Can I email an unsubscribed contact to ask them to opt in again?

No, not through the same marketing email channel. A repermission request is still marketing in most programs. Use a separate lawful channel or wait for the person to opt in through a form, checkout flow, account setting, or direct request.

Does CAN-SPAM say opt-outs expire after 30 days?

No. The 30-day rule applies to how long the opt-out mechanism must remain available after a message is sent. It does not create an expiry date for the recipient's opt-out request.

Can transactional emails still go to unsubscribed people?

Yes, when the primary purpose is truly transactional or relationship-based. Keep promotional content out of those emails, because mixed-purpose messages can create avoidable risk.

What if someone unsubscribed from only one newsletter?

Honor the scope they chose. If they opted out of one publication, suppress that publication. If they chose all marketing, suppress all marketing email unless they later give a fresh opt-in.

How long should I keep suppression records?

Keep them for as long as needed to avoid sending marketing to someone who opted out. Many teams keep a minimal suppression record or hashed entry when they no longer need the full contact profile.

Learn

Email deliverability

Do email marketing opt-outs ever expire?

Michael Ko

Co-founder & CEO, Suped

Published 11 Aug 2025

Updated 23 May 2026

8 min read

Summarize with

Article thumbnail showing an email opt-out as a permanent suppression state.

No. For email marketing, an opt-out does not expire just because 30, 60, 90, or 365 days have passed. I treat an unsubscribe as permanent until the person gives a fresh, clear marketing opt-in. A time-based reactivation rule, such as putting people back on the list after 90 days, is not a loophole. It is a suppression failure.

The caveat is scope. If someone unsubscribes from one newsletter but keeps another preference enabled, you can honor that narrower choice. If they choose a global marketing opt-out, the right operational answer is stop all marketing email to that address. Transactional or relationship email is separate, but the primary purpose must actually be transactional.

For the United States, the FTC guide says senders must honor opt-out requests within 10 business days and cannot require a fee, extra personal information, or more than a reply email or a single web page. The same guidance says the unsubscribe mechanism must work for at least 30 days after the message is sent. That 30-day rule is about the mechanism, not the life of the opt-out.

Why an opt-out has no clock

The mistake is treating an unsubscribe like an expiring cookie or a cooling-off period. It is not. An opt-out is an instruction about future marketing email. Once the instruction exists, the sending system has to keep remembering it, even if the contact later appears in an import, a lead list, an old CRM export, or a merged account record.

I separate three states in my head: permission, preference, and suppression. Permission says whether there is a lawful basis or consent to market. Preference says which topics or publications the person wants. Suppression says do not send marketing email, even if another system thinks the address is marketable.

The 30-day rule is not an expiry date

A common misread is that because an opt-out mechanism must work for at least 30 days after a campaign, the recipient's choice expires after that. That is wrong. The 30 days applies to the availability of the unsubscribe method attached to a specific message.

Mechanism: The unsubscribe link or reply path must stay usable long enough for recipients to act.
Request: The opt-out request remains in force after the sender processes it.
Deadline: The sender has up to 10 business days to stop marketing email under CAN-SPAM.

If an internal system says an opt-out expires after 90 days, the system is creating risk. If a consent banner, form, or preference center says the person opted out only for 90 days, I would still not rely on that for email marketing. The safer and cleaner interpretation is that the person asked to stop receiving marketing.

What 90-day repermission gets wrong

A repermission campaign is useful when a subscriber is inactive but still subscribed. It is not useful for people who already unsubscribed. Sending an email that asks an unsubscribed person to opt back in is still a marketing email in most real-world programs. The subject might say 'we miss you', but the purpose is to restore marketing permission.

That is where teams talk themselves into trouble. The logic sounds practical: if we never ask, how can they ever return? The answer is simple. They can return through a new form submission, checkout consent, account preference change, sales conversation, event registration, or another channel with its own lawful basis. Do not use the suppressed email channel to revive the suppressed email channel.

Inactive subscriber

Status: Still subscribed but not opening, clicking, buying, or replying.
Action: Run a re-engagement or sunset sequence before removing them.
Risk: Deliverability damage if the audience is stale or unresponsive.

Unsubscribed contact

Status: They asked you to stop sending marketing email.
Action: Keep them suppressed unless they clearly opt in again.
Risk: Compliance exposure, complaints, spam reports, and trust loss.

This also explains why the question 'are they expiring opt-ins too?' is useful. If a company says a stop request expires after 90 days, but a permission grant lasts forever, the rule is not balanced. It is a growth shortcut dressed up as lifecycle logic.

What you can still send

An opt-out does not silence every possible email. It stops marketing email. Transactional or relationship messages can still be allowed when their primary purpose is the transaction, account, security, warranty, delivery, invoice, legal notice, or service relationship. The trap is mixing promotional content into a message and then calling it transactional.

Situation	Send?	Reason
Sale newsletter	No	Marketing purpose.
Repermission email	No	Restores marketing.
Password reset	Yes	Account action.
Invoice notice	Yes	Billing purpose.
Preference update	Only if needed	Confirm change.

Common sending situations after a marketing opt-out.

The safest transactional messages are boring. They do not include cross-sell blocks, discount banners, newsletter prompts, or 'follow us for deals' sections. If the recipient opted out, keep nonessential promotional content out of relationship mail.

If the edge case is consent age rather than opt-out status, keep those concepts separate. Review consent rules, country unsubscribe timeframes, and one-click unsubscribe requirements as separate operating topics.

How to store suppression safely

The practical control is a durable suppression layer. Do not rely only on a marketing list membership flag, because lists get rebuilt, tools get migrated, and contacts get imported by people who do not know the history. A suppression record should survive all of that.

Suppression event fieldscsv

email,opted_out_at,scope,source,reason
user@example.com,2026-05-23T09:10:00Z,all_marketing,link,unsubscribe

I also prefer storing the suppression event separately from the profile. A person can delete a profile, move between accounts, or reappear through a partner import. The suppression check should still run before the send job hands messages to the mail system.

Global key: Store normalized email address and, where appropriate, a hashed lookup key.
Clear scope: Separate publication opt-downs from a full all-marketing unsubscribe.
Import gate: Check uploads against suppression before contacts become sendable.
Audit trail: Keep the source, timestamp, form, user agent, or system event that captured the choice.

Preference centers need a stop-all option

A preference center can offer topics, frequencies, languages, regions, and brands. It still needs an obvious way to stop all marketing email. If the interface only lets someone uncheck one newsletter at a time, it is not enough for a global opt-out.

If a privacy deletion request arrives, do not blindly delete the only record that prevents future marketing. Many teams solve this with a minimal suppression record or irreversible hash, but the exact approach belongs in a privacy policy and data retention review.

Deliverability risk and monitoring

Mailing unsubscribed contacts is also a deliverability problem. People who already asked you to stop are more likely to ignore, delete, report spam, or complain directly. Even before a legal review, that behavior can weaken sender reputation and make wanted mail harder to place.

This is where authentication and monitoring sit next to consent operations. Suped's product is not the consent database. It is the DMARC and sender health layer that helps teams see whether domains are authenticated, whether SPF and DKIM are passing, and whether blocklist (blacklist) issues appear after a campaign or list process changes.

For a practical workflow, I check the message itself with an email tester, validate sending setup with a domain health check, and keep ongoing DMARC monitoring plus blocklist monitoring in place. That combination does not replace consent management, but it catches the sender-health damage that follows bad list hygiene.

Email tester

Send a real email to this address. Suped opens the report when the test is ready.

?/43tests passed

Preparing test address...

Testing a live message is especially useful when unsubscribe headers, footer links, authentication, and routing all need review together. If the test shows missing unsubscribe headers or failing authentication, fix those before the send, not after complaints start.

Suped DMARC dashboard showing email volume, authentication health, and source breakdown

Suped's dashboard is useful after the controls are in place because it brings DMARC, SPF, DKIM, source visibility, automated issue detection, and real-time alerts into one workflow. For agencies and MSPs, the multi-tenant view also keeps client domains separated while still making authentication problems visible across the portfolio.

Views from the trenches

Best practices

Keep opt-outs permanent unless the person gives a clear new marketing opt-in later.

Store suppression events with date, source, scope, and the system that captured the request.

Treat preference center changes as narrower than a full stop-all-marketing opt-out request.

Common pitfalls

Expiring an opt-out after 90 days creates compliance risk and immediate trust damage.

Sending a repermission email to an unsubscribed address is still a marketing request.

Deleting suppression rows without a replacement control can put old contacts back into sends.

Expert tips

Use a suppression layer that runs after segmentation and before every campaign send job.

Audit list imports for suppressed addresses before activation, not after launch approval.

Monitor authentication and complaints so list mistakes show up before reputation slips.

Marketer from Email Geeks says opt-outs do not expire, and putting someone back on a marketing list after they opted out breaks the basic CAN-SPAM compliance model.

2022-08-24 - Email Geeks

Marketer from Email Geeks says a brand can seek a fresh opt-in through a separate allowed channel, but it should not email the unsubscribed address to ask for permission again.

2022-08-24 - Email Geeks

The practical answer

Email marketing opt-outs do not expire. If someone opted out yesterday or five years ago, I do not put them back into marketing sends unless they clearly opt in again. A 90-day expiry rule is not a clever retention tactic. It is a broken suppression model.

The durable setup is simple: capture the request, honor it within the required timeframe, keep the suppression state, separate transactional mail from marketing, and monitor sender health after every meaningful list or platform change. Suped's product fits the last part of that workflow by making authentication, DMARC policy, SPF, DKIM, blocklist and blacklist signals, and deliverability issues visible before they become harder to unwind.