Internet Performance Delivered right to your inbox

CASL: Why It Matters To Your Company

By now, you’ve heard of CAN-SPAM compliance, but what’s with this CASL thing?

In this blog, we’ll take a deep dive into what CASL requires from email senders, how it differs from CAN-SPAM, the downstream effects of CASL since its July 2014 implementation, and ultimately how this affects you, the email marketer, and your relationship with ESPs like us.

Nearly every ESP (including Dyn) requires you to be CAN-SPAM compliant. This 2003 act covers all commercial messages, which the law defines as ‘any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.’ However, the law does exempt transactional and relationship messages.

The long and the short of the CAN-SPAM law is simple:

  • Each commercial message must contain an unsubscribe link and and senders must honor all unsubscribes within 10 business days.
  • Each commercial message must provide a physical postal address.
  • Messages must contain clear “From,” “To,” and “Reply to” language that accurately reflects who you are. This applies to the identity or name of the person or business sending the message as well as the applicable domain name and email address.

But being the savvy email marketer you are, you already knew all that. So let’s get to the good stuff already: what’s up with CASL?

spamCASL is an acronym for the Canadian Anti-Spam Laws. Although the laws technically only apply to messages sent to or from a computer accessed in Canada, Dyn, like a growing number of other companies, has gone a step further and requires that all messages sent through its platform are CASL compliant, regardless of the recipient’s location.

There are several key points to CASL, most of which are outlined below:

  1. Express Consent is defined as a documented opt-in to receive your promotional mailings. For emails sent between July 1, 2014 and July 1, 2017, you must either have express consent or implied consent (not as defined by CASL). After July 1, 2017, senders need either express consent or implied consent as defined by CASL. In addition, senders have a three year grace period for recipients acquired prior to July 1, 2014 to obtain either express consent or implied consent (as defined by CASL). NOTE: This legislation specifically states that “pre-checked” checkboxes are NOT consent.
  2. Implied consent is obtained if or when:
    • You have an existing business relationship with the recipient as of or within two years prior to sending the message;
    • You are a registered charity or political organization, and the recipient has made a donation or gift, has volunteered, or attended a meeting organized by you; or
    • A professional message is sent to someone whose email address was given to you, or is conspicuously published, and who hasn’t published or told you that they don’t want unsolicited messages.
  3. Email capture should not be dual-purpose (aka co-registration) or via “read our terms and conditions.” It must be 100% clear what your users are opting into. And remember, the check-box must remain unchecked by default.
  4. You must retain proof of consent in case a user complains about receiving your mail.
  5. Every email MUST contain:
    • Name of the sender
    • Physical Mailing address of the sender
    • Secondary contact info for sender (phone, email, or website)
    • Accurate and clear subject lines and content (an email cannot contain deceptive subject lines or content)

**If you’re sending email on behalf of another person or entity, each email must contain this information for that person or entity as well.**

  1. Your unsubscribe link must work and the contact information contained in the email must remain valid for at least 60 days after the message is sent.
  2. Third Party. In short, you can gain consent for your recipients to receive third party
    offers. However, when doing so, you MUST:

    • Clearly identify (not via “read our terms and conditions”) that a user is signing up to receive third party offers AND provide the user with a simple mechanism to opt out of receiving third party messages (remember, check boxes must be unchecked by default)
    • Should a user unsubscribe from receiving your third party offers after previously giving consent, you must inform all third parties and they must remove the user from their database
    • Should a user unsubscribe from one of your third parties, that third party must inform you and other third parties accordingly

If you’re currently following best practices and using permission-based marketing where all of your subscribers have opted in to receive your emails, not using deceptive content, and processing unsubscribes regularly, you’re already on the right track and are more than likely CASL compliant (not to mention, maximizing your potential to get messages to the inbox). But what if you aren’t? Are there penalties for violating CASL?

The penalties for violating CASL are the biggest in anti-spam legislation history, and fines are already being handed out. Violations can result in a penalty ranging from up to $1 million for an individual and up to $10 million for a business per incident. Those are significant sums, and the CRTC (the branch of the Canadian Government responsible for handing out the fines) has already begun issuing penalties. In March 2015 alone, fines were handed out in the amounts of $1.1 million, $48,000, and a whopping $30 million dollar fine for one organization for using deceptive content in regards to pricing for its services.

So, now that you know what CASL is, how does it differs from CAN-SPAM, and the importance of being CASL compliant to avoid potential fines, how do you know that your messages being sent are within the law? We’ve put together a complete FAQ you can find here to guide you down the right path toward compliance while at the same time helping to maximize your inbox potential.

IMPORTANT: This article is intended to help provide you with some general guidance for complying with CASL and is not meant to be complete list of the requirements established by CASL. This article does not constitute legal advice, nor is it intended supplement or otherwise affect your rights or obligations under your service agreement with Dyn, including your obligations under Dyn’s Acceptable Use Policy. If you have questions about CASL or the legality of your sending practices, we encourage you to speak with an attorney who specializes in that subject matter.

Share Now

Whois: Todd Dyer

Todd is the Director of Customer Support at Dyn, a cloud-based Internet performance company that helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Follow Dyn on Twitter @Dyn