Login Enterprise
Speak to an Email Marketing Expert
877-789-ELITE (3548)
For the most complete information about CASL (Canada’s Anti-Spam Legislation)
please review the complimentary

Elite Email CASL Survival Guide

If you’re an email marketer you have undoubtedly heard of CASL, which is the acronym for “Canada’s Anti-Spam Legislation”.

Does this new set of rules apply to you? YES!
Do you need to care about it? YES
Do you understand it? Well, uhh, hmm, kind of, maybe….

There’s lots of information about CASL already available online, but a lot of it is complicated, often riddled with legal jargon, and frankly just not written in plain English so you can gain some sort of handle on what this is all about. That is why we have customers calling us and saying they’ve read all about the new laws, but don’t understand it and are more confused when they started.

Let’s fix that and get you up to speed on the who, what, where, when and why of Canada’s Anti-Spam Legislation!

What is CASL (Canada’s Anti-Spam Legislation)?

CASL is the Canadian Government’s new weapon (or so they hope) in the fight against spam. It outlines new requirements and rules for how commercial electronic messages (CEM) are sent. The highlight reel for the goals of CASL are to prohibit:

  • Spamming (…I’m a prince from a far off land, can I borrow your bank account to park my billions of dollars…) [section 6]
  • Hacking (… imagine what I could do if I controlled your computer…) [section 7]
  • Malware / Spyware (…you didn’t know it, but you just installed a program on your computer so prepare for nonstop pop-up banner ads…) [section 8]
  • Fraud (… this week we’re having a 75% off sale… but surprise, it’s really only 15%….) [section 75]
  • Harvesting (… I’ll build a big email database by grabbing every email address ever published on the web…) [section 82 (2)]
  • Privacy Invasions (… I’ll just help myself to all of your personal information even without your permission…) [section 82 (3)]

The stated purpose of the law is: “An Act to promote the efficiency and adaptability of the Canadian economy.”

Does This Law Affect Me?

Are you sending email from Canada? If so, the answer is yes.

Are you sending email to anyone in Canada even if you are located somewhere else? If so, the answer is yes.

The reason CASL could have a huge impact is because of this second question. The law is not just limited to Canadians, it takes effect any time a Canadian computer is used to access the email (or any commercial electronic message). So, if you’re in the USA, but your email newsletter also goes to those north of the border, then all these rules apply. Even if you’re somewhere overseas, the claim is that CASL is still in force.

This is what Andrea Rosen, the CRTC’s chief compliance and enforcement officer said:

If the spammer is offshore, we have the ability under the law to co-operate with foreign governments, to share information and to bring proceedings together against individuals that are offshore.

I don’t want to go into this quote too much…. but…. (please read this with the highest degree of saracasm)… good luck Canada!
I look forward to hearing about the case: CRTC vs. Random Spammer X located in a cave in a far off land sending emails about the best ways to enlarge your (use your imagination)

The funny thing is that all those “buy drugs from Canada” spam messages we receive usually aren’t sent from within Canada, so the enforcement is going to require this offshore cooperation. Again, good luck Canada!

It should be noted that there is a special exemption in CASL if the sender does not know or could not expect to know that the receiver was in Canada.

What are the main requirements of CASL?

The entire law is long (really long), but in a nut shell, these are the key requirements:

  • Permission must be obtained before sending email.
  • The permission must be able to be proved with clear consent.
  • No pre-checked boxes on forms. The consent must be an affirmative action. [<< Make sure you take note of this for any forms you use!]
  • No false or misleading subject lines or from names. The sender must be clearly defined.
  • Working unsubscribe mechanism. Any unsubscribe requests must be processed within 10 days and the unsubscribe link must be valid for 60 days after the send date.
  • You are not allowed to confirm unsubscribes by sending an “Are you sure you want to unsubscribe?” email.
  • Must include a valid postal mailing address (P.O boxes are fine) and one of the following: web address with contact form, email address or phone number.
  • If you are sending “on behalf of” another organization, both organizations must be identified.

It should also be noted that charity organizations are included in CASL if they are selling or soliciting anything.
If you’re an existing customer of Elite Email, then your email marketing activities are already abiding by a lot of these requirements.

What is Exempt from CASL?

There are a variety of things that are specifically excluded from the rules outlined in CASL. My theory is that this list will be expanded before things are finalized, but here are the main exemptions right now:

  • Email between family or people you have a personal relationship with (… phew, you won’t go to prison for emailing your aunt!)
  • Employees at one company emailing employees of another company, if the companies have a business relationship.
  • Responding to an inquiry that could be in the form of a question, complaint or solicitation.
  • Work-related emails sent between employees at the same company.
  • If someone requests more information from your company (could be for a quote, estimate, general information, membership inquiry, etc) then you can reply to them.
  • A charity can contact someone if they made a donation in the past 18 months.
  • Any legal message relating to a recall, copyright notice, or debt collection request.
  • One non-consent email can be sent for third party referrals provided that the person/organization making the referral has either a non-business or personal relationship with the recipient and sender. On top of that, the sender must clearly state who made the referral.
  • Transactional emails that do not contain any marketing language (<– We’re for sure going to see this further clarified.)

How Does CASL Define Consent?

The underlying key to CASL is consent, consent, consent. You just cannot do anything without consent.

CASL has mapped out four different circumstances that would qualify as consent.

  • Explicit Consent
    This is when the recipient gives you direct permission to email them. For example, if someone signs up for your mailing list using an online signup form that would qualify as explicit consent. But, remember, this type of consent cannot be obtained through opt-out, so make sure you don’t pre-check the “Yes, I want your mailings” box because that voids everything (… and then you do not pass go, do not collect $200, and you go straight to jail).
    You can also get oral or written consent, but this starts to get tricky because you have to be able to prove that consent was obtained. If you’re planning on getting consent using these methods, make sure you document everything very carefully so you can provide your case if it comes to that.
  • Implied Consent
    This type of consent takes the form of an existing business or non-business relationship between the sender and recipient. In the eyes of CASL, a “business relationship” is one where a customer has made a purchase from you or entered into a contract. A “non-business relationship” would be if someone does volunteer work for you or actually becomes part of your organization.
    One really important thing to note is the “2 Year Rule”. If someone purchased something from you in the past 2 years, then you can send them emails for 2 years from their purchase date under the implied consent criteria. However, during that time you must obtain explicit consent if you want to email them after the two years. Keep in mind that if this same person buys from you again during the two year period, the clock resets and you’ve got two more years before you need explicit consent.
  • Conspicuous Publication
    This is definitely an interesting part of the current draft of CASL. If you obtain someone’s email address and it meets these criteria, then you have qualified as having enough consent to email them. (1) Their email address is clearly published for viewing; (2) The address is not accompanied by a statement saying that they do not want to receive unsolicited messages; (3) the message is directly related to the person’s business or official role.
    Two important things to be aware of is that the clear publishing of the person’s email address must be done by the person directly or with the authorization of the person. So, a company website that lists an employee roster is legit, but some random website that posts a bunch of contact info is not OK. Also, the email you send must be highly related to the person’s job/role , which is very vague in the current draft. But, as an example, you can email a lawyer about a new law book, but you cannot email them about the cool new t-shirts you’re selling.
    The last thing on this topic is to keep in mind that PIPEDA prohibits the harvesting of addresses, so you cannot use a program to automatically capture this information from the web.
  • Shared Email Address with the Sender
    I call this the “business card” rule. If someone gives you their business card then you can email them stuff that is related to their job/role. Of course, they can also give you their email address in other ways, but the main thing is that they are willingly supplying you with their email address and not saying that they do not want to receive emails from you. Although, I can tell you that if someone hands you their business card and says “don’t email me” that probably isn’t a really good sales lead.

When Does It Take Effect?

Before we look at where we’re going, lets take a look back at where CASL has been:

  • May 25, 2010 :: Bill C-28 First Reading
  • Dec. 15, 2010 :: Royal Assent (Passed)
  • July 2011 :: Regulations Drafted
  • July 2011 :: Regulations “gazetted” for Review
  • Sept. 7, 2011 :: Draft Regulations Comment Deadline
  • Mar. 2012 :: CRTC Regulations Gazetted
  • Jan. 5, 2013 :: Industry Canada Draft Regulations Published for Comment
  • Mid 2013 :: Industry Canada Final Regulations
  • Mid 2014 (maybe?) :: CASL Takes Effect

So, the answer to when CASL will go live is still a topic of much debate. (Insert gasp here that the Canadian government moves slowly!)

CASL was recently delayed for a few reasons:

  • Still ironing out details as there are many unhappy parties (more on this later)
  • There is disagreement between Industry Canada and the CRTC about how the law should be regulated
  • There are expected mid-term cabinet changes and these shifts could skew priorities.

If you really want to make a note in your calendar, then current speculation is that the law will not be enforced until the Fall of 2014. This follows a one year grace period after everything is published this year. However, don’t be surprised if this gets delayed yet again.

On top of that, CASL will have a transition period once it comes into effect so that organizations have ample time to obtain the neccessary consent to ensure they are playing by these new rules.

What is the Penalty for Violating CASL?

Canada’s anti-spam law is not fooling around when it comes to the punishment for breaking the rules.

Penalties for violations can range from up to $1 million for individuals and $10 million for companies.

Three interesting things to note about the enforcement of this are:

  • Any person can bring this law against a sender up to $1 million. But, if they are found to be incorrect, they will be required to pay court/legal fees. So, it’s not like if you avoid sending emails to the RCMP you can avoid getting in trouble because anyone can make a claim under this new legislation.
  • If you can demonstrate that you made very strong efforts (due diligence) to comply with all the rules and done everything to obtain proper consent, then that will play a factor in the event a lawsuit comes up. It is for this reason that it’s super important you keep track of everything so you can cover yourself later with a stronger case if things get messy.
  • Officers of an organization can also be held accountable for the messages sent out by their organization. Bottom line, YOU are responsible if you do bad things.

What is the Difference Between CASL and the U.S. CAN-SPAM Act?

There’s a long list of differences between these two sets of regulations, but the major differences are:

  • CASL requires express consent to send commercial messages. Basically, the recipient must “opt in” as opposed to the CAN-SPAM Act that mandates “opt out”. So, under the US law, you can send someone a first email as long as they can request no further messages, whereas under the Canadian law even that first email has you breaking the rules.
    Note: Email marketing best practices already encourages the opt in procedure as opposed to opt out.
  • CASL requires specific disclosure when an organization requests consent. Senders must clearly state the reason they are requesting consent, clearly identify themselves, provide contact information, and explain that consent can be withdrawn later. None of this appears in the CAN-SPAM Act.
  • The coverage for CASL covers email, text messages, instant messages, directly pushed social media messages, and installation of computer programs. The CAN-SPAM Act covers email.

 What Should You Be Doing to Prepare for CASL?

The good news is that if you are a customer of Elite Email, then you are already doing most things to comply with CASL. Built right into our online email marketing software is a process that makes sure you’re covered on a lot of these items. But, there are still some things I want to highlight so you’ve got a good checklist of items on your radar that you can be aware of.

  • Consent, consent, consent… it’s all about consent! We want to have bulletproof iron-clad proof that we’ve obtained consent properly and legitimately.
    • Record all sign-ups from your website.
    • Capture and record the IP address when the signup is first initiated and later confirmed.
    • Document how your relationship with someone began. Did they purchase from you? Did they signup online for your newsletter?
    • If you’re getting oral or written consent, make sure it’s something you can later prove. (This could be a challenge, so online signups or something with a digital papertrail is better.)
  • Take a detailed look at your database and try to figure out who you need to re-confirm with proper provable consent.
    • Are there customers who purchased from you 2 years ago that you won’t be able to email if they don’t re-confirm?
    • Are there contacts where you’d have a hard time proving their consent?
    • Are there contacts who haven’t engaged with your emails (opened or clicked) in a long time? If so, try to re-engage them or take them off your list.
  • When someone signs up for your mailing list, send them a welcome email to verify their subscription.
    • This double opt-in or closed-loop subscription process is important not only to comply with CASL, but also to make sure that a sneaky individual didn’t come to your website and signup using their arch enemies email address…. because then you might get spam complaints as well.
  • Make sure your subject lines and sender names are correct, clear and consistent. (The three “C’s” if you will.)
  • Have a working unsubscribe link and valid contact details so someone can reach you if they want to.
    • This includes monitoring replies you receive from your email so if someone says “remove me”, then you can do it right away.
    • Sending your emails from a no-reply address is a BAD thing.
  • Make sure your postal address is in your emails.
  • Take a look at your privacy policy as it relates to data collection to ensure it’s up-to-date and aligned with all the new CASL rules.

Remember that CASL is still evolving and being refined. No one knows yet exactly what the final set of rules will look like. So, while the above steps will keep your best foot forward, make sure you keep an ear to the ground so that if something does change you are not caught off-guard. Rest assured, the compliance team at Elite Email is also all over this!

What Are Some of The Criticisms of CASL?

There’s been a lot of backlash since CASL was originally proposed. For instance, there was a two month consultation period (ending on Sept. 7, 2011) where 55 different organizations raised their concerns to Industry Canada. As a result of that, a revised regulation was published on Jan. 5, 2013, but the criticisms certainly have not stopped.

I don’t want to go too much into this, however if you want to read more, Marketing Magazine has a good article titled “The Hidden Costs of Canada’s Anti-Spam Law“.

The one over arching theme from everyone who is complaining about this is not that they are against stopping spam. Everyone is on-board with stopping spam as no one needs more junk mail. The criticism is that this new law will do nothing to actually stop spam. It enforces a new, broad and strict set of rules on organizations that are already trying to do things properly, while really doing nothing to stop the worst offenders who are sending spam from a far off land. So, CASL is giving us more red tape and hoops to jump through, but what is it actually doing to benefit Canadian citizens?

On top of that, many in the small business community are outraged because to some it feels like these new laws put up serious barriers to using email effectively because they cannot afford to invest resources to wade through all the red tape. There has been a shift from sending paper flyers through Canada Post to email because it’s more effective, more measurable, more affordable, and definitely more environmentally conscious (to the joy of trees everywhere!). But, if the Canadian Government wants to clamp down on what can be sent through email, will it result in more junk filling up your physical mailbox?

Personally I think there are some good parts of CASL. In certain spots of the legislation you can really see the positive intent of what they are trying to accomplish. But, it’s gotten so bloated with this scenario and that scenario, that I fear the true intent is getting lost and in realty it may only result in punishing the people who were doing everything 99% correctly anyway.

You can get more information direct from the Canadian government at http://fightspam.gc.ca.

CASL - Canada's Anti-Spam Legislation


This blog post is intended to provide our general comments on the new law. It is not intended to be a comprehensive review nor is it intended to provide legal advice. Readers should not act on information in the publication without first seeking specific advice from their lawyer. In short, I am not a lawyer, nor do I pretend to be a lawyer.

  48 Responses to “All About CASL (Canada’s Anti-Spam Legislation) in Plain English”

  1. Thanks for the explanation of CASL presented in such a clear manner. I agree with your conclusion that the requirements will not do much about the real spammers. It seems that the rules are actually anti-business if I understand correctly. Can you clarify the next statement for me? Not sure what is meant by “transactional.”

    •Transactional emails that do not contain any marketing language


    • Hi Hilde,

      I’m glad you found this helpful!

      To answer your question, think of a “transactional email” email as one that is triggered by an action of the recipient. For example, a shipping notice, order confirmation, password reminder, purchase receipt, etc.

      So, in the current proposed regulations, you can send someone a purchase receipt and that is OK. However, if that receipt includes a section for “Check out these products you may also like…” then that would qualify as ‘marketing language’.

      Once you’ve got any marketing messages in the email (which in my own opinion is a great place to insert marketing for up-sell/cross-sell!), it shifts from being purely transactional to both transactional AND marketing, but because of the latter, CASL is in effect.

  2. I have been trying to get a handle on CASL for my organization that does a lot of emailing to the North American audience.

    This is by far the best source of information I’ve come across.

    Just wanted to say thanks because you made my life a whole lot easier.

  3. Thanks for all the great info in one spot that’s easy to understand.

    I really don’t think this new law is going to stop spammers, but we shall see.

  4. Thanks for the fantastic and well written post.

    Finally, there is a good source that summarizes everything so it’s actually easy to understand.

    It will be interesting to see what the final law looks like.

  5. Great article.

    I agree with you that I don’t think this new law is really going to stop the current spammers from sending more junk. If those people aren’t following best practices right now (and they probably aren’t located in Canada), then I don’t think a new law is going to change that. So, in reality only the legitimate marketers are going to follow this…and it’s just more obstacles for them.

  6. Thank you very much for an informative view of the changes expected to email marketing in Canada. I have been researching and presenting information on this topic to our management group and this is very helpful. Why? I like that you are taking the information a step further and offerring suggestions or practices that will help the compliance initiative and not just a re-hash of the proposed regulations which there is a proliferation of.

  7. What if a charity sends newsletters that highlight what the organization has been doing but aren’t related to fundraising? Can they sent to people who haven’t previously donated?

    • CASL defines a form of “implied consent” based on a non-business relationship.

      An “existing non-business relationship” is defined as a relationship that exists from the recipient’s activities as a donor or volunteer for a registered charity, political party or political candidate, a member of a club, association or voluntary organization.

      So, if you are emailing people who previously donated, then you would have the proper implied consent.

      If you are emailing in regards to raising funds for the charity, then you’d qualify under the CASL exemption.

      However, if you are emailing people who have not donated simply to highlight recent activities about the charity, then you would want to get some sort of “express consent” where they clearly say they want to receive your emails.

  8. Hello Robert, thank you so much for writing and sharing your knowledge about CASL. I’ve been told that for the customer email addresses in our system already – we don’t have to get permission again to continue emailing them. Those addresses are grandfathered. Just want to make sure this is true. It would be a lot of work to ask them again.

    What about any email address collected (in any manner) up until July 1. So if a customer today gives me verbal consent to email them I don’t need to keep documentation to prove I got their consent. But once July 1 comes, I better have documented proof ie like a business card? Is that right?

    Thanks, Tanya

    • Hi Tanya,

      You are very welcome. It’s my pleasure to help any way I can!
      And, I’m glad you asked because your assumptions are a little off the mark.

      While it is true that “express consent” and “implied consent” that is acquired before CASL comes into effect are still valid after CASL comes into effect.

      However, email addresses are not automatically grandfathered. So, in short, just because you have been emailing them, does not make them CASL complaint.

      There is a special “transition” period built into the final regulations of CASL. So, if you got a new customer today and started emailing them, you have a 3 year window (instead of the usual 2 year window) where you need to get express consent.

      You mentioned “verbal consent” and that is never something I would rely on. In the eyes of CASL, you need to prove that you have consent so verbal consent can pose a serious challenge.

      In terms of planning, if there are people you are emailing that are not your customers with a date stamped order/contract (which gives you that three year window mentioned previously), then I would suggest you try to get them to re-confirm their subscription in a way that lets you time/date stamp it and record their IP address. This way you’ve got evidence. The key thing is being able to prove you got very clear consent.

  9. […] had previously written a blog post to help people understand CASL, but now with the July 1, 2014 date looming closer and more […]

  10. Thank you for this fantastic information. I have one question regarding press releases. Will we need to get consent from each media outlet before we can send them press releases and news stories?

  11. Hi Robert,
    Just want to send yet another thank you for all this very helpful information on CASL.

    Can you tell me if ‘double opt-in’ to email is an actual CASL requirement, rather than what some consider to be a best practice? Also, wondering if you have any thoughts on implications for social messaging as I have seen little on this.

    • Hi Leslie,
      I’m glad the information was helpful! It’s truly my pleasure to be of assistance.

      The actual CASL regulation does not cite “double opt-in” as a requirement. But, it does spend a great deal of time talking about consent.

      Indirectly, it is kind of talking about double opt-in because that is the one and only true way to know that you have proper consent.

      For instance, by the definition of CASL, as long as I signup online for am organization’s mailing list that has a compliant form (meeting all the CASL criteria), then that technically is legit and valid consent.

      But, here’s the catch…. I didn’t signup with my email address. I actually signed up with YOUR email address… because I’m super sneaky like that.

      A double opt-in approach would swiftly reveal that you have not given this organization consent.

      But, if they stop at single opt-in and start sending you emails, then (although they thought they had consent) they do not really have your consent.

      This is just one of the tricky things related to CASL. It’s kind of hard to say exactly where the line is drawn.
      Do keep in mind that if an organization is trying to do everything properly that does actually count for a lot in the eyes of CASL.

  12. Great article!
    What about the scenario below? Is this considered explicit consent?

    Our landing page clearly states that by creating an account or entering a sweepstakes, you are also giving us permission to mail you (opting in to our list/email program). Person creates an account or enters a Sweepstakes. Under CASL, do we have permission to mail them (explicit consent?)

    Best practices aside.


    • Hi Jacob,

      The one main thing CASL hates is any sort of trickery. One of the underlying foundations of the way CASL outlines consent is that it has to be obvious that people are giving you consent.

      On your landing page is it office? Or is it hidden somewhere in the fine print that entering the contest is also permission to receive emails?

      What you really want (to be truly safe) is a checkbox that people can check (do NOT pre-check it) that says “Yes, I want to receive future emails from you. (You can withdraw this consent at any time.)”.

      Keep in mind, if you capture someone’s email address but they don’t really want your emails, you are going to get low engagement and run the risk of spam complaints anyway. So you’re better off qualifying who your good mailing list prospects are. Celebrating a big mailing list is one thing… but celebrating a high quality mailing list is MUCH better and drives greater results.

      Hope this helps.

  13. Hi Robert,

    If a customer purchases a product from our website and doesn’t “Opt-In” for future e-mails from us (express consent), do we still have implied consent and the two-year clock starts from their purchase date?

    Also, Is it a requirement to have an Opt-In feature as part of the online ordering process?

    • Hi Debbie.

      If a customer makes a purchase from you, then you are correct…. you have “implied consent” and you have a two year window where you can email them (unless they unsubscribe, of course).
      And, there is actually a special transition period in CASL so if you have implied consent from someone now, and you are sending them regular emails, you get a three year window instead of the normal two year window from when CASL goes into effect.

      The real goal is to get express consent so that there is no time limit on the consent.

      I recommend putting a checkbox on your order form that says “Yes, I want to receive future emails from you. (You can withdraw this consent at any time.)”.
      Make sure that box is unchecked and your customer must CHECK it to specify they want to receive your emails.

      This way if they check that box, you have express consent… and there’s no need to worry about any sort of clock!

  14. Hi Robert:

    Awesome information, just curious if the into effect date has been finalized now? You mentioned it may be delayed until Fall but of course I have seen various dates this year as to when it goes into force?

  15. Hi Robert, Sorry, I do have a few more questions on reflection – do you know if you someone who gives you permission to include them in your newsletter, is that also expressed or implied permission (meaning would it be permissible) for you to send them an individual email or email your newsletter group through your regular email provider if you wanted to share a video or something and not send your formatted newsletter each time? Also, wonder how this will effect / impact Facebook ads or YouTube where a person say’s click here to buy the CD on iTunes or or buy our new CD? Will that be okay I wonder since you’re not emailing them or asking for their email address?

    • Hi Corey,

      If someone gives you permission to email them through an affirmative action, such as checking a box on your website that says “Yes, I want to receive your emails”, then that will qualify as express consent. In that case, you are allowed to send them emails, including your newsletter or a non-newsletter mailing.

      Implied consent is most often associated with permission gained because someone made a purchase or entered into a contract with you.

      Facebook ads and YouTube ads are not really impacted by this. Clicking on online ads (assuming they do NOT install any software) is not really governed by CASL.

      Once again, I think a quick read of our CASL Survival Guide will give you all the answers you’re looking for: http://www.eliteemail.com/learning-center/casl/


  16. Hey Robert,

    Thanks for the article. Can you help in finding the answer to a query I have – I have a purchased database of potential customers, can I send them the first email / Subscription email seeking their permission to opt-in to my mailing list? Would it be acceptable under CASL or even the subscription email asking for their permission to receive further emails from me violates CASL?

  17. Hi Corey,

    I think the one part of CASL that I don’t understand is when emails are sent from outlook to an individual (not a list).

    If one does not use “marketing software”, and the email is being sent from me, directly to another individual at another company (business to business), how can I possibly abide by CASL’s “unsubscribe” rules. It’s not like their name is in a database (other than our own individual contact list).

    Can you explain how individual to individual emails are handled when emails are not sent through a system that can even allow an unsubscribe feature.

    Should we all change the signatures in our outlook to include our address etc… (we don’t currently do this, just our phone number and website)

    Thanks in advance.



    • Still covered under the law. As stupid as it sounds. I do about 50% of my business in the US already and it is a requirement to list your address to comply with can-spam.

      With this new law, I am now looking at moving my entire operation to the US now though.

  18. Interesting – so where do emails from newswire distributors and news releases and other communications from PR folks to media editors, writers etc. fit in?

  19. In a geo-political climate where we (the US) are being constantly criticized for enforcing our laws against foreign nationals/countries, how can Canada get away with it? Does anyone believe that a US court would enforce a judgement from a foreign court that penalizes behavior that is perfectly legal under US law? That is a heck of a slippery slope, what happens if Canada decides to pass some even more ridiculous law that criminalizes some aspect of speech? Let’s say they change their definition of obscenity to include pornography regardless of where it is hosted or originates (foreign country or not). I don’t think I need to mention the multitude of cases in that area that were hard fought and ultimately are responsible for our speech protections today (Larry Flynt (hustler magazine) v. Jerry Falwell ring a bell?). This law is insane, even we (the US) don’t try and enforce can-spam over seas (or borders).

  20. Thanks a lot for the article.
    I have been reading about this law in other areas and was a bit confused over the statement (if I remember correctly) of one exception to CASL: If a company sends a business related email to another company (business to business) who has published their contact information on the internet/publication/directory (and they did not specifically note that they do not want to be contacted).
    Could you please comment?

    • My pleasure, Britt.

      It sounds like you might be mixing up two parts of CASL.

      If two businesses have a B2B relationship, then people from one organization can email people from the other.

      I think you are hinting at this implied consent clause:

      If the recipient has “conspicuously published” their email address, the publication is not accompanied by a statement that the recipient does not wish to receive unsolicited messages, and the message is relevant to the person’s business, role, functions or duties.

      Does that help clarify things?

  21. […] 4. All About CASL (Canada’s Anti-Spam Legislation) In Plain English […]

  22. The definition of the CEM is catching me up. I was wondering if sending an SMS reminder for a pre-existing appointment or a Happy Birthday message would be considered a CEM.
    I am an office manager to a chiropractic office where we send text reminders the day before the appointments, as well as on the clients birthdays.
    Since the appointments are booked in person or one-on-one voice calls in advance to the text, would they be considered a commercial message? The business relationship would have already been established. And all contact information used was provided by the client.

    • The definition of CEM is really broad…. really really broad. The reason the legislation uses “CEM” as opposed to “email” or “sms” is so that it can lump in all sorts of stuff.

      Moreover, if one of your electronic messages is commercial AT ALL, then CASL applies. It doesn’t have to be primarily commercial… it just has to have anything that is commercial.

      So, one might say that an appointment reminder, which leads to an appointment that someone will pay for, is entirely commercial in nature.

      If your message says “Happy Birthday” and nothing more (nothing at all commercial!), then you can probably justify it as non-commercial. But, I suspect that birthday reminder probably includes some additional language to encourage people to come back for a visit… and then we’re right back to being commercial.

      The important thing to realize here is that you are texting patients that you have an “existing business relationship” with. So, you already have what I assume is valid implied consent. That means that even if your messages are commercial (CEM), you still have the proper consent to send them in the eyes of CASL.

      Hope this helps!

  23. Should we be recording and storing all of our phone calls to have proof of oral consent? What data do we need to keep to prove oral consent on a phone call?

    • Oral consent is always a bit of a pain because you need to keep the unedited recording.

      If you don’t keep the recording and then get into hot water with CASL, you would have no evidence that you got consent. That recording is your evidence.

      A better course of action is to get the oral consent (like you are doing), and then right away send a confirmation email to that person. Once you get them to click the confirmation link, you’ll have enough of a digital paper trail that you won’t need the recording.

      So, in essence, the recording grants you the permission to send the confirmation email, and then the confirmation email provides better consent, which then renders the recording not needed.

      Hope this helps.


  24. Thanks for the posting, it is helpful. One question I have been trying to get clarification on is this, we purchase a mailing list that is very specific to our industry. We have used this list for the past 6 years to send out promotional emails (we’ve followed all previous requirements when sending those emails). Some of the clients on the list have purchased from us, some have not.

    My question is this, can we continue to send promotional emails to all individuals on this list after July 1st? Does sending promotional emails to this list prior to July 1st establish a “business relationship” (even if the recipient has not purchased anything from us)? Does sending a CEM to this list provide implied consent going forward, and we have 3 years to work at getting express consent?

    Any feedback is greatly appreciated…thanks!


    • Hi Dave,

      Just because you have been emailing to a list that is not really opt-in (b/c you purchased it) does not give you any consent for the future in the eyes of CASL.

      Now, the people who have purchased from you are OK to keep emailing. You have implied consent from them, which means you can email them for two years from the last purchase date. (…And, with the special transitional period in section 66, you can actually email them for 3 years.) During those years, the goal is to get them to express consent by having them re-confirm.

      You would not be able to justify a “business relationship” with everyone else on your database because they have never actually purchased anything from you or entered into a contract with you. My advice is to try to get them all to re-confirm before July 1, otherwise if you send them a CEM, you won’t be able to prove that you have either implied or express consent.

      Hope this helps. Cheers!

  25. Hi Robert:

    I hope all is going awesome and thanks for this very useful forum – I still have a question that is confusing me with one (bus) to one (bus).

    For instance, I make sales calls to clients who almost always ask me to send along the information in an email and with my iPhone which I use to make the calls it doesn’t have a recording software built in so I’ll have to buy one I guess but also I can make 40 calls in a day – that said, am I supposed to record each call every day for back-up and then at the same time, my understanding is that it’s illegal to record someone without their knowledge in Canada, and if I’m calling them, am I suppose to say, can I record your permission to send you an email?

    Some people will simply say “no” since it seems intrusive even if they want me to send an email and have just asked me to send them one, yet if I record without their consent… – thoughts on how I could gain implied consent?

    I record (written journal) every call and my call notes (always have) and then email and note in that email further to our conversation today your request for “specific info” today, here are the emailed details you requested, but it sounds like that won’t be enough?

    My main concern is that when I bring this new law up, literally (as crazy as it sounds) upwards of 75% have never even heard of it and don’t realize it kicks in on July 1st. I’m simply trying to prepare for my normal activity and if I didn’t know about a law and someone making a sales call asked to record me saying it’s okay to send an email, I would say no myself so just trying to figure out what my options are as I thought implied consent meant as long as I had a record of when they told me, who they told me, how I got their email address, etc. but sounds like even that won’t be enough?

  26. Hi Robert, I have a client that sends out to their clients every few months a newsletter.
    It doesn’t have marketing in it, it’s just information about the stock markets etc.
    95% of those mails go to clients of the business, they are “investment bankers” small firm.
    About 5% go to other people they know, first hand or otherwise.

    These mails are not a solicitation of business, but informational.

    Would this still need to get consent?

    As it is right now, they don’t even use a mailing list, they’re all just sent from Outlook.

    Thanks again.


    • Hi Matt,

      CASL is in full force any time a message has ANYTHING commercial in nature.

      It does not have to be primarily commercial…. just commercial at all.

      So, forgetting who they are sending to for a second, if a random third party looked at the email, would they think it is commercial in any way at all? I kind of suspect the answer would be yes… but keep in mind, I haven’t seen the actual email.

      That being said, if 95% of the emails go to their clients, then they have “implied consent” to email all those people. You can email someone under implied consent for two years from their last purchase or contract date. All of those people would be CASL compliant.

      The thing to watch for is people who were clients, but are no longer clients. Once you’re outside of the two year window (assuming you never got express consent), you need to stop emailing them.

      As for the other 5%, it really depends on the type of relationship.
      Check out the page in our CASL Survival Guide all about the different types of consent.
      That may make everything clearer.

      It is always best to get express consent. Even if you’re emailing clients, if you get express consent now, then you never have to worry about it expiring. A lot of people in the finance industry try to get express consent right when they pick-up a new client. It’s just part of the on-boarding practice.

  27. Further to my last comment does this apply for the following.

    If an investment house sends out a quarterly emailing with basic market information, purely informational, no advertising or soliciting of business?

    They send out about 125 of these in total in a quarter, there’s 1- 2-page PDF with a brief writeup contained.


    • Hi Matt,

      What I would suggest is that you find a random person who you know (not in the industry) and ask them if the email you’re referring to seems in any way “commercial”.

      An email could be 99% non-commercial, and 1% commercial, and CASL applies.

      For instance, in the email if there is a statement asking that people refer their friends to the investment house, then that alone could be considered a solicitation for business.

  28. Thanks for the posting.

    We are a wholesaler/Distributor and we currently email blast our direct customers (designers/architects) who we have obtained their email addresses either from their industry association website or their direct company website. We market to them products that are directly related to their business. Do we need to be concerned about this new law. Keep in mind we do not market to the public nor to be market products that are unrelated to their business.

    • Hi Steve,

      Based on what you’re saying, I think you do need to be concerned.

      CASL doesn’t care if you’re emailing the public or not, so that unfortunately doesn’t spare you. It only cares if your emails are commercial in nature, and it sounds like they are.

      This section from our CASL Survival Guide might be applicable to you as it sounds like some of the companies you’re dealing with might publish their email address on their site and invite emails like the ones you’re sending:

      If the recipient has “conspicuously published” their email address, the publication is not accompanied by a statement that the recipient does not wish to receive unsolicited messages, and the message is relevant to the person’s business, role, functions or duties.

      Pulling data off an industry association website is probably skewing towards the non-compliant side of things… unless each person specifically requested their information be published and made available.

      I would suggest that you start asking people for permission so that you know you are compliant.

      The general rule of thumb is that if you are sending a “cold email” to someone who is not your client and who you do not know, then it should raise an immediate red flag.

  29. Robert,

    Thank you so much for your awesome resources on CASL. There is one particular area that I am still confused about.

    We provide subscription based websites for our clients and send them a series of onboarding e-mails after they sign-up. Most of the e-mails are educational in nature but a few of these e-mails have upsells for other services we provide and thus would fall under CASL. Because these users have signed up for our service and “entered into a contract” with us (by agreeing to our terms on our sign-up form), would this form a business relationship and thus would these e-mails be allowed?

    A couple notes on the above scenario:

    – They have not purchased anything at this point because we offer a free month
    – They have not given express consent
    – They have “entered into a contract” by agreeing to our terms and signing up for an account
    – I understand that to get express consent they need to explicitly check a box, but I am wondering about implied consent and if I can send them my onboarding emails with upsells.

    A related question would be if providing CC information and going through a CC authorization for their free month but not actually having paid yet, constitutes a business relationship.

    Thank you so much for your time!

    • Hi Casimir,

      I’m so glad you found my write-up about CASL useful.

      There are lots of people with specific scenarios just like yours… so just know that you are not alone!

      Since your users/customers have not paid yet or entered into a contract (I’m not counting the “terms” as an actual contract…), then I think you’re looking more at the implied consent scenario where someone makes an inquiry into your services.

      If someone inquires about your service, it creates a type of “existing business relationship” where you can contact them for a period of 6 months.

      Obviously during that 6 months you are hoping they convert from their free trial and pay you. At that point, you would have two years from the date they paid you.
      You mentioned that you run a subscription service, so I should mention that each time they renew, it creates a brand new two year window.
      So, for further clarity, it is not two years from their FIRST purchase, it is two years from their MOST RECENT purchase.
      If your service renews monthly, then each month, the two year window would roll forward.

      I do think you are probably better off updating your signup form to have a checkbox (starting unchecked) that says “Yes I want to receive emails from (your organization name)”. If people check that box (and you also make it clear they can withdraw their consent), then you get express permission…. which is always the best. If they don’t check it, you’d still have that implied consent window.


  30. This is a STUPID law and only a moron would support something this stupid. Legitimate businesses are NOT the main source of spam. At worst, people receive very manageable amounts of unsolicited emails from legitimate businesses offering real products and services. The vast majority of spam comes from shady organizations and people that will laugh and ignore this nonsense piece of crap legislation. This law is a money grab. I repeat, this is a MONEY GRAB. Wake up. The winners are lawyers and the government. The losers are … everyone else. Businesses that can afford to abide by this ludicrous law will eventually pass the additional expense of online marketing on to consumers. Fire the politicians that enacted this piece of shit law immediately.

  31. Thanks , I’ve recently been looking for information approximately this subject for a while and yours is the best I’ve found out till now. But, what about the conclusion? Are you sure concerning the source?

 Leave a Reply



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

© 2013 Elite Email Inc. Blog Admin