How to get permission from your subscribers the right way

Building your email list the right way starts with getting permission. Permission means your subscribers have actively agreed to receive marketing emails from you, and it's the foundation of a healthy, engaged list.

This article explains what permission means in email marketing, why it matters, and how to collect it properly using Flodesk's built-in tools.

Note: Flodesk can't provide legal advice. Consult with an attorney to make sure your approach complies with the laws and regulations in your region.
​

In email marketing, permission has a specific meaning. It requires two things:

Express consent: the subscriber agreed to receive your marketing emails specifically and directly. Their consent isn't bundled with or required for something else. For example, a customer shouldn't have to subscribe to your marketing emails just to complete a purchase.

First-party consent: the subscriber requested to be on your list themselves, specifically for your list and no one else's. This consent also needs to be verifiable: you should have a record of when, how, and where they opted in.

When you use Flodesk forms to collect subscribers, Flodesk keeps opt-in records for you. If you're collecting permission outside of Flodesk, keep your own records showing the date, time, IP address, and method of opt-in.

Some forms of list-building create what's called "implied permission," where someone has a relationship with you but hasn't specifically agreed to receive your marketing emails. Examples include:

• Members of an organization or group

• People who made a purchase

• People who filled out a contact form

Flodesk requires subscribers from implied sources to confirm marketing permission before they can be included in your audience. This helps protect your deliverability and engagement rates.

Sending emails to people who haven't given you permission is likely to result in spam complaints and low engagement. When spam complaints build up, your emails can get blocked by spam filters or your sender domain can be blacklisted by internet service providers, meaning even subscribers who want your emails may not receive them.

A high-quality, permission-based list benefits your business in multiple ways: better deliverability, higher engagement, and a stronger sender reputation. It also protects Flodesk's shared sending infrastructure, which affects all members.

When collecting subscribers, ask yourself three questions:

Is it clear? When someone signs up, it should be obvious they're agreeing to receive marketing emails from you, not just a freebie or one-time download. For example, rather than saying "Download your guide here," say "Download your guide and receive regular updates from me."

Simply linking to a Terms and Conditions or Privacy Policy at the point of opt-in isn't sufficient on its own for express consent.

Is it first-party? The subscriber must be signing up for your list themselves. Any list that didn't come directly from individuals opting in to hear from you specifically doesn't meet Flodesk's compliance guidelines. This includes:

• Shared lists from joint giveaways or promotions

• Trade show attendee lists

• Purchased or scraped lists

• Lists of agents, employees, students, or members

• Lists from third-party contest or giveaway platforms

Beyond compliance, these lists tend to perform poorly with high complaint rates, so building from first-party opt-ins is also better for your results.

Is it verifiable? You should be able to prove when and how someone opted in. Flodesk forms handle this automatically. If you're collecting permission elsewhere, keep records showing the date, unique timestamp, and IP address of the opt-in.

Learn more about opt-in records here.

Flodesk has several features that make it easy to collect and document proper consent:

You can enable a Marketing consent toggle on your Flodesk forms. When turned on, a required checkbox appears on the form with the text "I agree to receive marketing emails." Subscribers must check it before they can submit the form. This is particularly important if you have subscribers in regions where explicit consent is legally required (such as the EU under GDPR).

To enable it: open your form, go to Form settings, and toggle on Marketing consent.

Learn more about collecting explicit marketing consent in Flodesk.

You can add your Privacy Policy to your Flodesk opt-in forms so subscribers can review it before signing up. You can also make acceptance required, which adds a checkbox visitors must agree to before submitting the form.

To enable it: open your form, click Settings, and toggle on Privacy policy.

Learn how to add your Privacy Policy to Flodesk forms.

Enabling double opt-in means new subscribers receive a confirmation email and must click a link to confirm before being added to your list. This adds a second layer of verified consent and is a strong signal of genuine interest.

Learn how to enable the double opt-in for your Flodesk forms.

What does "permission" mean in email marketing?
Permission means a subscriber gave express, first-party consent to receive your marketing emails. They agreed specifically and directly, not as a side effect of something else (like making a purchase), and they signed up for your list themselves.

Can I add people to my Flodesk list if they made a purchase from me?
Not without additional confirmation. Purchasing from you creates what's called "implied permission," which isn't the same as express consent. Flodesk requires subscribers from implied sources to confirm marketing permission before they're included in your audience. The best approach is to include a clear opt-in checkbox at checkout.

Can I import a list I purchased or got from a third party?
No. Purchased lists, scraped lists, shared giveaway lists, and lists from third-party platforms don't meet Flodesk's compliance guidelines. These contacts didn't specifically opt in to your list, and using them is likely to result in high complaint rates and deliverability problems.

How do I collect explicit marketing consent on my Flodesk forms?
Go to your form settings and toggle on Marketing consent. This adds a required checkbox to your form that subscribers must check before submitting. The checkbox text ("I agree to receive marketing emails") is fixed and can't be edited.

Can I add my Privacy Policy to my Flodesk opt-in forms?
Yes. Open your form, click Settings, and toggle on Privacy policy. You can also make acceptance required, which adds a checkbox that visitors must tick before the form can be submitted. Your Privacy Policy can be managed under My Account > Data and privacy.

Do I need explicit consent from all my subscribers?
It depends on where your subscribers are located and your specific legal obligations. Explicit consent is legally required in some regions (such as the EU under GDPR) and is always a good practice. Consult with an attorney to understand what applies to your business.

What records does Flodesk keep of subscriber opt-ins?
When subscribers sign up through a Flodesk form, Flodesk keeps opt-in records on your behalf. If you're collecting permission outside of Flodesk, you'll need to keep your own records showing the date, time, IP address, and method of opt-in.

Is linking to my Terms and Conditions enough to get express consent?
No. Simply linking to a Terms and Conditions or Privacy Policy at the point of opt-in isn't considered express consent on its own. You need clear language that tells subscribers they're agreeing to receive marketing emails, and ideally, a checkbox that requires active agreement.