Developers and marketers responsible for sending email are expected to understand and comply with anti-spam legislation like Canada’s Anti-Spam Law (CASL). This can be particularly difficult when myths and misconceptions abound. In an effort to eliminate the confusion, we dispelled the top 10 CASL myths regarding CASL compliance.

It’s been over a year since the anti-spam provisions of Canada’s Anti-Spam Law (CASL) have taken effect, and many companies still have questions about the regulation. CASL is considered one of the toughest anti-spam laws written to date, so it isn’t a surprise that marketers are challenged to separate fact from fiction. In this blog post, we’ll go over the top 10 CASL compliance myths in an effort to help set the record straight and give US marketers the confidence they need to send email to Canada.


Myth #1: The Canadian Radio-television and Telecommunications Commission (CRTC) will give us a large fine for any violation.

False. CASL is intended to protect consumers from fraud, spam and malware. The CRTC, which is responsible for enforcing CASL, is looking for gross violations in an effort to do just that. It is not out to get legitimate businesses on what could be considered gray area violations or points that are as yet unclear.

Myth #2: Using confirmed opt-in will make our email collection data CASL compliant.

False. Confirmed email opt-in is a best practice for obtaining good data, and it helps companies achieve CASL compliance but it does not, in-and-of-itself, make you CASL compliant. CASL also requires that specific information be available to recipients at the time they subscribe. Companies must provide a postal address, a statement about how to unsubscribe, and contact information.

Myth #3: The expressed consent we received before CASL went into effect is still valid.

True – with a caveat. Prior to CASL, email marketing was regulated under Canada’s privacy regulations. Expressed consent was more flexible under the earlier privacy regulations. However, CASL considers expressed consent that was received before July 1, 2014 to be compliant if it was compliant with Canada’s privacy legislation.

Myth #4: The full law goes into effect in 2017, so we still have time to prepare.

False. While the full law goes into effect July 1, 2017, the portions of the law that concern most email marketers are already in effect and being enforced. In fact, the CRTC is actively investigating cases of noncompliance.

Myth #5: CASL doesn’t apply to transactional messages.

False. This one’s a bit tricky. CASL will apply to transactional messages – if it doesn’t already – in some cases. The concept of “transactional messages” doesn’t exist under CASL. However, if a message contains any advertising or marketing content whatsoever, it is considered a commercial electronic message (CEM) and is subject to CASL. If you send a receipt or password-reset email to a customer and it includes a coupon, for example, that message falls under CASL. It gets a little more complicated in that CASL also says you don’t need consent for a message that confirms a transaction. But the other requirements for sending a message do apply; namely, identification and a functioning unsubscribe mechanism.

Myth #6: CASL applies to Commercial Electronic Messages (CEMs) sent to Canadian citizens living in and out of Canada.

True. CASL was drafted broadly to apply to any CEM sent to or from a computer system located in Canada. The exception is if a message is sent from Canada to a foreign jurisdiction with its own anti-spam legislation with which the sender is complying.

Myth #7: CASL only applies to electronic messaging.

False. In addition to CEMs, CASL also creates rules for the installation of computer programs. For example, these programs are required to include notifications such as what is being installed, who is asking for it to be installed, and how to uninstall it. CASL also prohibits the unauthorized alteration of transmission data, such as when a DNS server is poisoned and traffic is redirected to a proxy server that collects information.

Myth #8: We need to reconfirm our entire mailing list to be CASL compliant.

False. Your mailing list is fine as long as it meets the conditions of Section 66 of CASL, which details a number of conditions that prevent companies from having to reconfirm their entire list. These conditions align with the privacy requirements prior to CASL.

Myth #9: We can email a person for consent.

False. Companies cannot randomly send emails requesting consent. CASL deems these commercial emails. Consent must be provided in CASL’s specific form. (Click to Tweet this fact.)

Myth #10: Expressed consent is only one type of consent valid under CASL.

True. There are two types of consent under CASL: expressed consent and implied consent. Implied consent is obtained when addresses are freely provided, such as when a purchase is made from a website or individuals enter into a contract, for example. Implied consent expires two years after the data is collected. Expressed consent, on the other hand, is good until the recipient unsubscribes.

Want to know more about CASL? Become an expert and find out first-hand from a CASL Senior Enforcement Officer how senders like you are faring—and what to do today to prepare for the future. Check out our webinar replay with CRTC experts Dana-Lynn Wood, Senior Enforcement Officer, CRTC and Kelly-Anne Smith, Legal Counsel, CRTC, by clicking on the image below. Don’t have time to watch the webinar replay? View our short 12 slide deck on SlideShare.