject lines to your audience's interests or preferences, demonstrating that you understand and value their needs.

✅ Test and optimize: Experiment with different subject line variations and analyze engagement metrics to identify what works best for your audience.

By crafting genuine, engaging subject lines, you'll foster trust and increase the likelihood of recipients opening and interacting with your emails.

Adding an easy opt-out option

Another common and misleading practice to avoid is making it difficult for recipients to unsubscribe from emails. For example, not providing a clear and easy-to-use unsubscribe button or making the process of unsubscribing confusing or difficult can be seen as deceptive.

Including an unsubscribe link or mechanism is a legal requirement for email marketing. It not only ensures compliance with regulations, but also helps to build trust with the audience. Besides, the average email unsubscribe rate is only 0.17%. So don’t worry much about this :) 

To make it easy for recipients to opt-out of future communications, businesses should include an unsubscribe link or button in every email. The unsubscribe link should be prominently displayed and easy to locate, such as in the header or footer of the email.


Additionally, businesses should make sure that the opt-out process is easy to understand and does not require too many steps. 

A little tip: If you send cold emails, you can write the recipient something like “Just let me know if you want to stop receiving messages from me” to stay compliant without including the opt-out link.

Address unsubscribe requests immediately 

Promptly processing unsubscribe requests is essential for all email marketing compliance and maintaining a positive relationship with the audience. By failing to honor opt-out requests, businesses risk damaging their reputation and potentially facing legal consequences.

There are 4 important rules to remember:

1) Use automated unsubscribe tools: Utilize your email marketing platform's built-in tools to process unsubscribe requests automatically. This ensures that users are removed from your mailing list promptly and without manual intervention.

2) Regularly update your mailing list: Keep your mailing list up to date by removing bounced email addresses, inactive users, and those who have unsubscribed. This helps maintain a clean list and ensures you're only reaching out to interested recipients (and is a proven strategy to prevent emails going to spam).

3) Monitor your inbox: Keep an eye on your inbox for any emails requesting to unsubscribe. While most users will use the provided unsubscribe link, some may still reply directly to your email. Address these requests promptly.

4) Acknowledge the request: After processing an unsubscribe request, send a confirmation email to the user, letting them know they've been successfully removed from your mailing list. This helps maintain a positive relationship with the recipient and confirms their request has been honored.


Include full information about the company in the email signature

An overwhelming majority (82%) of marketers use email signatures to boost brand awareness and increase credibility. A surefire way to establish trust between sender and recipient is to provide accurate sender information. 

Accurately identifying the sender allows the recipient to confirm the email's authenticity and verify that it is not a spam or phishing attempt. It also allows the recipient to respond to the email promptly and appropriately, especially if the email is related to business or professional matters.

Your email footers won’t be complete or compliant without the following elements:


Company name: This is the name of the organization sending the email.
Address: The physical address of the organization or its registered office, which can include a street address, city, state, or province, and zip or postal code.
Contact information: This can include phone numbers, email addresses, or social media handles of the organization, so the recipient can get in touch with the sender easily.
Website: Including a link to the organization's website can be useful for providing additional information about the company and its services or products.

Consider adding legal disclaimer in the footer (if needed)

Some organizations may include a legal disclaimer in their email footers to protect themselves from potential liability:


And here are some essential points to remember: 

Use a keyboard shortcut to paste the legal disclaimer: Create a custom keyboard shortcut to paste the pre-written legal disclaimer in the email footer to save time.

Create an email signature template: Design a standard email signature template that includes the legal disclaimer. This way, you won't have to remember to add it each time you write an email.

Keep it concise and clear: A long and complicated legal disclaimer can be intimidating. Make sure to use clear and concise language, keeping it as short as possible while covering all necessary information.

✅ Update the disclaimer periodically: Laws and regulations change over time. Regularly review your legal disclaimer to ensure it remains compliant with current laws.

✅ Use readable font and formatting: Choose a readable font and appropriate formatting for your legal disclaimer. Make sure it's legible and easy to read, even on small screens or mobile devices.

✅ Consult a legal expert: Before you write your legal disclaimer, it's a good idea to talk to a legal expert to make sure it protects your organization the way it needs to.

Also, remeber that each email service provider may have unique rules and requirements. Make sure to carefully check the policies of each.

Identify your email as an ad when sending commercial emails

According to the CAN-SPAM Act, when you send promotional or marketing content your subscribers’ way, you should always disclose that the email is an advertisement. This disclosure can be included in the email's subject line or the message's body—take your pick. 

A quick tip: The law doesn't require you to explicitly label your email campaigns as advertisements. The key is to avoid deceiving recipients by making it clear that the message is promotional rather than personal.

For example, Cult Beauty expertly balances this in their email campaigns. They don't explicitly state the email is an ad, but by using their company name as the "from" name and having "Get 20% Off when you spend £50" as the subject line, it's evident that the message is promotional and not a personal email from a friend.


What Tools or Solutions Can Help With Email Compliance?

To comply with email regulations, organizations may require different approaches to handle various aspects of your email communications. 

This includes managing email retention efficiently, keeping email data safe from security threats through encryption, protecting the integrity of your archives, recording email history, and monitoring or managing email content.

Email marketing platforms with built-in compliance features

In meeting your compliance needs, many email marketing platforms come with functionalities to help keep your ducks in a row. Some popular ones are: 


Mailchimp is a popular email marketing platform used by businesses of all sizes. It offers a range of features, such as customizable templates, email automation, and analytics to help businesses manage their email marketing campaigns (Also, check our insightful article on How to keep mailchimp from going to spam).


Sendinblue is another popular email marketing platform that offers a range of features, including email marketing, SMS marketing, and marketing automation. It also offers a user-friendly drag-and-drop interface for designing email templates.

Constant Contact: 

The Constant Contact email marketing platform offers various features, including customizable templates, email automation, and real-time reporting. It also offers integrations with popular social media platforms and e-commerce tools.

Third-party services and software for email compliance management

Some examples of third-party tools that can assist with email marketing compliance are:

Email validation services, like ZeroBounce, BriteVerify, and Kickbox. They help verify that their email list is accurate and up-to-date. 

List cleaning tools, for example, NeverBounce, DataValidation, and TowerData. These tools remove invalid, inactive, or duplicate email addresses from your business’s email list, improving email deliverability and engagement.

Email encryption tools like ProtonMail, Virtru, and Mimecast. They help businesses protect sensitive information in their emails and comply with regulations such as HIPAA and GDPR that require the secure transmission of personal data.

Compliance management tools like OneTrust, TrustArc, and GDPR365 help businesses manage compliance with regulations such as the CAN-SPAM Act, GDPR, and CCPA.

Compliance audit and consultation services

Email compliance consultants and auditing services are like the police officers of the email marketing world. They help businesses ensure they're following all the rules and regulations when sending emails to customers and clients.

These consultants are experts in email marketing regulations like the CAN-SPAM Act, GDPR, and CCPA. They help businesses develop policies and procedures to ensure compliance.

Auditing services, on the other hand, investigate a business's email marketing practices to make sure everything is in order. They can identify gaps in compliance and potential risks and provide recommendations for improving compliance and mitigating the risk.

If you lack business expertise or find it difficult to stay updated on regulatory changes, you could benefit from compliance audit services and consultants. 

Seeking expert guidance on email marketing compliance matters can reduce the risk of legal and financial consequences and improve the effectiveness of their email marketing campaigns.

Also, a responsible approach to maintaining email excellence with professional email deliverability software can help you stay ahead and spot any potential issues triggering spam filter gateways. Folderly experts will show you how to check email deliverability and fix weak spots in a few clicks.

Conclusion: Make Email Compliance Your Trusting Partner 

Email laws can sometimes feel like a minefield of ever-changing rules (for instance, constantly changing google sending requirements), or a landmine of legal risks and exposure, but they're not here to limit your marketing reach. They're designed to promote honesty, transparency, and responsibility in your email communication.

Businesses can protect themselves from legal and financial consequences by complying with email regulations. But email compliance isn't just about protecting businesses—it's also about protecting consumers

With these rules, consumers can feel more confident that their personal information is being protected, and they're less likely to receive unwanted spam, phishing emails, or other fraudulent messages.

Once you get the hang of the main rules and learn how to comply with them, it's simply a matter of integrating them into your overall data privacy and compliance approach. It's a win-win situation for all stakeholders involved, and this makes it a top priority for organizations of all sizes.

Vladyslav Podoliako
Vladyslav Podoliako
Founder & CEO
Vlad is a Founder & CEO of Belkins and Folderly, a series entrepreneur and investor with over ten years of management expertise in companies with 100 million evaluation. Vlad has years of experience building and growing service companies and SaaS startups in SalesTech and MarTech. He is skilled in creating successful businesses from the ground up and building top-notch teams that drive all ventures to the top of their industries.

Also you may like