Google “email marketing best practices” and you’ll get millions of results.


But also unsurprisingly. The internet is chock full of marketers wanting to tell you how to write can’t-say-no subject lines and make-money-while-you-sleep drip campaigns.

But what about the basic email best practices? You know: how to send emails that are legal and ethical.


I’m not a lawyer and none of the information in this article should be interpreted as legal advice. Please do your own due diligence to determine if or how much of this information is relevant to your circumstances, and whether you should seek professional legal advice.

Jump straight to…

  1. Basic email consent best practices
  2. Do you need double opt-in?
  3. Do you need to re-confirm your list?

Basic principles of good email consent

These basic principles of sending emails under the GDPR also apply to plenty of other privacy laws, and are just general good practice.

Be clear and transparent.

Your subscribers have to be able to make an informed decision as regular people – not lawyers – which means you can’t rely only on a long, complicated privacy policy. You also MUST provide clear information up front about what you’re sending, where you’re storing their data and how you’re going to use it. Opt-in checkboxes and confirmation emails alone aren’t enough.

Make sure your privacy policy has a “summary” version in plain language and put an obvious link to it from your sign up form. <– Wait for my article on privacy policies in more depth!

Even better, summarize the key points and include them right there on your form!


Subscribe to receive my weekly shop updates and you’ll receive a free shipping code as a thank you!

I also send monthly styling tips so your new [product] will look its most beautiful in your home. (You can opt out of these in your subscription preferences. )

[your form fields would go here]

Your details are transferred to and processed on Aweber’s US servers under the EU-U.S. Privacy Shield. I don’t use your subscription details for anything else, such as advertising. You can unsubscribe at any time. Read my full privacy policy.

[subscribe button] <– Put the button under all the text to make the text less “ignorable”.

TIP: Check your email marketing platform’s GDPR guide for any suggested text, whether they’re certified for the Privacy Shield and links to their terms etc.

Mailchimp already lets you turn on GDPR fields and “legalese” with a single setting, if you’re using their built-in forms. Many third party forms are also building GDPR options as we speak, so Google your tools to see what they’re going to offer.

^^ Remember, if the tool processes your contact data on its own servers, put it in your tool audit spreadsheet!

Ask first.

In almost every case, marketing requires consent.

Don’t use emails you got for some other reason (like a sale) without getting specific consent for email marketing, too. You can’t send an unsolicited email asking for consent!

If you need to ask for marketing consent and don’t have control over your checkout (like on Etsy), bundle your request into existing transaction emails or pages that you do control, like the thank you message.

You need specific consent for each different thing you want to use their data for. So if you want to send them emails and create Facebook custom audiences, then you need to let them opt in to both, individually!

Don’t require marketing consent for a paid product or service.

The GDPR guidelines make it very clear that if you make marketing consent a condition of purchase (no matter how transparent and up front you are), that consent cannot be “freely given” without detriment to the potential customer: they can’t buy your product!

Instead, offer a separate checkbox to opt-in to your marketing. Make sure it’s not pre-ticked and that you include a link to your privacy policy & some clear info about what you’re going to send.

Offer granular control.

Let your subscribers choose what types of emails they want to get, as much as is practical to you. Ideally, they should get this choice when they first sign up, but if all the email topics are related, you could get away with offering it later.

For example, if you send shop updates (new products, sales etc.) and tips on how to use that same product: you probably don’t need to have a separate tick box for each when they subscribe.

But if you want to send emails about very different products or to very different audiences – offer the choice up front.

Sell abstract prints and blog about painting with kids? Get separate consent.

How to manage granular control

1. Create custom fields in your email marketing system. You could have a single “Topics” field with a checkbox for each topic. Or a separate “yes/no” dropdown for each option.

The field should be editable by the contact when they’re updating their profile.

2. Decide if your existing subscribers should be set to “yes” or “no” for each topic.

3. Decide if you’re going to include these fields on some or all of your sign up forms. Add them in, if so. (If you’re using your built-in form builder, this will be easy!)

4. Create a contact Segment in your list for each topic. Include contacts who have the topic ticked or set as “yes”.

5. When sending emails on that topic, always use that same Segment.

If you’re also getting granular consent to use emails for other things, like Facebook custom audiences, store that in a custom field, too.

Let people unsubscribe.

This has been an obvious one for many years, so if you don’t already have a one-click unsubscribe link on every email – get to it! Unsubscribing should be as easy as it was to subscribe (ideally, even easier).

However, this principle also means that unsubscribing from marketing emails should NOT also stop your subscriber from receiving other information or services, especially ones they’ve paid for!

What does this mean? Things you can’t do:

The easiest way to clarify what all this stuff really means for you is to list some common practices that are not ok under the GDPR:

  • Pre-ticked “opt in” boxes.
  • Automatically adding buyers to your newsletter without telling them.
  • Making newsletter subscription a condition of purchase (eg. clearly advising a buyer that they’ll be added to your list when they buy but there’s nothing they can do about it).
  • Unsubscribing a contact from a service they’ve paid for (eg. a paid masterclass) if they unsubscribe from your general emails.
  • An unsubscribe processes that makes you log in first.

Do I need to use double opt-in?

Everywhere you look, people are saying “you need double opt-in for GDPR!”

But do you?

Neither the GDPR nor the UK’s ICO says anything about “double opt-in” in their consent guidelines. Nor do they say you should verify a person’s identity before the consent is valid, which is what a double opt-in helps to do.

Likewise, countries like Canada, Germany and Australia have very specific consent requirements but still don’t mention double opt-in in the legislation itself.

It ultimately comes down to interpretation of the law and whether the consent you can prove is enough.

Key points

  • “Express consent” has been interpreted as requiring double opt-in in German court cases. In 2014, only 45% of German brands required it, but the others are possibly playing with fire!
  • The Australian Communications and Media Authority specifically suggests using double opt-in to gain “Express Consent” to comply with the SPAM Act.
  • Double opt-in can help you provide evidence of consent and that the person who subscribed was actually the owner of the email address.
  • Double opt-in does not cancel out your other obligations around telling people exactly what you’re going to send them and offering control over what they get.
  • You still should not automatically add customers to a marketing list when they buy something, just because you have a double opt-in set up.
  • A double opt-in can reduce your list growth by 20-30%.
  • However, a double opted-in list is more engaged, active and ultimately – profitable per contact.

Bottom line:

Seriously consider a double opt-in process. But it’s not the be-all-and-end-all of consent and it’s not 100% mandatory.

You’ll need to work hard to perfect the messaging and optimize your opt-in rate, but your consent will be the “gold standard” as long as you’re also telling people the right things before they subscribe.

A great way to handle this is to offer a discount code as the sign up bonus, which many shops already do. Your double opt-in request email can then remind them: “Confirm to get your 15% off!”

Should I get “re-consent” from my current subscribers?

If you haven’t heard about this, you might be asking “What does it mean to get re-consent from my current email subscribers?”

Re-consent is a practice of asking the people already on your list to confirm again that they want to keep receiving your emails. If they don’t re-confirm, you will remove them from your list.

Sound risky? It is. But sometimes it’ll be necessary or even valuable.

When do you need to ask for re-consent?

For “stale” contacts.

They’ve been in your list for years and don’t open your emails anymore. Or you haven’t sent emails to this list for a while.

Cleaning stale contacts is just good practice. Why pay for contacts that never open your emails? Asking for re-consent can get them active again before you kick them off for good.

You want to change what you’re sending them.

If you’re planning on (or have already started!) sending emails that are different to what you declared when these contacts subscribed, you should ask for their consent first.

This applies to whether they consented to topic A and you’re now sending about topic B, as well as if you added them automatically as part of your checkout process and you never specifically asked if they wanted marketing.

If you’re going to keep sending emails they did ask for, and are just adding a new topic, they don’t need to re-consent to your whole list: just ask them if they want to opt-in to the new topic by updating their preferences.

I’m testing a re-consent campaign right now!

I’ll be sharing the results of this campaign in detail when it’s finished. If you think you might need to ask for re-consent, wait for this article first. Unless you’re based in the EU or have a lot of contacts from there, in which case, you should get started right away because you’re going to need to send plenty of reminders to your list!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.