The Ten Commandments of Collecting Email Addresses on Your Website

The Internet Patrol - Patrolling the Internet for You
Share the knowledge

Note: The Internet Patrol is completely free, and reader-supported. If something that you find here helps you, please consider supporting us. We also earn a small amount from ads and Amazon links:

Click for amount options
Include a message for us!:

As anyone who runs a website these days knows, or should know, the recently enacted CAN-SPAM Act of 2003 makes it incumbent on emailers to either be able to establish a certain type of relationship with an email recipient or to adhere to certain mailing standards if no such relationship exists. Failure to do so can land one in Federal (or state) court.

However beyond that there is the court of Internet public opinion, and beyond even that is the high court of spam filters and spam blocking.

Truly, you don’t want to run afoul of any of these.

The safest way to ensure that you stay on the good side of the law, and spam filters, particularly when building a list of email addresses to which you wish to send business, commercial, or other correspondence related to your website, is to follow this simple list of ten DOs and DON’Ts:


1. DON’T trap a website visitor’s email address and then add it to a mailing list without their permission.
2. DON’T use other identifying website visitor information, such as IP address, computer name, etc., to ‘reverse engineer’ or otherwise divine or guess at their email address, and then add it to a mailing list.
3. DON’T pre-check a check box which “opts in” to your mailings, requiring the visitor to uncheck it in order to not receive your mailing or be added to your mailing list.
4. DON’T be coy, cute, or evasive about what your intent and policy are with respect to any email address your visitor provides.
5. DON’T add an email address, even if freely provided, to your mailing list unless you have provided a way for the visitor to clearly indicate that they want to be added to your mailing list, and they so indicate.


1. DO state very clearly what you will do with any email address provided by a visitor, including your privacy policy.
2. DO scrupulously adhere to what you have said you will do with their email address, and never, ever share it with someone else without their explicit permission.
3. DO collect and store, with the email address submitted, the source IP address, the date and time of the submission, and any other unique identifying information; store it along with the indication of permission the visitor has provided for you to add their address to your mailing list. I cannot stress this enough. When accused of spamming (and you will be), having this information available to refresh the memory of your accuser, and to prove to your ISP that you were not spamming them, will save your hide. An ounce of prevention here is worth a ton of trying to get off a spam blocking list without this exculpatory information.
4. DO honour opt-out requests religiously, and immediately.
5. DO read ISIPP’s CAN-SPAM Compliance page, chock full of practical advice and tips, and even audio speeches from lawyers from the FTC and a major ISP, to make sure that you get, are, and remain CAN-SPAM compliant. If not that, at least read their CAN-SPAM and You: Emailing Under the Law eBook.

Was this article helpful? If so, please consider supporting us; the Internet Patrol has no paywall and is completely free and reader-supported.
Click for amount options
Include a message for us!:

Share the knowledge

8 thoughts on “The Ten Commandments of Collecting Email Addresses on Your Website

  1. Don’t take it personally… I get them too! Anyway… its how you use it that counts ;o)

  2. I am in the UK and most of my spam is either for penis enlargements or mortgages – all from the US.

  3. You Irish do so much drinking ….What about potatoes? Or corn and hash? All my guiness comes from ireland…

  4. That’s why you need to come to ISIPP’s “International Spam Law & Policies” conference. :-)

  5. So, you receive all your SPAM from the US, but I’m in the US and most of mine comes from Asia.

  6. Thats true, and the law only applies to america anyway, what are they going to do about the spam coming from the other countries?

    What’s the point in insisting on an opt-out link when we all know that clicking it will just veryify your address to the spammers and help land even more spam in your inbox?

    Lets face it… the canspam law only helps legitimate mailers stay on the right side of the law, it won’t do anything to stop the hard core spammers.

  7. You American do so much talking about laws which you do little to inforce. Recent published studies show 60% porn from USA 82% spam from USA. I kive in Ireland and receive around 300 emails all from American Companies offereing Pill to do this/that Patches to wonderful thing Pharmacies selling dangerious drugs. Just write about the people you have stopped and we all will be so much more helpful

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.