Shared publicly  - 
What You Need to Know About Canada’s New Anti-Spam Law

There’s a new piece of legislation in Canada — known as CASL — that has some content marketers rattled.

It goes into effect on Tuesday, July 1, and it’s a wide-reaching attempt to regulate electronic communication (email, but also texts and social media conversations) that’s commercial in nature.

As usual when you’re talking about change on the web, there’s a lot of flutter and noise around the issue. But if you’ve been following email marketing best practices, it isn’t as scary as it might seem.

+Sonia Simone breaks down everything you need to know in today's special edition Saturday post. If you have questions, let's discuss below.
Sonia Simone's profile photoDave Paradi's profile photoForest Linden's profile photoJerry Roberts's profile photo
While I hate spam, I love free speech even more. And yes, that has everything to do with it if you think about it. Simple answer to spam, UNSUBSCRIBE LINK.
+Sonia Simone mentioned not adding people to mailing lists after you've met them at a conference. Ah, yeah! And if you subscribe me to your mailing list because I leave a comment on your blog you're even worse! :-)
So I'm working with this Canadian client who is forwarding me all these "we need to ask your permission" emails he's been getting from newsletters/companies that he's subscribed to. This seems unnecessary IF the a company's email list is white hat, meaning the list was developed from people downloading content on the site or the lists are based on current biz relationships (in this case, my client has sales reps, and each one has their own list of trade partners that it works and that we email regularly). My client thinks we need to send a "permission email" to the entire list of 6700 people in order to be compliant, but I say "maybe not." I know you're not a lawyer, but what's your take?
After reading your article and aWeber's and a few others, I feel compelled to point out that not all Canadians use a .ca email address. In fact, I'd say the percentage is low! Only Canadian businesses MIGHT have a .ca domain name AND use that email address when subscribing. So it's dangerous to think that if you don't have .ca email addies in  your list, you're safe.

+Robyn Bradley, my take on your question is that if these trade partners did not give permission (explicit or implicit) to be on those sales rep's lists, then a permission email should be sent out. 

It's a confusing matter to many on whether that permission email should be sent and I'm finding that many of the emails I'm getting should never have been sent in the first place - like membership websites. But the legal beagles of the country are probably siding on caution and advising their clients to send it out - resulting in these list being cut up to 50% due to not everyone re-opting in.

Sadly, the small business owners who want to be compliant are the ones who will get dinged the most and meanwhile, those in other countries and the real spammers of the world will carry on,  business as usual. It remains to be seen if this law will ever actually be enforceable - I can imagine a gazillion complaints flooding in based on how quickly someone will click the "Mark this as spam" button in Gmail when they're just too lazy to unsubscribe... 
+Robyn Bradley I would take a good look at the government's FAQ (link is in the post), but it does strike me that your client is probably fine. Verify that none of those email addresses were from bought lists or email appends. 

The people who have been regularly emailing with sales reps should be fine, that's an existing business relationship. It's sending commercial (marketing) mail to people who don't know you and didn't ask for it that could be tricky.

I think a lot of companies are probably over-doing it to make sure they don't get fined. Frankly it's not the worst idea in the world to get existing lists to re-opt-in and reconfirm their interest, especially if those lists grew in different ways. But many companies are doing more than they need to do. 

+Susan Friesen that's an interesting point, I'm going to ping the folks I know at AWeber and see if the .ca is actually written into the law or if that's an assumption on AWeber's part ... 
+David Boozer I agree to some extent, although free speech doesn't allow you to defraud people, etc. 

The social media components are very broad, possibly unreasonably so. I'm not familiar enough with Canada's freedom of speech laws to know if it would pass muster on a legal appeal. The email provisions, on the other hand, are pretty much in line with laws in other countries. 

There's some debate over whether or not single opt-in is sufficient to fully demonstrate "consent," but I didn't want to dig into that for this post -- we may look into it further in another post. I know Phil Hollows over at Feedblitz has some strong thoughts on the topic ...
I have a similar issue to +Robyn Bradley: My client is formalizing her business and has changed from a yahoo email address to a business domain name. Does anyone have "best practices" advice on sending her current yahoo list an invite to join her new business list? She hasn't been actively emailing the people on the list and I don't think it's kosher to just add the yahoo list to the new email list. Would appreciate your input on this!
Really. If business owners don't know by know that you should only send emails to those who subscribed, there's something wrong. Furthermore, I can't tell you how many emails I receive that make me wonder, "When did I sign up for that?" I simply hit the SPAM button or Unsubscribe. I don't have time to email the company and complain. I have writing and other things to do.

Forward to a friend... Interesting point about removing it. I wonder when Constant Contact, AWeber, etc. will get rid of this option.
+Brenda Spandrio Definitely don't just add the yahoo list to the new list. Instead, send the yahoo list an invitation to subscribe to the new list (how is that new business list being delivered -- on a service?) with a description of the benefits of doing that. 

+Amandah Blackwell The law has a lot of points of "fuzz" and lack of clarity, so it remains to be seen how the email services will handle some of these things. 
+Brenda Spandrio Look through our ebook on email marketing if you haven't yet (it's free, at least for now), it will give you a solid game plan for your client.
+Sonia Simone Yes, I knew the part about "don't just add."  And I'll definitely be reading through the ebooks. My client is so afraid people won't sign up if they have to be proactive. I keep telling her that while there will be some people who won't sign up or maybe won't even see her message, she can't send out a "unless you opt out, you're in" message. I may not be a complete expert, but I know that much.
True +Sonia Simone , that is why we sue the pants off for defrauding and they go under fast. However, we are talking about Spam, not actually purchasing horrible products and rip-offs, we as individuals are the only real decisive factor in what is or is not Spam...I don't need a babysitter online....I can unsubscribe.
One mans spam, is another mans treasure. =)
+Robyn Bradley First, here's my legal disclaimer: Get your client to consult their legal counsel. Review the new legislation. You can also call the government for clarification and if you're with Constant Contact they have a dedicated team who is looking after all CASL inquiries. 

Try to categorize all your lists into 3 buckets: Express Consent, Implied Consent and Unknown. Follow the CASL guidelines for the first 2 and you need to prove the that type of consent in an event of an audit.  Definitely, send the 'Need your Permission before July 1st" email to the unknowns. For Express and Implied consent you have some time to obtain their permission.
+Sonia Simone In this article, it reads as if only addresses with .ca domains are subject to the law. In fact, the law applies to all domains.  The bottom line is, no matter where your business operates, if you have Canadians on your list the law applies to you, and you need their consent before you send any commercial electronic messages (CEMs).
2 questions.  1. What is implied consent? I've seen it mentioned but not described.  2.  When someone purchases an ebook, for example, I send purchasers to a thank you page where they subscribe in order to receive the download information and any updates to the product. On that page they're informed that they'll also receive my newsletter.  Any idea if/how I'd need to modify this due to the new law?
From the government's FAQ, which is probably your best resource to check your own policies:

"consent to send commercial electronic messages (CEMs) is implied for a period of 36 months beginning July 1, 2014, where there is an existing business or non-business relationship that includes the communication of CEMs."

In other words, if you're sending email (or texts, or social messages) to them now, you have an implied business relationship. There's a transition period to let you move from that implied consent to a true opt-in.

As to whether or not you should have something like a checkbox for your ebook customers to also get your newsletter, it's always a good idea to confirm that they want to receive information from you, but I've seen various interpretations on that. I'd ask your email provider what they think about it. 
FYI, I added this to the post, but the key point is, this is stuff you should be doing anyway. The main points -- consent, identifying information, and simple unsubscribe -- are well established email best practices and some of them are already covered in other countries' spam laws. 

Update: To clarify, the law does apply to anyone living in Canada even if they are not using the .ca domain. This is stuff you should be doing anyway, so be smart and do the right thing for every subscriber.
I understand that under US law I need emails to have a physical address. Do I read you right that for Canada I now must also include a phone number? 
Thanks so much, everyone...awesome, helpful info!
+Gary Neal Hansen I tried researching that and it's hard to get specifics, because the amount of contact information needed has evolved and the Canadian government isn't awesome at informational websites. :) 

The simplest way to get the answer is probably to check with your email provider. They'll know the most current requirements. This overview from Constant Contact doesn't mention a phone number, just a mailing address:
Thank you +Sonia Simone. I'll follow up with MailChimp. Saw the reference to phone numbers in your helpful post and knew it must be a heads up.
+Gary Neal Hansen Mailchimp had at least 2 pages with info about CASL. The first ( talks about it.  The second tells you how to stay compliant using MailChimp (  On this second page there is a link to this page ( which has graphic examples of acceptable 'express consent mechanisms'. 

On the 1st url above it says:  "All messages sent must include your name, the person on whose behalf you are sending (if any), your physical mailing address and your telephone number, email address, or website URL." 

Notice the 'or' in the last sentence re: the telephone number, email address OR website URL.  Mind you - there should probably be some semi-colons or colons to separate parts of the sentence.   I read on one of the gov't pages that you can use a PO Box if you're a home-based business and don't want to use your home address.  

On this page of the Anti-Spam Gov't page at: - it verifies that you should "Also include a phone number, email address, or web address".   Again the 'or'...  This page looks more user-friendly than other gov't pages.
Great post, Sonia! 

One thing that I’m confused about regarding this new law: when I first read about it, I took it to mean that it means we always have to use double opt-in now…for everyone…because you never know which prospects coming onto your list are Canadians or not.

But the “consent” section of the law doesn’t mention anything about needing to use double opt-ins. It just says that we need to get permission from folks in Canada in order to email them.

We use double opt-ins most of the time, but for some launches, we use a single opt-in process so that prospects can access free content immediately after hitting the submit button to submit their name and email address.

My question is this: is the CASL law’s need for permission to email covered by a single opt-in sign up process (person enters name and email address and clicks on a submit button to get some kind of free thing or to subscribe to our email newsletter), or does it have to be a double opt-in sign up process?

I've got four more articles open in other tabs that I need to read through (articles that were linked to in comments in this thread), so I still have more research to do. But I thought someone here might know the quick answer to this double-opt in question.

Thanks much if anyone knows about this aspect of the law :)
+Forest Linden The law does not appear to address the issue, so it seems to me that it comes down to, if there is a complaint against you, will the investigator take single opt-in as consent. One email provider I talked with felt very strongly that double opt-in was much safer, others didn't feel as strongly. 

It seems to me that you could continue to deliver the free content on the "confirm your registration" page, so you'd have the benefit of both immediate gratification and the certainty of confirmed opt-in. 

As always, this isn't legal advice, just my best guess given what I've read. You could try asking a question on this post, since the author is an attorney who's actually read the law. :) 
Great post, Dave. 

This law is becoming more and more unsettling the more I learn about it. I'm not sure it will really hit home for most online marketers until the first news report of someone being fined a million dollars hits the mainstream media. 

I hope there's a way CASL can be repealed. I'm all for good email practices, but as you outlined in your post, it seems there are some aspects of the law that are just plain ridiculous and out of touch with reality. 

1.  Everybody on my subscriber lists are there as a result of one of two things only: Having bought one of my products or opting in to download content. IS THAT OKAY or is there more that must be done to be in compliance with this law?

2.  How would this play out if a challenge was made? Would it be a subscriber complaining to his government, and then you get notice that you're being sued, or what?

3.  What if you run a disclaimer in your email that alerts Canadian subscribers:

"Due to the recently passed CASL, there are additional restrictions placed on businesses which send commercial email to Canadian residents. You opted in to receive our emails. If you no longer wish to receive them, please use the 'unsubscribe' link below and you will be removed from our database. If you do not unsubscribe, you are giving us your implied consent to continue communicating with you in this manner."

Will this be sufficient? It puts the onus on the subscriber to make the decision, not the government.

Add a comment...