Notify me on Messenger
10 min

CASL: what are you supposed to do?

CASL – Canada’s Anti-Spam Legislation – is just around the corner: it becomes effective July 1st, 2014. If you or any of your email recipients reside in Canada, CASL applies to you (which means that it applies to most companies in North America). CASL covers much more than email messaging, but in this article we’re focusing on email.


The reason why many are paying close attention is that – as the American Bar Association puts it – “a violation of CASL attracts significant administrative monetary penalties […]”. Just like most pieces of legislation, it contains clauses that can lead to different interpretation and are making marketers scratch their head.

  • What exactly are you supposed to do?
  • Do you need to immediately reconfirm all recipients in your database?
  • Do your email opt-in forms need to be updated?
  • Does double opt-in automatically make you CASL compliant or not?
  • And how about your transactional messages? Do they need to be changed?

For the last several months we kept a close eye on lots of articles on the topic and have been monitoring scores of conversations in the email industry (in fact, we pretty much can’t take it anymore!!). This article is the result of this research.

Please note that the content of this article is definitely NOT legal advice. Taking another section from the American Bar Association’s article “Given the complexity and novelty of CASL, compliance with CASL will be complex and must be tailored for each client’s specific operations and processes.”  

Take the notes and suggestions found on this page as practical advice that might help you get started on the path toward compliance. Discuss full compliance with your legal counsel.

The type of messages it covers

CASL applies to Commercial Electronic Messages (CEMs): messages that include as one of their purposes to promote participation in a commercial activity. If your message is pitching something, you’re in. A transactional email message that contains some cross-selling, for instance, becomes a commercial message.  More on this later.

CASL infographic CEM


Note that CASL does not apply only to email: it applies to other electronic messages such as text and social messages. In this article, however, we’re focusing on email.

There is a transition period, but make sure it applies to you!

Fortunately, CASL establishes a 3-year transition period during which you can continue to send commercial messages to your list(s) as long as you are sending to recipients…

  • with whom you have had a business or non-business relationship (i.e. they’re not strangers)
  • to whom you have sent commercial emails (i.e. you want to continue doing what you’ve been doing)

In other words: if you’ve been sending special offers to Mr. Smith and have had a business or non-business relationship with him, CASL gives you the benefit of the doubt that you had properly obtained consent from Mr. Smith, even if that consent might have been obtained in a way that is not compliant with CASL’s requirements for obtaining express consent. His consent is “implied”.

You have 3 years – starting July 1, 2014 – to turn implied consent into express consent and continue to send messages. Otherwise that consent expires on July 1, 2017 or when the recipient unsubscribes, whichever happens first.

The beauty of this grandfathering provision is that you can continue sending commercial messages: you DO NOT need to send a message to your list(s) requesting to confirm consent before July 1 2014, if this clause applies to you.

That’s great, but then the big question becomes: can you take advantage of this transition period?

It depends. As indicated in What does grandfathering mean under CASL you still had to obtain consent. It might have been obtained in a way that’s not complaint with CASL (e.g. using a pre-checked check box), but it still needed to be there. Combining this with the requirement of having had a business or non-business relationship with the recipient (see a definition of those), it seems pretty clear to us that the grandfathering clause does NOT apply to purchased or rented lists.

Also remember that using a purchased or rented list is a violation of MailUp’s Terms of Use and will lead to immediate termination of your MailUp account.

Consent and opt-in

Unlike CAN-SPAM (US), CASL is an opt-in based law. It’s built around the basic idea that you should only send CEMs to people that asked to receive them. A pretty basic concept, and yet an often ignored one in the United States precisely because CAN SPAM is an opt-out law.

There are two ways for email recipients to opt-in to receive CEMs from you, which CASL calls express and implied consent:

  • Express consent = They clearly, actively told you that it is OK to send them CEMs
  • Implied consent = They didn’t specifically tell you that it’s OK to send them CEMs, but what they did (e.g. a purchase, an inquiry, a donation, etc.) implies that it’s OK to email them for a while (and CASL says for how long)

Consent in CASL


Note that express and implied consent have nothing to do with single opt-in (SOI) or double opt-in (or Confirmed Opt-in, COI), but COI might help you provide evidence of consent.

  • A company using COI could fail to be CASL compliant (see why)
  • A company using SOI could certainly be CASL compliant
  • CASL does not require COI
  • COI, however, allows you to better track who, when, and how provided express consent, making it easier for you to provide proof of such consent. Under CASL, the onus is on you to provide such evidence.

The top things you should considering doing about CASL email compliance

Let’s go back to where we started. What are you supposed to do? Where should you get started? Here is our suggested “To Do” list in the form of answers to common questions. We hope you find it helpful.

Do I need to immediately resend a request for consent to my list(s)?

In many cases the answer is no. If you’ve been following good email marketing practices, the answer is probably no. This is thanks to the existence of the 3-year transition period. So scroll back up and read that section again if you need to.

Do I need to update opt-in forms?

Yes. CASL has some specific requirements about what information you need to provide to obtain express consent (the cool type of consent that does not expire). An opt-in form:

  • Must clearly indicate what you are asking recipients to opt into;
  • Must indicate who you are or whom you are asking consent on behalf of. This second part is important for opt-in email forms that include co-registration (e.g. a newsletter by a partner of yours);
  • Must include mailing address AND phone, email, or Web address of the parties seeking consent;
  • Must indicate that the recipient may unsubscribe.

If editing a form is difficult or impossible, we believe that using a confirmed opt-in subscription method as discussed in the next paragraph might help. This is our opinion, not legal advice.

Can double opt-in help me collect express consent in a compliant manner, if my opt-in forms are not?

We’ve been trying to determine what the right answers is, but email experts still disagree on this one. Here is what we think. Once again, this is our opinion, not legal advice.

If editing opt-in forms is hard, confirmed opt-in might provide a solution. If you are using a double opt-in signup process (also called confirmed opt-in or COI), you may be able to satisfy some of the opt-in requirements under CASL outside of the opt-in form.

Specifically, in a COI sign-up process express consent is collected via the subscription confirmation request message, and it is in that message that you can include some or all of items mentioned under (1). This becomes especially important if you are using a large number of opt-in forms on several Web properties – which might be time consuming to update – or if you don’t have easy access to editing such forms (e.g. a checkout page on an ecommerce store).

Example of non-compliant opt-in form

For instance, the email sign-up form shown above – which looks like hundreds of thousands of other email sign-up forms – does not contain details on how to unsubscribe, and therefore is not CASL-compliant. However, the COI confirmation request email sent by the company could certainly include full details on that matter, and therefore achieve compliance.

Can an opt-in form include a pre-checked checkbox (or alike)?

No, a pre-checked checkbox or radio button on an opt-in form does NOT represent express consent.

Do transactional messages need to be updated for CASL compliance?

Yes. You need to add an unsubscribe link to transactional messages. Transactional messages don’t require consent (i.e. it’s implied), but do require a way for recipients to opt out of any CEMs sent by you.

In other words: you can continue to send transactional messages to a customer that buys from your online store – for instance – but each of those transactional messages should contain a link to unsubscribe (or to the preference center where they can unsubscribe) from any CEM that you may send. When recipients unsubscribe, they don’t unsubscribe from your transactional messages, but from any CEMs that you may send.

If you are using MailUp’s SMTP relay service, you can just add the unsubscribe link to the header or footer, and then turn on the header and/or footer feature: MailUp will automatically add a header and/or footer to the transactional messages that pass through the SMTP relay system.

Can a transactional message include promotional content (e.g. cross-selling)?

Any commercial content (upsell, cross-sell, etc.) in a non-commercial message (e.g. order confirmation email) makes it a commercial email message. So a transactional email with a tiny bit of commercial content becomes a commercial message and is subject to the consent requirements for CEMs. To be safe, remove any commercial content from transactional emails (or only include it as dynamic content based on the subscribers’ status for CEMs).

I’m still confused between Express and Implied consent. What’s the key difference?

Express consent does not expire: subscribers that provided express consent don’t need to be contacted again to re-confirm consent.

Implied consent – instead – expires. Therefore, it needs to be “upgraded” to express consent before it expires, if you want to keep sending CEMs to those contacts.

Consent is implied only in specific cases defined by CASL. Outside of those scenarios, consent is not implied and you need to obtain express consent to be able to send CEMs to those recipients.

Here is a quick summary of when implied consent expires:

  1. 2 years after a purchase or a signed contract;
  2. 2 years after a donation, a meeting, a membership, and a few other cases;
  3. 6 months after an inquiry.

See a list of scenarios in which consent is implied.

Can I send an initial email just to ask for consent?

No, a CEM cannot be used to obtain consent. In other words, you can’t email people a commercial message and in that message ask them if you can email them! If there is implied consent, however, you can indeed email those people before that consent expires, and try to “upgrade” them to an express consent.

  • See a list of scenarios in which consent is implied or in which CASL does not apply
  • If you are unsure whether something you are doing or plan to do falls under one of those circumstance, consult a lawyer. 

Do I need to make changes to the message content?

Probably not because this is an area where CASL and CAN-SPAM have similar requirements. You must include in every CEM:

  • Clear information on who the sender is, or whom the message is sent on behalf of, is different from the sender.
  • Contact information for them, including physical address, and phone number, email or web address.
  • A way for the recipient to unsubscribe.

Are there cases in which CASL does not apply?

Yes, if you pitch your bicycle to a friend, for example, you are sending a CEM, but CASL does not apply to family or personal relationships. There are many scenarios:  see this article contains a good level overview of CASL, including details about those provisions.

MailUp terms are stricter than CASL

Although there are scenarios in which CASL does not apply, please note that they may not be scenarios in which you can use MailUp to send emails. In other words, there are many cases in which the MailUp Terms of Use are stricter than CASL.

For instance, CASL contains a provision that says that you can send CEMs without consent if you are a politicians asking for contributions during a political campaign. Well, we don’t think so. Those are unsolicited messages and cannot be sent with MailUp.

As a rule of thumb, consider that MailUp always requires express consent for sending CEMs. There are pretty much no exceptions to the rule. This means that what is implied consent under CASL, is not consent at all for MailUp.

For instance, let’s say that 1,000 people in filled out an inquiry form on your Web site last month asking about your products. Under CASL, consent is implied for 6 months, and you can send a message to those 1,000 people pitching them on buying your products. As far as MailUp is concerned, however, you never asked for and received permission to send them emails, and therefore you would be sending unsolicited bulk email, which is SPAM. Therefore, you cannot do so.

Note that you can send them non-bulk messages with MailUp using the triggered messaging functionality, but not bulk messages (e.g. a “Welcome” series after somebody signs up for a certain service, even if they did not opt into that “Welcome” series).

Digging deeper into CASL with these useful links


If you find any of the above to be inaccurate, please let us know in the comments and we will correct it as quickly as possible.

Liked this article? We have plenty more in store for you.

Subscribe to get news, tips and updates delivered to your inbox.

Read also

5 Killer Ways To Boost Email Conversion Rates

From micro-conversions to the top requirements for an effective call to action, we explore the ins and outs of email marketing's most closely tracked, yet ...

Read more

Which Email Layout Is The Best?

How do you choose the best email layouts for your campaigns? Here are 3 steps to follow in order to cater to recipients' habits and ...

Read more

How TAG Innovation School increases enrollment in courses using Email Automation

We asked the platform for master's programs and courses to tell us how it managed to increase enrollment thanks to automatic email workflows.  What does automation ...

Read more

How To Design Bulletproof CTA Buttons In Email

Bulletproof CTA buttons are designed to render perfectly across all inboxes and to show no matter what. Follow us into a hands-on tutorial to build ...

Read more

How To Optimize Email Subject Lines And Open Rates

Let's clarify the right subject line length once and for all and take a look at the details to pay attention to in order to ...

Read more

8 Essential Tips for Writing, Editing and Proofreading Your Emails for Powerful Results

Imagine a world where content writing for your business was as easy as stringing together a couple of sentences onto your computer screen and hitting ...

Read more
  • Dessa Tavares

    Hi, Very useful article – thanks! As a small business that sometime engages in email marketing, I was pretty stressed out to hear about this new CASL law. Although I didn’t have many contacts in Canada, I tried to get some opt-ins. However, for the most part I’m just trying to ensure that I do not contact Canadians at all! I found a very handy online tool for this called Mailrinser … It helps take the guesswork out of who I’m contacting and minimizes me stressing about being involved in Canadian litigation.

    • mailupinc

      Why giving up communicating with your Canadian customers? That does not make sense to us. CASL at the end of the day was created to stop unsolicited messages. If you follow email marketing best practices, and familiarize with requirements of the law, you should be just fine.

      • Dessa Tavares

        I guess it just seems like the amount of effort/resources that would go into continuing with Canadians doesn’t outweigh the benefits at this point in time. If I had a client base in Canada than that would make sense. At this point in time the quickest and best bet for me would be to avoid contacting Canadians through a simple email verification process that identifies Canadian email addresses so that I can remove them. Plus, if I am ever approached due to accidental CASL infringement, there will be a record of me taking measures to NOT contact Canadians (so hopefully this will suffice under their allowance of one reasonably believing that they are not contacting Canadians).

  • Doug

    Very helpful article – thanks for putting all this together. Although you later
    clarify that a sender must have had a business relationship within the past 2 years for implied consent to apply, it might be a good idea to state that in the
    section titled “There is a transition period, but make sure it applies to you!”

    In that section it says:

    Fortunately, CASL establishes a 3-year transition period during which you can
    continue to send commercial messages to your list(s) as long as you are sending
    to recipients…

    with whom you have had a business or non-business relationship (i.e. they’re
    not strangers)

    to whom you have sent commercial emails (i.e. you want to continue doing what
    you’ve been doing)

    In other words: if you’ve been sending special offers to Mr. Smith and have had
    a business or non-business relationship with him, CASL gives you the benefit of
    the doubt that you had properly obtained consent from Mr. Smith, even if that
    consent might have been obtained in a way that is not compliant with CASL’s
    requirements for obtaining express consent. His consent is “implied”.

    I suggest adding to both bullet points “within the past 2 years” as there
    likely will be people who won’t read the entire article. If they stopped
    reading there, they would get the misleading impression that if one ever had a
    business or non-business relationship with the recipient, they would be covered
    by implied consent during the 3-year transition period. At least that’s how I understand the law – please correct me if I’m wrong on that.

    • mailupinc

      Good question Doug!

      Here is how we see it (but again, this is not legal advice!!): before July 1, 2014, CASL did not exist, so the concept of implied consent expiration did not exist.

      Therefore, if somebody placed an order on your online store 4 years ago and that person did not unsubscribe from your newsletter, that implied consent never expired, and is grandfathered into CASL, from everything we have read. You have 3 years to convert it into express consent, or otherwise it expires.

      If that same order were placed on July 2, 2014, you would only have 2 years to turn it into express consent to avoid expiration.

      • mailupinc

        An update on this: we have a lawyer that advises our company and who is an expert in consumer privacy regulations. He had reviewed CASL some time ago: in a note that he had written, he indicated that “when” implied consent was obtained, if obtained prior to July 1, 2014, did not matter. This confirms our statement above.

        So, the implied consent expiration clock starts with CASL going into effect on July 1st, 2014: according to the information we have been provided, it does not matter when the implied consent had been collected (as long as it was indeed collected), if collected before that date.

        It might certainly be a good idea to get a second legal opinion on this to confirm.

  • Kevin Hosey

    Anyone know whether CASL covers sending press releases, mdia invites to events, and other communications sent to media outlets and contacts for press relation purposes?

    • mailupinc

      Hi Kevin, it depends on the content of those messages. if they can be considered Commercial Electronic Messages (see details on what that means above in the article), then the answer is “yes”.

      • Kevin Hosey

        So compnies can no longer send press releases to the media?

        • mailupinc

          If the message is a CEM and it falls out of the boundaries set by CASL, then the answer is “no”.

  • Skye Lans

    Very good article. Below is a link to another article on the topic that describes what information you should store in your database when using website forms to subscribe users.


  • Pingback: Why Canada's Anti-Spam Law Is Great For Your Dealership - 9 Clouds Auto()

  • Joe

    If someone opts out but then they buy something, does the new business relationship (new implied consent) override the previous opt out?

  • AnDi

    What if we are members of an Association and as a business, we are asking the Association to send out a mail about our contest to other members already in their email database? or even as part of their monthly newsletter. is this OK? as their consent has been established by the Association?

    • From our understanding of the scenario, it would appear that as long as the message is sent by the Association (From Email, From Name, etc.) and it is clearly marked as such (same design that the Association always use, same footer, etc.), then there should not be an issue. It’s the Association informing its members of a certain contest (not You emailing them about it).

  • Dan

    I’m glad I don’t live in Canada what an absolute nightmare this sounds like to stay compliant.

    Anti small business. Advertising costs are already becoming more expensive.

    Canada, where lead gen dies.

    In my opinion it’s reasonable to expect marketing messages when you fill out a form online without a check box with all the anti spam jargon attached. Jargon that nobody reads.

    The idea of spam laws originally is to stop people mailing to lists where no permission has been given. You know, those completely unsolicited Viagra emails? This is insane in my opinion. The user has gone to the trouble of filling out a form on your website already.

    At what point do people take responsibility for themselves? Sounds like a complete nanny regulation.

    I hope this ridiculous regulation doesn’t infect Australia.

  • Zach Gilbert

    Do you have to have subscribers of a newsletter re-opt in to become compliant ? I have a list of thousands that subscribed via a newsletter signup years and years ago.

    • Hi Zach, thanks for posting this question. Please remember that the following is not legal advice, but rather just our opinion based on the information that we have gathered and our knowledge of the industry. So, here we go:

      * The 3-year transition period mentioned above in the article expires at the end of June of this year, 2017.
      * CASL says that in that period you could continue sending commercial email to subscribers that had given you consent, even if that consent was not “express” (see above for details about express vs. implied consent).
      * After July 1, 2017, you must either unsubscribe them or ask them for express consent. So, “yes”, if you had not obtained express consent at the time of subscription, then you will need to re-opt them in.
      * Of course, if the consent that had been given was express – under the CASL definition – you are fine, since express consent does not expire. In that case, you can continue sending email to those subscribers, since their original opt-in was compliant with CASL.
      * Finally, keep in mind that CASL – like other anti-SPAM regulations – applies to commercial electronic messages (CEMs), i.e. messages that include as one of their purposes to promote participation in a commercial activity. If the messages that you are sending are not CEMs, then CASL does not apply.