Skip to content
Mike Lieberman, CEO and Chief Revenue ScientistTue, May 16, 2017 8 min read

CASL Compliance: Essentials Every Marketer Needs To Know

casl-compliance-blog (1).png


If you are a digital marketer in North America, you need to be aware of Canada’s Anti-Spam Legislation (CASL).

CASL was created to minimize spam and “promote the efficiency and adaptability of the Canadian economy.” According to the American Bar Association (ABA), CASL is one of the toughest anti-spam laws in the world. It was not created to hinder e-business, though – just to minimize the impact of spam on users, and to maximize valuable and reliable content.

Read below to learn the essentials all digital marketers should know about CASL.

The Three Phases Of CASL

CASL was originally implemented in July 2014, with a three-year phase-in period to give businesses time to establish systems that comply with the law. With the final phase being implemented this year, we felt that it was importnat to provide an outline of what CASL looks like today.

  • July 1, 2014 – Implementation
  • January 15, 2015 – Rules regulating the unsolicited installation of computer programs or software
  • July 17, 2017 – Individuals and organizations affected by contraventions of CASL have the right to file civil actions; class-action suits are also possible


CASL-compliance-email-marketing.jpgCanada’s Anti-Spam Legislation places restrictions on businesses that send commercial electronic messages (CEMs). Companies must either obtain express consent or rely on implied consent from Canadian recipients in order to contact them via CEMs.

“CEM” is broadly defined. It includes any electronic message that is designed to encourage participation in a commercial activity, whether that is the messages only purpose or just one of its purposes. CEMs include:

  • Email 
  • Social media messaging
  • Text messages
  • Sound, voice or image messages

You can find the full text of Canada’s Anti-Spam Legislation here.

Does CASL Apply To You?

To send any form of CEM to a computer system located in Canada, or accessed by way of a Canadian computer, you must:

  1. Obtain consent (express or implied)
  2. Identify yourself or your business
  3. Include an unsubscribe mechanism in each message

Definitions Of Consent

Express consent is a proactive action, either oral or in writing, that indicates a recipient’s willingness to receive a CEM from you. It involves some kind of opt-in mechanism, such as filling out a form at your website.

Implied consent takes several different forms, including having an existing business relationship (EBR) with the recipient. Other types of implied consent include having an existing non-business relationship with the recipient, such as belonging to the same club or if the recipient volunteered for your charitable organization. If the recipient makes his or her email address publicly available by publishing it on a website, that is also considered implied consent.

What Is An Existing Business Relationship (EBR)?

EBRs come in four basic types, each of which lasts for a specified period of time. You can send someone a CEM if the person has:

  • Sold or leased goods, services or land from you within the last two years
  • Accepted a business, investment or gaming opportunity from you within the last two years
  • Inquired about or applied for any of the above transactions within the last six months
  • Entered into a written contract with you that either is still in effect, or has expired within the last two years

You can read more on the CRTC website.

Obtaining Express Consent: Opt-In And Opt-Out

Many of you already use opt-in checkboxes in your website forms, which are typically used to gate content and as lead generation tools. Under CASL, a form with an opt-in must have four parts:

  1. A clear opt-in statement that specifies what users are agreeing to
  2. A way to unsubscribe/opt out in the future. You can do this in the language on the form, or you can include it in an email confirmation (confirmed opt-in, or COI) after the form is submitted 
  3. An indication of who you are, or on whose behalf you are speaking 
  4. Your mailing address, phone number and email or web address, unless already provided

Following these opt-in rules will align your business with CASL regulations.

Proof Of Opt-In

If you are ever audited by the CRTC, you must provide proof that you obtained the recipient’s consent to send CEMs. The burden of proof is on you to show how that permission was obtained. To provide proof of an opt-in, you must capture:

  • The subscriber’s email address
  • The subscriber’s IP address
  • The date and time of opt-in
  • The specific URL of the acquisition source (if the source landing page is no longer live, you must present a screenshot of it)

It’s important to keep good records in case a complaint results in an inquiry or audit. 

Opt-Out Requirements

Having an unsubscribe link is a best practice in content marketing, and it complies with CAN-SPAM regulations in the United States. However, that alone will not make your CEMs compliant with CASL. The Canadian requirements include the following:

  • You must always give subscribers the option to unsubscribe from all CEM (including transactional emails)
  • You cannot require any information beyond the subscriber’s email address
  • You cannot ask the subscribers to log into your website or visit more than one page to submit an opt-out request
  • You must comply with unsubscribe requests within 10 business days

Moving Forward

CASL legislation was passed to increase growth in the e-commerce space for companies that play by the rules. Digital marketing is no longer the Wild West, where the email blast to the largest list gets the most traffic. Email recipients are smarter and more tech-savvy than ever, and it is important that we treat them that way. The CASL rules are very clear on what is acceptable and what is not.

As your company works to align your email marketing tactics with CASL requirements, you need to consider both the specific actions/processes you will take to comply, and how you will provide proof of that compliance. Educating your internal teams about the law will be a priority.

Want to learn more about CASL and email marketing compliance in the United States, Canada and Europe? Download The Ultimate Guide To Email Spam Laws by clicking below.


Mike Lieberman, CEO and Chief Revenue Scientist

Mike is the CEO and Chief Revenue Scientist at Square 2. He is passionate about helping people turn their ordinary businesses into businesses people talk about. For more than 25 years, Mike has been working hand-in-hand with CEOs and marketing and sales executives to help them create strategic revenue growth plans, compelling marketing strategies and remarkable sales processes that shorten the sales cycle and increase close rates.