Skip to main content
Email marketing is governed by several laws that impose requirements on commercial senders. The HoopAI platform includes built-in tools for unsubscribe management, consent collection, and preference tracking to help you meet these requirements.
This guide covers platform features that support compliance. It is not legal advice. You are responsible for ensuring your email practices comply with all applicable laws in the jurisdictions where you operate. Consult a qualified attorney for specific legal guidance.

Key regulations overview

The Controlling the Assault of Non-Solicited Pornography And Marketing Act applies to all commercial emails sent to US recipients. Key requirements:
  • Accurate From name and email address
  • Clear subject line that is not deceptive
  • Physical postal address of the sender in every email
  • A working unsubscribe mechanism
  • Honor unsubscribe requests within 10 business days
  • No sending to contacts after they opt out
The General Data Protection Regulation applies to any business marketing to individuals in the EU or UK, regardless of where the business is based. Key requirements:
  • Lawful basis for processing personal data (typically explicit consent for marketing)
  • Clear, unambiguous consent at the point of collection
  • Easy mechanism to withdraw consent (unsubscribe)
  • Data Subject Access Request (DSAR) process for contacts who request their data
  • Record of when and how consent was obtained
Canada’s Anti-Spam Legislation requires express or implied consent before sending commercial electronic messages. Key requirements:
  • Express consent obtained with a clear description of the message type
  • Identification of the sender in every message
  • Functioning unsubscribe mechanism
  • Honor unsubscribes within 10 business days
An unsubscribe link is legally required in every marketing email under CAN-SPAM, GDPR, and CASL. The HoopAI platform automatically includes an unsubscribe link in every marketing email footer. When a contact clicks the link, their email Do Not Disturb (DND) status is set to on, preventing all future email sends. To confirm the automatic unsubscribe link is active:
  1. Go to Settings > Business Profile
  2. Scroll to the General section
  3. Verify that “Make email compliant by adding an unsubscribe link in your email” is toggled on
For more control over how unsubscribe links look and where they appear:
  1. Go to Settings > Business Profile > General and click Customize in the unsubscribe link settings
  2. Write the custom link text and add the unsubscribe merge tag at the position where the link should appear
  3. In the email builder, insert the unsubscribe tag directly into your template footer
Custom unsubscribe links can be set up to collect more specific opt-out preferences rather than a blanket unsubscribe.

Unsubscribe flows

Unsubscribe flows define what happens when a contact clicks the unsubscribe link. The HoopAI platform offers three options:

One-step

The contact is unsubscribed immediately with a single click. Simple and low-friction — recommended for most lists.

Two-step

The contact must confirm their decision via a second step before being removed. Protects against accidental opt-outs for high-value contacts.

Dynamic (recommended)

One-step by default, but switches to two-step if the unsubscribe happens within 5 minutes of delivery or if the contact record is less than 1 hour old — protecting against bot clicks.
To configure the unsubscribe flow:
  1. Go to Marketing > Emails > Campaigns and click the gear icon
  2. Select the Unsubscribe tab
  3. Choose your preferred flow and click Save
This setting applies globally to all campaigns in the account.

List-unsubscribe header

The platform automatically adds a List-Unsubscribe header to all outgoing emails. This header instructs email clients such as Gmail and Outlook to display a prominent unsubscribe button at the top of the message, separate from the footer link. Benefits:
  • Reduces spam complaints by making it easy for recipients to opt out cleanly
  • Signals to inbox providers that you are a compliant sender
  • Cannot be disabled — it adheres to RFC standards and is required for bulk senders

Forms and surveys

Add consent checkboxes to forms and surveys to capture explicit opt-in from new contacts. The checkbox should clearly state what the contact is agreeing to receive. Recommended GDPR consent checkbox text:
“I agree to receive email marketing from [Business Name]. I understand I can unsubscribe at any time.”
Ensure the checkbox is unchecked by default — pre-ticked consent checkboxes do not meet GDPR requirements.

Double opt-in

Double opt-in adds a confirmation step after signup: the contact receives an automated email and must click a confirmation link before being added to your active list. This:
  • Confirms ownership of the email address
  • Verifies intent to subscribe
  • Eliminates bot signups and typos
  • Provides a clear consent record
To implement double opt-in, create a workflow triggered by form submission that sends a confirmation email with a trigger link. When the contact clicks the link, a tag is applied and the contact is enrolled in your marketing list.

Physical address requirement

CAN-SPAM requires every marketing email to include a valid physical postal address for the sender. Add this to your email footer template:
  • A street address, P.O. box, or private mailbox registered under the Postal Service regulations
  • The address must be current and valid for the purpose of receiving correspondence
Update your email footer template in Marketing > Emails > Templates to include your physical address.

Managing resubscription

If a contact who previously unsubscribed wants to receive emails again, they must actively re-opt in. Do not manually re-enable email DND without documented consent. Re-opt-in options:
  • Direct the contact to a new opt-in form
  • Create a landing page with a re-subscription form
  • Ask the contact to reply to a non-marketing email confirming their request, then document the consent before updating their DND status

Data subject requests (GDPR)

Under GDPR, contacts have the right to:
  • Access — receive a copy of all personal data you hold about them
  • Erasure — request deletion of their data (“right to be forgotten”)
  • Rectification — request corrections to their data
To fulfill these requests, locate the contact record in the CRM and export or delete as appropriate. For erasure requests, delete the contact record from the platform and document the deletion date and request.

Preference management

Preference Management allows contacts to opt out of specific email categories (such as Newsletters or Promotions) rather than unsubscribing from all email. This can reduce global unsubscribe rates while still honoring contact preferences. See Email suppression and preferences for full setup details.

Compliance checklist

Use this checklist before launching any email campaign:
  • From name is accurate and recognizable
  • From email address is a real address associated with your business
  • Reply-to address is monitored
  • Subject line accurately reflects the email content
  • No deceptive or misleading claims
  • Physical postal address is in the footer
  • Unsubscribe link is present and functional
  • Content is consistent with what contacts opted in to receive

Frequently asked questions

Under CAN-SPAM, you must stop sending within 10 business days of a valid opt-out request. The HoopAI platform processes unsubscribes automatically when the contact clicks the link, so this happens immediately rather than requiring manual action.
Only if you have documented consent from them at the event. Collecting a business card does not imply consent to receive marketing. Have contacts sign up on a tablet form or use a QR code to a digital opt-in form during the event.
If your spam complaint rate or bounce rate exceeds platform thresholds, email sending may be temporarily suspended. To resolve it, pause all outgoing emails, clean your contact list, ensure unsubscribe links are working, document your opt-in source, and contact support to request reactivation.
Last modified on March 5, 2026