CASL over Canadian flag emblem with maple leaf

CASL Compliance: What Email Marketers Need to Know


If spam fought the law in the Great White North, would the law win? While Canadians are known for being polite, they have a history of being tougher on email spam than their neighbors in the U.S.

Canada’s anti-spam law (CASL) is one of the most strict, both in terms of compliance and potential penalties for violation.

Email marketers need to pay attention to CASL compliance because violating anti-spam laws can land you — and companies you work with — on blocklists. That will affect your email deliverability. All the email marketing in the world doesn’t do any good if emails aren’t being delivered.

What is CASL?

Canada’s Anti-Spam Legislation became law in 2014 and raised the bar for anyone sending what it called commercial electronic messages (CEMs) to or from people in Canada. This includes emails sent from other nations.

So CASL compliance is something businesses all over the world have to reckon with.

CASL gives Canada’s government the authority to investigate complaints against businesses and individuals who send CEMs without the consent of the recipient. That investigation can lead to fines and even prison time in severe cases. Fines can stretch as high as $1 million for individuals and $10 million for large companies.

It’s complicated, but the core of CASL rests on three main requirements for electronic communications between businesses and people. All commercial electronic messages must:

  1. Be sent to recipients who have given their consent to receive marketing communication from you.
  2. Provide sender identification, including a mailing address (can be a PO Box).
  3. Offer a clear and functional unsubscribe process.

In addition to email messages, CASL compliance also applies to text messaging and other forms of personal communication such as social media and instant messaging. That’s one thing that separates CASL from the United States CAN-SPAM Act.

Another major difference is that CAN-SPAM only requires a way to opt out of emails while CASL compliance includes consent -- or a required method for opting-in to communications.

The idea behind CASL compliance is to promote good communication practices and compliance among businesses and individuals, while still allowing them to gather the information they need to grow and engage their customers.

What defines a commercial electronic message (CEM)?

A CEM is a message with the primary purpose of compelling or motivating action from the recipient, where the action has a commercial element.

That includes the obvious, like sending coupons and sales offers with call-to-action buttons that take the recipient to a product page. It also includes requests to like or share your social media pages, links to blogs, and offers to join a membership, sign up for a webinar, or get a free download.

Not every email, text, or instant message counts as a CEM. For instance, if someone purchases something from your business and you send them an email receipt, that isn’t a CEM. That’s an example of a transactional email.

To paraphrase a famous adage, it might be hard to define a CEM, but we know it when we see it. Here’s an FAQ page about CASL from Canada’s government.

Who needs to comply with CASL?

Essentially, any business or organization sending commercial electronic messages to anyone living in Canada needs to pay attention to this. If you can segment your email lists so your Canadian subscribers have their own category, you can isolate them and make sure your communications pass CASL.

Or, you can just use the same standards for all your CEMs and opt-in processes, which is really nothing more than ethical email marketing best practices. Even though other countries may have less strict anti-spam laws, the people in those countries may feel just as frustrated about getting unwanted communications.

How email marketers achieve CASL compliance

There are three areas of focus for email marketers who must work to comply with CASL: consent, record-keeping, and exemptions. Let’s tackle each one in brief.

Consent: express or implied

Express consent, also called explicit consent, happens when a person actively chooses to give you permission to send them commercial electronic messages. The law describes this as a “positive” action step.

Examples of express consent include:

  • Checking a box on your opt-in form that gives your company permission to email them.
  • Filling out a survey that includes a question asking for permission to send marketing materials.
  • Filling out a paper form at a live event.
  • Dropping a business card in a bucket at a booth.
  • Checking a box when making a purchase that gives permission to send marketing communications.

All of these and other examples represent a positive action step. Essentially, an individual must take some sort of action indicating they want to receive emails from your company.

Implied consent has a fuzzier definition and can be obtained through several means. The idea here is that the sender has some kind of existing business relationship or non-business relationship with the person who will be receiving the CEM.

Implied consent can come after someone makes a purchase or signs up for a free trial. It could come from someone giving you a business card at a tradeshow. Referrals are yet another example of presumed implied consent.

Implied consent could also mean that the sender found the recipient’s email on a company website, and used that to send them marketing. As long as the marketing being sent relates to their role at that company, and their site doesn’t explicitly forbid being solicited, this counts as implied consent for B2B marketers.

However, implied consent expires after two years if a recipient has no other business transactions with you in that timeframe. Unless you get the recipient to give you express consent, you must stop emailing them after two years. And remember, any CEM you send them must still meet all the requirements listed earlier, such as offering an unsubscribe option.

Strategies for acquiring express consent

To achieve CASL compliance, you cannot pre-fill a checkbox on an opt-in form. Furthermore, email address harvesting poses a serious risk. That’s because emails found on a website must be “conspicuously” located — such as on a staff page or homepage — to count as implied consent. If the address is buried in the code and only visible to bots, you shouldn’t use it.

So what can you do? Give people a reason to want to give you their email. Here are some common tactics:

  • Offer compelling content in exchange for consent. If they want the content, they’ll give their email.
  • Create events such as webinars or live broadcasts and require an email to join.
  • Include express consent options on your purchase pages, and give an extra discount or coupon for signing up.
  • Offer quizzes to generate leads, and ask for an email in order to view results.

CASL compliance and record-keeping

If you’re failing to follow CASL guidelines, you’re more likely to discover this yourself if you’re keeping good records. And, if someone complains and a Canadian government agency begins investigating you, your records can make it easier to work with them and resolve the issue.

In short, good records allow you to respond professionally and show that you’re doing your best to comply with CASL.

How to keep good records:

  • Keep evidence of express and implied consent, both digitally and with paper copies from events and business cards.
  • Document the methods used to collect consent.
  • Include these methods in your policies and procedures.
  • Keep a clear digital record of unsubscribes and the actions you took in response.

Learn more about keeping CASL compliance-related records

Who enforces CASL compliance?

The Canadian Radio-Television and Telecommunications Commission

The Canadian Radio-Television and Telecommunications Commission, better known as the CRTC, investigates complaints sent by consumers. If they determine that the law has been violated, their likely first step will be to work with the business or individual to help them correct the violation.

For example, if a website’s email opt-in form includes a pre-checked box that indicates the person signing up is giving their consent to be marketed to, this violates CASL’s definition of consent.

Let’s suppose someone fills out that form and complains to the CRTC about marketing emails they didn’t want. When the CRTC discovers the opt-in form’s pre-checked box, they’ll send a notice of the violation to the business.

If the business is able to correct it in a timely manner and show that they’ve adjusted their internal processes to obtain consent in a lawful manner, there’s a fair chance no fine will be issued.

So, what are Canadian email recipients complaining about the most?

The biggest reason for submitted complaints is — you guessed it — a lack of consent to receive marketing communications. Notably, 20% of Canadians who have submitted such complaints were still getting emails from the company they complained about ten days after unsubscribing.

Whether you run a business directly or do email marketing on behalf of clients, that’s the sort of thing you want to focus on immediately. Does your unsubscribe process actually do what it promises? Does it work?

What are the penalties for violating CASL?

As mentioned earlier, individuals can be fined up to $1 million, and companies up to $10 million. There is also the possibility of receiving prison time, though at this point that seems like an extreme outcome and not a likely one.

Are any email messages exempt from CASL?

Here’s a brief list of communications that don’t need to worry about CASL compliance:

  • Politics and many nonprofit communications
  • Shipping notices and electronic receipts
  • Password reset emails
  • Responses to complaints from customers and other customer service issues
  • Legal obligations such as privacy policy notices
  • Market research

Do email service providers help with CASL compliance?

Yes, to a point. Most ESPs, such as Mailchimp and Emma, try to make sure their platforms and users are being compliant with spam laws. They include certain features to help increase list quality and anti-spam law compliance. But, different companies do this to varying degrees.

Here’s how Mailchimp protects its senders. Mailchimp doesn’t allow you to upload referred email addresses or emails acquired from company sites, even if ‘conspicuously’ located. And they even require political organizations to obtain consent. So Mailchimp in some ways is more strict than CASL.

Here’s what Emma does, using a different approach. They follow CAN-SPAM for their customers, which is the US anti-spam law, and somewhat different from CASL. Emma expects you to monitor your implied consent timelines. That means, if you don’t pay attention, you might draw the ire of the CRTC by continuing to market to people beyond two years who only gave implied consent. In situations like that, Emma may not automatically protect you.

Now you have yet another reason to use good habits like cleansing your email lists of unresponsive, old email addresses.

Whichever email service provider you use, it likely follows CASL in some ways, but not in others. It’s up to you to ensure you’re in full compliance.

Check email deliverability before you hit send

Lastly, before sending any emails, make sure you’ve done everything possible to ensure maximum deliverability. This is about more than CASL compliance and following other anti-spam laws. It’s about removing bad emails from your list, avoiding spam traps, and many other issues that affect deliverability.

Even the best message that’s totally compliant with anti-spam laws will deliver poor results if it doesn’t make it to inboxes. Email on Acid helps you identify potential issues before you hit send so you can make the most of every campaign.

See how Email on Acid helps maximize email deliverability before you click send.

Simplify the Email QA Process and Deliver Perfection

What’s the best way to run through your pre-send checklist? With Sinch Email on Acid’s Campaign Precheck, we’ve simplified the process and set everything up for you. Use it to double-check your content, optimize for deliverability, ensure accessibility, and preview how campaigns look on more than 100 of the most popular clients and devices. All before you hit send!

Start a Free Trial