Permission-Based Email Marketing: Everything You Need to Know

Last updated on


permission based email marketing featured image new

Are you totally clear on the ins and outs of permission-based email marketing?

Email marketing is still the best way to collect new leads, build relationships with customers, and drive more sales.

But if you’re not 100% clear on rules like GDPR and the CAN-SPAM act of 2003, you could be risking heavy penalties and fines.

That’s why, today, we’re going to tell you exactly what permission-based email marketing is and why it matters.

Then, we’ll teach you the best ways to approach permission-based email marketing without leaving any leads on the table.

Let’s dive in!

What Is Permission-Based Email Marketing?

Permission-based email marketing is the idea that you need your customer’s (or prospective customers’) explicit consent before sending them email campaigns.

This is true for both transactional and promotional content.

Now, you probably know that it’s more profitable to build your email list with interested clients than it is to purchase an existing list with “cold” leads.

And you may already have optin forms like popups, floating bars, or other campaigns running on your website. You probably offer some kind of lead magnet, like an ebook, and your target audience hands over their email to receive it.

That’s enough permission to start sending emails to your new lead, right?

Unfortunately, the rules for permission-based email marketing run deeper, and it can be confusing to many online business owners. Take this popup, for example:

Demo for permission based email without consent box-min

In some cases, someone filling out the form in the image above and clicking Sign Up is enough permission to send them email campaigns.

In other cases, filling out the form simply isn’t enough and can result in huge legal and financial penalties.

So how do you know when you have enough permission to send emails to new leads?

The biggest factor will actually depend on where your customer is located, thanks to the “General Data Protection Regulation” (GDPR) that was put into effect in 2018.

GDPR is a regulation that’s designed to protect the data of citizens from the European Union (EU). It states that all businesses, even those not located in the EU, need clear and explicit consent from people before sending them email campaigns.

Other places around the world, like North America, are more flexible. That’s because these regions fall under the CAN-SPAM act of 2003, which simply requires you to offer users a way to opt-out of receiving emails.

Typically, that means having an easily accessible Unsubscribe button in your email campaigns.

But how serious are these rules and regulations?

Why Permission-Based Email Marketing Matters

The idea that you need to get your customers’ permission to send them emails can be annoying for some business owners.

That’s because there are two sets of rules when it comes to permission-based email marketing:

  • One set of rules for people in the EU
  • Another set of rules for everyone else

In lots of cases, business owners are tempted to throw their hands up, ignore GDPR, and go about collecting new leads as they’ve always done.

The problem is that this can be a costly mistake.

By breaking GDPR guidelines, you risk fines of up to €20,000 or 4% of your company’s annual turnover. Those are enough to force many small or medium-sized companies out of business for good.

But permission-based email marketing actually has some inherent advantages for you as a business owner. If you have explicit permission to send emails to your new leads, you’re more likely to have:

  • Higher open and click-through rates
  • Higher deliverability rates
  • More engagement with your email campaigns

All of these factors get you closer to your goal of driving more sales through your email marketing efforts.

So, now, we’re going to look at two methods for gathering new leads and ensuring that you have enough legal permission to send them emails.

How to Get Permission Without Losing Leads

Today, we’re going to teach you two ways of making sure your lead generation strategy is GDPR compliant. These methods including using a:

  • Consent checkbox
  • Double optin

These two methods add an extra step to the optin process and help you avoid heavy penalties and fines.

The only downside is that adding an extra step to optin forms can discourage other leads from joining your mailing list where GDPR rules don’t apply.

That’s why if you want to master permission-based email marketing, then you need to start using OptinMonster:


OptinMonster is the safest and easiest way to stay GDPR compliant without leaving any new leads on the table. That’s because our geo-location targeting rule gives you the best of both worlds.

With geo-location, you can create GDPR compliant campaigns and show them exclusively to members of the EU:

Geolocation for permission based email marketing-min

That means you can create two sets of the same campaign in a matter of minutes:

  • One that follows the CAN-SPAM act of 2003
  • One that adds an additional step to be GDPR compliant and is shown to EU members.

Ready to follow along? Click below to start your risk-free OptinMonster account to get started:

Master Permission-Based Email Marketing Today!

We’ll start by adding a checkbox and a geo-location display rule to your campaigns.

Method #1: Consent Checkbox

In this tutorial, we won’t be getting into how to create and design your first OptinMonster campaign. That’s because there are too many customization options to cover for our purposes here.

If you’ve never built a campaign with OptinMonster before, that’s no problem.

We have over 50 pre-built templates to get you started, and they all look great across different devices.

Plus, our intuitive drag and drop editor makes it easy to customize your optin campaign to your brand’s voice, style, and message.

You can build popups, floating bars, fullscreen welcome mats, and other optin campaigns in less than 5 minutes.

To help get you started, check out this helpful resource on how to create and design your first OptinMonster campaign.

Once you’ve created your initial campaign, you’re ready to make another GDPR compliant version. Let’s see what that looks like.

Step One: Duplicate Your Campaign

The first thing you need to do is create a copy of the campaign you’re working on to make a GDPR compliant copy.

To do so, go into your OptinMonster account dashboard and find the campaign you’re looking for. Then click the Create a Duplicate icon:

Create a duplicate of a campaign

Then rename the copy of your campaign, add additional notes if needed, and click Create Duplicate:

Create Duplicate

Then your new campaign will appear in the OptinMonster editor:

New campaign in the optinmonster editor

Now, you’re ready to add a consent box to the campaign.

Step Two: Add a Consent Box

In your editor, click on the optin field block (where users will enter their name and email address). This will pull up the editing tools on the left-hand side:

Click on the optin field

In the left-hand side menu, the Fields tab will be selected by default. Scroll down and click on the icon next to Privacy:

Add privacy to the optin field form

Then click the pencil icon next to the new field Privacy Text and click the button that appears, labelled Edit Privacy Style & Content:

Edit Privacy and Style Content

This allows you to edit the text that explains how you’ll use the data you’re collecting:

change privacy text-min

And when you scroll down, you can flip the toggle switch next to Privacy Checkbox:

Privacy Checkbox

This now gives you a consent checkbox with custom text that users need to click before opting into your offer:

Consent Box demo for permission based email marketing-

Last but not least, you need to change your display rules to make your campaign appear exclusively to members of the EU.

Step Three: Set Your Display Rules

At the top of your OptinMonster editor, click Display Rules:

Display Rules OM editor

The display rules you want for your campaign will depend on your specific goals. But regardless of when you want the campaign to appear, we need to add a new rule for members of the EU.

To do so, locate and click + And at the bottom of the display rules you have in place:

Add another URL to the display rules

Now you can add a new rule from the display rule menu. In the search bar, type Location. Then click on the rule, Physical Location:

Geolocation rule for permission-based email marketing-min

Then you can select Visitor’s Location is in an EU country:

Geolocation for permission based email marketing-min

This makes sure that the campaign you’ve built with the consent box will only be seen by people from the EU.

Remember, you also need to go back to your original campaign and add the rule Visitor’s Location is NOT in an EU country:

Show campaign to people who aren't in the EU

That way, you have two campaigns:

  • One that is GDPR compliant with a consent box (only seen by members of the EU)
  • One that is CAN-SPAM act compliant without the consent box (only seen by people in other regions)

This is important because it makes sure that you’re legally protected in your permission-based email marketing strategy.

But you also won’t lose any leads because you aren’t adding extra steps to your campaigns in regions where they aren’t necessary.

Many people think that adding a consent checkbox is the only way to make your campaigns GDPR compliant. This is a very common misconception.

Let’s look at another method for making your permission-based campaigns comply with GDPR.

Method #2: Double Optins

In this method, you’re configuring a setting to your GDPR compliant email campaigns called a double optin.

This means that your users will sign up with their email address. Then, they’ll receive a follow-up email immediately after asking them to verify the address and give explicit consent to receive further emails.

There are many advantages to using double optins, including:

  • Add higher quality leads to your list
  • Boost email deliverability rates due to higher engagement
  • Drive more sales because people on your list have confirmed they want your content and promotions

In the end, double optins can be an excellent approach to permission-based email marketing.

The exact steps for activating double optins will be different depending on your email service provider (ESP).

Fortunately, we’ve created a quick reference list of how to enable double optins with the ESPs that we natively integrate with.

By following that guide, you’ll be able to set up double optins for your OptinMonster campaigns in a matter of minutes.

Need help integrating OptinMonster with your ESP? No worries. Check out this helpful resource on how to sync OptinMonster with any email service provider.

Which Is the BEST Method for Permission?

By this point, you understand the importance of permission-based email marketing. And you also know the difference between what’s needed for following GDPR and the CAN-SPAM act of 2003.

So you may be wondering, “which is the best method to follow for permission-based email marketing?”

While both options will protect you legally, we recommend adding a checkbox to optin campaigns that need to be GDPR compliant.

That’s because it’s easier for your audience to click a checkbox than it is to verify an email with a double optin.

And if you’re worried about lead verification, it’s not a problem. You can try out OptinMonster’s TruLead® Lead Verification software to make sure only qualified leads are getting on your list.

With TruLead®, you can block:

  • Specific IP addresses
  • Strings, patterns, or characters
  • Free email addresses (like Gmail, Yahoo, or Hotmail)
  • Temporary email addresses

And much more.

That way, you can rest assured that your optin campaigns are GDPR compliant AND all the leads on your list have been verified.

To learn more about TruLead®, check out this post: How to Verify an Email Address With OptinMonster’s TruLead®.

Master Permission-Based Email Marketing Today!

And that’s it! We hope you found this article helpful in navigating your way through permission-based email marketing.

If you enjoyed this post, you should definitely check out these other resources:

These articles will have everything you need to know to fully understand GDPR and improve your permission-based email campaigns.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. We only recommend products that we believe will add value to our readers.

CTA background
CTA thumbnail

Over 70% of visitors who abandon your website will never return! Learn how to unlock the highest conversion revenue from each of your website visitors!

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

Popular Posts

Connect with us:

Start Getting More Leads & Sales Today with OptinMonster!

Start Getting More
Leads & Sales Today
with OptinMonster!

Create and launch smart optin forms today in minutes. What are you waiting for?

Create and launch smart capture forms
today in minutes. What are you waiting for?

In only 7 months, we added more than 95,654 names to our email list using OptinMonster’s Exit Intent™ technology. We strongly recommend it!

Michael Stelzner - Best Lead Generation Tool

Michael Stelzner

Founder Social Media Examiner

I hate popups, so I was hesitant to try one on my site. But the results from OptinMonster exit-intent popup speak for themselves. I doubled my subscription rate immediately without annoying my users. I haven’t had a single complaint. My only regret is that I didn’t start using OptinMonster sooner. I can only imagine how many subscribers I could have added to my email list! If you have a blog, then I highly recommend you start using OptinMonster. I’ve researched them all, and it’s the best in market.

Michael Hyatt - WordPress Lead Generation

Michael Hyatt

New York Times Bestselling Author Platform: Get Noticed in a Noisy World

Exit-intent popups have doubled my email opt-in rate. When done right, you can see an instant 12% lift on driving sales. I highly recommend that you use OptinMonster for growing your email list and sales.

Neil Patel - WordPress Popup Plugin

Neil Patel

Founder QuickSprout