Build a legitimate contacts database for optimal deliverability and compliance

EmailsSMS, and WhatsApp are some of the most effective marketing channels when used correctly. However, since they are personal and intrusive channels, you have to ensure your imported contact lists comply with specific rules to be considered legitimate

Before you start

  • Check our Getting started with Contacts guide to learn more about the initial steps and best practices to help you successfully import and manage your contacts.
  • This article is for illustrative purposes only. It does not constitute a recommendation or legal advice. In any case, if you are unsure if your contact list is legitimate, do not import it into Brevo. Brevo may suspend any account that won’t comply with our Terms of Use and best practices.
    ➡️ Check our Terms of Use and best practices (Email, SMS, WhatsApp), or contact our support team
  • A legitimate contact list does not allow you to send mass communication campaigns to all those contacts. Ensure you segment your contacts database before sending your campaigns to avoid soft and hard bounces, and therefore a suspension of your account. To learn more, check our dedicated articles for email, SMS, and WhatsApp.

What is a legitimate contact list?

At Brevo, we consider that a contact list is legitimate and can be imported into your database if it complies with our Terms of Use and best practices (EmailSMSWhatsApp) for digital marketing. Importing legitimate contact lists and following best practices can help avoid an account suspension

According to your type of business, B2C (Business to Consumer) or B2B (Business to Business), your contact list is considered legitimate in the following cases:

🏢 > 👤 B2C 🏢 > 🏢 B2B

✅ You import contacts who gave their consent to receive your communications (opt-in contacts). A consent is legitimate and compliant if:

  • Consent is freely given, specific, informed, explicit, and unambiguous. In some cases, it must also be active consent, such as checking a box or entering contact details in a subscription form, for example. To comply with the GDPR, the consent box must be unchecked by default.
  • Contacts know which type of communication they will receive and which communication channel in the subscription form.
  • It was made within the last two years.
  • You keep proof of your contacts' consent and it can be verified. For example, when your contacts fill in your subscription form created on Brevo, their consent is automatically recorded in your Brevo contact database under the OPT_IN or DOUBLE_OPT-IN attributes. 

✅ You import contacts with whom you already have a business relationship.

✅ You import contacts you gathered via a partner form (the name of my company must appear on the form, and the number of partners is limited to 10).

✅ You are an NGO (Non-governmental organization) and import all my members.

However, there are contact lists that are always forbidden to import into Brevo:

❌ Purchased, rented, borrowed, or third-party lists of email addresses;

❌ Contacts acquired by copying publicly visible email addresses from websites or social networks, such as LinkedIn (a.k.a. “scraping”).

❗️ Important

Local laws may have additional requirements. To ensure you comply with local laws imposed where your organization is established or where your customers might be located, we advise you to contact your legal counsel. Brevo shall not be responsible if your use of the Brevo services does not comply with those laws and regulations.

Examples of legitimate and non-legitimate contact lists

❗️ Important

In any case, if you are unsure if you can import your contact list, do not import it into Brevo and check our Terms of Use or contact our support team for more information.

To help you understand if your contact list is legitimate and complies with our Terms of Use, we have listed several situations in which your contact list can be considered legitimate or not:

Situation Legitimate? Explanation
When a customer buys products from my online or physical store, I always provide them with a link to my newsletter subscription form that they can fill out to choose which marketing communications they want to receive from my brand.  This situation is perfect! Customers can fill in the form themselves and choose which communications they want to receive.
One of my partners includes a checkbox on their subscription form and asks customers if they want to receive marketing communication from my company.  The name of your company must appear on the form, and it should be clear to customers that you are a partner. The maximum number of partners is 10.
After creating an account on my website, customers are redirected to a subscription form to choose if they want to subscribe to my newsletter and receive my marketing communications. Your subscription form has to contain an unchecked box that your customers must check themselves to indicate their consent to receive your marketing communications. To ensure that you respect the GDPR, the consent box must be unchecked by default.
My company participated in an event, and a team member could collect the email addresses of people who came to our stand. I want to send them an email since they seemed interested. The source that allowed you to collect this contact list doesn’t seem legitimate and is unknown. This list is then considered a third-party list that violates our Terms of Use. If your contacts did not subscribe to receive your marketing communication, you might receive complaints for abuse and hurt your deliverability and reputation.
I purchased a list of 2,000 contacts on the internet and and I’m planning on uploading it into my Brevo account to send marketing communications. Purchasing contact lists is illegal and violates our Terms of Use. In addition to this, the contacts whose information you have collected do not expect to receive your marketing communications. This can increase the number of abuse complaints and therefore hurt your reputation.
A friend of mine shared a list of contacts with me that he thinks might be interested in my products. I am considering uploading this list into Brevo. Similarly to purchased lists, shared lists violate our Terms of Use. The contacts whose information you have collected do not expect to receive your marketing communications. This can increase the number of abuse complaints and therefore hurt your reputation.
I copied the email addresses of people who might be interested in my service on LinkedIn. Since their email addresses are publicly visible, it is fine if I contact them. This method is called "scraping". Similarly to purchased and shared lists, scraped lists violate our Terms of Use. Using this list of contacts can increase the number of abuse complaints and hurt your reputation.
A client contacted me directly via email to ask for information about a product I'm selling. Since they are interested in this product, I want to send them newsletters about it. Your contact may be interested in this product, but they did not explicitly consent to receive bulk marketing emails. However, you can still send them a one-to-one email redirecting to your subscription form to ask for their explicit consent.
I retrieved a list of contacts from a political character containing the contact details of several people. Those contacts did not give their explicit consent to receive communications from an identified source. The fact that an email address was given to a Consulate or Embassy shall not be considered proof of consent.
I want to import a list of contacts into Brevo but realized that one of the email addresses is a role-based email address. Role-based email is a group address associated with a company, department, or group. These email addresses are often forwarded to a group of people and not a specific individual. Considering this, you won’t be able to receive explicit and verifiable consent from a role-based email address.
Two and a half years ago, I collected the consent of several contacts via a subscription form for my newsletter. Unfortunately, covid delayed the launch of my brand. I was finally able to open my store this week and want to send them a newsletter to share the news. Contact lists that have not been updated in the last two years are not considered compliant, as the contacts in those lists might not remember that they subscribed to this newsletter. Since they are not expecting this communication, sending them marketing communications might increase the number of abuse complaints and hurt your reputation.You can always send a one-to-one communication to share the news and include a link to your subscription form to confirm their consent.
I recently acquired a second brand. I want to send marketing emails to the contacts who subscribed to my first brand, as they might be interested in it. 🧐 Contacts who consent to receive marketing emails from your first brand do not necessarily want and expect to receive marketing emails from your second brand since they did not agree directly to receiving them. However, you can always send them a one-to-one email sharing the news and include a link to your subscription form for this second brand.
I met someone at an event, and they showed a good interest in my service and even shared their details with me. Since they were interested and shared their details, it is ok to send them marketing communications. 🧐 Since Brevo requires verifiable proof of consent from your contacts, you have to send one-to-one communications to any contacts you meet in person and share with them an electronic or paper subscription form. This will allow you to confirm their consent to receive your marketing communications and obtain proof of this consent. Verbal consent is not verifiable and does not respect our Terms of Use.
I imported all my employees' email addresses to send them emails. 🧐 As an employer, you are allowed to provide a list of your employees' business email addresses, but only in connection with employer-provided benefits, such as health insurance. You can always contact your employees in a one-to-one email to obtain their consent by sharing your subscription form and activating the double opt-in form to confirm their consent.
I just opened my company, and to grow my contact database, I want to import my friends, family, or past colleagues' contact details into Brevo. 🧐 Your current and past relationships with individuals do not constitute consent from them to receive bulk communication from your new brand. This method also doesn’t give you the opportunity to obtain verifiable consent from those contacts.However, you can send one-to-one communications to your past and current relationships and share with them an electronic or paper subscription form. This will allow you to confirm their consent to receive your marketing communications and obtain proof of this consent.
Some of my customers shared their details with me in-store but did not fill in a subscription form to receive my marketing communication. 🧐 Since there is no proof of their explicit consent to receiving your marketing communications, you cannot send newsletters to those contacts. However, you can send a confirmation email redirecting those contacts to your subscription form. This will allow you to confirm their consent to receive your marketing communications and obtain proof of this consent.

Specificities linked to SMS marketing

For SMS marketing, contacts need to give their explicit consent via an SMS subscription form. To ensure the best deliverability for your SMS marketing, ensure you follow our best practices that will also give you an idea of how to collect your contact consent for SMS marketing.

➡️ To learn more, check our dedicated article Best practices for SMS deliverability

Specificities linked to WhatsApp marketing

For WhatsApp marketing, contacts need to give their explicit consent given via:

  • SMS,
  • Website,
  • In a WhatsApp thread,
  • In a form,
  • By phone (using an interactive voice response (IVR) flow),
  • In-person or on paper (customers can sign a physical document to opt-in).
❗️ Important

Consent to receive marketing communications is channel based. For example, it is forbidden to send SMS marketing communications to a customer who only agreed to receive your marketing communications over WhatsApp even if you have their phone number. 

➡️ To learn more, check our dedicated article Collect your contacts' consent for WhatsApp messages.

How to know if a contact is subscribed to my marketing communications?

To know if a contact is currently subscribed to your marketing communications, you can check their subscription status directly from the Contacts page or from their details page:

❗️ Important

The OPT_IN and DOUBLE_OPT-IN attributes do not control whether a contact is subscribed to your marketing communications:

However, you can use these attributes to segment the contacts who have explicitly given your their consent to receive your marketing communications.

⏭️ What's next?

🤔 Have a question?

If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.

If you’re looking for help with a project using Brevo, we can match you with the right certified Brevo expert partner.

💬 Was this article helpful?

440 out of 535 found this helpful