CASL and CAN-SPAM Compliance Guide

Laws and regulations
Apr 14
5 min read
If the primary purpose of the message is commercial, it must comply with the requirements set forth by the CASL, CAN-SPAM and other Anti-Spam legislation.
CASL video title image

It is very important to follow Anti-Spam laws that apply to the region you are sending email to (or from). The Canadian Anti-Spam Legislation (CASL) and the CAN-SPAM Act in the USA were introduced to establish the minimum legal regulatory standards to which marketers must adhere to to remain compliant. Both CASL and CAN-SPAM apply in a variety of situations: 

  1. If you are sending email to subscribers based in Canada or the United States
  2. If you are sending email to a domain that is hosted in Canada or the United States 

However, compliance alone will not guarantee delivery. What is important to point out is that it only takes one address in a contact list to require you to adhere to these laws. So as a general rule we recommend everyone  adhere to the strictest rules of the road to ensure global compliance.  

There are two basic kinds of email you might send:


Advertises, promotes or encourages the recipient to participate in a commercial activity, including content on a website operated for a commercial purpose.

Transactional or Relationship

Facilitates an already agreed-upon transaction or updates a customer about an ongoing transaction.

“If the primary purpose of the message is commercial, it must comply with the requirements set forth by the CASL, CAN-SPAM and other Anti-Spam legislation.”

If your message is transactional in nature, its primary purpose is transactional and must not contain false or misleading header information, but is otherwise exempt from most provisions of these laws. That stated it is best practice to not use a deceptive subject line, make sure you tell recipients where you are located and provide recipients with the ability to opt-out from receipt of further messages.

What does this mean?

You’re allowed to include commercial-based content in transactional emails as long as the transaction remains the email’s “primary purpose”, with the subject line and message body emphasizing the transaction. This gives you an excellent opportunity to make a good first impression with your customers, but it is a delicate balancing act. If this is not done properly, you risk some hefty fines, generating complaints and affecting your delivery.

Here’s what CAN-SPAM says about commercial mail in the document: CAN-SPAM Act: A Compliance Guide for Business

  1. Don’t use false or misleading header information.
    Your “From” “To” “Reply-To” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message. 
  2. Don’t use deceptive subject lines.
    The subject line must accurately reflect the content of the message. 
  3. Identify the message as an ad.
    The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement. 
  4. Tell recipients where you’re located.
    Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations. 
  5. Tell recipients how to opt out of receiving future email from you.
    - Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future.
    - Craft the notice in a way that’s easy for an ordinary person to recognize, read, and understand.
    - Creative use of type size, color, and location can improve clarity.
    - Give a return email address or another easy Internet-based way to allow people to communicate their choice to you.
    - You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you.
    - Make sure your Spam filter doesn’t block these opt-out requests. 
  6. Honor opt-out requests promptly.
    - Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message.
    - You must honor a recipient’s opt-out request within 10 business days.
    - You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request.
    - Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act. 
  7. Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.


The biggest difference between CASL and the CAN SPAM Act in the US is that Canada requires “Express” consent. For this reason, the remainder of this guide will focus mainly on making sure you have proper consent.

Note : While sending to purchased or rented lists in the US is not a violation of CAN SPAM, it is a direct violation of CASL and will not be permitted.

International Anti-Spam policies

The following are links to several Anti-Spam policies available online. This is not a substitute for legal advice, so in the case of questions, you should consult with an attorney concerning what privacy laws affect you and your organization.

United States: The CAN-SPAM Act: Requirements for Commercial Emailers

Canada: Canada's Anti-Spam legislation (CASL)

Europe: General Data Protection Regulation (GDPR)

Australia: Spam Regulations 2021

For email legislation in other countries, please consult:

Share this