Email Marketing Regulations: What Every Sender Must Know
A plain-language guide to email marketing regulations for South African businesses, covering who you can legally email, what to avoid, and why TouchBasePro holds senders to these standards.
Email marketing is one of the most effective channels available to a business, but it is also heavily regulated, both locally and internationally. Before you build a campaign and hit send, you need to understand what the rules require.
Several laws govern email marketing across different jurisdictions: the CAN-SPAM Act, GDPR, the Electronic Communications and Transactions Act, the Consumer Protection Act, and the Protection of Personal Information Act (POPIA). Not all of these apply directly to South African businesses, but at TouchBasePro we follow them closely, and so will you if you send through our platform. For a detailed breakdown of POPIA specifically, read our dedicated POPIA post here.
Email no-nos
Here are the basics. Avoid these and you stay on the right side of the regulations.
- Do not send to addresses that were purchased, rented, borrowed, scraped, or copied from the internet.
- Do not send to anyone who has not given you permission to contact them.
- Do not use misleading content. Tricking subscribers into engaging damages your brand and breaks the rules.
- Do not send content that falls outside TouchBasePro's acceptable use policy. This includes pornography, cryptocurrency promotions, multi-level marketing, gambling-related content, pharmaceuticals, drugs, and weapons.
How to comply with email regulations
- Build an organic database of people who have explicitly given you permission to email them.
- Include a valid postal or business address in every email you send.
- Always give subscribers a clear, working way to opt out or unsubscribe.
- Deliver what you promised. If someone signed up for a monthly newsletter, send them a monthly newsletter, nothing else, until they give broader permission.
Who can I send emails to using TouchBasePro?
You can send to any recipient who has clearly given you permission to contact them about your products or services. Valid permission looks like this:
- A newsletter signup form on your website.
- An opt-in checkbox on a form that states the person will receive marketing from you. The box must be unchecked by default; the person must tick it themselves.
- A physical form, such as a competition entry or survey, with an unticked checkbox confirming email or SMS contact.
- A purchase made within the last two years.
- A business card submitted at an event, provided a sign at that point of collection states that submitting a card means opting in to marketing.
Why is TouchBasePro strict on these regulations?
This comes down to deliverability. We send email on behalf of thousands of clients, and our ability to do that depends on the reputation of our IP addresses with mail servers and spam filters around the world.
When recipients mark bulk emails as spam, those complaints affect our server's standing with filters globally. If our reputation drops, your emails stop reaching inboxes. By enforcing these rules across all senders on the platform, we protect deliverability for everyone. If you are a TouchBasePro client, that works directly in your favour.
How does TouchBasePro help you comply?
The platform gives you the tools to build a permission-based database and send campaigns that meet these requirements. If you are ever unsure whether a list or a campaign is compliant, contact us. We are happy to advise.
These rules can seem like a lot of admin, but they exist for a good reason. Think about your own inbox. You know how frustrating it is to receive emails you never asked for. These regulations are what stand between your subscribers and that experience.
Frequently asked questions
- Which email marketing laws apply to South African businesses?
- South African businesses are primarily governed by POPIA, the Electronic Communications and Transactions Act, and the Consumer Protection Act. Laws like GDPR and CAN-SPAM apply if you are contacting recipients in those jurisdictions, so if your list includes people in the EU or the US, those regulations are relevant too.
- Can I email someone who gave me their business card?
- Only if there was a clear indication at the point of collection that submitting their card meant opting in to marketing. For example, a sign at a tradeshow bowl stating that cards entered will be added to a mailing list. Without that, you do not have permission.
- Why does TouchBasePro restrict certain types of content?
- Content categories like pharmaceuticals, gambling, and multi-level marketing generate disproportionately high spam complaint rates. High complaint rates damage the IP reputation of our sending infrastructure, which reduces deliverability for every client on the platform. The restrictions protect everyone who sends through TouchBasePro.
- What counts as valid permission to email someone?
- Valid permission means the person actively opted in, whether through a signup form, an unticked checkbox on a physical or digital form, or a purchase within the last two years. Purchased lists, scraped addresses, and pre-ticked checkboxes do not qualify.