You are here:

Applying Risk Management to Anti-Spam Compliance: Part 2 – Three Types of Compliance

Marketers who use email communications to promote or market their organizations, products, or services need to follow the Anti-Spam rules based on the countries of the recipients.

Part 1 of this 2-part blog was Applying Risk Management To Anti-Spam Compliance: Part 1 – Canada. The same  Risk Management Calculation (threats X vulnerability X impact) can be applied to any country. Failure to comply has the highest impact in Canada where individual and class action lawsuits will be allowed after July 1. In most counties with anti-spam legislation, complaints must be filtered through government departments with little incentive to prosecute.

There are three types of compliance in anti-spam legislation around the world. These are outlined below.

1. Opt-Out Policy Regulation
For most countries including the United States that have opt-out policies, there has not been any recent change. Marketers can still follow the standard unsubscribe management in a Marketing Automation system. Here, the default status remains as subscribed until the user opts out or unsubscribes from the system. This essentially means that marketers can continue sending emails to the users in these Countries as long as the users do not unsubscribe.

The best practice that marketer should follow is to include reference to the company’s privacy and cookie policy in their marketing emails. However, that is optional from a compliance perspective.

2. Opt-In Policy Regulation
In opt-in regulation, there are two types of opt-in rule:  one is required to have the consent explicitly provided while the other one collects the opt-in consent in a default manner. Here are more details:

  1. Explicit Opt-In Policy
    The major compliance area where marketers should give their attention and make sure that they are following the rules is the opt-in countries. For users in opt-in countries, marketers have to have their nod before an email can be sent. This means the user’s consent is needed before a Commercial Electronic Message (CEM) can be sent. These countries have implemented legislation and companies found to be non-compliant are subject to penalties.Examples of major countries that require opt-in are Belgium, Denmark, and the Netherlands.
  2. Default Opt-In Policy
    The other type of anti-spam compliance is default opt-in policy. For these countries, marketers need to show content that clearly indicates that they are storing consent and also giving the user an option to unsubscribe. This is needed because European Community directives require that the user knows clearly that he or she is being subscribed, and has the ability to unsubscribe. If the user moves ahead with a positive response to the unsubscribing option, then that user is opting out from further emails. If the user does not give any response to the option, then he or she can be considered as subscribed by default.Please note the difference here: the user has to respond to unsubscribe, while in the explicit opt-in case he or she had to respond to subscribe.Major countries that have default opt-in policies are France, Sweden, and the United Kingdom.

3. Double Opt-In Policy
This is the type that requires the marketers to collect two levels of consent from the end users before sending them a promotional email. So, in this rule, marketers need to gather the consent from the end user and then send a confirmation email to that user asking for confirmation on the subscription. (Ways to obtain the initial consent include filling out a web or tradeshow form with a consent checkbox.) If the user gives confirmation by performing a certain action on the email, then the user can be stored as a subscribed user.

Germany has the double opt-in rule. Marketers need to have the consent first and then also obtain a confirmation consent if the user’s address is in Germany.

Material presented in this blog post should not be considered legal advice. Individual cases and circumstances vary. We recommend that marketers consult their legal advisers to ensure compliance in their specific cases.

RightWave Assistance
There are additional complications related to implicit consent; these are outlined in a recent RightWave webinar. Effort is required to determine country of residence. The archive of this webinar can be accessed at

RightWave can assist in international anti-spam compliance including specific help on a country-by-country basis. For more information, contact RightWave.


  1. Carol Spillman and Sue Hay, “Are you in compliance? Europe’s Spam and Cookie Directives”, Vast Funnel Fodder Blog, August 4, 2014,
  2. “How to Comply with Email Marketing Laws and Regulations Around the World”, Surety Mail, undated,