Marketing email is regulated in most countries. This guide covers the main laws (CAN-SPAM, GDPR, CASL), what Marketing handles automatically for you, and the practices you need to follow.
CAN-SPAM (United States)
The US CAN-SPAM Act of 2003 applies to all commercial email sent to US recipients. Five requirements:
Don't use false or misleading From / To / Reply-To info. Your From address must accurately identify the sender.
Don't use deceptive subject lines. The subject must reflect the message content.
Identify the message as an ad when it is one (not required to be explicit if the commercial nature is otherwise obvious).
Tell recipients where you're located. Your physical mailing address must appear in every commercial email. Marketing pulls this from your Settings → Mailing Address and injects it into the default footer automatically.
Honor opt-out requests within 10 business days — and continue to honor them indefinitely. Marketing handles unsubscribe processing instantly via the
{{unsubscribe_url}}merge tag.
GDPR (European Union / EEA)
If you have any subscribers in the EU/EEA, GDPR applies — even if your business isn't based there. Key obligations:
Lawful basis for processing — usually consent (explicit opt-in) for marketing email
Right to access — contacts can request a copy of their data
Right to erasure — contacts can request deletion (the "right to be forgotten")
Right to data portability — contacts can request export in a machine-readable format
Consent records — you must be able to show *when* and *how* each contact consented
Marketing's consent capture (via the ConsentRenderer block on forms, popups, and landing pages) records consent timestamp, IP address, consent text shown, and version. This satisfies the GDPR record-keeping requirement.
CASL (Canada)
Canada's Anti-Spam Law is stricter than CAN-SPAM. Key differences:
Express consent required for most commercial messages (no implied opt-in from a business card or website signup without explicit checkbox)
Identification requirement — every message must identify the sender by legal name + physical address + contact info
Unsubscribe must process within 10 business days (same as CAN-SPAM)
Records of consent must be retained
What Marketing Does Automatically
Injects your mailing address into the default footer
Generates a personalized
{{unsubscribe_url}}for every recipientProcesses unsubscribes instantly — clicked links remove the contact from all future sends within seconds
Records consent snapshots from your forms/popups/landing pages with timestamp + IP
Suppresses bounced and complained contacts permanently
Honors a 14-day "complainer" rule — a contact who marks one of your emails as spam is suppressed from all sends platform-wide
What You're Responsible For
Only emailing contacts who actually opted in. Buying email lists is illegal under most jurisdictions and gets your sending domain blocklisted within hours.
Setting your mailing address in Settings (otherwise the footer requirement isn't met)
Including
{{unsubscribe_url}}in any custom-built footer (the default footer handles this for you)Honoring opt-outs across systems — if someone unsubscribes from Marketing, also remove them from your sales sequences in other tools
Keeping your sending domain reputation healthy — see the Sending Domains guide
Deliverability Best Practices
Warm up new sending domains gradually. A brand-new domain sending 5,000 emails on day one looks like spam. Start with hundreds, grow over 2-4 weeks.
Send to engaged contacts first. A campaign that opens at 30% builds reputation; one that opens at 5% hurts it.
Prune cold contacts periodically. Contacts who haven't opened in 12+ months are hurting your deliverability — consider a re-engagement sequence and then suppress those who don't re-engage.
Match From-name to brand recognition. Recipients are more likely to mark unfamiliar senders as spam.
Avoid spam-trigger language and excessive emojis in subject lines. Free, urgent, limited-time, !!!, all-caps — these don't auto-spam you but they correlate with poor performance.