Ten Commandments of Collecting Email Addresses on Website

As anyone who runs a website these days knows, or should know, the recently enacted CAN-SPAM Act of 2003 makes it incumbent on emailers to either be able to establish a certain type of relationship with an email recipient or to adhere to certain mailing standards if no such relationship exists. Failure to do so can land one in Federal (or state) court.

However beyond that there is the court of Internet public opinion, and beyond even that is the high court of spam filters and spam blocking. Truly, you don’t want to run afoul of any of these.

The safest way to ensure that you stay on the good side of the law, and spam filters, particularly when building a list of email addresses to which you wish to send business, commercial, or other correspondence related to your website, is to follow this simple list of ten DOs and DON’Ts:


1. DON’T trap a website visitor’s email address and then add it to a mailing list without their permission.

2. DON’T use other identifying website visitor information, such as IP address, computer name, etc., to ‘reverse engineer’ or otherwise divine or guess at their email address, and then add it to a mailing list.

3. DON’T pre-check a check box which “opts in” to your mailings, requiring the visitor to uncheck it in order to not receive your mailing or be added to your mailing list.

4. DON’T be coy, cute, or evasive about what your intent and policy are with respect to any email address your visitor provides.

5. DON’T add an email address, even if freely provided, to your mailing list unless you have provided a way for the visitor to clearly indicate that they want to be added to your mailing list, and they so indicate.


1. DO state very clearly what you will do with any email address provided by a visitor, including your privacy policy.

2. DO scrupulously adhere to what you have said you will do with their email address, and never, ever share it with someone else without their explicit permission.

3. DO collect and store, with the email address submitted, the source IP address, the date and time of the submission, and any other unique identifying information; store it along with the indication of permission the visitor has provided for you to add their address to your mailing list. I cannot stress this enough. When accused of spamming (and you will be), having this information available to refresh the memory of your accuser, and to prove to your ISP that you were not spamming them, will save your hide. An ounce of prevention here is worth a ton of trying to get off a spam blocking list without this exculpatory information.

4. DO honour opt-out requests religiously, and immediately.

5. DO pick up ISIPP’s CAN-SPAM Compliance Pack, chock full of practical advice and tips, and even audio speeches from lawyers from the FTC and a major ISP, to make sure that you get, are, and remain CAN-SPAM compliant. If not that, at least pick up their CAN-SPAM and You: Emailing Under the Law eBook.