TheU: What you need to know about
the Canadian Anti Spam Law
Jenny Lassi has been affiliated with
HighRoad Solution for 7 years first as a
client and then as an employee.With
experience handling deployments and
deliverability for a wide range of clients
with optimized recipient engagement top-
of-mind, Jenny routinely trouble shoots
deliverability issues from ISP level filtering
to email client level filtering (email
Forensics as she refers to them). She also
consults with clients on authentication,
content, content strategy, email preference
center management & other deliverability
• What is CASL?
• What is CAN SPAM?
• How does CASL compare to CAN SPAM?
• Will your organization’s eMessaging be impacted by
• If impacted, what can you do to be in compliance?
• References & Resources
What is CASL?
Canada’s Anti-Spam Legislation or Canadian Anti-Spam Law
Going into effect July 1, 2014
What will it do in theory?
Legislation is written in efforts to reduce the amount of SPAM
emails that reach your inbox, give power to enforcement agencies
to penalize offenders and reduce the need for other SPAM
reduction efforts (Email server filtering software, etc.) that cost
organizations thousands in software and manpower to manage.
CASL Fast Facts
Prohibits sending commercial eMessaging without the recipient's express consent, including
messages to email addresses and social networking accounts, and sms text messages sent to a cell
Prohibits the alteration of transmission data in an electronic message which results in the message
being delivered to a different destination without express consent
Prohibits the installation of computer programs without express consent
Prohibits using false or misleading representations online in the promotion of products or
Prohibits the collection of personal information through accessing a computer system in violation
of federal law (e.g. the Criminal Code of Canada)
Prohibits the collection of electronic addresses by the use of computer
programs or the use of such addresses, without permission
CASL Basics for Email
CASL is essentially an opt-in legislation and permits email marketers to send CEM
(Commercial Electronic Messages) only to recipients who have asked for them or
otherwise given consent to receive them specifically from your organization.
Express (or Explicit) Consent:
Membership or subscription sign-up collects consent, date, time & email address
Enewsletter subscription sign-up collects consent, date, time & email address
CASL does have language that speaks to implied consent if Expressed consent was not
obtained but a previous relationship exists between CEM sender and recipient. CASL
language does give 2-years to gain Express consent if you have Implied consent.
What is required for compliance?
To obtain express consent the email sender must:
1. Clearly describe the purposes for requesting consent
2. Provide the name of the person seeking consent, and identify on whose
behalf consent is sought, if different
3. Provide contact information for either of those persons (mailing address and
either a telephone number, email address of web address)
4. Indicate that the recipient can unsubscribe
There are three government agencies responsible for enforcement of the law.When
the new law is in force, it will allow:
The Canadian Radio-television andTelecommunications Commission (CRTC) to
issue administrative monetary penalties for violations of the new anti-spam law.
The Competition Bureau to seek administrative monetary penalties or criminal
sanctions under the Competition Act.
The Office of the Privacy Commissioner to exercise new powers under an amended
Personal Information Protection and Electronic Documents Act.
What is CAN SPAM
The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited
Pornography And Marketing Act of 2003) was signed into law by President
GeorgeW. Bush on December 16, 2003 and establishes the United States'
first national standards for the sending of commercial email and requires
the FederalTrade Commission (FTC) to enforce its provisions.
CAN SPAM Basics
CAN SPAM is essentially an opt-out legislation and permits email marketers to send
unsolicited commercial email as long as it adheres to 3 basic types of compliance
defined in the CAN-SPAM Act: unsubscribe, content and sending behavior compliance:
An unsubscribe mechanism present in all emails
Opt-Out requests that are honored within 10 business days
Opt-Out lists that are only used for compliance purposes
Accurate friendly from names
Relevant subject lines
A label if content is adult in nature
CAN SPAM Basics
A physical address of publisher or advertiser
A message cannot be sent to a harvested email address
Cannot contain a false header
Email should contain at least one sentence
Email cannot be null or blank
How does CASL differ
from CAN SPAM?
Requires Express consent or
Opt-In from Canadian
Cannot send email without
permission to Canadian
Personal or Family relationship
Requires unsubscribe mechanism
in emails sent to US subscribers
Can send without permission if
you allow recipient to unsubscribe
You can send to any subscriber as
long as you allow them to
Transaction messages are exempt
from express consent rule and also
exempt from unsubscribe rule
Refer a friend and Forward to a
Friend methods of email sending
exempt from Express consent rule
Emails required by law are exempt
Transaction messages are also exempt
from unsubscribe rule
Refer a friend and Forward to a Friend
methods of email sending exempt and
unless they sign-up, they are not a part
of the email database
Can send any email, including legal
notices, product recalls, safety
information as long as there is
a way to unsubscribe
How is CASL similar to
Will your organization
You send emails to Canadian email addresses (with or without your
You do not know if your existing business or non-business relationship with
the recipient means you have Express consent , Implied consent or no consent
Your membership sign-up does not clearly communicate that they consent to
receiving emails from your organization as a part of their membership
You allow non-members to subscribe to your available eNewsletters and
you do not have a date/time stamp of the subscription submit
Will your organization
You collected express permission from all members & non-members when
signing up or all non-members when they subscribed to available newsletters.
You only send transaction messages and no marketing/commercial email
You obtained express consent under PIPEDA and/or other privacy legislation
prior to CASL going into effect on July 1, 2014
If you are impacted or think
you may be, what now?
Where should we start?
Membership sign-up process express consent audit
Non-Member eNewsletter subscription process audit
Data Audit - Identify Canadian email addresses that end in .CA
in your database or clarify if Country was a required field in
either your membership sign-up process or non-member
eNewsletter subscription process
Case Study Scope
Our client is a member driven organization based in Toronto.
They analyzed their membership sign-up process and non-member enewsletter
subscription process and determined that they had “Express Consent” from
members, but their legal department did not feel they had express consent from
non-members even though non-members subscribed to emails and this could be
construed as a prior business relationship that has “Implied Consent.”
They deployed an email message to non-members May 2013 to drive non-members
to give “Express Consent” by logging into their online subscription portal and giving
permission to continue to send them email.
Sent to over 45,000 non-members
80% Delivery Rate
29.78% Open Rate
49.23% Click Rate
Approximately 6,597 non-members
driven to re-permission landing page.
All non-members who did not
respond were scrubbed from the
email marketing database and flagged
in AMS as do-not-contact by email.
Whether you didn’t collect Express Consent for your members at the time of sign-up
or for your non-members at the time of their eNewsletter subscription process, there
are tools you can use in your email platform to re-permission subscribers.
Step One: Identify/Segment which subscribers are affected
Do a search for any email addresses that end in .ca and also review your subscription
process to see what data is captured at the time of sign-up.
If your association automatically sends emails to all that sign up for membership, have
your legal department review the language on the page. If it does communicate to them
that will receive emails by submitting/applying for membership,
they consent to receiving these emails and at the time of submit, a
date/time stamp is saved?
If not, you need to re-permission these subscribers.
StepTwo: Create a segment and also save a list export of all of those affected
You will need to deploy an email to these subscribers to drive them to a landing page
to collect permission. If this landing page is on a re-permissioning system you have built,
great.You can skip next steps.
If you were to use your email platforms sign-up widget that is hosted on a landing page,
you will have a few more steps.
StepThree: Create a sign-up widget and host on a landing page
Create a sign-up widget that puts all subscribers into a segment you call Canadian
Permission. Put that widget code on a landing page. Then send an email driving
subscribers to the landing page.
When you do this, the email platform should track the date/time of the submit as well
as takes it up a notch with tracking the IP address.
NOTE: Every platform handles this a bit differently so test if subscribers have to be
deleted from your account just after you deploy the email so when they are
reintroduced, the system tracks date/time.
At this time, DOI is not a CASL requirement.
If you have an email preference center application that functions as a
subscription sign-up form this could also be utilized to obtain Express consent
for a re-permission campaign.
BeforeYou Send… My $.02
This deployment is important and you need to make sure you have done
everything you can to reach an inbox. Permission and Re-Permission
campaigns may not net you the response rate you would like, but if your
emails are getting routed to SPAM folders or going missing, all this effort
will go to waste and you’re wasting money.
Deliverability Check List:
- Have DKIM/SPF authentication in place
- Send email traffic on a warm IP
- Manage the bounce logs, address root issues of bounce and re-deploy
• Work with your legal team to isolate/segment affected subscribers
• Member driven organizations may have Implied consent for members
but consult your legal team to define these requirements for you
• Update existing member sign-up processes and non-member
subscription processes to obtain Express consent if you don’t already
• Start now to deploy a re-permission campaign to Canadian email
subscribers that do not have Express consent
• You will need to capture date, time, email address to prove Express
consent at the time of sign-up or re-permission
• Take permissioning a step further and collect the IP address of the
Next Up atTheU:
TheWorld of Content Marketing:Why It's the HottestTrend for 2014
When: Friday, January 24th
Time: 2- 3 pm Eastern
Content Leader: Mitchell Beer, President, Smarter Shift
CAE Credit: 1 hour may be earned for participation in the live webinar
Other questions for Jenny?
eMail = email@example.com
Twitter = @highroadjenny