Anti-Spam Legislation and Best Practices
Canada’s Anti-Spam Legislation (CASL)
Definition
CASL is an anti-spam law that applies to all electronic messages (i.e. email, texts) organizations send in connection with a “commercial activity.” Its key feature requires Canadian and global organizations that send commercial electronic messages (CEMs) within, from or to Canada to receive consent from recipients before sending messages.
A CEM is any electronic message that encourages participation in a commercial activity, such as an email that contains a coupon or tells customers about a promotion or sale.
Some examples of CEMs include:
- Offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land;
- Offers to provide a business, investment or gaming opportunity; and
- Promoting a person, including the public image of a person, as being a person who does anything referred to above, or who intends to do so.
Requirements
Before a CEM can be sent to an individual, the sender must have consent from the recipient (although there is one exception as noted below).
In fact, there are three general requirements for sending a CEM to an electronic address: (1)
obtain consent, (2) provide identification information, and (3) provide an unsubscribe mechanism.
1 . Consent
There are two types of consent under CASL: Express and Implied.
Express
Express consent can be obtained in writing or orally. In either case, the onus is on the person who is sending the message to prove they have obtained consent to send the message.
One cannot use a pre-checked box to request consent from a consumer as it assumes consent. Silence or inaction on the part of the end user also cannot be construed as providing express consent. Rather, express consent must be obtained through an explicit opt-in mechanism, as opposed to opt-out.
Express consent is not time-limited: once express consent is obtained you are able to send CEMs until the recipient notifies you that they no longer want to receive them.
Implied
You may rely on implied consent for sending CEMs if it is done under certain conditions.Consent on the part of the recipient may be implied based on some business or non-business relationship with the sender of the CEM.
An existing business relationship (EBR) may be based on a previous commercial transaction with the recipient; or having an existing non-business relationship based on, for example, membership in your association, club or voluntary organization, or if the recipient participated as a volunteer for your charitable organization.
Membership-type Relationships
When sending CEMs to a membership based on implied consent, one should ensure that one is only sending to members.
“Membership” means the status of having been accepted as a member of a club, association or voluntary organization in accordance with its membership requirements. One should also ensure that the organization is a club, association, or voluntary organization that is:
- A non-profit organization,
- Organized and operated exclusively for social welfare, civic improvement, pleasure or recreation or for any purpose other than personal profit, and
- No part of its income is payable for the personal benefit of any member, proprietor or shareholder unless that entity is an organization whose primary purpose is the promotion of amateur athletics in Canada.
Note that regardless of whether consent is express or implied, the CEM must still respect the other two requirements of CASL — it must contain the identification information and unsubscribe mechanism.
Exemptions
The following do not have to identify the sender or include an unsubscribe mechanism:
- CEMs sent between family and friends
- CEMs sent within or between organizations with an existing relationship (B2B)
- CEMs solicited or sent in response to complaints, inquiries, requests
- CEMs sent due to a legal obligation or to enforce a right
- CEMs sent by registered charities for the primary purpose of fundraising
* Organizations can also send one single message to obtain consent for future messages. This means a CEM sent for the first time following a referral doesn’t require consent, as long as an existing business, personal or family relationship exists and the sender includes the full name of the individual(s) who made the referral, the identity of the sender and an unsubscribe mechanism. Any CEM sent following the first referral must comply with the form and content requirements of CASL (e.g. identify the sender and include an unsubscribe mechanism)
Duration of Consent
The duration of consent varies depending on its source:
Non-Business Relationships: 2 years
- Are you a registered charity, a political party or organization, or a candidate for publicly elected office, and has the recipient made a donation or gift to you within the two-year period immediately before the day on which the message was sent?
- Are you a club, association or voluntary organization and is the recipient a member?
Existing Business Relationships: Varies
Based on an existing business relationship (EBR),one will be able to send CEMs for the period specified (either 2 years or six months following the last transaction date):
- Has the recipient made a purchase or lease of goods, services, land or interest in land within the two-year period immediately before the day on which the message was sent?
- Has the recipient accepted a business, investment or gaming opportunity offered by you within two years immediately before the day on which the message was sent?
- Has the recipient made an inquiry or application on any of the items above within the six month period immediately before the message was sent?
- Has the recipient entered into a written contract which is still in existence or expired within two years immediately before the day on which the message was sent?
2. Identification
One must identify oneself and the persons on whose behalf a commercial electronic message (CEM) is sent. When a CEM is sent on behalf of multiple persons, then all of these persons must be identified in the CEM.
However, where it is not practicable to include this information in the body of a CEM, then a hyperlink to a webpage containing this information is acceptable as long as the webpage is readily accessible at no cost to the recipient of the CEM. The link to the webpage must be clearly and prominently set out in the CEM.
3. Unsubscribe
Under CASL, one must include an unsubscribe mechanism in theCEM. For example, a CEM sent via SMS may state that an end-user can unsubscribe by texting the word “STOP.” Another possibility is a clear and prominent hyperlink in an email allowing the end-user to unsubscribe with a simple click. The hyperlink may send users to a readily accessible webpage at no cost to the recipient.
The unsubscribe process can be broad (all communications) or specific (for example, it can offer the recipient a choice, allowing them to unsubscribe from all or just some types of CEMs your organization sends).
A key aspect is that an unsubscribe mechanism must be ‘readily performed’. It should be simple, quick and easy for the end-user.
It should also be noted that, regardless of CASL and adopted best practices, the use of tools like Mailchimp impose requirements above and beyond those listed here.
Mailchimp
We use Mailchimp for our mass mailing solution because standard mailing programs typically throttle or stop that kind of thing.
Mailchimp is located in the United States and therefore complies with CAN-SPAM, the U.S. law that regulates promotional emails. There are also some additional requirements in place to help protect the service, their users, and their users’ contacts. Here’s an overview of Mailchimp’s anti-spam requirements for email:
- You must agree to the Terms of Use.
- You must tell Mailchimp where you got your contacts.
- An unsubscribe link must be in every email campaign you send.
- You must include your contact information in every promotional email you send, including a physical mailing address or P.O. Box where you can receive mail.
- You may not falsify your contact information or subject line.
- You’re subject to the terms of use for any integration or connected e-commerce platform you use.
- Emails you send through Mailchimp must comply with the U.S. CAN-SPAM Act, even if your business is outside the United States.
As a result of these restrictions, all our emails contain contact information for SPAC as the sender of the email and an ‘unsubscribe’ link. This leads to a simple page where someone can specify why they are leaving (or not) and a warning about the consequences of leaving our mailing list.
SPAC Best Practices
In order to better track the types of recipients we have, we have two main lists: a member list and a “customer” list for our Patron program.
All members are explicitly asked to provide their consent for emailed communications when they join SPAC; their consent is therefore considered “express”.
Mailchimp forces us to have an unsubscribe option and to identify ourselves, which is good and appropriate.