[helloguillecl]

Question: How do I prove to the authorities that a subscriber has given consent?

I imagine that an attribute on my "users" table is not enough?

[marcosdumay]

In any reasonable law, you would prove that your procedures require consent before you start sending the emails. If you have to prove things about a specific user, you are already on unreasonable land.

(But then, I have no idea what places have reasonable rules. I have never seen any with this specific failure for email, but IANAL and I haven't looked much.)

[helloguillecl]

Actually this sounds like common law to me. But yes, this should be enough to me.

However, if I consent to a User Agreement, do you really think they keep a copy of the specific version of the User Agreement I accepted?

[marcosdumay]

They almost certainly keep a copy of that specific version of the UA. They also very likely keep a log of you agreeing to it. And probably none of those would matter in a court (what you actually say on your site and how reasonable the document is certainly matter a lot more).

Anyway, UA acceptance does not require and does not imply in opt-in to your marketing emails.

[dbg31415]

“Double Opt In” is the way to go.

They sign up, then you send them an email and track when they hit the “I approve” link.

[cuu508]

Watch out, if you get a HTTP GET request on the approve link, it could be the mail provider scanning for malware, not the user. You may need triple opt in :-)