What about purchased or rented lists?
What about purchased or rented lists?
Never buy or rent email addresses from anyone.
No legitimate company will ever sell or rent a list of “confirmed-opt-in” email addresses. Selling third-party e-mail addresses is inherently contradictory to the concept of “confirmed-opt-in”, because:
- Permission is not transferable!
- This practice is illegal or very restricted by law in many countries, including the EU and Canada.
European Union GDPR:
The General Data Protection Regulation 2016/679 is a regulation in EU law regarding data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. It is a very complex regulation that was enacted on May 25, 2018; violations of this regulation can carry some severe fines and should be taken into account when building an email marketing campaign that involves anyone residing in the EU. For more information please consult qualified legal counsel.
After 25th May 2018, a person must actively consent for their data to be processed and used by the actual company using it. This means that mailing list companies can no longer sell data that is “fully opted-in”. To opt in, people must opt in directly with the company using the data. Unless your company name was mentioned when the person’s email address was collected, you can no longer rely on consent as a reason to process personal data.
Canada CASL
See the CASL Guide for more information or read the text of the law. Senders MUST comply with CASL if email is sent to:
- a Canadian domain
- a Canadian user
- or is transmitted through Canada
United States Federal CAN-SPAM law:
This law states that an opt-out must be provided, that no part of the email can be forged, and that a postal address must be included. Marketers MUST comply with this federal regulation to legally send marketing email: violators can and have been successfully sued by the FTC. For more information about CAN-SPAM, see this link: US Federal Law CAN-SPAM information.
CCPA
California passed its California Consumer Privacy Act (CCPA) on Jan 1, 2020. It’s a law that protects the privacy rights of consumers within the state. Like to Europe’s General Data Protection Regulation (GDPR), the CCPA will affect many businesses who collect personal information from those in California.
For questions about any of these regulations, please seek appropriate legal counsel.
Inevitably, purchased lists contain spamtraps or generate abuse complaints and bounces, and then the buyers find themselves blocklisted for spamming, causing extensive and expensive reputational damage to the company that sent the purchased list.
All advertisements for lists of “opt-in email addresses” are fraudulent.
The exception that proves the rule is when a legitimate confirmed opt-in (COI) list is transferred from one owner to another owner, exclusively, such as in a company buyout, with all the subscription agreements retained including the topic of the list. COI records should be transferred as part of the agreement.
See also the M3AAWG Position on Selling Email Address Lists from the Messaging, Malware and Mobile Anti-Abuse Working Group.
Back