Canadian Anti-Spam Law: What You Need to Know

May 21, 2014
Written by
SendGrid Team
Opinions expressed by Twilio contributors are their own

Canadian Anti-Spam Law: What You Need to Know

Canadian Anti-Spam LawDo you send email to Canadian recipients? If so, new legislation called the Canadian Anti-Spam Law (CASL) affects you. CASL will go into effect on July 1, 2014 as a way to deter spammers from targeting Canadians and to provide law enforcement better ways for stopping those malicious senders.

CASL requires senders to implement changes to any commercial electronic messages (CEMs) being sent, and how recipient email addresses are obtained. As email senders, we should all be well versed in the legislation and what steps need to be taken in order to be compliant.


First, what is a CEM? According to Canada’s Anti Spam Legislation website, a CEM is “any electronic message that encourages participation in a commercial activity, regardless of whether there is an expectation of profit.” Types of CEMs include “any means of telecommunications, SMS, social networking, websites, URL's and other locators, applications, blogs, VoIP, and any other current and future internet and wireless telecommunication.”

How does this affect you as a sender? Because this law is designed to protect people in Canada, it can directly affect any email sender that has recipients in Canada. CASL requires new businesses sending commercial email to implement the following:

1) Clearly identify the sender of the message. 2) Provide a way for the recipient to readily contact the sender. 3) Provide a functioning unsubscribe method that meets these requirements:
  • Must be functional for 60 days after the message has been sent.
  • Must process a request within 10 days.
4) You must store the following information for each of your recipients' addresses:
  • Type of opt-in (paper, landing page, sign up, etc.)
  • Example of sign-up webpage (if applicable)
  • Date they opted-in
  • The connecting IP (if applicable)
Existing businesses must implement these changes for new mail recipients, but they have three years (until July 1, 2017) to apply them to existing mailing-list subscribers.

For more information about re-engagement campaigns, you can read our blog article Re-Confirmation Emails: Should You be Sending Them? and  our Reconfirmation Email Campaigns Docs page.

Gathering Consent from Recipients 

Part of CASL includes guidance for gathering consent from recipients before sending CEMs. For express consent (when a recipient provides their address for future communications), senders are required to clearly and simply provide the purpose for which consent is being sought. Senders may also use implied consent. Implied consent applies to messages when:
  • A recipient has existing business relations with you.
  • Your recipient disclosed their address online publicly without stating they do not want to receive CEMs. SendGrid’s Email Policy already requires senders to only send to permission-based lists.
Implied consent includes the following situations:
  • Messages sent within a business (they must be related to your business)
  • Messages sent in response to a request
  • Quotes or estimates
  • Receipts
  • Security info (recalls, warranties, etc.)
  • Ongoing usage with your business (ongoing purchases)
  • Service upgrades or updates
  • Deliveries of a product
Implied consent is also limited by a timeframe:
  • Implied consent only remains valid for a 6-month window if the recipient does not become a client.
  • Implied consent remains valid afterwards for 2 years if an existing client does not purchase future products or subscribes.
CASL permits senders to gather consent from third parties. An example of this could be a partnership between related companies, or organizations, as long as the recipients are aware of the potential to receive third-party emails. This situation would require all parties using the list to unsubscribe an address at the same time.

Third party referrals also require follow-up emails to acquire consent:
  • There must be an existing relationship with the prospective clients and the third party.
  • You are only allowed to send one email to acquire permission to send.
  • You must include the full name of the individual who made the referral.
Moving Forward

When collecting recipient information for your mailing list, you’ll need to retain any documentation regarding the opt-in process for your recipients so that you can show how they elected to receive emails from you.

To help you get started, ask yourself the following questions:
  • Where and how do you store your opt-in data?
  • What opt-in information do you store?
  • Who has the master record, and do you make back-ups?
  • Are the contact and unsubscribe methods up-to-date in your emails?
  • Is your privacy policy up to date and in compliance with CASL?
  • Does your marketing team understand CASL?
Final Thoughts

For companies and other organizations sending CEMs to Canadian recipients, make sure you’ve learned everything you can about the Canadian Anti-Spam Law by July 1, 2014. Some of the changes you may need to make include:
  • Identifying the sender of the message
  • Providing a way to contact the sender
  • Providing a functioning unsubscribe method
  • Storing the opt-in information of each of your recipient addresses

To learn more about the CASL and to help you make necessary changes, reference the following:

Recommended For You

Most Popular

Send With Confidence

Partner with the email service trusted by developers and marketers for time-savings, scalability, and delivery expertise.