A Guide to Canada’s Anti-Spam Law


Email marketing has been a trusted, efficient and cost-effective method to build and maintain relationships with customers for the past two decades. The Direct Marketing Association calculates the ROI of email marketing to be $40 for every dollar invested. In late 2013, the new Canadian Anti-Spam Legislation (CASL) was passed, which goes into effect July 1, 2014.

What Activities CASL Covers

CASL covers the sending of “commercial electronic messages” that may be accessed by a computer in Canada (which usually just means cases where the recipient is in Canada). CASL covers more than just email — it also covers texts, IMs, and automated cell phone messages sent to computers/phones in Canada.

To Whom You Can Send Emails

CASL requires you to get explicit consent before sending someone a message. However, there are a couple very limited exceptions to the “explicit consent” rule. There are three situations where “implied consent” — meaning you don’t have a reason to believe you shouldn’t send the email — should be okay:

1) You have an active business relationship with the recipient.

An active business relationship exists if you have sold something to the recipient within the past 2 years, or the recipient has made an inquiry about your products at any point within the 6 months before you sent the email in question.

2) The recipient published his or her email for the world to see with no caveats about terms of being contacted.

For instance, if someone puts their email address on their website, but doesn’t include a caveat like “but don’t send me anything” or “no spam, please”.

3) Someone whose “business activities” are relevant to the message you’re sending has given you their contact info without indicating they don’t want to receive your messages.

It’s important to note that CASL provides some other exceptions that we don’t go into here because they’re less relevant to an average business situation. There is a 36 month transition period ending June 30, 2017, during which time consent may be implied if the recipient has not explicitly withdrawn consent AND the recipient has either:

  • Purchased something from you in the past, or
  • Has made an inquiry of you at some point in the past

Note: This is the same idea as a business relationship explained above except that the time limits have been removed.

What “Explicit Consent” Means

All requests for consent must touch on the following three points:

  • Purpose(s): You must specify exactly why you want the consent (e.g., “We’d like to send you newsletters and occasional special offers”).
  • Information: You must give your identifying/contact information as well as the contact info of anyone else you’re getting the consent on behalf of. This includes name, mailing address, and a phone number or email for contact.
  • That they can “un-consent”: You must tell them that if they want to withdraw their consent, they can.

You can get this in writing or orally, but you should keep a record of when/how you got consent. It’s important to note that the recipient has to manually “opt in,” so pre-checked checkboxes are not okay for getting consent. One that the users check themselves is okay, as is a box that the users type their email addresses into with a submission button next to it that users hit, but those must also be accompanied with something explaining why you want their consent (the purpose), who you are (information), and that they can un-consent. Additionally, you can’t just put “… and I consent to receive emails” into your website’s legal copy.

What You Have to Include in Your Emails

All messages you send must include the following three points:

  • Identity: You must identify yourself as the sender of the message, and give the identity of anyone you’re sending it on behalf of.
  • Contact Info: You must provide contact information that lets the recipient easily contact you.
  • Unsubscribe Mechanism: You must give the recipient a free and easy way to unsubscribe via a link to a website. That link has to be valid for at least 60 days, and you have to make sure the unsubscribe request is honored within 10 days.

What’s the Bottom Line Here?

Ultimately, as the email-sender, you have to understand your obligations and determine how to be in compliance. You should review the CASL with your own counsel. If you use HubSpot as your ESP, you have the tools you need to run a CASL-compliant email marketing program, though it is still solely your responsibility to ensure compliance with CASL. You can learn more about CASL on their website — fightspam.ga.ca

Innovation Through Gamified Marketing: Turning Engagement into Sales

Local Businesses: Effective Strategies for Thriving in Your Community