What is Expressed versus Implied Permission?

Canada is taking a stab at improving its regulations on SPAM and the guidelines that businesses must abide by when sending their email communications with the new Canada Anti-SPAM Legislation (CASL). From deliverability experts that I’ve spoken to, the legislation isn’t all that clear – and personally I think it’s strange that we have national governments interfering with global issues. Imagine when we get a few hundred different governments writing their own legislation… absolutely impossible.

One of the aspects of the CASL is the difference between expressed and implied permission. Expressed permission is an opt-in methodology where the recipient of the email actually clicked or signed up themselves. Implied permission is a bit different. I once got in an argument with a leading email service providers’ deliverability representative on this. He had given me his business card with his email address on it – and I used that as implied permission to email him my newsletter. He complained directly to my email service provider causing quite a ruckus. He felt that he hadn’t provided permission. I felt it did.

He was wrong, of course. While his personal view was a requirement for expressed permission, there’s no such regulation (yet). In the United States’ CAN-SPAM legislation, you don’t need implied nor expressed permission to email anyone… you’re just required to provide an opt-out mechanism if you have no business relationship with the subscriber. That’s right… if you have a business relationship, you don’t even have to have an opt-out! While that’s the regulation, email service providers take it much further with their platforms.

Expressed versus Implied Permission Examples

Per the CASL, here are examples of the difference between expressed versus implied permissions:

  • Expressed Permission – A visitor to your site fills out a subscription form with the intent of being placed on your list. An opt-in confirmation email is sent which requires the recipient to click a link to confirm they wish to be placed on the list. This is known as double opt-in methodology. When they click the link, the date/time and IP stamp should be recorded with their subscription record.
  • Implied Permission – A visitor to your site fills out a registration form to download a whitepaper or register for an event. Or a consumer provides you with an email address via a business card or at the check out. They did not expressly provide permission that they wished to get email marketing communications from you; therefore, permission was implied – not expressed. You still may be able to send email communications to the person, but only for a limited period of time.

While almost every email providers’ terms state that you must have permission, they provide you every means of importing any possible list you may find or buy. So, a dirty secret of the industry is that they make a ton of money from their clients sending SPAM while they march around the industry screaming that they’re absolutely against it. And all of the ESP’s super-duper deliverability technologies, algorithms, and relationships don’t matter squat… because they don’t control what makes it to the inbox. The Internet Service Provider does. That’s the big dirty secret of the industry.

How Does Permission Impact the Inbox?

Expressed versus implied permission has no direct impact whatsoever on your ability to reach the inbox! An internet service provider like Gmail doesn’t have a clue when they receive an email whether or not you had permission to send it… nevermind the fact of whether or not it was expressed or implied. They’ll block an email based on the verbiage, the IP address it’s sent from, or a number of other algorithms they use. I would add that if you get a bit lose with your personal definition of implied, you can drive your SPAM reports up and eventually start having difficulties reaching the inbox.

I’ve always said that if the industry truly wanted to fix the issue with SPAM, then make the ISPs manage the permission. Gmail, for instance, could develop an API for opt-in where they KNOW that their user has provided expressed permission to receive email from a vendor. I’m not sure why they don’t do this. I’d be willing to bet the so-called permission-based email service providers would scream if it every happened… they’d lose a lot of money sending so much SPAM.

If you’re sending commercial email and wish to measure your ability to reach the inbox, you’ll need to utilize a service like our sponsors at 250ok. Their inbox informant provides you with a seed list of email addresses to add to your email list and then they’ll report to you on whether or not your emails are going directly to the junk folder or making it to the inbox. It takes about 5 minutes to setup. We are using it at CircuPress where we’re seeing fantastic inbox placement. Their service will also let you know whether or not your service has been blacklisted.

The Canadian regulations take another step and that’s putting a 2 year limit on sending email to anyone with implied permission. So, if someone you have a business relationship with gives you their email address, you can send them email… but only for a specific time period. I’m not sure how they’re going to enforce such legislation. I suppose email service providers will need to revamp their systems to incorporate list imports for implied permissions that allow you to add an audit trail in the event of a complaint. Oh, and the CASL requires that you obtain express consent from existing contacts on your list by July 1st, 2017 using a reconfirmation campaign. Email marketers are going to take quite a hit with that one!

More Info on CASL

Cakemail has done a nice job of putting together a guide to the CASL – you can download it here. Oh – and if you wish to manage your subscriptions a bit better, give Unroll.me a try! They keep track of every email that hits your gmail inbox and they allow you to roll up the content you want, or unsubscribe from the content you don’t want. Gmail should buy them!

Last note on this. I don’t want folks to think I’m an advocate for SPAM. I’m not… I think expressed permission-based email strategies provide exceptional business results. However, I would also add that I’m realistic about this and have seen companies grow their email lists and subsequently grow their business through aggressive implied permission programs.

Download a Sponsored Marketing Whitepaper:
2018 State of B2B Content Consumption and Demand Report for Marketers

2018 State of B2B Content Consumption and Demand Report for Marketers

Clear, action-based insights for B2B marketers based upon 12 months of data from consumption activity across the NetLine Corporation Network. Download Now

Douglas Karr 

Douglas Karr is the founder of The MarTech Blog and recognized MarTech expert. Doug is a Keynote and Marketing Public Speaker. He's the CEO of DK New Media, an agency specializing in assisting marketing technology companies with their inbound marketing - leveraging social media, blogging, search engine optimization, pay per click and public relations. He's developed digital marketing and product strategies for Angie's List, GoDaddy, Salesforce, Webtrends, and SmartFOCUS. Douglas is also the author of Corporate Blogging for Dummies and co-author of The Better Business Book.