Home / Knowledge Base / Traffic Sources / Email marketing fundamentals
Core · 11 min read

Email marketing fundamentals

Email is the warmest traffic an affiliate can send. A subscriber who opted in, opened before and clicked before is about as close to a buyer as cold advertising never gets — which is why a healthy list is one of the few genuine assets in this business, and why it is worth building slowly and protecting fiercely.

But warm is not the same as scalable-on-demand. You cannot open a dashboard and buy a million more of your own subscribers the way you buy push clicks; you have to earn them one opt-in at a time. That single constraint shapes everything about how email fits an affiliate operation. This guide covers the fundamental split between an owned list and bought drops, how to build a list, the deliverability rules that now decide whether your mail is even seen, segmentation, why email is warm but not infinitely scalable, and the compliance regime that governs it. If email is one channel in a wider mix for you, read it against traffic sources explained.

Owned list vs bought drops

There are two completely different things people call "email traffic". An owned list is a base of subscribers who opted in to hear from you — you control it, you mail it, and its value compounds as you nurture it. A bought drop (sometimes called a solo ad or email media buy) is paying a list owner to send your message to their subscribers once. Both can work, but they are opposite in economics and risk. The owned list is a slow-built asset that pays repeatedly; the bought drop is a fast, one-off buy where you never touch the list and quality is entirely the seller's word.

The single most dangerous mistake here is buying a list of addresses and mailing it from your own domain. Purchased contact lists are deliverability poison: the recipients never asked to hear from you, first-send bounce rates commonly exceed twenty percent, spam traps are baked in, and mailbox providers punish your domain fast — often pushing even your legitimate future mail to spam. Reputable email platforms explicitly forbid purchased lists and will suspend accounts that use them. A legitimate bought drop is different from a purchased list: in a drop, the vetted list owner sends from their infrastructure to their opted-in people. Know which one you are actually buying, and apply the same scepticism you would to any traffic source in traffic quality analysis.

Building a list you own

An owned list is built by trading value for a genuine opt-in. The mechanics are familiar — a lead magnet, a content upgrade, a newsletter promise, or a co-registration flow — but the principle underneath is the one that matters: consent given knowingly. Every subscriber should have chosen to be there, ideally through a confirmed or double opt-in, because that single act is what makes the list both legal to mail and profitable to mail. Lists built on tricked or pre-checked opt-ins look larger but decay into complaints and spam traps that drag down everything you send.

Because you own the pixel and the relationship, list building also feeds the rest of your operation: the same conversion tracking that proves a paid campaign works tells you which sources produce subscribers who actually open and buy. Treat list growth as a channel with its own cost per acquisition and its own quality curve, and route it through the same tracking discipline as everything else, so you know a $2 subscriber who buys from a $0.30 subscriber who never opens.

Deliverability: getting into the inbox

None of the above matters if your mail never reaches the inbox, and in 2025 the rules for that hardened significantly. Gmail and Yahoo now enforce bulk-sender requirements for anyone sending more than roughly 5,000 messages a day, and Microsoft has followed. The non-negotiables are the three authentication standards below, plus a genuinely low complaint rate and easy unsubscription.

RequirementWhat it doesThe current bar
SPFLists which servers may send for your domainRequired; unlisted IPs can be rejected
DKIMCryptographically signs the messageRequired; minimum 1024-bit key
DMARCTells receivers what to do if auth fails, adds alignmentRequired for bulk senders; policy must exist and align
Spam complaint rateDirect trust signal to the providerKeep below 0.3%; aim under 0.1%
One-click unsubscribeLets recipients leave without complainingList-Unsubscribe header, honoured within days

As of late 2025, Gmail moved from soft to hard enforcement — non-compliant bulk mail now draws permanent rejections rather than quiet filtering — so flag this as the live standard rather than a best-practice suggestion. Beyond authentication, deliverability is a reputation game: warm new sending domains gradually, keep sending to people who engage, prune the ones who never open, and monitor bounce and complaint rates as leading indicators. A clean owned list built on real consent is what makes all of this achievable; a purchased or scraped one makes it nearly impossible, which is the whole argument for building rather than buying.

Segmentation and relevance

Mailbox providers increasingly reward relevance, and so do your numbers. Segmentation — dividing your list by behaviour, interest, purchase history or engagement recency — is how you send fewer, more relevant messages that get opened, which in turn protects your deliverability. The most valuable segment on any list is your recently engaged subscribers; mailing your whole base including long-dead addresses to chase one more send is exactly how complaint rates climb and reputation falls. A well-segmented list of 20,000 engaged people routinely out-earns a blasted list of 200,000 mostly-dead ones, because relevance drives both revenue and inbox placement at the same time. Match the offer to the segment the way you would match an offer to a traffic source — sending the wrong thing to the wrong segment wastes your warmest asset.

Warm traffic, but not scalable on demand

This is the trade-off that defines email's place in an operation. Because subscribers already know you and have engaged before, email is the warmest and highest-converting traffic most affiliates can send — and the marginal cost of mailing a list you already own is close to zero, so the margins can be extraordinary. But you cannot summon more of it on demand. Where you can pour budget into push or paid social tonight and buy ten times the volume tomorrow, an owned list only grows as fast as you can acquire genuine opt-ins.

The operator conclusion is to treat email as a compounding back-end, not a front-end volume tap. You buy cold traffic on scalable channels, convert a slice of it into subscribers, and then monetise that list warmly and repeatedly at almost no marginal cost. Email rarely powers explosive growth by itself, but it quietly turns one-time buyers into a durable asset — which is why it pairs so well with the volume channels and belongs in the same risk conversation as managing campaign risk.

Compliance: CAN-SPAM and GDPR

Email is one of the most regulated channels an affiliate touches, and the rules are not optional. In the United States, CAN-SPAM requires honest headers and subject lines, a clear identification that the message is an ad, a valid physical postal address, and a working unsubscribe that you honour promptly. In the European Union and UK, GDPR and related e-privacy rules go further, generally demanding explicit, freely given consent before you mail someone at all, with proof of that consent and a clear right to withdraw it. The practical throughline is that lawful email and deliverable email want the same thing: real opt-in, honest presentation, and an easy exit.

Get this wrong and the downside is layered — regulatory penalties, platform suspension, and destroyed sender reputation all at once. Get it right and compliance stops being a constraint and becomes a moat: a genuinely consented, honestly mailed list is exactly the asset that survives every rule tightening while purchased-list operators get filtered out. If any term here is unfamiliar, the traffic glossary defines the vocabulary in plain language.

FAQ

Should I ever buy an email list?

Do not buy a list of addresses to mail from your own domain — it is deliverability poison, laden with spam traps, and reputable platforms ban it. That is different from a legitimate email drop, where a vetted list owner sends your message to their own opted-in subscribers from their infrastructure. Know which one you are buying, because only one is safe.

What are the SPF, DKIM and DMARC rules everyone mentions?

They are the three email authentication standards Gmail and Yahoo now require from bulk senders. SPF lists who may send for your domain, DKIM signs the message cryptographically, and DMARC tells receivers what to do if authentication fails and enforces alignment. As of late 2025 Gmail hard-rejects non-compliant bulk mail, so treat all three as mandatory.

Why is email called warm traffic but not scalable?

Warm because subscribers already know you, have engaged before, and convert at rates cold advertising cannot match — at almost no marginal cost to mail. Not scalable on demand because an owned list only grows as fast as you can earn genuine opt-ins; you cannot buy ten times more of your own subscribers overnight the way you can buy push or paid-social volume.

How do I stay compliant with CAN-SPAM and GDPR?

Mail only people who genuinely opted in, keep headers and subject lines honest, identify the message as an ad, include a valid physical address, and honour unsubscribes promptly. Under GDPR you generally need explicit, provable consent before mailing at all. Lawful email and deliverable email demand the same foundation: real consent and an easy exit.

Ready to build?

Learn the fundamentals, then run them inside the network.

Join the network