What is Expressed versus Implied Permission?

Canada took a stab at improving its regulations on SPAM, and the guidelines businesses must abide by when sending their email, mobile, and other push communications with the new Canada Anti-SPAM Legislation (CASL). From deliverability experts I’ve spoken to, the legislation isn’t all that clear – and I think it’s strange that we have national governments interfering with global issues. Imagine when we get a few hundred different governments writing their legislation… impossible.
One of the aspects of the CASL is the difference between expressed and implied permission. Expressed permission is an opt-in methodology where the recipient of the email clicks or signs up themselves. Implied permission is a bit different. I once argued with a leading email service provider’s (ESP) deliverability representative. He had given me his business card with his email address – and I used that as implied permission to email him my newsletter. He complained directly to my email service provider, causing quite a stir. He felt that he hadn’t provided permission. I thought it did.
He was wrong, of course. While his personal view was a requirement for expressed permission, there’s no such regulation (yet). In the United States CAN-SPAM legislation, you don’t need implied nor expressed permission to email anyone… you’re just required to provide an opt-out mechanism if you have no business relationship with the subscriber. That’s right… if you have a business relationship, you don’t even have to have an opt-out! While that’s the regulation, email service providers take it much further with their platforms.
Expressed versus Implied Permission Examples
Per the CASL, here are examples of the difference between expressed versus implied permissions:
- Expressed Permission – A visitor to your site fills out a subscription form with the intent of being placed on your list. An opt-in confirmation email requires the recipient to click a link to confirm they wish to be placed on the list. This is known as double opt-in methodology. The date/time and IP stamp should be recorded with their subscription record when they click the link.
- Implied Permission – A visitor to your site fills out a registration form to download a whitepaper or register for an event. Or a consumer provides you with an email address via a business card or at the checkout. They did not expressly provide permission that they wished to get email marketing communications from you; therefore, permission was implied – not expressed. You may still be able to send email communications to the person, but only for a limited period.
While almost every email provider’s terms state that you must have permission, they provide you with every means of importing any possible list you may find or buy. So, a dirty secret of the industry is that they make a ton of money from their clients sending SPAM while they march around the industry screaming that they’re absolutely against it. And all of the ESP’s super-duper deliverability technologies, algorithms, and relationships don’t matter because they don’t control what makes it to the inbox. The Internet Service Provider does. That’s the big dirty secret of the industry.
How Does Permission Impact the Inbox?
Expressed versus implied permission does not directly impact your ability to reach the inbox! An internet service provider like Gmail doesn’t know when they receive an email whether or not you had permission to send it… nevermind the fact of whether or not it was expressed or implied. They’ll block an email based on the vocabulary, the IP address it’s sent from, or several other algorithms they use. If you get a bit loose with your definition of implied, you can drive your SPAM reports up and eventually start having difficulties reaching the inbox.
I’ve always said that if the industry truly wanted to fix the issue with SPAM, then make the ISPs manage the permission. Gmail, for instance, could develop an API for opt-in where they KNOW that their user has provided expressed permission to receive email from a vendor. I’m not sure why they don’t do this. I’d be willing to bet the so-called permission-based email service providers would scream if it ever happened… they’d lose a lot of money sending so much SPAM.
If you’re sending commercial emails and wish to measure your ability to reach the inbox, you must utilize an inbox placement platform. These platforms provide you with a seed list of email addresses to add to your email list, and then they’ll report to you on whether or not your emails are going directly to the junk folder or making it to the inbox. It takes about 5 minutes to set up.
The Canadian regulations take another step, putting a 2-year limit on sending emails to anyone with implied permission. So, if someone you have a business relationship with gives you their email address, you can email them… but only for a specific period. I’m not sure how they’re going to enforce such legislation. Email service providers will need to revamp their systems to incorporate list imports for implied permissions, allowing you to add an audit trail in case of a complaint. Oh, and the CASL requires that you obtain express consent from existing contacts on your list by July 1st, 2017, using a reconfirmation campaign. Email marketers are going to take quite a hit with that one!
Last note on this. I don’t want folks to think I’m an advocate for SPAM. I’m not… I think expressed permission-based email strategies provide exceptional business results. However, I would also add that I’m realistic about this and have seen companies grow their email lists and subsequently grow their business through aggressive implied permission programs.
More About Canada’s Anti-Spam Legislation
Canada’s Anti-Spam Legislation (CASL) is a law that was enacted in 2014 to regulate the sending of commercial electronic messages (CEMs) in Canada. Here are the critical points of the CASL:
- Consent: The CASL requires that organizations obtain express or implied consent from recipients before sending them CEMs. Express consent means the recipient explicitly permitted the sender to send them CEMs. Implied consent may be obtained in certain circumstances, such as when a business relationship exists between the sender and the recipient.
- Identification: The CASL requires that all CEMs contain identification information about the sender, including their name, mailing address, and either a phone number or an email address. The CEM must also include a way for the recipient to unsubscribe from receiving further messages.
- Content: The CASL prohibits the sending of CEMs that contain false or misleading information, including the sender’s identity, subject matter, or purpose. The CEM must also be in clear and plain language and contain no false or misleading representations about the advertised product or service.
- Enforcement: The CASL is enforced by the Canadian Radio-television and Telecommunications Commission (CRTC), which has the authority to investigate and prosecute law violations. Penalties for non-compliance can be significant, including fines of up to $10 million for businesses and $1 million for individuals (in Canadian dollars).
Overall, the CASL is designed to protect Canadian consumers from unwanted and deceptive commercial electronic messages and to ensure that businesses comply with specific requirements when sending such messages.