Canadian Anti-Spam Legislation (CASL)

CASL affects all commercial electronic messages, not just spam. Financial penalties can be as high as a mind blowing $10 million CAD, in addition to private civil action.


What is CASL?


What is CASL?

The Canadian Anti-Spam Legislation was passed in 2014. Contrary to the name, it does not just affect spam, but all commercial electronic messages (CEMs). It applies to all businesses sending CEMs to a recipient in Canada and can have massive financial penalties.

Established rules for CEMs regulate a broad range of activities:

  • Unsolicited commercial messages sent via email, text, or social posts
  • Hacking, malware and spyware
  • “Phishing” and other fraudulent or misleading practices
  • Invading privacy through a computer
  • Collecting emails without consent

CASL defines a CEM as having a purpose of encouraging participation in a commercial activity, and is sent from or received by a computer in Canada. “Commercial activity” means a transaction or act of a commercial nature, regardless of whether it’s done with an expectation of profit. This means that messages sent by charities and non-profits are also regarded as CEMs.

CASL places particular emphasis on a way to unsubscribe. It must be clearly stated and should be quick, and easy for the consumer to use. An opt-out must be honored by the business within 10 business days.

Talk to a CASL Expert



Types of Consent

CASL requires consent to communicate via CEMs, whether it is express or implied. Express consent means the recipient has voluntarily agreed to receive the CEM, and the consent is documented. Express consent can also be given verbally, if an independent third-party can verify it, or the consent is recorded. Express consent does not expire but can be revoked by the recipient at any time.

  • Purpose of the request
  • Name or business of the person requesting it
  • Name of the person giving consent
  • Mailing address, phone, email, or web address for identification
  • Statement that consent can be revoked at any time via unsubscribe

Implied Consent lasts for two years, although each transaction with a business renews the two-year timeline of implied consent. This applies in these circumstances:

  • When there is an existing business or non-business relationship
  • When the contact’s email address is clearly published without saying they do not want to receive CEMs
  • When a contact has disclosed an email address related to their business, role, functions, or duties in an official capacity e.g. a business card

Types of Consent

Risks and penalties of violating CASL


Administrative Monetary Penalties (AMPs) consist of fines up to $10 million CAD for businesses, or $1 million for individuals found in violation.

Vicarious Liability

Vicarious liability, when a corporate director can be found liable for the wrongful acts of a corporation, or a corporation can be found liable for the acts of its employees.

Private Rights of Action

Private rights of action –individuals can sue another individual or business for damages after receiving unsolicited CEMs.


Datablocks and Sunlight Media

Datablocks and Sunlight Media, both in the business of distributing online ads [CEMs], were fined $250,000 in 2018 for sending malware via fraudulent CEMs. The fines include consequences for accepting unverified anonymous contacts to distribute the malware, and supplying the necessary infrastructure and software for the placement of the fraudulent messages and ads. ​


Fine Amount


Fined For


Year Fined

How PossibleNOW can help - DNCSolution


How PossibleNOW can help

DNCSolution handles direct marketing compliance with relevant legislation across all channels of communication including calls, texts, emails, faxes, and direct mail. Staying in compliance with regulations like CASL is essential. PossibleNOW helps you stay current on regulatory changes, avoid violations, preserve your reputation, and stay focused on your core business.

  • Enables high-volume contact list scrubbing
  • Provides a one-click opt-out solution
  • Provides scrub receipts for a record of compliance efforts
  • Exceptional customer support and application training for your team
  • Seamless integration with existing systems
  • Maintains a historical archive of all opt-out requests

Getting started is just a click away