Building a Newsletter: Tools, Double Opt-In and the Legal Basics

Your own newsletter is one of the few marketing channels that truly belongs to you. You can lose your reach on Google or social media at any time, but not your email list. That is exactly why building one pays off – but only if you do it cleanly and compliantly from the start. Here are the basics, with no sugar-coating.

Do you even need a newsletter?

The honest answer first: not every business does. A newsletter only pays off if you regularly have something to say that holds value for your recipients – new products, expertise, offers, dates. If you only write twice a year, the effort for the tool, the upkeep and the legal side is often greater than the benefit. So ask yourself honestly first:

• Do I have relevant content for my audience every month?
• Do I want to build relationships, or just make a one-off sale?
• Do I have the time to keep this up over the long term?

If you answer yes to these questions, a newsletter is one of the best investments you can make. If not, LinkedIn posts or a well-maintained blog may be the more honest route.

The right tools

You need software that manages sign-ups, sends emails and handles your legal obligations technically. Never send newsletters from your regular mail account or via BCC – it is not data-protection compliant, it lands in the spam folder and it does not scale. Established providers in the German-speaking market include Brevo, CleverReach, rapidmail and MailerLite. Many of them run servers in the EU and are built for the GDPR, which makes data processing considerably easier.

What to look for when choosing:

• Double opt-in available as standard – not hidden away as an optional feature.
• An EU server location and a data processing agreement (DPA) that you can sign.
• An automated unsubscribe link in every email.
• Clean templates that also look good on a smartphone.

To get started, a free or entry-level plan is almost always enough. Only move up to larger packages once your list genuinely grows – not before.

Double opt-in: the most important step

Double opt-in means someone signs up in two steps. First, the person enters their email address into your form. Then they receive a confirmation email with a link they have to actively click. Only after that are they truly subscribed.

Why the detour? Because otherwise you cannot prove that the sign-up was voluntary and genuine. Without that proof, someone could enter other people's addresses – and you would be liable. In Germany, settled case law treats double opt-in as effectively mandatory for sending marketing emails compliantly. Good tools automatically log the time, IP address and confirmation. That gives you clean evidence in the event of a dispute.

Important: the confirmation email itself must contain no advertising. It confirms the sign-up and nothing else – otherwise it already counts as an unlawful marketing email.

Legal basics you need to know

We are not lawyers and this is no substitute for legal advice – but you should take these points into account in any case:

• Consent, not assumption: No one may face pre-ticked checkboxes. The sign-up has to be an active step.
• A clear notice at sign-up: State what the address will be used for and link to your privacy policy.
• An unsubscribe option in every email: A working unsubscribe link is mandatory – and must take effect immediately.
• A complete legal notice: Every newsletter needs a legal notice (Impressum), just like your website.
• A data processing agreement: You sign a DPA with your sending tool, because it processes data on your behalf.
• Data minimisation: Only ask for what you really need. The email address is often enough – a first name is nice, but not a must.

There is one exception: if someone has bought from you, you may, under strict conditions (Section 7 of the German Act Against Unfair Competition, UWG), promote similar products to them by email – even without separate consent. The person must, however, be able to object at any time and must be informed of this at the point of purchase. When in doubt, the clean double opt-in route is always the safer choice.

How to proceed step by step

• Choose a tool and sign the DPA.
• Build a sign-up form with a clear notice and a privacy policy link.
• Enable double opt-in and test the confirmation email.
• Prepare a welcome email that delivers the first piece of value.
• Set a sending rhythm you can realistically keep up.

From our own experience: we run seven of our own brands in production, and we know that the technology is rarely the problem – the discipline to deliver good content regularly is. A newsletter with 300 real, interested recipients is worth more than 3,000 bought addresses that never respond. Better to build slowly and cleanly than fast and exposed.