With Canada introducing their new anti spam law (CASL), I thought it would be worthwhile reviewing what a business needs to be aware of when using Email Marketing.


Spam, whilst it is a lunch meat, tends to be used as a catch all phrase that means unwanted or junk email or messages that are unwanted (think fake meat = fake mail).

apparently, the term comes from a 1970 Monty Python’s Flying Circus skit.  In this skit, all the restaurant’s menu items devolve into SPAM.  When the waitress repeats the word SPAM, a group of Vikings in the corner sing “SPAM, SPAM, SPAM, SPAM, SPAM, SPAM, SPAM, SPAM, lovely SPAM!  Wonderful SPAM!”, drowning out other conversation, until they are finally told to shut it.

The term spam was then coined by various MUD and usenet users, when rubbish information was posted into chat’s etc.

Map of WorldDifferent Countries – Different Laws

Each country has different anti-spam laws, you should be familiar with them.  I’ve used the Australian Spam Act 2003, US Can-Spam Act, Canadian Anti-Spam Law (CASL), United Kingdoms The Privacy and Electronic Communications Regulations 2003 to write this article.

In writing this article, I’ve found the Australian and Canadian Acts to be far more detailed than the others.

What is A Commercial Electronic Message

Depending on which country’s spam laws you are reviewing what actually constitutes a Commercial Electronic Message (CEM) may differ.

Under the Australian Spam Act (2003) the term is defined as:

  • offers, advertises or promotes the supply of goods, services, land or business or investment opportunities
  • An email providing an update on a business
  • advertises or promotes a supplier of goods, services, land or a provider of business or investment opportunities
  • helps a person dishonestly obtain property, commercial advantage or other gain from another person.

The Australian Spam Act 2003 classifies an electronic message as ‘commercial’ by considering:

  • the content of the message
  • the way the message is presented
  • any links, phone numbers or contact information in the message that leads to content with a commercial purpose—as these may also lead the message to be defined as ‘commercial’ in nature.

[Source: https://www.acma.gov.au/Industry/Marketers/Anti-Spam/Ensuring-you-dont-spam/key-elements-of-the-spam-act-ensuring-you-dont-spam-i-acma]

The American Can-Spam Act defines commercial messages as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service,” including email that promotes content on commercial websites. The law makes no exception for business-to-business email. That means all email – for example, a message to former customers announcing a new product line – must comply with the law. [Source: https://www.business.ftc.gov/documents/bus61-can-spam-act-compliance-guide-business]

Under CASL, a CEM is a message that encourages participation in a commercial activity, including, but not limited to: offering, advertising or promoting a product, a service or a person.

Examples Include:

  • Email
  • Sms text message
  • Instant messaging

[Source: https://www.crtc.gc.ca/eng/com500/infograph1.htm]

The UK law is a little more ambigous:

Section 11 of the Data Protection Act 1998 refers to direct marketing as ‘the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals’.

We regard direct marketing as covering a wide range of activities that apply not just to the offer for sale of goods or services, but also to the promotion of an organisation’s aims and ideals. 

[Source: https://ico.org.uk/for_organisations/privacy_and_electronic_communications/the_guide/key_definitions]

Basically, a commercial electronic message is any type of message that contains a promotion or tries to sell something and, in the case of the UK, promotes the ideals and aims of an organisation.

Can I send a CEM?

A business may send a Commercial Electronic Message providing certain provisions are met.  The provisions cover how someone is added to the your marketing list and the structure of the message you send.


Consent: Express and ImpliedYou may not send a Commercial Electronic Message unless you have some form of consent from the recipient.  Consent differs across the different legislations but I’ve simplified it based on the Australian and CASL requirements (which I feel  are more detailed and informative).

There are two types of consent—express and inferred (or implied, under CASL).

Express Consent

From the Australian Communications and Media Authority (ACMA) website:

Express consent comes in many ways – filling in a form, ticking a box on a website, over the phone, face-to-face or by swapping business cards – as long as the recipient is aware they may receive commercial messages. You cannot send an electronic message to seek consent – this is in itself a commercial message because it seeks to establish a business relationship.

From the Canadian Fight Spam website:

Valid consent given in writing or orally

The recipient gave you a positive or explicit indication of consent to receive commercial electronic messages.

Your request for consent set out clearly and simply the prescribed information.

Inferred or Implied Consent

Under the Australian Act, Inferred consent can occur:

  • via an existing business or other relationship, where there is reasonable expectation of receiving commercial electronic messages
  • via conspicuous publication of a work-related electronic address because it is accessible to the public, or a section of the public
  • if the address is not accompanied by a statement saying no commercial messages are wanted
  • the subject of the message is directly related to the role or function of the recipient.

Under CASL, implied consent means:

Existing business relationship

The recipient has made, or enquired about, a purchase or lease of goods, services, land or interest in land, a written contract or the acceptance of a business, investment or gaming opportunity from you.

Existing non-business relationship

You are a registered charity, a political party or a candidate, and the recipient has provided you a gift, a donation or volunteer work.

You are a club, association or voluntary organization and the recipient is one of your members.

Recipient’s e-mail address was conspicuously published or sent to you

The address was disclosed without any restrictions and your message relates to the recipient’s functions or activities in a business or official capacity.

What do the other countries recommend?

The Can-Spam act states that consent must be gained however, reviewing the guidelines provided for business – the way consent should be collected is ambiguous.

The UK is a little more specific:

Consent for marketing

The clearest way to obtain consent is to ask the customer to tick an opt-in box confirming that they are happy to receive marketing messages from you.

You should keep clear records of what an individual has consented to, and when and how this consent was obtained, so that you can demonstrate compliance in the event of a complaint.

You will need to make detailed checks before relying on indirect consent (consent originally given to a third party). Generic consent to marketing from third parties is unlikely to be valid for calls, texts or emails.

All four acts agree that you must have some form of consent to add someone to your marketing list.  If you follow the requirements for Australia and Canada, you’ll be covered.

Gaining Consent From Your Website

If you want to build your marketing list from your website, you need to be sure that the form you use meets the specific requirements for express consent.  The “offer” and form should include exactly what they are signing up to get (if that includes regular updates as well as a gift, then state so).  As the Australian Spam Act recommends, adding a check box that has the “Yes I want to receive ….” could be a good idea as well – but make sure that box is not pre-ticked… the subscriber MUST tick the box themselves.

Record Keeping

Whatever you do, you must keep records of the express or implied consent for those you are sending Commercial Electronic Messages to.  The business has the responsibility to prove that they have permission to send the messages.

It is pretty much agreed that the records should include: IP Address used to provide the consent; Date and Time the consent was given.  I would also suggest that keeping a copy of the form used to gather the information should be kept.

Content of the Message Being Sent

To comply with the spam laws, there are certain things that need to be included in every email:

  • You must include a way to unsubscribe on every email you send. This has to be clear and obvious to the recipient
  • You must include your legitimate contact information inside every promotional email that you send, including a physical mailing address where you can receive mail or a PO Box.
  • The subject line may not be misleading

Does the unsubscribe have to be a link?

For email marketing, the Unsubscribe process does not have to be a link, it could be an instruction “reply to this email with the word Unsubscribe in the subject” and we’ll unsubscribe you.  This approach is legitimate and legal.

To Double Opt In or Not?

This is a question that I get a lot.   None of the acts I have reviewed mandate Double Opt In rather the acts are clear about the fact that a business must gain consent from the account owner before sending commercial content.

Double Opt In is recommended as best practice by many organisations as this is one way you can absolutely ensure the account owner has requested the information.  That’s all very good and well, but that does not necessarily meet the requirements of the various Spam Acts.  If you don’t:

  • Clearly state what the person will be receiving
  • Record the details of the Opt In request (i.e IP address, date and time)
  • Have the required information in the body of your messages
  • Honour Opt Out requests

your business will not be Anti-Spam compliant.

Whether you choose to use Double Opt In or not should be a business decision and include the impact on User Experience as well as the risk mitigation it offers.

How Can A Business Be Anti-Spam Compliant For Email List Building?

Email World Focussing now on lead capture processes from your website, facebook page or other online location, how can a business ensure they are anti-spam compliant for email?  Here are my thoughts:

  • Ensure your offer is clearly outlined, including what the subscriber can expect to receive from you
  • Have the request to receive your marketing updates clearly stated
  • Keep a copy of the offer / form that you are using (a screen shot will suffice)
  • Record the IP address and date / time of the request (most decent autoresponder / mail programs will do this)
  • Ensure your outgoing emails have the required information:
    • A clearly defined way to unsubscribe
    • Contact details – physical address at the least
  • Use accurate subject lines on your outgoing emails
About the Author Charly Dwyer

Charly has more than 30 years experience in the IT industry ranging from hands-on technical, to high-level business management, Charly has installed and configured computing equipment and has managed business contracts in excess of $25 million dollars.

As a result, Charly identifies the best way to integrate solutions and technologies for the most cost effective way to achieve a businesses outcome.

Share your thoughts

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}