Security & Compliance
CASL: Canadian Anti-Spam Requirements
Why CASL Matters
Canada's Anti-Spam Legislation (CASL) came into force in 2014 and is considered one of the world's strictest anti-spam laws. It covers any commercial electronic message (CEM) sent to or from Canada. Penalties reach CAD $10 million per violation for businesses.
Express vs. Implied Consent
| Type | Definition | Expires |
|---|---|---|
| Express | Subscriber actively opted in (checkbox, sign-up form) | Never (until withdrawn) |
| Implied – existing business | Purchase, inquiry, or contract in past 2 years | 2 years |
| Implied – membership | Member of club/org | While membership active |
CASL requires you to prove consent. Keep records of when, where, and how consent was obtained.
What Must Every CEM Include?
- Your full legal name (or operating name)
- Your mailing address and one of: phone, email, or web URL
- A clear, functioning unsubscribe mechanism
- Unsubscribes must be honoured within 10 business days
Recording Consent in AcelleMail
Use subscription form source tracking to record consent origin. Add a custom field consent_source and populate it via the form embed or API:
{ "email": "user@example.ca", "consent_source": "checkout-form-2026-01-15", "list_uid": "..." }
Store the form version and date in case of audit.
The Transition Period is Over
The three-year implied consent transition period ended July 2017. Any implied consent from before that date has expired. Review your list if you have not already done so.