Email Laws – A Summary of Legislation in the United States and Canada

Email is an incredibly quick and easy marketing channel to employ. Unfortunately, best intentions sometimes overstep legal boundaries without an organization fully realizing what they are doing. There are several different laws that direct the commercial use of email marketing. In the United States, the legislation is called the CAN-SPAM act and in Canada, it is the CASL laws.

The links above are to the U.S. Federal Trade Commission and the Canadian Radio-television and Telecommunications Commission, respectively. We would like to point out that we are not lawyers and are not offering legal advice. We are simply sharing the American and Canadian legislation that outlines what businesses may and may not do as part of their email marketing campaigns.



The Controlling the Assault of Non-Solicited Pornography and Marketing, or CAN-SPAM, Act was signed into law by President George W. Bush in 2003 and later updated in 2008. The goal of the law was to end the ceaseless amounts of spam being sent to email inboxes. The law includes stiff penalties including a fine as high as $16,000 for each non-CAN-SPAM compliant email sent.


The following are other elements required by the CAN-SPAM Act:


1. You must tell recipients where an email is coming from.

The law establishes a level of transparency regarding the sender of an email communication. Very clear language should be used in the “to,” “from,” and “reply to” fields indicating either the business name or the individual sender’s name.


2. Write a straightforward subject line.

The subject line of your email should reflect the message contained within. Subject lines should not be deceptive, irrelevant, or misleading in any other way.


3. An ad is an ad – don’t try to pass one off as anything else.

You are required to warn recipients when an email includes an ad unless every single person on your list has agreed to receive emails from you. Considering that most email service providers require you to have such permission to utilize their service, it is good practice anyway.


4. You must provide a physical address.

Emails sent from businesses must contain the postal address for the business or individual sending the email. The address doesn’t have to be a street address. You may use a private commercial mailbox or post office box address instead. Benefits you reap from including an address are credibility and an additional channel through which customers can contact you or opt out of your emails if they so desire.


5. You must include a clear opt-out option in every email.

Each message you send must include an easy to access option that allows consumers on your email list to opt out of future communications. The most common method is to provide, at the bottom of the email, an “unsubscribe” link. Most well thought of email service providers offer this option as a default.


6. Comply quickly to consumer requests to opt-out of future emails.

Per the CAN-SPAM Act, you have 10 days to remove a subscriber from your list once the request is made. The removal must be done free of charge. You may not require a customer to supply any personal information to have his name removed and you may not sell the person’s contact information to a third party. Email service providers automatically remove these subscribers from your email list.


7. Monitor what third parties do on your behalf.

If you have a partner, virtual assistant, or third-party company that manages your email list, the responsibility for complying with the regulations of the CAN-SPAM Act belongs to you. Regularly review those email activities and immediately take steps to correct any problems that occur.



In order to fully comply with the CAN-SPAM Act, you must not add anyone to your email list without explicit permission. Exchanging business cards with someone does not give you permission to add that person to your email list – ask! Neither is it “okay” to add former colleagues or business contacts to your subscriber list. Familiarity with a person is not the same as permission – ask! In addition, you may not, under any circumstances, sell or share email addresses from your list. The main rule of thumb is simply to respect your email subscribers and to act responsibly with the information with which you are entrusted.




Canada’s Anti-Spam Legislation, or CASL, is similar to the CAN-SPAM Act of the United States. CASL establishes three universal requirements to which businesses must comply when sending an electronic message to an electronic address. Similar to U.S. law, a business must provide information about who they are and must also provide a mechanism that allows email recipients to unsubscribe from future communications. Consent is also a component of CASL but the legislation outlines two types of consent – implied and express.

Implied consent is granted when you have an existing business relationship with the recipient based on a previous commercial transaction. It is also implied through non-business relationships such as membership in a club or participation as a volunteer for a charitable organization. Implied consent is also granted when someone makes his email address publicly available by posting it on a website. The caveat on the last example is if there is also an accompanying statement on the website that explicitly states the email address is not to be used for such purposes. Implied consent can expire.


Express consent, on the other hand, does not expire. You may send a recipient emails until he indicates that he is no longer interested in receiving communications from you. That being said, a recipient has the right to withdraw his consent at any time.

Express consent is clearer than implied consent. A person has explicitly agreed to receive electronic messages from your business. CASL mandates that a recipient must opt in or take an action such as signing up on your website in order to provide consent. The consent may be made in writing or verbally.


The following are a set of CASL tips put together by the Canadian Radio-television and Telecommunications Commission:

1. Obtain consent to send commercial electronic messages.

2. Keep up-to-date contact lists.

3. Act on unsubscribe requests within 10 days.

4. Set up an ongoing corporate compliance program that includes regular review of policies and procedures.

5. Maintain accurate records that include valid consent, training documents, and any third-party contracts.



While some may view the laws in the United States and Canada as bothersome, the goal is, truly, to create a more secure online marketplace by reducing the impact of spam and related threats. The safest course of action is to utilize an email service provider such as MailChimp or the all-inclusive Squarespace. Those platforms take their role in enforcing anti-spam requirements seriously and will help keep you on the right side of the law.

If interacting with a mail platform is beyond your technological abilities or you simply lack the time, the experts at Strategy Driven Marketing are here to help. From creating content to scheduling to execution and everything in-between, SDM knows how to engage consumers and communicate persuasively, powerful messaging from businesses of all sizes and across industries. Contact us today to get started!