To that end, I wanted to share how I define "permission-based." I believe that permission-based means:
- Recipients are told at the point of sign up who is going to mail them and how often.
- Recipients don't end up on a list accidentally; their email address ends up only on any list(s) that they intended to sign up for.
- The opt-in process is not "forced" on all visitors to your site -- I'm not sure that it's truly permission-based if you require that sign somebody up for a list, just so they can access your site or download your whitepaper.
- Email addresses are not appended, bought or sold.
- The "affirmative consent" standard found in the US Federal "CAN-SPAM" law is met.
"The term 'affirmative consent', when used with respect to a commercial electronic mail message, means that- (A) the recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the recipient's own initiative; and (B) if the message is from a party other than the party to which the recipient communicated such consent, the recipient was given clear and conspicuous notice at the time the consent was communicated that the recipient's electronic mail address could be transferred to such other party for the purpose of initiating commercial electronic mail messages."
In plain language, this means that the informed consent standard is met if the signup was initiated by the subscriber, consent was requested and given, and that the subscriber is being told who they are going to receive mail from, if it is not the party to which they provided their email address. (I'm not necessarily excited by the allowance for data transfer, but if it's going to happen, "clear and conspicuous notice" is a pretty good way to do it.) That, to me, is how you define a process as permission-based.
(Want to read more thoughts on permission? Laura Atkins has a round-up here.)