DMA: Data and Marketing Association
Consumer Help

Permission At A Glance: DMA’s Consumer Preferences & Choice Guidance

*Please note: this document is not intended to provide you with specific legal advice. You should ensure you review your compliance issues with your organization’s legal counsel.


Proper “permissioning” or obtaining proper consent by marketing channel is a critically important step in ensuring you are acting as a responsible marketer who honors consumers’ choices regarding their marketing preferences including providing promotional offers they want and stopping those they do not want to receive.

DMA’s number one consumer complaint has been that a consumer is receiving unwanted or improperly targeted marketing offers and a consumer would like to learn ways to reduce or stop the marketing offers from a particular company (or organization in the case of nonprofit fundraising.) Providing consumers with notice and choice is essential to foster strong trust between consumers and marketers.

This outline is intended to offer you basic guidance regarding the individual permission requirements by marketing channel.

As you review the particular channel, please ensure that you read the DMA’s Guidelines for Ethical Business Practice which details the more extensive requirements for DMA members by channel and the particular marketing ethics/compliance requirement. Click here for the latest DMA Guidelines for Ethical Business Practices, or contact ethics@thedma.org.

Types of Consent:

There are different ways to appropriately obtain a consumer’s consent. Some forms of consent and proof of consent are required by law as explained below. Consent can be broken into two categories: 1) “opt-in” consent or sometimes called explicit consent or advance permission, which means the consumer must provide his/her consent before the marketer is allowed to take the action (i.e., send the marketing promotion); or, 2) “opt-out” or implied consent which means a marketer may take the action until the consumer tells the marketer to stop.

Forms of obtaining consent may be: in writing; through a voice recording; through a valid email unsubscribe; through a valid check-box (not a pre-checked box, though!); via a signature line; via a text-back message; via an appropriate mobile app consent process; or through a formal written agreement depending upon the exact type of marketing channel. If you need “opt-in” to proceed before you take the marketing action, you must ensure you can prove the consent was obtained properly whether in writing, by voice recording or otherwise. Some countries, like Canada, even may require a date stamp/field of when the permission was received for email marketing.


Mail is an opt-out channel. Consumers may be sent marketing offers so long as the marketer does the following:

  • Provides a point of contact for the consumer where the consumer may modify their mail choices or opt-out of all future mailings. This option should be provided via a toll-free number, your company website, an email or mailing address. There should be no cost for a consumer to opt-out. Please provide such contact in an easy and readily accessible way for consumers to contact you with their marketing preferences.
  • The marketer must ensure the mailing list used for your future prospects has been run against a suppression system that includes scrubbing your file against your own internal do-not-contact file and uses the DMA’s suppression file known as the DMAchoice suppression file (this includes caretakers and deceased individuals’ name and addresses.) This will ensure you are not mailing wastefully to an individual who has specifically asked to stop receiving mail from your organization and that you are following and honoring the consumers’ marketing preferences.


Email marketing solicitations (not transactional or informational emails) are covered under the U.S. federal CAN-SPAM Act, meaning a marketer may send an email to an individual without prior consent, but the marketer must have a functioning unsubscribe within the marketing email message that allows the recipient to opt-out immediately from future marketing emails. Companies must honor unsubscribe requests within 10 business days.

The DMA advises that advance email permission is best since email marketing as a channel is subject to unique Internet delivery rules by Internet Service Providers (ISPs) to protect their users and their online delivery systems against illegal spam. Legitimate marketers may get caught up in spam traps and other methods used to prevent spammers in the global fight against spam scammers, and they may find their marketing campaigns cannot be executed due to a spam block. There are services a marketer may use to ensure their email lists are identified and authenticated, and the use of such protocols is essential to ensure proper email delivery.

The FTC’s CAN-SPAM rules are located here and the FTC’s compliance guide can be found here.

Canada has also passed anti-spam legislation (CASL) which creates specific rules for email marketing to Canadian subscribers. It follows a more permission-based model. The DMA Email Experience Council (eec) has additional guidance in this area: A Digital Marketer’s Guide to Canada’s Anti-Spam Law “CASL”.

The eec also has created a Guide to Email Marketing Compliance that covers anti-spam and data protection regulations in 77 jurisdictions.

Email “Appending”:

Legitimate marketers may decide to improve their data by appending an email address provided by a third party to their existing records. However, a marketer must ensure the source of the email they are working with is a legitimate source and that it has obtained prior permission from the email recipient for the use of their email by such a third party for future email marketing uses. Otherwise, without proper permissions in place, the marketer can face the same issues of potentially being blocked for spamming. A prior business relationship with the email recipient is acceptable under DMA Guidelines.

Marketers must not send a Mobile Service Commercial Message (MSCM is an email message sent to an email address on an Internet domain of a wireless carrier) to appended emails that belong to mobile devices since prior express authorization is required. Marketers must not send commercial email messages to wireless devices without prior consent.


A marketer cannot send an unsolicited fax (also called “junk fax”) without an opt-in by the recipient. Business can only send a fax if the recipient gave permission. In all other instances, there must be both an established business relationship between you and the fax sender (based on an inquiry, application, purchase or transaction) and the sender must have obtained your fax number in one of the following ways:

  • Directly from you within the context of the established business relationship – for example, as part of an application, contact information form or membership renewal form.
  • From a directory, advertisement or web site to which you voluntarily agreed to make the number available for public distribution, and the sender has taken reasonable steps to verify that you consented to have the number listed.
  • From your own directory, advertisement or Web site, unless you have noted on such materials that you do not accept unsolicited fax advertisements.

Fax advertisements sent as part of an established business relationship must include a notice informing you of your right to avoid future faxes and instructions for making an opt-out request.

A fax sender may not send fax ads based on obtaining your fax number in the ways described above without also having an established business relationship with you.

An “established business relationship” or EBR is “a prior or existing relationship formed by a voluntary two-way communication between a person or entity and a business or residential subscriber with or without an exchange of consideration [payment], on the basis of an inquiry, application, purchase or transaction by the business or residential subscriber regarding products or services offered by such person or entity, which relationship has not been previously terminated by either party.”

Each fax must include specific items:

  • the date and time of the transmission;
  • the identity of the sender;
  • the telephone number of the sender or the sending machine;
  • an opt-out notice with opt-out instructions. (Opt-out must occur within 30 days.)

The Federal Communications Commission regulates the use of telephone facsimile machines. You may view the FCC’s fax rules here.


A marketer may call a consumer with an unsolicited marketing offer unless the recipient’s phone number is on the national do-not-call list registry (B2B calls are exempt.) Telemarketing calls are regulated by the Federal Trade Commission, the Federal Communications Commission and the states. An individual may register their personal landline or cell phone/mobile number on the national registry. Telemarketing calls may not be made to cell phones in addition to landlines since they are added to the registry. Click here for more information.

Marketers may not call these numbers and must ensure they are using the appropriate telephone number suppression process prior to initiating a calling campaign to ensure they do not illegally contact a number that is on the registry. Click here to view the rules for telemarketing.

Charities who conduct their own telemarketing are not covered by the Telemarketing Sales Rule. However, for-profit telemarketers who solicit contributions on their behalf are covered:

Telefunders must:

  • make certain prompt disclosures in every outbound call.
  • get express verifiable authorization if accepting payment by methods other than credit or debit card.
  • maintain records for 24 months.
  • comply with the entity-specific Do Not Call requirements, but are exempt from the National Do Not Call Registry provision.
  • include a prompt keypress or voice-activated opt-out mechanism in any prerecorded message call on behalf of a non-profit organization to a member of, or previous donor to, the non-profit.

Telefunders may not:

  • make a false or misleading statement to induce a charitable contribution.
  • make any of several specific prohibited misrepresentations.
  • engage in credit card laundering.
  • place “cold” calls that deliver prerecorded messages.
  • engage in acts defined as abusive under the TSR, such as calling before 8 a.m. or after 9 p.m., disclosing or receiving consumers’ unencrypted account information, and denying or interfering with a consumer’s right to be placed on a Do Not Call list.

Sometimes a marketer may not realize they are calling a wireless device. Consumers can “port” their numbers to a wireless device. Thus, a number that is safe to call today may be illegal to call tomorrow.

To determine if a number belongs to a landline or a wireless device, go here and obtain the Wireless Block Identifier (identifies the more than 400 million numbers that will be, or are already are assigned to wireless devices) and the Wireless-Ported Numbers File (this identifies the more than 400,000 ported numbers.) There is a Safe Harbor if you call a ported number. The Safe Harbor grants a 15-day time period in case you call a number mistakenly. To qualify for the Safe Harbor, the call must be a voice call, the marketer does not knowingly call wireless numbers, and the calls are made within 15 days of the port.

Mobile Devices:

Marketers should not be sending a commercial marketing message to a mobile device without the individual’s prior express consent. Mobile as a device is unique in that it can include other digital channels—email texting and online access in addition to voice calling. It also provides access to online websites and online apps. This means that you need to default to “prior express consent,” when you are sending a marketing solicitation to mobile devices for each campaign and you should have a clear mobile privacy policy with accessible choices for consumer preferences. Assuming you have obtained prior express consent, every mobile marketing message sent should include a simple and easy to use mechanism where an individual can opt-out of future mobile marketing messages. (Where possible, the opt-out should operate via a text reply message.)

Please note that location-based mobile marketing requires prior express consent and you must ensure you obtain prior express consent if you are sharing location-based data with third parties


The FCC treats text messages and short message services (SMS) messages sent to a wireless device the same as calls subject to the Telephone Consumer Protection Act (TCPA). Such messages include phone-to-phone text messaging and SMS messaging sent to a pager. Thus, unless you have prior express consent or it is an emergency, it is illegal to use an automatic dialing system to send text or SMS messages to cell phones or other wireless devices. DMA’s Guidelines prohibit a marketer from sending text messages to a wireless device without such prior express consent.

“Robocalls” and Automated Dialers/Texting:

Hundreds of thousands of robocalling complaints by consumers led to a stringent regulatory regime for marketers who wish to use an “auto-dialer” to contact consumers for both marketing offers and informational contacts. This includes mobile marketing and texts sent via an automated dialer process. The section below outlines the rules governing robocalls and related issues:

Political “Robocalls:”

The TCPA also restricts political campaign-related calls, texts, and prerecorded voice calls (robocalls).
Political campaign-related prerecorded voice or autodialed calls (including autodialed live calls, prerecorded voice messages, and text messages) are:

  • Prohibited to cell phones, pagers, or other mobile devices without the called party’s prior express consent.
  • Prohibited to the protected telephone lines noted in the TCPA and the rules (e.g., emergency or toll-free lines, or lines serving hospitals or similar facilities), unless made with the called party’s prior express consent.
  • Permissible when made to landline telephones, even without prior express consent.

All prerecorded voice message calls, campaign-related and otherwise, must include certain identification information:

  • The identity of the business, individual, or other entity initiating the call (and if a business or corporate entity, the entity’s official business name) must be stated clearly at the beginning of the message; and
  • the telephone number of the calling party must be provided either during or after the message.

More information regarding the FCC’s enforcement of rules related to political campaign robocalls can be found here.

Robocalls & Autodialers:

The definition of an autodialer is “technology with the capacity (meaning a potential ability to dial random or sequential numbers) to dial random or sequential numbers,” even if the technology is not currently being used for that purpose. It includes predictive dialers, technology with the capacity to be adapted to make autodialed calls in the future, and equipment that can send Internet-to-phone text messaging.

In order to contact a consumer using such methods, a marketer must first obtain the recipient’s prior express written agreement, this is the highest standard of prior consent.

Consent may not be implied or presumed, the presence of a wireless telephone number in a contact list on another wireless number does not constitute consent for an autodialed or prerecorded call or text.

Further, a marketer must provide an in-call mechanism so that the call recipient can use it to be placed on the company’s do-not-call list during each prerecorded call, or provide an opt-out mechanism within each text.

A consumer may revoke their consent at any time through any reasonable means.

Please Note: Telemarketing, Robocalls & Autodialers “clarified” rules by FCC:
Nonprofit organizations use telemarketing for inbound and outbound fundraising as an important marketing channel. Due to an increase in bad actor activity with robocalls on mobile devices, the FTC & FCC have taken a sharp look at current rules. As a result, new clarifications issued in July 2015 must be reviewed by nonprofit organizations to ensure compliance.

On July 10, 2015, the Federal Communications Commission (“FCC”) released the text of its omnibus Declaratory Ruling and Order (“TCPA Declaratory Ruling and Order”) which the Commission adopted by a 3-2 vote almost a month earlier, on June 18, 2015.

In the ruling, the FCC responded to 21 petitions by a number of companies and trade associations, including the DMA, regarding the requirements of the Telephone Consumer Protection Act of 1991 (“TCPA”). The ruling, which applies to phone, text, mobile outreach, redefines the equipment definition for “autodialer,” specifies liability for calls to “reassigned” telephone numbers, allows callers to contact the reassigned number one time (only) to confirm whether or not the number has been reassigned, provides consumers with a right to revoke consent (as required by TCPA) by any “reasonable” means, and establishes new exceptions for financial and healthcare-related calls. The ruling clarifies that carriers and VoIP providers are allowed to implement call blocking technologies upon the request of consumers who want to use such technologies to block unwanted calls. It permits entities to send a one-time text immediately in response to a consumer’s request for information, and provides an additional 90 days to replace prior consents (a DMA petition request) with consent obtained using the language required in the FCC changes that took effect in October, 2013.

Member Issue – Reassigned Numbers: If an individual changes their assigned number, how would the caller/seller know not to call that number without proper consent? Individuals do not always alert the caller when they change numbers, and there is no single database that tracks every consumer and his/her number. Callers fear they could face TCPA liability if they mistakenly call a reassigned number.

(Federal Communications Commission, In the Matter of Rules and Regulations Implementing the TCPA of 1991, FCC 15-72, 7.10.15)
“The FCC finds that where a caller believes he has consent to make a call and does not discover that a wireless number had been reassigned prior to making or initiating a call to that number for the first time after reassignment, liability should not attach for that first call, but the caller is liable for any calls thereafter. The caller, and not the called party, bears the burden of demonstrating: (1) that he had a reasonable to basis to believe he had consent to make the call, and (2) that he did not have actual or constructive knowledge of reassignment prior to or at the time of this one-additional-call window we recognize as an opportunity for callers to discover reassignment.

We emphasize that the TCPA does not prohibit calls to reassigned wireless numbers, or any wrong number call for that matter. Rather, it prescribes the method by which callers must protect consumers if they choose to make calls using an autodialer, a prerecorded voice, or an artificial voice. In other words, nothing in the TCPA prevents callers from manually dialing. Callers could remove doubt by making a single call to the consumer to confirm identity. Even if the consumer does not answer, his or her voicemail greeting might identify him or her. Callers can also email consumers to confirm telephone numbers. Consumers who receive the types of messages Petitioners describe, such as bank and health- related alerts to which they have consented, can reasonably be expected to respond to such email requests to inform callers about number reassignments. In other words, callers have options other than the use of autodialers to discover reassignments. If callers choose to use autodialers, however, they risk TCPA liability. Consumers switched numbers at the time Congress passed the TCPA and callers undoubtedly called wrong numbers, yet we see nothing in the law or legislative history suggesting that Congress intended lesser—or no—protection for the unfortunate consumer who inherited a new number or happened to be one digit off the intended number.

A caller might obtain actual knowledge of reassignment in a number of ways, such as by the called party informing the caller that he or she is a new subscriber to the number or that the caller has reached a wrong phone number, by accessing a paid database that reports the number as having a high probability of reassignment, by a caller’s customer reporting a new phone number prior to receiving a call, or by receiving information from a wireless carrier that the number is no longer in service or has been reassigned. A caller receives constructive knowledge of reassignment by making or initiating a call to the reassigned number, which often can provide a reasonable opportunity for the caller to learn of the reassignment in a number of ways, including by hearing a tone indicating the number is no longer in service or hearing a name on a voicemail greeting that is different from the name of the party the caller intended to call.

In other words, callers have options other than the use of autodialers to discover reassignments. If callers choose to use autodialers, however, they risk TCPA liability. Consumers switched numbers at the time Congress passed the TCPA and callers undoubtedly called wrong numbers, yet we see nothing in the law or legislative history suggesting that Congress intended lesser—or no—protection for the unfortunate consumer who inherited a new number or happened to be one digit off the intended number.”

To review the FCC’s overview of the rules regarding robocalls and automated texting restrictions, click here.

Digital Ads

General Online Ads:

Consumers do not always understand that there are different types of online ads they are viewing. There are general ads served to broad audiences that are used to support news, email, game sites, social media etc. These online ads are not “targeted” or served to specific consumers/computers or mobile devices in a unique manner. Since this is akin to general mass marketing messages (such as television or radio ads) specific permission is not required for such general ads. Marketers must pay attention to ensuring the ad copy, terms and conditions of the offer meet other DMA Guidelines, however.

Interest-based Ads (IBA):

This is an online ad that is served to consumers based on their browsing history. This practice is used to bring relevant marketing messages to consumers online and is called Interest-based ads (IBAs). IBAs may be sent without prior consumer permission so long as there is the ability for an individual to opt-out of such ads in the future. A consumer must be provided an ability to opt-out of future interest-based ads through notice and choice whereby they may opt-out of such ads by opting out via the Digital Advertising Alliance icon program.

Marketers and their third parties (ad networks and others involved in sending the ad to a particular computer or device) should sign up at here to obtain the IBA icon license agreement so that they can join the cross-industry self-regulatory coalition, the Digital Advertising Alliance (of which the DMA is a founding member and one of the enforcing bodies) and to support its principles.

Companies that collect and use data across sites or apps for interest-based advertising (IBA) are required to comply with DAA’s Principles in the mobile environment (i.e. DAA Mobile Guidance) and across devices. These principles apply to precise location data, personal directory data and cross-app data, and build upon the effective self-regulation program led by DMA for over six decades. Consumers can download the appropriate app from the DAA mobile choice opt-out page and the DAA’s mobile app (available on the Apple Store, Google Play, and Amazon’s Appstore). These are the consumer facing tools for the mobile guidance, providing the transparency and choice that comes with industry self-regulation. Further, we require compliance with DAA transparency and control principles for consumer choice to opt-out of cross-device tracking which identifies which digital channels are most successful across devices—this is how platforms, publishers and ad tech companies try to identify Internet users across smartphones, tablets and desktop computers. Click here for more information.

For consumers who wish to opt-out of IBAs served on their computer or laptop, they can download the appropriate opt-out plug-in that applies to their computer or desktop browser (Chrome, Firefox or Internet Explorer) at: www.aboutads.info/PMC. If the consumer chooses to opt-out without downloading the plug-in then they need to make sure their browser is set up to keep cookie history. If the cookies are deleted then it will also delete the opt-out cookie.

Contact Us:

For questions or comments about this report, write to:
Data & Marketing Association (DMA)
Ethics & Accountability Department
225 Reinekers Lane, Suite 325, Alexandria, VA 22314

To download and print this marketing permission guidance information, click here.