This article describes how our email permission system works. Determining email permission is a complex process that leverages all available data to determine the correct email permission for each person in your database. Our goal is to ensure that our clients have the tools to properly follow rules and regulations -- including the various permutations of CASL, GDPR, and CAN-SPAM.
Fields that Help Inform Email Permission
SPAM Law Authority
Ascent360 determines what SPAM Law Authority should apply to a person in our database based upon two fields. These are “Country Code” and “Email Domain Extension”.
Ascent360 will map an individual email address to the email domain extension based upon the country code of origin. If an individual is physically located in France, then Ascent360 will assign the SPAM Law Authority of GDPR. This is regardless of what email domain extension they have. As you can see below, even if the person has a .ca(Canadian) domain extension but their physical address is in France, we will assign the SPAM Law Authority of GDPR per the law of France. Many people who live all over the world use a .com extension. We will again default to their country of their physical address.
If the country of the physical address is blank, we will use the email domain extension. So, if the physical address country is unknown, but the email domain extension is .ca, we will assign the SPAM Law Authority of CASL per the law of Canada. Rather, if the extension is .fr (France) we will assign SPAM Law Authority of GDPR.
Example SPAM Law Authority Assignment Based upon Country Code and Email Domain Extension | ||||||||
Country Code (Primary) | ||||||||
AUT | BEL | CAN | DEU | FRA | USA | Unknown | ||
Email Domain Extension (Secondary) | .at | GDPR | GDPR | CASL | GDPR | GDPR | CAN-SPAM | GDPR |
.au | GDPR | GDPR | CASL | GDPR | GDPR | CAN-SPAM | CAN-SPAM | |
.biz | GDPR | GDPR | CASL | GDPR | GDPR | CAN-SPAM | CAN-SPAM | |
.ca | GDPR | GDPR | CASL | GDPR | GDPR | CAN-SPAM | CASL | |
.co | GDPR | GDPR | CASL | GDPR | GDPR | CAN-SPAM | CAN-SPAM | |
.com | GDPR | GDPR | CASL | GDPR | GDPR | CAN-SPAM | CAN-SPAM | |
.de | GDPR | GDPR | CASL | GDPR | GDPR | CAN-SPAM | GDPR | |
.fr | GDPR | GDPR | CASL | GDPR | GDPR | CAN-SPAM | GDPR | |
.uk | GDPR | GDPR | CASL | GDPR | GDPR | CAN-SPAM | GDPR |
Client Country Identification
If a client identifies as a US company, individuals with an unknown (implied) email permission status will have the “Email Permission” set to Yes. However, if our client defines themselves as being an EU company, a person with an unknown (implied) email permission status will have the “Email Permission” set to No.
Simply stated, if our client is in Canada, all unknowns follow CASL Regulations. If the client is in the EU or the UK, all Unknowns follow GDPR regulations and if our client is in some other country, unknowns will follow CAN-SPAM regulations.
Any of our clients can choose which of the three paths to follow. So even if our client is headquartered in Michigan, they can choose to follow the Canadian Identification and CASL regulation path.
Email Permission Status
Ascent360 will set the “Email Permission Status” field based upon our understanding of the intent of the individual through the source system from which we have received their data. Some systems, like Springer Miller Systems, include an “Explicit Opt-Out” field which we will use to add a hard opt-out to the record. Springer Miller Systems does not have an “Explicit Opt-In” field, so every record that comes in to our system that does not have a hard opt-out will be marked with an “Unknown” or “Implied” opt in. This does not necessarily mean that we can communicate with the individual as CASL or GDPR laws may exclude us from doing so.
100% of the records that come in with an email address will be marked as either Yes, No or Unknown (Explicit Yes, Explicit No or Implied). Ascent360 will also tag the source of the record and the date of the source.
Multiple Sources of Opt-In Data
Many of the individuals in our solution will come from multiple sources. Individuals records may show an explicit opt-out, explicit opt-in or implied opt-in. Ascent360 will merge these sources and only use the most recent explicit yes or explicit no. This means that an explicit yes that comes in AFTER an explicit no will override the explicit no. Similarly, an explicit no that comes in after an explicit yes will also override the explicit yes.
An implied or unknown cannot override an explicit yes or an explicit no.
Ascent360 saves 100% of the records that we are sent by all source systems. This means that the email permission status will be based upon the entire history of data from all sources. As noted above, an individual may enter the database with implied permission, may then opt out, and may then opt back in.
Final Email Permission
As noted in the definitions, Ascent360 has a field called “Email Permission” which is the final authority to determine if we are able to communicate with an individual via email. This field is set to either Yes or No. If the field is set to No, our system will not allow you to send email to the individual.
The table below shows all the permutations of Client Country, SPAM Law Authority, Email Permission Status, and Transaction Past 23 Months which then fully identifies what the Final Email Permission should be.
Client Country | SPAM Law Authority | Email Permission Status | Transaction Past 23 Months? | Email Permission |
Client Identifies as Canadian Company | CAN-SPAM | Explicit No | n/a | No |
Client Identifies as Canadian Company | CAN-SPAM | Explicit Yes | n/a | Yes |
Client Identifies as Canadian Company | CAN-SPAM | Implied | No | No |
Client Identifies as Canadian Company | CAN-SPAM | Implied | Yes | Yes |
Client Identifies as Canadian Company | CASL | Explicit No | n/a | No |
Client Identifies as Canadian Company | CASL | Explicit Yes | n/a | Yes |
Client Identifies as Canadian Company | CASL | Implied | No | No |
Client Identifies as Canadian Company | CASL | Implied | Yes | Yes |
Client Identifies as Canadian Company | GDPR | Explicit No | n/a | No |
Client Identifies as Canadian Company | GDPR | Explicit Yes | n/a | Yes |
Client Identifies as Canadian Company | GDPR | Implied | No | No |
Client Identifies as Canadian Company | GDPR | Implied | Yes | No |
Client identifies as EU Company | CAN-SPAM | Explicit No | n/a | No |
Client identifies as EU Company | CAN-SPAM | Explicit Yes | n/a | Yes |
Client identifies as EU Company | CAN-SPAM | Implied | n/a | No |
Client identifies as EU Company | CASL | Explicit No | n/a | No |
Client identifies as EU Company | CASL | Explicit Yes | n/a | Yes |
Client identifies as EU Company | CASL | Implied | No | No |
Client identifies as EU Company | CASL | Implied | Yes | Yes |
Client identifies as EU Company | GDPR | Explicit No | n/a | No |
Client identifies as EU Company | GDPR | Explicit Yes | n/a | Yes |
Client identifies as EU Company | GDPR | Implied | n/a | Yes |
Client Identifies as Non EU / Canada Company | CAN-SPAM | Explicit No | n/a | No |
Client Identifies as Non EU / Canada Company | CAN-SPAM | Explicit Yes | n/a | Yes |
Client Identifies as Non EU / Canada Company | CAN-SPAM | Implied | n/a | Yes |
Client Identifies as Non EU / Canada Company | CASL | Explicit No | n/a | No |
Client Identifies as Non EU / Canada Company | CASL | Explicit Yes | n/a | Yes |
Client Identifies as Non EU / Canada Company | CASL | Implied | No | No |
Client Identifies as Non EU / Canada Company | CASL | Implied | Yes | Yes |
Client Identifies as Non EU / Canada Company | GDPR | Explicit No | n/a | No |
Client Identifies as Non EU / Canada Company | GDPR | Explicit Yes | n/a | Yes |
Client Identifies as Non EU / Canada Company | GDPR | Implied | n/a | No |
Appendix A: Email Domain Extensions
Appendix A is a list of email Domain Extensions and which SPAM Law Authority they are associated with. Appendix B is a list of country codes and which SPAM Law Authority they are associated with. Please remember that a Country Code will override an Email Domain Extension.
EU | Country | SPAM Law Authority |
Austria | .at | GDPR |
Belgium | .be | GDPR |
Bulgaria | .bg | GDPR |
Croatia | .hr | GDPR |
Republic of Cyprus | .cy | GDPR |
Czech Republic | .cz | GDPR |
Denmark | .dk | GDPR |
Estonia | .ee | GDPR |
Finland | .fi | GDPR |
France | .fr | GDPR |
Germany | .de | GDPR |
Greece | .gr | GDPR |
Hungary | .hu | GDPR |
Ireland | .ie | GDPR |
Italy | .it | GDPR |
Latvia | .lv | GDPR |
Lithuania | .lt | GDPR |
Luxembourg | .lu | GDPR |
Malta | .mt | GDPR |
Netherlands | .nl | GDPR |
Poland | .pl | GDPR |
Portugal | .pt | GDPR |
Romania | .ro | GDPR |
Slovakia | .sk | GDPR |
Slovenia | .si | GDPR |
Spain | .es | GDPR |
Sweden | .se | GDPR |
United Kingdom | .uk | GDPR |
Europe | .eu | GDPR |
Canada | .ca | CASL |
Unknown | .com | CAN-SPAM |
Unknown | .net | CAN-SPAM |
Unknown | .org | CAN-SPAM |
All Others | .XXX | CAN-SPAM |
Appendix B: Country Codes
ISO Country Code | Country Name | SPAM Law Authority |
AUT | Austria | GDPR |
BEL | Belgium | GDPR |
BGR | Bulgaria | GDPR |
HRV | Croatia | GDPR |
CYP | Cyprus | GDPR |
CZE | Czech Republic | GDPR |
DNK | Denmark | GDPR |
EST | Estonia | GDPR |
FIN | Finland | GDPR |
FRA | France | GDPR |
DEU | Germany | GDPR |
GRC | Greece | GDPR |
HUN | Hungary | GDPR |
IRL | Ireland | GDPR |
ITA | Italy | GDPR |
LVA | Latvia | GDPR |
LTU | Lithuania | GDPR |
LUX | Luxembourg | GDPR |
MLT | Malta | GDPR |
NLD | Netherlands | GDPR |
POL | Poland | GDPR |
PRT | Portugal | GDPR |
ROU | Romania | GDPR |
SVK | Slovakia | GDPR |
SVN | Slovenia | GDPR |
ESP | Spain | GDPR |
SWE | Sweden | GDPR |
GBR | United Kingdom | GDPR |
CAN | Canada | CASL |
USA | United States | CAN-SPAM |
XXX | All Others | CAN-SPAM |