7 Lesser-Known Facts About Canada’s Anti-Spam Legislation (CASL)

Share This Article

0 0 0 0

On July 1st, the Canadian Anti-Spam Law (CASL) went into effect, and the new legislation has prompted many marketers to question whether their current marketing efforts comply with the regulations. If this is the first you’re hearing about CASL, then you may have some work cut out for you in the coming months to make sure that Canada doesn’t hit your business with hefty fines upward of $10 million for sending unsolicited messages.

CASL - No More Spam Eh

What is CASL?

For those of you who have been away on summer vacay and have absolutely no idea what I’m talking about, it might help if I give you a brief overview of the new law. Deloitte does a nice job of summarizing in their CASL FAQs:

“CASL is a new anti-spam law that will apply to all electronic messages (i.e. email, texts) organizations send in connection with a “commercial activity.” Its key feature requires Canadian and global organizations that send commercial electronic messages (CEMs) within, from or to Canada to receive consent from recipients before sending messages. CASL does not apply to CEMs that are simply routed through Canada.”

Note that the legislation applies not only to Canadian-based businesses, but any global organizations that send commercial messages to Canadian recipients. That means if your software company is based in the US, but you have prospects or customers in Canada, this law still applies to your marketing communications.

I would consider myself to be fairly aware of what’s going on in the email marketing industry (seeing as we write about it regularly at Capterra), but I was shocked to learn some of the more nuanced parameters of this law, and that there has been so little talk about these important details until very recently.

Below I’ll share some of the lesser-known facts that I was surprised to learn about CASL:

1. The definition of a “CEM” isn’t limited to email.

SPAM doesn’t just come in the form of emails these days. According to the CASL, a “commercial electronic message” can take many forms, such as a text message, an IM, an automated voicemail, or even a DM on Twitter or an inbox message through Facebook. The Canadian Radio-television and Telecommunications Commission recommends you ask yourself this key question to determine if your message is a CEM: “Is one of the purposes to encourage the recipient to participate in commercial activity?” (Short answer: If you’re in B2B marketing, most—if not all—of your outbound messages probably count as CEMs.)

2. You may have implied consent… for now.

While the basis of the law encourages permission-based marketing and states that you must have expressed consent from all of your Canadian recipients, there are a few ways that someone can imply consent to receive CEMs… particularly for B2B organizations.

According to Mailchimp, implied consent occurs when:

  • A recipient has purchased a product, service or made another business deal, contract, or membership with your organization in the last 24 months;

  • You are a registered charity or political organization, and the recipient has made a donation or gift, has volunteered, or attended a meeting organized by you; or

  • A professional message is sent to someone whose email address was given to you, or is conspicuously published, and who hasn’t published or told you that they don’t want unsolicited messages.

So, under those provisions, existing clients are exempt. Likewise, if you meet a prospect at a tradeshow and they hand you their business card with their email address, you have implied consent to email them about your business. Or if someone conspicuously publishes their email address on their “Contact Us” page on the website, that implies consent, so long as the communication you’re sending pertains to their business function or role. Also, if you have a personal or non-business relationship (as with a family member or friend), express consent is not required, although it is on the sender’s onus to prove that relationship exists.

However, implied consent only lasts for 24 months. So if a former Canadian customer hasn’t renewed or opted-in to your email list in more than two years, you need to get expressed consent to continue sending them CEMs.

3. There’s a transition window, but it’s only for contacts with implied consent.

While the law did go into effect on July 1st, 2014, according to Eloqua, you have until July 1st, 2016 for all of your Canadian contacts with current implied consent to grant you explicit permission to message them. Or, they can create a new business relationship with you anytime during the 3 year transition period, from July 1st, 2014 to July 1st, 2017.

However, between now and then, you still can’t email someone if you don’t have an existing business relationship or existing implied consent— because even if you send an email asking them to opt-in now, it’s still considered a CEM.

Therefore, if you’ve purchased, traded, or data-scraped any of your email lists from private sources, you could already be in violation of the law. But not until July 1, 2017 do Canadian citizens get the right to private action and the ability to challenge violators.

4. The law doesn’t just apply to .ca email addresses.

Your first reaction to this new law may just be to sort through your current database for all the .ca email addresses and send them an opt-in request. Unfortunately, it’s not that simple. The law applies to any messages that individuals access on a computer system located in Canada, regardless of whether they are TO or FROM a Canadian recipient. So even if your recipient has a .com email address, if they’re based in Canada, you’re still in violation.

This stipulation makes the law particularly challenging for B2B marketers, especially if you don’t capture location in your lead generation forms. That’s why the best way to protect yourself from a violation is to only send emails to existing customers or individuals who have explicitly opted-in to receive a particular type of commercial communication—regardless of whether they live in Canada or not.

5. Pre-checked boxes are now illegal.

Do you have any sign-up forms that include a pre-checked box to opt subscribers in to your newsletter or other promotional messages? Unfortunately, you can’t email those folks in Canada any longer. Because the recipient does not manually “opt-in” by checking the box themselves, it does not count as explicit consent, and any emails you’ve collected in this nature could be in violation of the CASL.

Update all of your contact forms so that these checkboxes default to un-checked, and any opt-ins moving forward will count as express consent.

6. You need to keep a record of consent.

While there has been much speculation as to how these laws will actually be enforced, it’s clear that the onus is on the sender to prove that they’re compliant with CASL. As such, you should keep a record of exactly when and how you received express consent—whether that’s a sign-up form, an email, a business contract signed, or a business card exchanged.

So don’t throw out those old filing cabinets around the office just yet… you may still need them!

7. Transactional emails cannot include any promotional messaging (even links).

Some emails that your business sends may have nothing to do with establishing a commercial relationship. For example, if you send a password reminder email or a purchase confirmation email, that shouldn’t count as a CEM. And, according to the law, it doesn’t. But that being said, if you include any promotional messaging in the transactional email, like a sidebar banner to register for your user-conference or a P.S. about signing up for a free trial, that email is no longer considered “transactional,” and could be a violation of the CASL. There’s zero-tolerance for commercial intent; it’s not merely what you consider to be the primary purpose of the message.

Have more questions about CASL? Check out these various blog posts I used to research the topic, or leave your question in the comments below.

Disclaimer: I am NOT a lawyer. Please do not construe this information to be legal advice. While I’ve researched this topic and believe the above information comes from reputable sources, you should seek legal counsel to be absolutely sure that your business is compliant with CASL.

Looking for Email Marketing software? Check out Capterra's list of the best Email Marketing software solutions.

Share This Article

About the Author


Katie Hollar

Follow on

Katie is the Director of Marketing at Capterra - a free resource that helps businesses find the right software. Her work has been published in VentureBeat, MarketingProfs, CustomerThink, and the Demand Gen Report, and she has been featured in CIO, AdAge, and Website Magazine. Katie has a love of all things marketing, but she is particularly fond of social media and marketing automation. She is a UVA grad (Wahoowa!) and in her free time enjoys reading, running, and cooking. Follow her on Twitter @khollar.


[…] CASL, and it requires that we re-opt-in our subscribers. If you’re interested, you can learn more about CASL here and here. But that’s not really […]


If someone from a business that you deal with is harassing you via text message and you ask them to stop texting but they continue to do so, is this under this law?



Based on what I read, links to promotional materials (such as the learning center) would make the FAQ email a CEM if the recipient only opted in to receive FAQs specifically. It also depends on who you’re sending the FAQs to– if they’re only current customers or free trial/demo users, then you have implied consent with those folks for now.

Hope that helps!


@John- Thanks for your kind words!


Capterra always has the best tips, tricks and relevant ideas. Might start with a simple Tweet but leads to real content that you can use.


Wow! Thank you so much for explaining this law. Very important stuff here. If we have an email that includes FAQ’s and links to our learning center at the bottom, is that considering CEM? We aren’t trying to sell them anything just want to give them resources in the transactional email. Thanks!

Comment on this article:

Comment Guidelines:
All comments are moderated before publication and must meet our guidelines. Comments must be substantive, professional, and avoid self promotion. Moderators use discretion when approving comments.

For example, comments may not:
• Contain personal information like phone numbers or email addresses
• Be self-promotional or link to other websites
• Contain hateful or disparaging language
• Use fake names or spam content

Your privacy is important to us. Check out our Privacy Policy.