When using External Sending, ContactMonkey automatically adds recipients who unsubscribe to an opt-out list. This article explains how to find suppressed recipients, resubscribe them (when legally appropriate), and maintain an audit log for compliance purposes.
| Important: External Sending Governance provides tools to help you meet compliance requirements, but you remain responsible for ensuring your sends comply with applicable laws. The add-on does not constitute legal advice. For specific compliance questions, consult your legal or compliance team. |
Prerequisites
- Your account must have Email at Scale configured
- You must have purchased the External Sending feature. Contact your Customer Success Manager or email support@contactmonkey.com to activate the add-on
- You must have Owner or Administrator permissions
Access the opt-out list
Only Admins and Owners can manage opt-outs.
- Go to Settings > Compliance
- Click Manage Opt-Outs
The modal shows all recipients who have unsubscribed from external sends. A compliance notice reminds you that under GDPR and CASL, manual resubscription requires documented "Express Consent."Find and resubscribe a recipient
Important: Suppression is organization-wide, not per-campaign or per-sender. Once someone unsubscribes, they're suppressed from all future external sends from your organization across all senders and campaigns.
Find and resubscribe a recipient
You can search by email address or scroll through the list.
- Use the Search recipients field to find the person's email
- Click the arrow next to their email address to expand their row
- Check the box labeled "This recipient has provided express consent to be resubscribed" — you must do this for every resubscribe
- In the Add notes field, document why you're resubscribing them (e.g., "Customer emailed requesting re-add on 6/25/26")
- Click the Resubscribe button
The recipient is now removed from the opt-out list and can receive emails again.
Important: Checking this box confirms you have documented evidence of their consent. If you don't have proof they asked to be re-added, don't resubscribe them. ContactMonkey logs this action, and you're legally responsible for compliance.
Always collect and save proof of consent before resubscribing anyone. The audit log export serves as your compliance evidence if you're ever questioned.
Export your opt-out audit log
ContactMonkey can export a complete audit trail of all unsubscribe and resubscribe activity. This export is critical if you're audited by regulators or need to demonstrate compliance to your legal or privacy team.
- From the Manage Opt-Outs modal, click the Download CSV button
- Save the file to your computer
- Share with your compliance officer, legal team, or auditor as needed
What's included in the export
The CSV contains one row per recipient with these columns:
| Column | Details |
| email_address | The recipient's email |
| name | Contact name (best-effort match from your contacts) |
| unsubscribed_at | When they unsubscribed (ISO-8601 UTC date and time) |
| source_campaign | Which campaign or email triggered the unsubscribe |
| reason | Reason for unsubscribe (if captured) |
| resubscribed_by_user | Admin email who resubscribed them (blank if still suppressed) |
| resubscribed_at | When they were re-added (ISO-8601 UTC date and time, blank if still suppressed) |
| resubscribe_reason | The reason or context you added when resubscribing (blank if still suppressed) |
Why this matters: This export proves your resubscribe decisions were intentional and documented. If a regulator audits you, this log demonstrates you didn't carelessly add people back without consent.
When you might need this export
- Compliance audit: A regulator (ICO in the UK, CNIL in France, Privacy Commissioner in Canada) asks to review your consent practices
- Data subject request: Someone asks you to prove you have their consent on file
- Legal review: Your legal team wants to audit your resubscribe decisions
- Internal audit: Your compliance officer is spot-checking resubscribe practices
Keep recent exports in a secure, accessible location so you can respond quickly if audited.
GDPR, CASL, and Australian Privacy Act
Re-adding someone to your send list without consent can trigger significant legal penalties:
- GDPR (EU): Fines up to €20 million or 4% of global revenue
- CASL (Canada): Fines up to CAD $10 million
- Australian Privacy Act: Fines up to AUD $2.5 million
Always collect and save proof of consent before resubscribing anyone. The audit log export serves as your compliance evidence if you're ever questioned.