Skip to content
Mumara

Compliance · built-in · auditable

Built-in compliance for the rules every sender actually has to follow.

CAN-Spam, CASL, GDPR — every email-marketing platform claims to be compliant. Mumara Campaigns spells out exactly what's built in: List-Unsubscribe headers on every send (RFC 2369 + RFC 8058 one-click), double opt-in to verify before activation, multi-scope suppression that honours every opt-out, full authentication audit logs, GDPR-aware IP and geolocation data handling. The platform isn't going to be the reason you fail an audit.

Get started See suppression →

Compliance · Built-in

Active on every send

  • List-Unsubscribe (RFC 2369 + RFC 8058)

    Mailto + URL + one-click POST, automatic on every send

  • Double opt-in subscribe flow

    Verified before the contact becomes active in the list

  • Multi-scope suppression

    Email + domain + IP, global or per-list, honoured everywhere

  • Authentication audit log

    Every sign-in, every admin action, with actor + IP + timestamp

  • IP + geolocation data handling

    GDPR-aware storage and retention controls

The compliance floor

The pieces every regime cares about. All in the box.

Compliance isn't one rule — it's a stack of overlapping requirements from US, Canadian, and EU law, plus mailbox-provider rules from Gmail and Yahoo. Mumara handles the technical floor; you handle the policy choices.

gets List-Unsubscribe
Every send
gets List-Unsubscribe
RFC 2369 (mailto + URL) + RFC 8058 (one-click POST). Required by Gmail and Yahoo for bulk senders since February 2024.
opt-in for new subscribers
Double
opt-in for new subscribers
Confirmation email before the contact becomes active. Provable consent for CASL, GDPR, and best-practice CAN-Spam.
suppression types + scopes
Multi
suppression types + scopes
Email address, full domain, IP / IP range — applied at global or per-list scope. Bounces and complaints feed suppression automatically.
log on every action
Audit
log on every action
Authentication Logs record every sign-in, every admin action, with actor + IP + activity + timestamp. Tools → Authentication Logs.

List-Unsubscribe in the wild

What Gmail and Yahoo actually render — and why it matters.

Open any Mumara-sent email in Gmail and you'll see the native Unsubscribe button beside the sender row. That's not a Mumara feature — it's Gmail honouring the List-Unsubscribe and List-Unsubscribe-Post headers that Mumara writes on every send. The RFC 8058 one-click variant is what the bulk-sender rules require since February 2024. Without those headers, Gmail and Yahoo silently downgrade unsubscribe friction into spam complaints — and your reputation pays.

  • Native Unsubscribe button rendered

    Gmail and Yahoo render the one-click Unsubscribe button when both List-Unsubscribe (RFC 2369) and List-Unsubscribe-Post (RFC 8058) headers are present. Mumara writes both, on every send, with no per-campaign configuration.

  • Footer link still works

    The traditional unsubscribe footer link is still injected automatically — recipients who scroll find it where they expect. Belt and braces.

  • Mailto fallback for older clients

    The List-Unsubscribe header includes a mailto: URI alongside the HTTPS endpoint. Older mail clients that don't speak HTTP unsubscribe still get a path that works.

  • No campaign-level toggle to forget

    Header injection is in the Mailer itself, not configurable per campaign. You can't accidentally ship a bulk send without the headers — the platform invariant protects you from the policy mistake.

Gmail-style email open with the native Unsubscribe button beside the sender row, plus an annotation callout showing the underlying List-Unsubscribe and List-Unsubscribe-Post headers Mumara injects

Three jurisdictions, three regimes

What CAN-Spam, CASL, and GDPR each actually require.

Most senders touch every one of them. The shape of compliance differs — opt-out vs opt-in, identification requirements, data-handling rules — but Mumara's platform-level features cover the technical surface of each.

United States

CAN-Spam Act

Opt-out regime — you can email people who haven't explicitly opted in, but every message must include a clear From line, a working unsubscribe mechanism, a physical postal address, and accurate subject lines. Unsubscribe requests must be honoured within 10 business days. Mumara's automatic List-Unsubscribe, double opt-in (best-practice, not strictly required), and suppression that honours unsubscribes immediately handle the technical side.

  • Automatic List-Unsubscribe
  • Clear From + subject line controls
  • Suppression honours unsubs immediately
  • Audit log of every send
Explore CAN-Spam Act

Canada

CASL

Opt-in regime, much stricter than CAN-Spam. Requires explicit or implicit prior consent, identification of the sender (legal name + contact info), and a working unsubscribe in every CEM. Penalties up to $10M per violation. Mumara's double opt-in flow produces the provable consent record CASL inspectors expect; the audit log + suppression records cover the rest.

  • Double opt-in produces provable consent
  • Sender identification in every send
  • Unsubscribe honoured across email/domain/IP
  • Per-contact consent timeline via audit log
Explore CASL

European Union

GDPR

Personal data regime — opt-in for marketing emails plus broader rules on data handling. Right to access, right to erasure, right to portability, purpose limitation, storage minimization. The technical surface that matters for email: explicit consent capture (web forms), data-retention controls (suppression, audit logs), and IP / geolocation handling that respects EU residency rules.

  • Explicit consent capture via web forms
  • Suppression as right-to-erasure mechanism
  • IP + geo data retention controls
  • Self-hosted = data residency in your jurisdiction
Explore GDPR

The platform vs the policy

Mumara handles the floor. You handle the policy.

No platform can certify your compliance. What Mumara does is make sure the technical requirements are never the gap — so the conversation with your DPO, legal team, or auditor is about your policy choices, not whether the buttons exist.

On the technical floor — RFC 2369 and 8058 List-Unsubscribe headers fire automatically on every send. Double opt-in is a toggle on every web form. Suppression is the only path between an unsubscribe click and the contact's status; bounces and complaints feed suppression automatically. Authentication Logs capture every admin and user action with IP and timestamp. These are platform invariants — you can't accidentally disable them on a campaign.

On the policy layer — you decide your DMARC posture (the platform helps you reach `p=reject`, but the timing is yours). You decide your retention period (the platform exposes the controls; the number is your call). You decide your consent flow (double vs single opt-in on each form). You decide whether to deploy self-hosted in an EU data centre for stricter residency, or use Mumara Machine in a region of your choice. The platform doesn't make these choices for you — but it never forces a bad choice either.

Honest framing: Mumara isn't a compliance product. It's an email-marketing platform that takes compliance seriously enough that you can answer the technical questions on a security questionnaire with one answer — "yes, built in" — instead of caveats. If your auditor asks for the unsubscribe-honoured timeline of a specific contact, the data is there. If your DPO asks where IP addresses are stored and for how long, the answer is configurable per installation.

One contact's lifecycle

From first interest to honored unsubscribe — every step audited.

The compliance posture isn't a feature you turn on — it's the default path every contact follows. Here's what's recorded at each step.

  1. Step 1

    Subscribe

    Contact submits a web form. Double opt-in mode sends a confirmation email; the contact stays in pending status until they click confirm. Single opt-in mode adds them directly. The timestamp + IP + form ID are recorded.

  2. Step 2

    Confirm consent

    Click on the confirmation link moves the contact to active. The confirmation timestamp + IP are stored permanently on the contact record. This is the document CASL and GDPR inspectors expect to see.

  3. Step 3

    Every send is governed

    List-Unsubscribe (RFC 2369 mailto + URL, RFC 8058 one-click POST) injected automatically. Sender identification in the From line and footer. Send recorded in the campaign log + contact timeline.

  4. Step 4

    Unsubscribe action

    Contact clicks the List-Unsubscribe link or hits one-click in Gmail. Mumara records the timestamp + IP + method, immediately moves the contact's status to suppressed, and removes them from all eligible sends.

  5. Step 5

    Honour forever

    Once suppressed, the contact stays suppressed across global and per-list scopes. Bounces and complaints automatically add to suppression with the same finality. Right-to-erasure requests delete the contact record entirely while keeping the suppression entry so a re-import doesn't accidentally re-mail them.

Different shapes of compliance posture

One Mumara installation. Every buyer concern, addressed.

  • B2C newsletter at scale

    Concern
    Consumer audience across multiple jurisdictions. Bulk-sender rules (Gmail / Yahoo) require RFC 8058. CAN-Spam requires clean unsubscribe. CASL requires provable consent for Canadian subscribers.
    What Mumara provides
    Automatic List-Unsubscribe handles RFC 8058. Double opt-in on signup web forms produces the consent record. Audit log + suppression history available per contact for any inspector who asks.

  • EU customer base

    Concern
    GDPR jurisdiction. Data-residency concerns. Right-to-erasure requests need to actually work. IP and geolocation data retention is a recurring DPO question.
    What Mumara provides
    Self-hosted in an EU data centre keeps personal data inside the bloc. Contact-delete is a one-action operation that preserves suppression while removing personal data. IP + geo retention configurable per installation.

  • Enterprise compliance review

    Concern
    Security questionnaire from a prospective enterprise client. They want SOC-2-style attestations on access control, audit logging, data handling, encryption-in-transit, encryption-at-rest. Most platforms answer with caveats.
    What Mumara provides
    Authentication Logs cover access. Suppression honours opt-outs across multiple scopes. Sending Domains require DKIM + SPF authentication. Self-hosted installations let your security team own the infrastructure layer directly.

  • Agency with multi-client risk

    Concern
    Agency runs 40 client accounts on one platform. If one client's CASL violation creates a reputation incident, it can't poison the others.
    What Mumara provides
    Per-user account isolation (Team & Users). Force DKIM / Force tracking / Force bounce keeps every client's sending compliant by default. Per-account suppression honours each client's opt-outs independently.

Common questions

What buyers usually ask.

Does Mumara guarantee CAN-Spam / CASL / GDPR compliance?

No platform can — and you should be suspicious of any that claims to. Compliance is a function of your policy choices (which jurisdictions you operate in, your consent flow, your retention period, your DMARC posture) plus the technical implementation. Mumara provides the technical implementation: automatic List-Unsubscribe, double opt-in, multi-scope suppression, authentication audit logs, GDPR-aware data handling. The policy choices are yours. What we do guarantee is that the platform won't be the reason you fail an audit.

Is List-Unsubscribe really automatic on every send?

Yes. The header construction is in the Mailer itself, not configurable per campaign. Every outgoing message receives the `List-Unsubscribe` header in RFC 2369 format (`<mailto:unsub@...>, <https://unsub-url>`) and the `List-Unsubscribe-Post: List-Unsubscribe=One-Click` header per RFC 8058. Gmail and Yahoo's bulk-sender rules (effective February 2024) require both — Mumara ships both by default.

How does double opt-in actually work?

Web Forms expose a Double Opt-in toggle. When ON, a contact who submits the form lands in the list with a pending status and immediately receives a confirmation email. Only when they click the confirmation link does their status flip to active and they become eligible for sends. The confirmation timestamp, the IP they confirmed from, and the form they used are all recorded on the contact record permanently — the audit trail CASL and GDPR inspectors expect.

What happens when someone uses the unsubscribe link?

The click hits a Mumara endpoint that records the unsubscribe — timestamp, IP, the method (one-click vs landing-page vs mailto) — and immediately moves the contact to suppressed status. The contact stops receiving any further sends across the scope you configured (global suppression by default; per-list scope for partial unsubscribes). Future imports of the same email address fail re-activation because the suppression entry blocks them. For RFC 8058 one-click, no landing page is shown — the click directly POSTs the unsubscribe.

How is suppression structured?

Three types — Email Address, Domain (suppresses every address at a domain), and IP / IP range (CIDR-aware). Two scopes — Global (applies to every list and every send) and Per-list (applies only to that list, useful when one program legitimately wants to mail an address that another program suppressed). Bounces and complaints auto-add to suppression with classification (hard bounce → suppress; soft → retry then suppress; complaint → suppress immediately). See [Suppression Management](/campaigns/features/suppression-management/) for the full surface.

How is IP and geolocation data handled under GDPR?

Mumara records the IP an open or click came from and resolves it to a geolocation for reporting purposes. Both are stored on the engagement event itself, not the contact. Retention is configurable per installation — set the auto-deletion window in Tools settings (90 days, 180 days, 1 year, or longer per your DPO's policy). Right-to-erasure requests delete the contact + all associated engagement events. The suppression entry is preserved (without personal data) so the address can't be re-mailed by accident on a later import.

Does Mumara comply with bulk-sender rules from Gmail and Yahoo?

Yes — the rules effective February 2024 require RFC 8058 one-click List-Unsubscribe, DMARC alignment on the From domain, and a complaint rate under 0.3%. Mumara handles the RFC 8058 implementation automatically. DMARC alignment requires DKIM + SPF on your sending domain (see [Sending Domains](/campaigns/features/sending-domains/)). Complaint rate is your responsibility, but the suppression + bounce-processing layer keeps your list clean enough to stay under the threshold.

Can I get a record of every action on a specific contact?

Yes — for compliance audits or right-to-erasure verification. The contact record itself shows status (active / pending / unsubscribed / bounced / complained) with the timestamps and IP for each transition. Engagement events (sends, opens, clicks) are recorded per contact. The [Timeline addon](/campaigns/addons/timeline/) presents this as a chronological per-contact activity feed, which is the format most auditors find easiest to read. The Authentication Logs provide the admin-action side — who created the contact, who edited fields, who imported them.

What about self-hosted deployment for data residency?

Self-hosted Mumara Campaigns lets you run the entire platform inside your own infrastructure, in any jurisdiction. For EU customers under strict data-residency requirements, this means contact data, engagement events, IP records, and audit logs never leave the EU. The Mumara Machine option (managed VPS) gives you the same control with the deployment + maintenance handled — pick the region when you provision, data stays there.

Related

Pages that pair with this one.

Mumara Campaigns · Compliance

Compliance is the default, not a feature you remember to enable.

Every Mumara Campaigns plan — Self-Hosted and Mumara Machine — ships with automatic List-Unsubscribe, double opt-in support, multi-scope suppression, authentication audit logs, and configurable IP + geolocation retention. The platform-side of CAN-Spam, CASL, and GDPR is handled before you write your first campaign.

Get started See pricing