The Spamhaus Project


Permission pass: what, how and when to use

Discover how to resolve IP and domain blocklisting issues caused by single-opt-in email lists with a Permission Pass strategy. Learn the intricacies of conducting a Permission Pass, ensuring compliance with COI standards and spam regulations.

by The Spamhaus TeamJanuary 30, 20243 minutes reading time

A company collected thousands of single-opt-in email addresses from their website, and added them to their mailing list. A mailing was sent to that list, and now the domain or IP have been blocklisted by ISPs and spam filter systems. How can this problem be fixed?

The solution is to conduct a "(re)Permission Pass" to rid the list of addresses which should not be there. A Permission Pass involves sending out a new bulk email to the list, asking the recipients to confirm that they wish to remain subscribed to it.

ONLY those who click the link to confirm are then kept on the list; those who do not answer (or whose addresses bounce) are deleted from the list. The resulting list is a 100% clean Confirmed Opt-in (COI) list, which is infinitely more valuable than the original.

Before conducting a Permission Pass the sender will need to contact and work with any major spam filter systems that are currently blocking the IP or domain; they need to agree to the mailing in advance. If we believe that the effort to convert to COI is genuine, Spamhaus will normally agree to help by suspending a specific listing (or not listing new IPs) to allow the Permission Pass to be sent without triggering more blocks.

It is vital that the semantics of a Permission Pass be clearly understood:

  • A permission-pass is ONLY appropriate where an otherwise opt-in list has got slightly dirty, in the event of an insecure web form being abused, etc. It is NOT appropriate to run a Permission Pass on a list that has been gathered by harvesting, purchasing, renting or from other questionable sources. You can not simply buy a list from a 3rd party and conduct a permission pass on it, this behavior will be considered to be spamming and treated as such.

  • A permission pass is opt-IN, not opt-OUT. You can not ask recipients to respond in order to opt-out of the list - that is just spamming. "Permission" does not exist with opt-out. Opt-out leaves all the bad addresses on the list, leaving the list open to generating complaints, hitting spamtraps, and continuing the cycle of mailings ending in junk folders or blocked by spam filters.

  • A permission pass will often significantly reduce the size of a mailing list. This may at first seem counter-productive to some marketers who think quantity is better than quality, but there is no point in having a giant list of people who are not responding or who feel they are being spammed.

  • You can only conduct a permission pass once for each recipient. If they do not respond you can NOT contact them again to urge them to respond.

  • The resulting clean list is 100% recipients who are interested in receiving your mailings. Keep it safe from future pollution. Secure your web forms too!

If you are really serious about the future of your legitimate bulk email marketing business, consult an email deliverability specialist such as who can help devise strategies and policies that will help to improve inbox placement and ROI, to send email responsibly and will also help your company be seen as a responsible mailer by the industry in general.