CASL – A Quick Guide and the Death of Single Opt-In

CASL – the Canadian Anti-Spam Law – takes effect tomorrow, July 1st, 2014.

There’s a lot of fluff and BS floating around, and since there is no enforcement to date, there’s no real guidance from the authorities nor case law to follow. As far as email marketing is concerned, though, what CASL enforces is full-contact permission marketing, with an “implied consent” grace for where there is an existing communications relationship. OK, so what does that mean in practice?

CASL In a Nutshell

As we see CASL, it’s like this (remember we’re not lawyers, but we are passionate about best practice):

  • If your emails are all acquired by dual opt-in, you’re GOOD! Carry on!
  • If you’ve been mailing the list for some time, you have implied consent, you don’t need to reacquire permission for existing subscribers.
  • If you are a subscriber to an existing list, you don’t have to email the list owner or their email service to demand permission. If you want it, you’re OK.

Where does it get murky? Well, all those shady practices which you ought not to be doing anyway just got a whole lot riskier.

  • Do not buy or rent lists. Ever. This was true before now, but now it’s EXTRA true, because million dollar fines.
  • Don’t use third party services to acquire email addresses.
  • Email appending looks really risky going forward, don’t do it. h/t copyblogger for that one.
  • Don’t add someone to your list who: Gave you a business card / is a LinkedIn contact / was an attendee at a conference you sponsored.
  • I’d be really uncomfortable if you run promotions or competitions, such as on Facebook, where you acquire unvalidated email addresses.
  • Single opt-in? No. No. No.

CASL is the Death Of Single Opt-In

Why? Because there’s no proof of permission, that’s why, which is what CASL is all about. I’d argue that acquiring email addresses and mailing them via single opt in is now fundamentally illegal under CASL and a massive business risk. Without verification and confirmation of the would-be subscribers intent, you can’t say you have permission. You just have an email address. And so you fail the CASL sniff test. Period.

Single opt-in could even be used maliciously to add a third party Canadian email address to your list, with the purpose of having them sue you when you bulk mail them.

Likely? Eh (hehe, it is a Canadian law), probably not. Possible? Maybe.

I’ve heard publishers complain that they “lose” subscribers in dual opt-in because not everyone completes the process. That’s the whole point. Someone who puts their name into a form on your web site is NOT a subscriber until they confirm. Put another way, you want people who want to be on your list on your list, and you don’t want people who don’t want to be on your list on your list (read that a couple of times, it actually makes sense). Not everyone who starts the process completes it because they’re just not that into you. And that’s OK.

Single opt-in cannot provide the proof of permission that CASL demands.

CASL requires PROOF.

So: If you haven’t already, make sure you’re using dual opt-in. Stop shady email acquisition. Embrace best practice (it’s called “best” for a reason, people). And then, relax. You’re going to be fine.