Don't risk getting blocked: identify your compliant and non-compliant lists

This page provides concrete examples of compliant, non-compliant, and borderline lists, along with best practices to follow to ensure your sending habits respect consent rules and deliverability standards.

With these tips, you will be able to:

  • Protect your sender reputation.
  • Improve your open and engagement rates.
  • Reduce the risk of complaints or blocks.

I. Examples of compliant lists (that follow best practices)

1. People who voluntarily filled out an opt-in form on your site

Contacts who have voluntarily provided their email address via a clear form are the most reliable and secure foundation for your marketing campaigns. These subscribers have chosen to receive your communications, which significantly reduces the risk of spam complaints and protects your sender reputation.

Characteristics of these contacts:

a. Voluntary and clear consent

  • The subscriber knows exactly what they are signing up for: a newsletter, free guide, exclusive content, promotional offers, etc.
  • The email address is collected via an explicit form where the user understands they will receive marketing emails.

b. Legal security and compliance

  • This type of consent is compliant with GDPR and email marketing best practices.
  • You can send marketing emails with complete confidence, without fearing your messages will be marked as spam.

c. Concrete examples

  • A visitor fills out a form to download a free guide and checks the box: "Yes, I want to receive the newsletter and exclusive tips."
  • A customer buys a product and checks the box: "I want to receive news and special offers."

Main advantage: These contacts are highly qualified, more likely to open your emails, click your links, and interact with your content. This improves your engagement rates and the overall deliverability of your campaigns.

Pro tip: Always include an "I want to receive your emails" checkbox and a link to your privacy policy.

2. Subscribers who explicitly checked a box to receive your newsletter during a purchase

Even when subscribing to your email list happens during the checkout process, it's essential that the consent is voluntary and clearly indicated. The simple fact that a customer provides their email address when placing an order isn't enough: they must understand that they are agreeing to receive your marketing communications.

Key points to follow:

a. Voluntary and active

  • The checkbox to subscribe to the newsletter or receive offers must be unchecked by default.
  • The subscriber must take a clear and deliberate action, such as checking the box to confirm their agreement.

b. Clear and understandable wording

  • Use precise text that indicates exactly what the contact will receive: tips, promotions, newsletters, exclusive guides, etc.

Example: "Yes, I want to receive news, tips, and exclusive offers by email."

c. Advantage: Spam protection

  • Clear and voluntary consent ensures your emails won't be marked as spam by your subscribers or Internet Service Providers (ISPs).
  • This also protects your sender reputation and improves your campaign deliverability.

d. Proof of consent

  • Keep a record of the action: timestamp, confirmation page, and exact consent text.
  • This proof is essential to remain GDPR compliant or respond to any legal request or marketing audit.

Pro tip: Integrate the opt-in box in a visible and distinct way during the checkout process, with clear and precise wording. Avoid ambiguous phrasing or pre-checked boxes to ensure genuine, defensible consent.

3. Trade show visitors who signed a form with an "I want to receive your emails" box

Contacts can also subscribe to your communications offline, such as during an event, trade show, in-store visit, or phone call. These subscriptions are valid as long as the consent is clear and voluntary, and the contact understands exactly what they are signing up for.

Key points to follow for offline subscriptions:

a. Clarity of consent

  • Explain clearly what the contact will receive: newsletters, special offers, event invitations, guides, or exclusive content.
  • Avoid vague or ambiguous wording that could be interpreted as unsolicited email collection.

b. Voluntary action

  • The contact must take a clear action to give their agreement, for example:
    • Checking a box on a physical or digital form.
    • Signing a document or providing their email after being informed about the communications they will receive.

c. Recording consent

  • Keep a record of the subscription, including the date, context (event, point of sale, call), and the exact consent text.
  • This proof is essential to justify GDPR compliance and prove that the marketing emails were voluntarily authorized.

d. Main advantage

  • Clear and voluntary offline subscriptions help build a reliable contact base while reducing the risk of spam complaints and improving the overall deliverability of your campaigns.

Pro tip: During offline events or interactions, use a standardized form clearly indicating the purpose of the emails, and ensure the contact explicitly understands and agrees to receive your communications.

Try to keep proof (a photo of the form, scan, or database log) to demonstrate consent if necessary.

4. Existing customers receiving service information (account changes, order confirmations)

a. Transactional emails are messages sent as part of a transaction or a direct relationship with the contact. They are acceptable even if the contact hasn't explicitly given marketing consent, because they are required for the service or business relationship to function.

Example of transactional emails:

  • Receipts and order confirmations
  • Delivery notifications or package tracking
  • Security alerts or password changes
  • Appointment reminders or important service-related information

Important: the distinction from marketing

  • If you want to add promotional content to these emails (e.g., special offers, product recommendations, promotions), explicit marketing consent must be obtained separately.
  • Mixing transactional and marketing content without consent can be perceived as spam and harm your sender's reputation.

Pro tip: Create separate templates for your transactional emails and marketing emails.

  • Transactional emails must be limited to the information required for the service or transaction.
  • Always add a clear option to subscribe to your marketing communications if you want to include promotions, such as via a checkbox or a subscription link in the receipt or confirmation.

II. Examples of non-compliant lists

1. Bought or rented lists from an external provider

Certain contact lists available for purchase or shared by third parties might seem tempting, but they present a major risk to your email marketing business.

a. Characteristics of non-consenting contacts:

  • People on these lists have never given their explicit consent to receive your emails.
  • You have no guarantee regarding their genuine interest, their activity, or the validity of their email address.

b. Associated risks:

  • Spam reports
    • Recipients who never asked for your emails might click "spam" as soon as they receive them.
    • These reports harm your sender reputation and can cause your campaigns to be blocked by Internet Service Providers.
  • High bounce rates
    • Bought addresses are often inaccurate, outdated, or temporary, leading to numerous hard bounces.
    • A high bounce rate degrades your deliverability score and can trigger restrictions on your emailing account.
  • Account suspension
    • Using non-consenting contacts is generally forbidden by emailing platforms.
    • Accounts can be suspended or deleted, preventing you from sending any future campaigns.

Concrete example:

Buying a list of 10,000 emails "interested in cosmetics" online might seem like a quick opportunity. In reality, you are exposing your business to spam reports, massive bounces, and severe sanctions, with no real benefit in terms of engagement or conversion.

Note that bought lists are strictly forbidden on systeme.io.

Pro tip: Never buy or use third-party lists. Build your list organically via:

  • Clear forms on your website
  • Subscriptions during events or purchases
  • Free content offers (guides, ebooks, newsletters)

This ensures your contacts have given explicit consent, which optimizes deliverability and protects your sender reputation.

2. Lists provided by a third party (another company or partner)

a. Contacts without proof of consent: a legal risk

Even if some contact lists seem relevant to your business or industry, it's crucial to understand that there is no proof they agreed to receive your emails. The presumed interest of a contact never replaces explicit and voluntary consent.

Main risks:

  • Legal non-compliance
    • Sending emails to contacts without consent constitutes a GDPR violation in Europe and violates anti-spam laws in other countries.
    • Penalties can include heavy fines and legal action against your company.
  • Risk to your sender reputation
    • Non-consenting contacts are more likely to flag your emails as spam.
    • This degrades your deliverability score, increases bounces, and can lead to the blocking or suspension of your emailing account.
  • Lack of genuine engagement
    • Even if the list targets your niche, supposed interest does not guarantee opens or clicks.
    • These contacts will not contribute to your engagement rates and risk decreasing the overall effectiveness of your campaigns instead.

Pro tip: Never send marketing emails without proof of consent. Focus on collecting contacts organically via clear forms, event subscriptions, or free content offers.

By keeping a timestamped record of consent, you secure your legal compliance and optimize your deliverability and engagement.

3. Addresses collected via Facebook or other social media without a clear opt-in form

a. Contacts from social media: Be careful with consent

Using social media to collect emails might seem convenient, but it's essential to understand that a simple login or interaction does not guarantee consent to receive your marketing emails.

Key points to remember:

  • Explicit consent required
    • Even if a user logs in via Facebook, Instagram, or another social media, it doesn't mean they agree to receive your email communications.
    • Consent must be voluntary, clear, and recorded, in accordance with GDPR and email marketing best practices.
  • Associated risks
    • Sending emails to contacts collected via social media without their agreement exposes you to:
      • Spam reports
      • High bounce rates
      • Suspension or blocking of your emailing account
      • Legal sanctions for GDPR non-compliance

Concrete example:

  • Extracting email addresses from Facebook event attendees, then automatically adding them to your mailing list without their explicit agreement, is a high-risk practice.
  • These contacts never consented to receive your emails, making the send non-compliant and dangerous for your reputation.

Pro tip: To use social media safely:

  • Provide an explicit opt-in form linked to your page or event, with a checkbox for marketing consent.
  • Keep a timestamped log of consent for each contact.
  • Never automatically add emails extracted from social media to your campaigns without explicit validation.

4. Contacts taken from a public database or external websites

Even if an email address is easily accessible publicly (website, online directory, LinkedIn profile), this doesn't mean the owner of the address wants to receive your marketing emails. Apparent interest or public visibility never replaces explicit consent.

Key points:

a. Mandatory consent

  • GDPR and anti-spam laws require each contact to have given their voluntary and explicit agreement to receive your marketing communications.
  • An address found on the Internet does not constitute consent: sending an unauthorized marketing email is considered spam.

b. Associated risks

  • Spam reports: The email can be reported, damaging your sender's reputation.
  • High bounce rates: Certain public addresses may no longer be active.
  • Legal sanctions: In Europe, sending unsolicited emails can lead to hefty fines for GDPR non-compliance.

Concrete example:

  • Copy-pasting the emails of professionals found on LinkedIn, online directories, or websites and adding them to your mailing list without their explicit agreement is risky and non-compliant.
  • Even if these contacts are relevant to your industry, their consent has not been collected, which can lead to deliverability and legal problems.

Pro tip: To use contacts from public sources safely:

  • Provide a clear and voluntary opt-in form on your website or via an initial introductory email.
  • Never automatically add addresses extracted from LinkedIn or directories to your marketing list.
  • Keep a timestamped log of consent to prove each contact agreed to receive your emails.

5. Internal employee lists sent via an external marketing tool

Emails intended for employees or internal communications must remain on tools designed for internal use, and shouldn't be sent via your public-facing email marketing platforms.

Key points:

a. Why you shouldn't use an external marketing tool

  • Emailing platforms like systeme.io are designed to manage external marketing emails with strict rules regarding consent and unsubscribes.
  • Sending internal emails via these tools can cause problems related to unsubscribe links, which are mandatory and make no sense in an internal context.
  • Emails sent to your employees via a marketing platform can be interpreted as abusive by spam filters or your company's internal policy.

b. Associated risks

  • Confusion for recipients: They could click the unsubscribe link by mistake, stopping the delivery of important emails.
  • Non-compliance with internal rules: Certain companies forbid the use of external marketing tools for internal communications.
  • Impact on your sender reputation: If your domain is used for non-compliant internal emails, it can damage the deliverability of your external campaigns.

c. Best practices

  • Use tools dedicated to internal communication: professional messaging apps (Outlook, Google Workspace, Slack, Teams), your intranet, or internal newsletters.
  • If you must send a marketing message to your employees for internal tests or promotions, create a separate internal segment and use secure, adapted channels.

Pro tip: To clearly separate your internal and external communications, maintain two distinct lists:

  • An external marketing list for your consenting subscribers and customers.
  • An internal list for your employees on adapted internal tools.

This separation protects your sender's reputation and avoids any problems related to legal obligations or spam filters.

III. Cases to verify depending on context

1. Contacts you haven't reached out to in a long time

Even if the consent previously given is still valid, your contact might not remember you or the reason why they agreed to receive your messages. In this case, there's a risk they might report your emails as spam, which can damage your deliverability.

Recommended solution: Before resuming your regular email blasts, we recommend sending a reconfirmation email. For example, you can politely ask, "Would you like to continue receiving our updates?". This allows your contacts to confirm their interest and ensures you continue to respect best practices regarding consent and GDPR compliance.

2. Lists from an agency or a partner

It is essential to verify that each contact on your list has given explicit consent to receive your communications. Sending emails to people without clear consent can not only harm your reputation but also expose you to non-compliance risks with current legislation, such as GDPR.

Practical advice: Before sending anything, make sure you can provide proof of opt-in for each of your contacts, especially if the list is used on your behalf. This proof can take the form of a completed form, an email confirmation, or any other record certifying that the contact voluntarily agreed to receive your messages.

3. Offline collected lists (cards dropped in-store, trade shows, events)

These contact lists can be used for your campaigns, but they present an increased risk if the consent isn't perfectly clear or documented. Indeed, in the event of a dispute or audit, you must be able to demonstrate that each contact voluntarily agreed to receive your communications.

Best practice: Systematically keep the date and context of collection for each contact. This can include the completed form, the campaign, or the specific action that led to the subscription. This practice allows you to prove consent and reduce the risks associated with sending marketing emails.

4. Sending surveys or miscellaneous information to your customers

If your contact has clearly given their agreement to be contacted by email, using their address in your campaigns complies with best practices and regulations.

Otherwise, it's essential to explicitly request this consent before including them in your campaigns. This approach ensures you respect the contact's wishes and comply with legal requirements for email marketing.

Best practices:

  • Always obtain explicit consent before adding someone to a mailing list.
  • Include a clear unsubscribe link in every communication to allow the contact to opt out easily.
  • Avoid bought or third-party lists without proof of consent.
  • Reconfirm old or inactive addresses before reaching out to them again to reduce the risk of complaints and improve deliverability.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.