What Is Opt-In? Differences from Opt-Out and Legal Considerations for Email Marketing
"Opt-in" is a foundational concept in email marketing that refers to a user giving prior consent to receive newsletters or commercial advertising emails. In Japan, sending commercial advertising emails such as newsletters generally requires obtaining opt-in consent under the Act on Regulation of Transmission of Specified Electronic Mail. Failing to do so can result in administrative orders or fines.
This article walks through what opt-in is, how it differs from opt-out, the relevant laws (the Act on Specified Electronic Mail, the Act on Specified Commercial Transactions, and the Act on the Protection of Personal Information), display obligations to keep in mind when sending email, how double opt-in works, penalties for violations, and the practical points to watch out for in operations. It is intended both for newsletter operators just starting out and for teams already running programs who want to revisit compliance.
Opt-in refers to a user voluntarily giving prior permission or consent to receive advertising or promotional messages such as email or SMS, or to allow the use of their personal information. The term combines the English words "opt" (to choose) and "in" (to participate), and in Japanese is translated as "prior consent" or "permission to receive."
In the email marketing context, a typical opt-in is when a user actively ticks a checkbox to subscribe to a newsletter or to receive promotional email. Because the recipient actively chooses to subscribe, senders can reach only customers with high interest, which tends to lift both open rates and conversion rates.
Obtaining opt-in is legally required mainly for sending email or SMS for the purpose of "advertising or promotion." Specifically, this includes newsletters, announcements of new products and campaigns, sale and coupon notifications, and service introduction emails. Even B2B sales emails directed at corporate recipients are generally subject to the Act on Specified Electronic Mail when they have a promotional purpose, so prior consent is required.
On the other hand, transactional notices to parties with an ongoing business relationship, billing notices, account-creation or order-confirmation emails, and seasonal greetings without any promotional intent are considered outside the scope of the Act. If even part of the email contains advertising or promotional elements, however, it falls within scope. When in doubt, the safer practice is to obtain opt-in consent.
One variation of opt-in is "double opt-in." In this two-step model, the user enters their email address in a form and then must click a link in an automatically sent confirmation email before delivery actually starts. Compared to single opt-in, double opt-in helps prevent fraudulent signups and typos, and tends to keep list quality higher.
Double opt-in is not legally required, but it is recommended for delivery to overseas audiences (for example, GDPR compliance) and for high-quality email marketing where you want to suppress misdelivery and complaint risk. While the extra step slightly reduces signup rates, it builds a list of more highly engaged customers.
Opt-out is the opposite of opt-in and refers to "refusing after the fact." In email marketing, it describes when a user who has been receiving newsletters or promotional emails later expresses the wish to stop receiving them. The typical example is clicking the "unsubscribe here" link at the bottom of a newsletter.
As a delivery model, "opt-out" sending refers to delivering email without obtaining the recipient's prior consent and stopping delivery only when the recipient explicitly refuses. While this is common in countries such as the United States, in Japan the 2008 amendment to the Act on Specified Electronic Mail made it generally prohibited for advertising or promotional emails.
The biggest difference between opt-in and opt-out lies in the "timing of consent" and "who holds the initiative." Opt-in is a model of "prior consent" in which the user grants permission before delivery, with the initiative on the user's side. Opt-out is a model of "refusal after the fact" in which delivery continues until the user objects, with the initiative on the sender's side.
Under Japan's current legal framework, advertising and promotional emails must be opt-in, and opt-out is preserved as a right that users can exercise at any time after consenting. In other words, businesses must "obtain permission before sending (opt-in) and make it easy to stop (provide opt-out mechanisms)" — both are required.
The advantages of opt-in are that you only deliver to interested customers, which yields higher open and click rates and reduces the risk of being flagged as spam, plus the fact that you remain compliant with the law. The disadvantages are that building a list takes time, and that designing the form, consent flow, and operations requires a certain amount of effort.
The advantage of an opt-out model is that list-building takes little effort and large-scale delivery can begin quickly. However, in Japan, using it for advertising and promotional emails is in principle illegal, with serious downsides including brand damage, complaints and reports, and exposure to penalties. Operators who deliver advertising and promotional emails inside Japan must use the opt-in model.
To operate opt-in correctly, you need to understand the relevant laws. The three primary laws email marketing professionals should be familiar with are the Act on Specified Electronic Mail, the Act on Specified Commercial Transactions, and the Act on the Protection of Personal Information.
The Act on Specified Electronic Mail (formal name: Act on Regulation of Transmission of Specified Electronic Mail) was enacted in 2002 as a measure against spam, and the 2008 amendment introduced opt-in regulation. It defines email sent for advertising or promotional purposes as "specified electronic mail" and obligates senders to obtain prior consent, display sender information, and provide a means to unsubscribe.
The Act covers not only email but also SMS (short messaging service) sent via phone numbers. It applies to all senders, corporate or individual, who send messages for advertising or promotional purposes. The Act is jointly administered by the Ministry of Internal Affairs and Communications and the Consumer Affairs Agency, and provides for administrative orders and penalties in cases of violation.
The Act on Specified Commercial Transactions (the Specified Commercial Transactions Act) sets out the rules that operators must follow for transaction types prone to consumer disputes, such as door-to-door sales, mail-order/online sales, and chain marketing. For email advertising, it generally prohibits sending to recipients who have not requested or consented to receive such messages, providing opt-in regulation alongside the Act on Specified Electronic Mail.
While the Act on Specified Electronic Mail broadly targets email senders, the Specified Commercial Transactions Act regulates email advertising in specific transactions such as those by mail-order operators. The two laws function as a dual safety net, and EC sites and mail-order operators must comply with both.
The Act on the Protection of Personal Information aims to ensure the appropriate handling of personal information and the protection of individuals' rights and interests. Because email addresses are in principle considered personal information, email marketing falls within the scope of this law.
Under the Act, providing personal data to third parties generally requires the prior consent of the individual (opt-in). "Third-party provision via opt-out," which allows provision after notification or public announcement, is also permitted, but its requirements have been tightened (for example, it cannot be applied to sensitive personal information or to personal information acquired by improper means). Care is also needed across notification of purposes of use, security measures, responses to disclosure requests, and the entire lifecycle of acquiring, storing, and using mailing lists.
To collect opt-in consent in a legally valid way, it is critical to make clear what the user is consenting to. Concretely, the basic approach is to display text such as "I agree to receive newsletters and promotional email" on the registration form and require the user to actively turn on a checkbox themselves.
A pre-checked design that obtains consent without the user noticing tends to lead to disputes and is explicitly invalid under European regulations such as GDPR. Even in Japan, it is unlikely to be regarded as substantive consent, so always require the user to turn on an empty checkbox themselves.
Under the Act on Specified Electronic Mail, you are required to display the following information in the body of every delivered email. First, the name of the sender (the formal business name; the service name alone is insufficient). Second, a notice that the recipient may refuse delivery, together with a specific email address or URL for unsubscribing. Third, the sender's address (either directly in the body or clearly accessible from a linked contact page). Fourth, contact information — a telephone number, email address, and URL — for receiving complaints or inquiries.
If any of these are missing or links are broken, the email may become subject to administrative action. The safest approach is to consolidate the required items in a fixed header or footer when designing your newsletter template.
Even for recipients from whom you have obtained opt-in consent, you are legally required to provide an opt-out mechanism that lets them stop delivery at any time. Specifically, at the top or bottom of each email, you must display "Unsubscribe here" or similar wording, along with the email address or URL where the user can unsubscribe, in a position they can easily find.
When a user requests to unsubscribe, you must promptly stop sending to that address. Continuing to send after a request fails to be honored constitutes a legal violation and exposes you to administrative action. Regular checks are essential — confirm that unsubscribe links are not broken and that the unsubscribe flow can be completed in one or two clicks.
Keeping records of when consent was obtained, where (which form) it was obtained from, and what the consent covered (which type of newsletter, campaign content, and so on) is both an obligation under the Act on Specified Electronic Mail and a critical evidence trail for proving you obtained consent through legitimate procedures in the event of a complaint or dispute.
Email delivery and marketing automation tools generally include features that automatically record consent logs. If you manage records in spreadsheets or in-house systems, at minimum store the email address, the date and time consent was obtained, the source where it was collected, and the wording of what was consented to, in a form that can be searched and exported later.
The most common approach is to place a consent checkbox on registration forms, document download forms, contact forms, or newsletter signup pages. Add wording that clearly describes the content of the delivery, such as "I agree to receive newsletters and campaign information," and provide a link to a more detailed privacy policy and statement of purposes of use.
What matters is keeping consent for the primary purpose (downloading materials or registering as a member) separate from consent to receive newsletters. Avoid bundling newsletter consent inside a checkbox like "I agree to the handling of personal information," and obtain a separate, independent consent for each delivery purpose.
A double opt-in setup, in which a confirmation email is sent immediately after registration and delivery only begins after the user clicks the link inside it, helps prevent fraudulent signups and typos. It is particularly recommended for delivery to overseas audiences and for high-ticket products where list quality matters.
The body of the confirmation email should clearly state the registration details (newsletter name, delivery frequency, how to unsubscribe) and use a design where signups left untouched do not start delivery. A common practice is to treat registration as incomplete if no click occurs within a certain window (for example, 72 hours).
When email addresses are collected offline — in-store registration, business card exchanges at trade shows or seminars, paper questionnaires — you still need to obtain opt-in consent. Add a checkbox such as "I agree to receive newsletters and promotional email" to the application form, and have users tick it themselves.
Note that simply exchanging business cards is not generally considered to constitute opt-in consent for newsletters. Sending bulk advertising and promotional email to addresses on business cards exposes you to risk of violating the Act on Specified Electronic Mail. When following up after a trade show, the safe approach is to either obtain opt-in consent separately or to keep follow-up to individualized, transactional thank-you messages.
When the Act on Specified Electronic Mail is violated, the Minister for Internal Affairs and Communications or the head of the Consumer Affairs Agency first issues a measures order. Failure to comply with the order, or particularly malicious violations such as falsifying sender information, may result in criminal penalties — up to one year of imprisonment or a fine of up to one million yen for an individual, and a fine of up to thirty million yen for a corporation.
Because the details of penalties and how the law is applied may be revised through future amendments, always check the latest provisions in the official guidelines from the Ministry of Internal Affairs and Communications and the Consumer Affairs Agency. Working with your compliance team to revisit operating rules whenever the guidelines are updated provides peace of mind.
More serious than the legal penalties are the business risks. If you continue to send email without consent, an increase in spam reports leads to the sending domain being blacklisted by mail servers, and "deliverability collapse" sets in — even legitimate emails fail to arrive. Once damaged, sender reputation can take months to recover.
On top of this, the reputation of being "a company that sends spam" — amplified through social media and word of mouth — directly damages the brand. Compliance is not merely an obligation; it is the very infrastructure that allows email marketing to function as a long-term revenue source.
Practices such as "pre-checking the box" or "bundling consent to the terms of service together with consent to receive newsletters" cause users to consent without being aware of it. They are unlikely to be treated as substantive consent and become a frequent cause of complaints and administrative guidance. Always start with an unchecked box and provide separate checkboxes for each delivery purpose.
Sending unrelated content — such as a real estate investment pitch — to users who consented to "new product information" can be deemed delivery beyond the scope of consent and may constitute a violation. Match what you actually send to the content disclosed at the time of consent (theme, frequency, type), and re-obtain consent if you start delivering on a new theme.
Reusing email addresses collected several years ago, or customer lists inherited through mergers or acquisitions, is risky. If the consent wording or collection channel differs from your current operation, the data may not meet the consent requirements of the current law. When using older lists, the safe path is to re-confirm opt-in or to refrain from using them.
Sending email to users in the EU triggers compliance obligations under GDPR (the EU's General Data Protection Regulation), which imposes stricter consent requirements than Japan's Act on Specified Electronic Mail, including clear statements of the purpose of data use and responses to data deletion requests. Companies expanding globally and cross-border EC operators should review the laws of each delivery country and consider designs that separate tools and policies by region as needed.
Opt-in is the user's affirmative consent to receive advertising and promotional email in advance. In Japan, obtaining opt-in is in principle mandated by the Act on Specified Electronic Mail, the Specified Commercial Transactions Act, and the Act on the Protection of Personal Information. Violations can result in fines of up to thirty million yen and administrative action. At the same time, you must provide an opt-out mechanism that lets recipients unsubscribe at any time, even after consenting.
It is the responsibility of every email marketing professional to bake the basic rule — "obtain permission before sending and make it easy to stop" — into the design of their registration forms, sender information, unsubscribe flows, and consent log management. Compliance is not just an obligation; it is also the foundation that drives open and deliverability rates and ultimately produces results. Use this article as a reference to verify that your operating rules are consistent with current law. Because penalties and provisions can change with future amendments, always confirm the latest guidelines from the Ministry of Internal Affairs and Communications, the Consumer Affairs Agency, and the Personal Information Protection Commission before putting changes into practice.
Learn what step emails are, how they differ from newsletters, the 5-step scenario design process, industry-specific exam...
Learn what HTML email is and how it differs from plain text, with a 5-step build process (goals, wireframe, coding, test...
The OODA loop is a four-step framework—Observe, Orient, Decide, Act—for fast, high-quality decisions. Learn how it diffe...
