Skip to content

Spam-Free Emails: Understanding the Rules Around the Globe

email spam regulations blog header

When you’ve spent hours crafting the perfect email marketing messages—including considering the cultural differences of audiences in locations around the world—the last thing you want is for those emails to go directly to the junk file. 

Or worse: To have them cause your ISP to be tagged as sending spam and face potential legal consequences and hefty fines because you didn’t comply with the email spam regulations of the regions to which the emails are being sent.

Rules differ from country to country, so marketers and brands with an international market need to be aware of the differences in order to avoid penalties. 

We’ve gathered a quick synopsis of the spam regulations in several key regions targeted by multinational brands in their email marketing to help you avoid making a costly misstep with your own emails.


United States: CAN-SPAM Act

Initially passed in 2003, the United States’ primary regulations regarding commercial email was officially titled the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act. Most recently updated in 2008, the regulation applies to all commercial email messages, with penalties potentially exceeding $43,000 for each violation. The main requirements of the CAN-SPAM Act are:

  1. Don’t use false or misleading header information. This includes the “From,” “To,” “Reply-to” lines and routing information; all must be accurate and identify the person or business who initiated the message.
  2. Don’t use deceptive subject lines. Subject lines must accurately reflect the content of the message.
  3. Identify the message as an ad. Somewhere in the message, the Federal Trade Commission says the message must state “clearly and conspicuously” that the message is an advertisement.
  4. Tell recipients where you are located. The email must include a valid physical postal address—current street address, post office box or private mailbox registered with a commercial mail receiving agency.
  5. Tell recipients how to opt out of receiving future emails. Again, this information must be “clear and conspicuous,” explaining how the recipient can opt out.
  6. Honor opt-out requests promptly. Regulations require that the mechanism offered be able to process opt-out requests for at least 30 days after the email is sent, and that those requests be honored within 10 business days.
  7. Monitor what others are doing on your behalf. Even if you hire another company to handle your email marketing, your company is still legally responsible for complying with the law.

More specific scenarios are discussed in the Q&A section of the FTC’s Compliance Guide For Business.


Canada (CASL)

Canada’s anti-spam legislation (CASL) was created in 2014, and officials credit the act with a 37 percent decrease in Canadian-based spam in just four years, along with increasing the proportion of commercial electronic messaging that reached designated recipients from 79 percent to 90 percent in Canada, compared with 80 percent worldwide.

One requirement of CASL is consent: senders should be prepared to provide proof of either express or implied consent. Express consent, when someone has agreed verbally or in writing to receive a commercial electronic message from a business, has no time limit unless the recipient withdraws consent. Implied consent, however, is recognized only in certain circumstances, such as an existing business relationship, and is generally time-limited.

In addition to consent, Canadian-sent or -bound commercial electronic messages (CASL also applies to texts and direct messaging platforms) must include:

  • Business name and the name of anyone on whose behalf the message is being sent.
  • A current mailing address and either a phone number, email or website address.
  • Accurate contact information that will be valid for at least 60 days after the message is sent.
  • An unsubscribe mechanism.

As in the United States, Canadian businesses have 10 business days to honor unsubscribe requests at no cost to the recipient.

Get more details and links to specific information about implied consent and the limitations of that relationship on the nation’s Fight Spam webpage.


United Kingdom

As with Canada’s regulations, the United Kingdom requires consent or opt-in for nearly all commercial emails, though there are exceptions for those being sent to entities considered to be “corporate subscribers.”

Unsolicited, direct marketing emails can be sent to “corporate subscribers,” but the website Law Donut urges caution, as that definition can be difficult to ascertain, since not all email addresses ending in are limited companies, and emails sent to specific addresses in that company (e.g., vs. may be considered unsolicited messages to “individual subscribers,” which are prohibited.

UK regulations separate opt-in designations into “specific consent” and “soft opt-in,” similar to the implied consent in Canada. Specific consent entails a positive action by the subscriber—failing to deselect an pre-ticked opt-in box does not qualify. And Law Donut points out that pre-ticked opt-in boxes are not allowed under the European Union’s General Data Protection Regulation (GDPR)—which the UK continues to follow—anyway. “Soft opt-in” allows businesses to treat individual subscribers as having consented under very specific circumstances:

  • The email address was obtained by you in “the course of the sale or negotiations for the sale of a product or service.”
  • The direct marketing is in respect of “similar products and services only.”
  • The recipient has been given a simple means of refusing the direct marketing at the time the contact details were initially collected.
  • Individuals are given the opportunity to opt out in every subsequent email they receive.

And, as with the other countries, any email sent must include:

  • Clear identity of the sender.
  • A valid address to which “unsubscribe” messages may be sent.



Mexico does not have any specific regulations dealing with unsolicited emails, though the Federal Bureau for Consumer Protection does maintain a call-blocking registry that includes mobile phone numbers and includes a requirement that marketing messages be stopped to that electronic address if requested.

National regulations regarding personal data protection could also come into play if marketing lists are purchased from third parties that contain personal information. Such lists that contain only business contact information or publicly available information may be used, according to, and it is recommended that recipients of such emails be provided with an easy opt-out mechanism.


European Union

While there is no single regulation specifically addressing email marketing for the entire EU, the General Data Protection Regulation (GDPR) does set a precedent allowing the processing of personal data, which includes email addresses, only if the data subject has consented or there is another legal basis. According to Intersoft Consulting, that “legal basis” could include existing customers or in some cases “cold calling” through email marketing, but the data subject (in this case, the email recipient) always has the right to object to the processing of their data for marketing purposes.

Each country may have its own specific laws, and those doing business and sending email marketing messages to European customers and prospects should take time to research each nation in their list. A list of links to spam laws in European Union nations can be found here.



China’s “Regulations On Internet Email Services” are more restrictive than many others. Hong Kong-based marketing firm Sampi outlines a few requirements for promotional emails sent to Chinese residents and others who receive emails while in Chinese territory:

  • Marketers must have explicit, verifiable permission from recipients to include them in a mass mailing list, and that permission must be stored indefinitely.
  • The word “Ad” in English, or the Chinese equivalent, must appear in the subject line of the email.
  • Any email with links to external content, such as software or an app, must include a written guarantee that there is not any spyware or anything that could facilitate hackers included in the download.
  • Content restrictions in the regulations are intentionally very vague, with the nation banning thousands of words and topics, including politically sensitive topics and anything deemed obscene or pornographic.

Sampi warns that while enforcement may be rare, violating the regulations could leave companies’ websites completely blocked in the country, which maintains an infamously effective firewall.



According to ICGL, Japan’s 2002 Act on the Regulation of the Transmission of Specified Electronic Mail specifies that marketing emails can only be sent to recipients meeting one of four criteria:

  1. The recipient has “opted in” to receive emails.
  2. The recipient provided the sender with their email address in writing (e.g., provided a business card).
  3. The recipient has a business relationship with the sender.
  4. The recipient has made their email address available on the internet for business purposes.

The restrictions apply to B2B marketing emails, as well as B2C communications, and are equally applicable to emails sent from outside Japan to recipients within the country as those originating from Japanese companies.

Overall, the United States in many ways has the least restrictive anti-spam regulations by taking an “opt-out” approach, rather than a strict “opt-in” requirement. Best practices, however, would dictate following an opt-in approach for compiling email marketing lists. Third-party lists should be used rarely and with care, only sending mass emails to recipients who have agreed to receive communications from the partners of the company originating the list and who have demonstrated an interest in relevant content and products.

Email marketing continues to be a powerful tool in marketers’ arsenal, with 80 percent of marketers reporting an increase in email engagement in 2020. Use it wisely to maintain its power.

You’ll find more information about the current state of email marketing in the latest mini-report from HubSpot and our discussion on blending email with  the rest of your content marketing strategies. We also outline best practices for using email in your inbound marketing strategy in this quick ebook: Email for Inbound: Do This, Not That.

Are you leveraging the power of email effectively to complement the rest of your integrated content marketing strategy? I’d be happy to talk about how to improve open and click-through rates and discover the best strategies for your specific audience through A/B testing. Schedule a no-obligation consultation on my calendar for some one-on-one time.

6 Steps To Creating Enviable Brands

Download our guide 6 Steps to Creating Enviable Brands to learn the crucial steps you should follow to create an enviable brand for your company.

Half Dotted Circle Background