Marketing emails are a commonly used way of attracting back customers, as well as building your customer base and advertising special promotions or deals. But there are some legal pitfalls that can trap unsuspecting marketers, so it’s best to be aware of your obligations before you hit the “send” button.

1. Forgetting to Get Permission Before you Collect Email Addresses

In both the US and UK there are privacy laws that govern what type of information you can collect from people and in what circumstances you need to get their permission.

In the UK,  the primary piece of legislation is called the Data Protection Act of 1998. The Data Protection Act requires that you only collect personal information (such as email addresses) for specific, legal purposes, and that you notify your customer of that purpose (e.g. marketing). You must also provide your customers with a Privacy Policy that sets out:

  • What you are collecting
  • How you will protect the information you collect from them
  • What will you do with it
  • Who you might share that information with
  • How your customers can see what information you have about them, and how they can update it
  • Dispute resolution procedures
  • The effective date of your Privacy Policy
  • Any changes that have been made to the policy
  • Where notices should be sent

In the US, there is no federal privacy law relating to data collection. Instead, state laws cover this issue, such as the California Online Privacy Protection Act (CalOPPA).

If you have any customers from the US, you need to assume that some of them may be California residents, and as a result you’ll need to comply with CalOPPA. CalOPPA requires that you need to display a Privacy Policy prominently on your website, and disclose:

  • The type of information you are collecting
  • How that information may be shared
  • How your customer can review and change the information you collected
  • How you respond to “do not track” requests
  • The effective date of the policy and any changes that have been made since that date

Anti-spam legislation is also relevant here, as in the UK there are opt-in requirements before you can use your customer’s email address for marketing purposes.

The anti-spam law in the UK is called the Privacy and Electronic Communications (EC Directive) Regulations of 2003.

It has two types of opt-in, an explicit opt-in and what is called a “soft opt-in”.

Three main criteria must be met before you can fit under the soft opt-in allowance. The marketing message must be sent to an existing customer, in respect of “similar products and services” (similar to the ones they bought before) and the person must have been given a method of opting-out at the time that you collected their contact information.

Here’s an example of what an explicit opt-in might look like:

Source: Great Company

In the US, the main anti-spam law is called CAN-SPAM.

There is no clear opt-in requirement under CAN-SPAM, as the legislation works with an opt-out mechanism rather than both opt-in and opt-out like the UK law.

However, if you collect personal information for a purpose that isn’t stated in your Privacy Policy (e.g. you collect their email address for creating a user account, and then you send them marketing emails), you could be in breach of your disclosure obligations under state privacy laws such as CalOPPA.

The Privacy and Electronic Communications Regulations in the UK also include opt-out requirements.

Let’s take a look at some of those opt-out requirements now.

2. Not Including an Unsubscribe Link or Contact Information in Emails

One of the main things that CAN-SPAM requires is that you include an unsubscribe link in all marketing emails that you send. Under UK spam law, you must also include an unsubscribe link that is clearly visible in your emails.

The quickest and easiest way to do this is to set up a template for your marketing messages that by default includes unsubscribe information at the bottom. Here’s an example of what this unsubscribe link might look like, from Ezibuy:

Source: Ezibuy

The unsubscribe link is not the only piece of information that you must include in all emails; you must also provide a valid postal address. This email from shows a good example of where you might find this display of the postal address:


One main difference is that in the UK, the legal opt-in and opt-out rules only apply to individuals, which means that you can contact another company with marketing messages without them needing to explicitly opt in; however in the US, CAN-SPAM applies to all commercial emails, including business-to-business messages.

Any opt-out requests that you receive should be honored promptly - under CAN-SPAM you must honor these requests within 10 business days of receiving the opt-out request. If you don’t honor these opt-out requests, you may be subject to customer complaints, or worse: a lawsuit from the Federal Trade Commission.

3. Using Misleading Headers or Subject Lines

Another big mistake that marketers make is to use misleading subject lines and headers in their marketing messages. No matter how much you want your recipient to open the email from you, you can’t trick them into doing it.

In one major case Sili Neutraceuticals, a pharmaceutical manufacturer, was using false and misleading headers, misleading subject lines, and not including opt-out mechanisms in their marketing messages. The result was that they were fined $2.5 million in a case brought by the Federal Trade Commission.

Instead of making the same mistake as Sili Neutraceuticals, you should use clear subject line copy that is concise, avoids buzz-words, and offers your customers an incentive to open the email. Instead of using deceptive tactics, spend time crafting and testing high-quality subject lines, headers, and email content.

4. Not Being Clear That You Are Sending a Marketing Message

Finally, you need to ensure that it is clear that your message is a marketing message. If your email looks like it might be personal in nature, or appears to be simply giving away ‘free stuff’, you’ll need to be clear that you are trying to promote or sell something. 

For most marketing messages this isn’t an issue, as it is usually clear from the subject and content of the message that it is of a marketing or advertising nature. For example, in the Etsy email below, it is clear that the products included in the email are for sale:

Source: Etsy

In one lawsuit, ValueClick was fined $2.9 million for using deceptive emails and online ads that told customers they were eligible for “free” gifts, such as laptops and iPods.

However, calling these items “free” was misleading, as the customers were “led through a maze of expensive and burdensome third-party offers – including car loans and satellite television subscriptions – which they were required to “participate in” at their own expense, in order to receive the promised “free” merchandise”.


It’s not hard to comply with the UK or US requirements for sending marketing emails, but you do need to be aware of relevant privacy and anti-spam laws before you get started. 

Make sure that you’ve erred on the side of receiving clear permission or an opt-in to send emails, and allow customers an opportunity to opt-out whenever they wish.

Remember to honor any opt-out requests that you receive. Provide accurate information in the headers, subject lines, and content of all emails, and ensure that it is obvious that your message is a marketing message.

Follow us