The blacklist in Flexmail: All your questions answered

Introduction

As an email marketer sending to contacts within the EU, you must not only ensure good campaigns, but also correct handling of personal data. The blacklist in Flexmail plays a crucial role in this. In this article, we explain what the blacklist exactly is, why you must not simply empty it, and how you remain GDPR-compliant.

What is the blacklist?

The blacklist in Flexmail is a list of email addresses that have explicitly indicated they no longer want to or cannot receive emails from you. This happens when someone:

• Clicks on the unsubscribe link in your email
• Directly indicates to you that they no longer want emails
• Indicates through a complaint or notification that they want to unsubscribe
• Bounces (emails that do not arrive)
• Inactive contacts
• Contacts with an incorrect email address

Why can't you simply empty the blacklist?

1. GDPR obligations

According to GDPR (General Data Protection Regulation), everyone has the right to object to direct marketing. If someone unsubscribes, that is a clear signal that they no longer want emails.

If you still send emails to this person:

• You violate their privacy rights
• Risk of fines from the privacy regulator
• Reputational damage to your organization

2. Deliverability impact

Email providers (Gmail, Outlook, etc.) monitor complaints. If people who have unsubscribed still receive emails:

• They will mark your emails as spam
• Your sender reputation decreases
• Your emails arrive less often in the inbox
• Even your interested recipients will no longer receive your emails

3. Legal consequences

Under GDPR, direct marketing without consent is punishable. If you knowingly send emails to people who have unsubscribed:

• Violations can be reported to the data protection authority
• Fines can reach up to €20 million or 4% of annual turnover
• Civil lawsuits by the data subject

Frequently asked questions

"But that person unsubscribed by accident, can't we just put them back?"

Answer: No, not even in case of a mistake. The correct approach:

1. Explain that they are on the blacklist
2. Ask if they want to re-subscribe through a new registration form

This respects their choice and gives you new, documented consent.

In Flexmail, you can manually remove contacts from the blacklist one by one. You should only do this when you have explicit permission from a recipient.

"We imported a new database and there are people in it who are on our blacklist. Should we remove them?"

Answer: Yes, absolutely. The blacklist helps you with this. Before you import:

1. We check the new list against your existing blacklist
2. We remove blacklisted addresses from the import
3. We only import the "clean" list

Flexmail automatically checks during sending. After import, you receive an overview of contacts that cannot be imported. Perhaps you want to carry over those unsubscriptions elsewhere outside Flexmail as well.

"I want to remove hard bounces from the blacklist to 'clean' my lists. That's not a problem, right?"

Answer: No, leave them there. Hard bounces weigh heavily with spam filters - they signal poor data hygiene. If you remove them and later accidentally re-import them (for example from an old CRM list), Flexmail will send to those invalid addresses again. Your bounce rate increases, your sender reputation decreases, and your emails end up in spam. The blacklist protects you against this scenario - even though hard bounces seem harmless.

The golden rule: "Once on the blacklist = always on the blacklist" - unsubscription, spam complaint, bounced out or hard bounce.

Scenarios and the correct approach

Scenario 1: Sales wants to contact a lead who is on the blacklist

Situation: A salesperson sees an interesting lead, but they are on the blacklist.

❌ Wrong:

• Empty the blacklist and email anyway
• Try via another email address
• Ask via another platform (e.g. LinkedIn) if they want to re-subscribe

✅ Correct:

• Accept that this person does not want marketing emails
• Personal contact (phone, LinkedIn) is allowed for sales, not for bulk marketing
• If they show interest: ask for new opt-in via form

Scenario 2: Database migration to Flexmail

Situation: You want to switch to Flexmail and have an existing database.

❌ Wrong:

• Import everything and "start over"
• Ignore the blacklist because it's a new platform

✅ Correct:

• Export your unsubscriptions from your old system
• Import these first into Flexmail
• Only then import your active database
• Check for duplicates between blacklist and active list

Scenario 3: Seasonal campaigns

Situation: Someone has unsubscribed, but you still want to send them your Christmas promotion "because it's important" or "because you offer new products they might like".

❌ Wrong:

• Temporarily remove from blacklist
• Send via another account
• Think: "Once can't hurt"

✅ Correct:

• Respect the unsubscription for all campaigns
• If it's really important: personal approach via other channels
• Consider whether you want to differentiate unsubscribe options (e.g. fewer emails vs. no emails at all)

Technical aspects

How spam filters work

Email providers like Gmail and Outlook constantly monitor your sending behavior:

• Spam complaint rate: Gmail blocks at >0.3% spam complaints, Outlook already at >0.1%. One person who unsubscribed but still gets your email and clicks "spam" can push you over the limit.
• Sender reputation score: Scale 0-100. Below 80 = problems, below 50 = serious deliverability issues. Based on spam complaints, bounces, engagement.
• Domain reputation: Not only your account suffers, but your entire domain (@yourcompany.com). Even your personal emails and invoices can end up in spam.
• Recovery takes long: 4-12 weeks of perfect behavior needed to restore your reputation. No guarantee you'll ever return to your old level.

The domino effect: Emailing a few people on the blacklist → spam complaints → sender score drops → even your normal campaigns end up in spam → lost revenue → months of recovery.

How the Flexmail blacklist protects you

Flexmail has built-in protection:

• Automatic check with every send and import
• The blacklist cannot be cleared by users
• Audit logging of all changes

Blacklist vs. Opt-out vs. Bounce

It's important not to confuse these concepts:

The right to be forgotten: An important misunderstanding

What is the right to be forgotten?

Under GDPR (Article 17), everyone has the right to be forgotten (right to erasure). This means a person can request that all their personal data be deleted from your systems.

Typical requests:

• "Delete all my data from your systems"
• "I want you to forget me"
• "Erase my account and all data"

Why you CANNOT simply empty the blacklist with such a request

Here lies an important nuance that is often misunderstood:

❌ Wrong approach:

Customer asks to be forgotten: → You delete everything, including blacklist entry → Later you import a new list → Their email address is in it → You accidentally send emails again → GDPR violation!

✅ Correct approach:

Customer asks to be forgotten: → You delete ALL their data from Flexmail (name, address, preferences, etc.) → You delete ALL their data from all your databases → EXCEPT the email address on the blacklist → You keep: email address + unsubscribe date + reason (GDPR request) → This prevents you from accidentally emailing them again

The legal basis: "Legitimate interest"

GDPR Article 17 has an exception (paragraph 3, point b):

"The right to erasure does not apply insofar as processing is necessary for [...] compliance with a legal obligation"

In plain English:

• You have a legal obligation not to send marketing emails to people who have objected
• To fulfill that obligation, you must keep their email address on the blacklist
• This is a "legitimate interest" that outweighs the right to be forgotten

What you may keep:

• ✅ Email address
• ✅ Unsubscribe date
• ✅ Reason (unsubscribed / GDPR request)
• ❌ Name, address, purchase history, preferences, etc.

Practical example

Situation: John Smith sends an email:

"I would like you to delete all my data in accordance with my GDPR rights. I want to be completely forgotten."

What you do in Flexmail:

1. Delete all personal data:

• Name: John Smith → deleted
• Address: Main Street 1, City → deleted
• Phone: 123 456 789 → deleted
• Custom fields: interest: marketing, industry: retail → deleted
• Campaign statistics: opened X emails, clicked Y links → anonymized

2. Retain minimal blacklist data:

• Email address: john.smith@example.com       ✓ (remains on blacklist)
• Date: November 17, 2025

3. Document the request:

• Keep the GDPR request itself
• Note which actions you took
• Keep this separate from Flexmail (in your GDPR register)

The result:

• John's personal data is completely deleted from Flexmail
• His email address remains on the blacklist
• If you later import a database with his email address → Flexmail automatically blocks sending
• You have fulfilled his request and protect him from unwanted emails

Why this differs per system

Important: This article specifically concerns Flexmail. The right to be forgotten applies to all your systems:

What you MUST delete in other systems:

• CRM system (Salesforce, HubSpot, etc.): All contact details
• Accounting software: Invoice data (unless legal retention period applies)
• Google Analytics: Anonymized tracking data
• Support tickets: Name and personal info (keep ticket number + anonymized info)
• Internal databases: All personal data

The blacklist in Flexmail is an exception because it serves precisely to protect their privacy rights.

Common mistakes

❌ Mistake 1: Delete everything including blacklist

Risk: You can accidentally send emails again Impact: Heavy GDPR fine + reputational damage

❌ Mistake 2: Delete nothing from other systems

Customer: "Delete my data" Company: "We removed you from Flexmail" But: Data still in CRM, ERP, support system Risk: Incomplete GDPR compliance

Keep ONLY what is necessary to block sending

Template for GDPR request response

Here is an example of how to respond to a "right to be forgotten" request:

Subject: Confirmation of GDPR request processing

Dear [Name],

Thank you for your request to have your data deleted. We have processed your request and performed the following actions:

Deleted data:

• All your personal data from our email marketing platform (Flexmail)
• Your contact details from our CRM system
• Your profile on our website
• [Add other systems]

Exception - Blacklist: In accordance with GDPR Article 17 paragraph 3, we keep your email address (john.smith@example.com      ) on our blacklist. This is necessary to ensure that you no longer receive marketing emails from us, even if your email address accidentally ends up in our systems again.

This exception is legally permitted and precisely protects your privacy by preventing us from accidentally emailing you.

Legal retention periods: We keep any invoices and accounting data in accordance with the legal retention period of 7 years, as required by law.

You can find this request and our handling in our GDPR register under reference number: [GDPR-2025-1234].

Do you have any questions? Please feel free to contact us.

Kind regards,

[Name] [Position]

Do you still want to remove a contact from the blacklist? Only do this when you are certain you have removed them from all your other internal systems.

Checklist: GDPR "Right to be forgotten"

When someone asks to be forgotten:

• ☐ Verify the identity of the requester
• ☐ Delete all personal data from Flexmail (except blacklist)
• ☐ Check and delete data from ALL other systems (CRM, website, etc.)
• ☐ Retain email address on blacklist with minimal info
• ☐ Document the request in your GDPR register
• ☐ Send confirmation to requester within 30 days
• ☐ Inform any third parties with whom you shared data
• ☐ Check legal retention periods (e.g. for invoicing)

What SHOULD you do?

1. Communicate regularly and transparently

• Apply double opt-in (as provided by default in Flexmail)
• Provide welcome email and send emails regularly, so people don't forget their subscription
• Make unsubscribe link clearly present in every email, and respect your unsubscriptions

2. Transparent unsubscribe options

Give people choices through public interests:

• Receive emails less frequently
• Only certain types of content
• Unsubscribe completely

This prevents people from immediately going to "unsubscribe completely".

Conclusion

The blacklist in Flexmail is not there to hinder you, but to protect you from GDPR violations and reputational damage. Respecting unsubscriptions is not only legally required, it's also better for your deliverability and your brand.

Remember:

• ❌ Emptying blacklist = GDPR violation
• ✅ Asking for new opt-in = correct approach
• ✅ Alternative channels for sales = allowed
• ✅ Keeping database clean = best practice

Horror scenario: How it can really go wrong in practice

We share this scenario not to instill fear, but to show how quickly one wrong decision can escalate.

Fictional case: The Q4 sales push that almost destroyed a company

Background: A B2B software company with 50,000 contacts in Flexmail. Good reputation, strong deliverability (90%+ inbox placement). Revenue: €2 million per year, of which 40% through email marketing.

The decision (November): The sales manager sees that there are 2,500 people on the blacklist. "Those are potential customers!" he thinks. He convinces the director: "We need to hit our Q4 target. If we send these people one email about our new feature, we might get 50 new customers (2%). That's €100k extra revenue!"

The director: "But the blacklist?" Sales: "One-time action, we say it's important news, then it's OK."

Spoiler: It was not OK.

Week 1: The campaign

• They export the blacklist
• They import it into a separate Flexmail account (to "avoid detection")
• They send one "important product update" email
• Open rate: 8% (terribly low - logical, since these people don't want emails and some mailboxes don't even exist anymore)

Week 2: The technical consequences

• Gmail blacklists their domain: 80% of their emails to @gmail.com users go to spam
• Outlook marks their IP as "low reputation": deliverability drops to 40%
• Their normal mailings suddenly perform 60% worse

Week 3: Business impact

• Support is overwhelmed: "I'm not receiving your invoices" / "Where is my password reset?"
• Sales complains: "My follow-up emails don't reach prospects"
• Existing customers miss product updates, webinar invitations, important announcements
• 2 large customers churn because they think the company is "no longer active" (they didn't receive emails anymore)

Week 4: The escalation

• One of the 12 GDPR threats becomes reality: official complaint to the Data Protection Authority
• Investigation begins
• Legal costs: €15,000 for lawyers

Month 2-3: Recovery attempt

• They hire an email deliverability expert: €8,000 consultancy fee
• They need to "warm up" a new IP address (slowly build volume): 6 weeks of max 5,000 emails/day instead of their normal 50,000
• They lose 40% of their email marketing revenue during this period: €266,000

Month 4-6: Legal consequences

• GDPR fine: €45,000 (relatively mild, as it was "one-time" and they showed remorse)
• Additional legal costs: €22,000
• PR costs to restore reputation: €18,000

The total damage:

For a potential €100k revenue.

What should they have done?

• Respect the blacklist
• Focus on engagement of their existing 47,500 active contacts (95% of the database!)
• Re-engagement campaign for inactives (not unsubscribers)
• Acquisition strategy for new leads

Result of correct approach: €100k+ revenue WITHOUT the €471k damage.

No means no: The ethical argument

We have now discussed the legal, technical and financial reasons. But there is another fundamental reason why you must respect the blacklist: it simply is not OK.

The difference between "can" and "may"

Technically you CAN:

• Export the blacklist
• Create a new account
• Email these people again

But can ≠ may. And certainly not = must

Imagine:

• You unsubscribe from a store's newsletter
• You still get a letter in the mailbox every week
• You call again, say: "PLEASE STOP"
• They say: "OK OK"

Week later: another letter

How would you feel? Respected? Heard? Valued as a customer?

No. You feel:

• Ignored
• Not taken seriously
• Frustrated

That's exactly how people feel when you don't respect their unsubscription.

Long-term vs. short-term mindset

Short-term thinking:

• "We have Q4 targets to meet"
• "These 2,500 people are potential customers"
• "If we convert 50 of them, we have €100k"
• "One email can't hurt, right?"

Long-term thinking:

• "These people said NO - we must respect that"
• "Our reputation is everything in email marketing"
• "One mistake can cost us years"
• "There are 47,500 people who DO want emails - focus on them"

Successful companies always choose long-term.

You're building a relationship, not a sales funnel

Email marketing is not:

• A trick to "convince" people
• A way to "get in" to someone's inbox
• A volume game of "the more, the better"

Email marketing IS:

• A privilege - you're a guest in someone's inbox
• A relationship - based on trust and value
• A dialogue - where "no" is a valid answer

When someone unsubscribes, they're saying:

• "Your content is not relevant to me"
• "I'm no longer interested"
• "Leave me alone"

Those are not problems you solve by emailing MORE. Those are signals you must respect.

The sales pressure: How do you deal with it?

We understand. Sales sees numbers:

• "2,500 people on the blacklist = 2,500 missed opportunities"
• "If we could email those people, we'd hit our target"

But this is dangerous thinking. Here are better arguments for sales:

1. Focus on those who ARE interested

• "We have 47,500 active contacts - how can we serve THEM better?"
• "What if we get our open rate from 25% to 30%? That's 2,375 extra opens per campaign!"

2. Quality over quantity

• "1 interested lead is worth more than 100 uninterested people"
• "People who unsubscribed won't convert anyway (or churn quickly)"

3. Protect your tools

• "If our deliverability breaks, we can't reach ANYONE anymore"
• "Better to reach 47,500 people well than 50,000 people poorly"

4. Reputation is everything

• "One negative review costs us more than 50 new customers deliver"
• "If customers see us as spammers, the game is over"

For marketing teams: How to deal with internal pressure

You sometimes get pressure from sales or management:

• "Can't you just remove this person from the blacklist?"
• "This is an important lead"
• "Once can't hurt, right?"

Your answer (feel free to literally copy-paste this):

"I understand your frustration, but I cannot do this. Here's why:

1. Legally: It's a GDPR violation with fines up to €20 million
2. Technically: It destroys our deliverability for EVERYONE
3. Ethically: This person said no - we must respect that

What I CAN do:

• Check if this person had other contact moments (phone, events)
• See if we can approach them through other channels (LinkedIn, non-marketing emails)
• Send a new opt-in form if they indicate interest again

But the blacklist remains intact. There's no discussion about that."

You're not a spoilsport. You're the professional protecting the long-term health of your email marketing.