What Are the Rules Around Email and SMS Marketing?
The Everyday Outreach Tactic That Could Quietly Breach the Law
• 23 Sep 25
“Marketing outreach is essential - but if you don’t know the rules, you’re just one campaign away from a compliance crisis.” - Matthew Glynn
Introduction
Sending promotional emails and SMS messages may seem like a routine part of startup life - but it’s also one of the most tightly regulated areas of marketing. What feels like harmless outreach could, in fact, be unlawful communication - and the penalties can be severe.
This issue may not apply to every startup, but if it does, and you’ve missed it, the fallout can be significant. The rules around electronic marketing are often misunderstood, inconsistently applied, and easy to overlook - especially when marketing teams are moving fast and legal teams are stretched thin.
In this blog, we’re going to flag up some key considerations to help you better prepare to tackle this issue - because prevention is always better than the cure.
Legal issues are important but easily overlooked, especially when founders are focused on the big launch or the issue of the day - and in a startup, there’s always an “issue of the day”.
Optional Inclusion: What Is Email and SMS Marketing?
Email and SMS marketing refers to sending promotional messages directly to individuals via their personal inbox or mobile device. These messages may include:
◼️Product announcements
◼️Discounts and offers
◼️Newsletters
◼️Event invitations
◼️Loyalty program updates
While these channels are powerful, they are also subject to strict legal controls - particularly around consent, content, and opt-out mechanisms.
Why This Topic Is Important
This can be an important issue for start-ups because:
◼️Legal Requirement: Most jurisdictions require prior consent before sending promotional messages.
◼️Customer Trust: Unsolicited messages can damage brand reputation and customer relationships.
◼️Platform Compliance: Email service providers and SMS gateways enforce anti-spam policies.
◼️Global Reach: Different countries have different rules - e.g., Singapore’s PDPA and the UK’s PECR.
◼️Automation Risk: Marketing automation tools can amplify non-compliance at scale.
◼️Reputational Exposure: Spam complaints can quickly go viral and harm your brand.
◼️Investor Scrutiny: Data governance and marketing compliance are key due diligence areas.
◼️Operational Confusion: Teams often lack clarity on what constitutes valid consent.
◼️Litigation Risk: Individuals and regulators are increasingly litigious over unsolicited communications.
◼️Retention Risk: Poorly managed outreach can lead to high unsubscribe rates and customer churn.
Q: Can startups send promotional emails to existing customers without consent?
A: In some jurisdictions, yes - under “soft opt-in” rules. But conditions apply, and opt-out must always be offered.
Consequences of Not Addressing This Issue
The consequences of not attending to this issue may include the following:
Legal Implications
◼️Regulatory Fines: Breaches of laws like Singapore’s PDPA or the UK’s PECR can result in significant penalties.
◼️Enforcement Action: Authorities may issue cease-and-desist orders or require deletion of contact lists.
◼️Litigation Risk: Individuals may sue for breach of privacy or spam violations.
Commercial Implications
◼️Loss of Customers: Unsolicited messages can lead to unsubscribes and negative reviews.
◼️Partnership Breakdown: Strategic partners may distance themselves from non-compliant businesses.
◼️Marketing Restrictions: You may be banned from using key email platforms or SMS gateways.
Operational Implications
◼️Campaign Disruption: Non-compliant campaigns may be pulled mid-launch.
◼️Resource Drain: Legal firefighting consumes time, money, and focus.
◼️Team Paralysis: Uncertainty around outreach rules can stall marketing initiatives.
Biz Valuation Issues
◼️Due Diligence Failures: Investors may reduce valuation or walk away entirely.
◼️Exit Risk: Acquirers may flag marketing compliance as a deal-breaker.
◼️Brand Devaluation: Public exposure of spam complaints can permanently damage brand equity.
The above lists are indicative issues - the relevance of which will depend on your circumstances including the nature of business undertaken by your start-up.
What You Need to Be Doing
We have identified quite a number of potential issues that the start-up needs to consider and below are some examples of the types of steps you might want to consider taking to address these issues considered above.
1. Understand Consent Requirements
Review the laws in your target jurisdictions (e.g., Singapore, UK) to determine what constitutes valid consent. Consent is always the most secure and authorative basis for this type of marketing.
2. Use Clear Opt-In Mechanisms
Implement explicit opt-in forms for email and SMS marketing.
Avoid pre-ticked boxes and ensure users understand what they’re signing up for.
3. Include Unsubscribe Options
Every message must include a clear and easy way to opt out.
Track and honour opt-outs across all platforms.
4. Segment Your Contact Lists
Separate contacts who have given marketing consent from those who haven’t.
Only use the former for promotional outreach.
5. Review Your Messaging Content
Ensure your messages are truthful, relevant, and not misleading.
Avoid language that could be interpreted as deceptive or coercive.
6. Audit Your MarTech Stack
Ensure your email and SMS platforms support compliance features like consent tracking and suppression lists.
7. Train Your Marketing Team
Provide regular training on outreach compliance and platform policies.
Ensure everyone understands the legal boundaries.
The above suggestions are just a few of the steps you can consider taking. There are many more things that need to be done to ensure the associated risks are effectively and pragmatically dealt with.
Q: Can I send SMS promotions to users who gave their phone number during sign-up?
A: Only if they explicitly agreed to receive marketing messages via SMS - and you provide a way to opt out.
How These Risks Can Play Out
Case Study 1: The Unsubscribe Backlash
A startup failed to include unsubscribe links in its promotional emails. Complaints flooded in, and the regulator issued a formal warning. The startup had to pause all email campaigns for 60 days - losing momentum and revenue.
Case Study 2: The SMS Slip-Up
A retail startup sent SMS offers to customers without proper consent. The telco provider suspended their account, and they were fined under Singapore’s PDPA. The incident made headlines and damaged their brand.
Case Study 3: The Due Diligence Drop
During a funding round, a UK-based startup was asked to show proof of marketing consent for its 100,000-person mailing list. They couldn’t. The investor pulled out, citing compliance risk.
Frequently Asked Questions
Q: Is consent required for every marketing message?
A: Yes - unless you’re operating under a valid “soft opt-in” exemption, which has strict conditions. However, we argue that securing effective consent is the most evidentially secure method.
Q: Can I use a purchased email list for marketing?
A: Risky - you must verify that the data was collected with valid consent and that you’re authorised to use it.
Q: What’s the difference between transactional and promotional messages?
A: Transactional messages relate to a service or purchase; promotional messages aim to sell or advertise.
Q: Do SMS messages require different consent than emails?
A: Often yes - many jurisdictions treat SMS as more intrusive and require separate, explicit consent.
Understanding the Legal Terminology
◼️Opt-In Consent: Explicit agreement to receive marketing communications.
◼️Soft Opt-In: A limited exemption allowing marketing to existing customers under specific conditions.
◼️Unsubscribe Mechanism: A feature that allows users to opt out of future messages.
◼️Transactional Message: A message related to a service or purchase, not promotional in nature.
◼️Spam Laws: Regulations governing unsolicited electronic communications.
◼️Suppression List: A list of contacts who have opted out of marketing messages.
◼️Consent Record: Documentation showing when and how consent was obtained.
How GLS Can Help You
By building your legal team capability on the GLS platform, you will be capable of:
◼️Rapidly assessing your email and SMS marketing compliance risks
◼️Accessing pre-built consent language and opt-in templates
◼️Getting expert reviews of your outreach campaigns before launch
◼️Training your team on marketing law essentials
◼️Avoiding costly legal missteps before they happen
Final Thoughts
Email and SMS marketing are powerful tools - but they come with legal strings attached. The rules are clear, the risks are real, and the consequences can be costly. The good news? With the right legal infrastructure in place, your startup can market confidently, compliantly, and effectively.
Observations and Tips
- Obtain Valid Consent: Secure clear user consent before sending promotional emails or SMS campaigns.
- Maintain Opt-Out Mechanisms: Provide simple unsubscribe or opt-out options in every communication.
- Avoid Unsolicited Marketing: Sending messages without consent may violate spam and consumer protection laws.
- Use Accurate Sender Information: Clearly identify the business, sender details, and contact information.
- Disclose Marketing Intent Clearly: Ensure recipients can easily recognise promotional communications.
- Maintain Consent Records: Retain evidence of user consent, preferences, and opt-out requests.
- Comply with Timing Restrictions: Avoid sending marketing communications during restricted or unreasonable hours.
- Protect Customer Data: Store and process contact data in compliance with applicable privacy laws.
- Review Third-Party Marketing Tools: Ensure CRM, SMS, and email vendors support compliance obligations.
- Segment International Campaigns Carefully: Different jurisdictions impose varying consent and disclosure requirements.
- Train Marketing Teams Regularly: Ensure teams understand anti-spam, privacy, and advertising obligations.
- Avoid Purchased Contact Lists: Using unverified or purchased databases increases enforcement and complaint risks.
- Prevent Reactive Compliance Management: Late-stage legal fixes can disrupt campaigns and damage consumer trust.
Startup Legal Support Centre
Build your own legal department with our online platform of startup-focused legal tools.
Startup Legal Guide Map
Explore the Guide Map to grow your business while staying on top of legal essentials.
Legal On Call™ (Free Trial)
Sign up for GLS Legal On Call™ and get expert answers to your startup legal needs.
Pro Bono Startup Legal Clinic
Get free expert legal advice at the GLS Pro Bono Clinic and power your business forward.
