TREADSTONE LAW · ONTARIO · DIGITAL LEGAL SERVICES · EST. MMXXI ·TSL
Home/Articles/Corporate
№ xix Corporate

CASL Email Marketing Compliance: A Plain-Language Guide for Ontario Businesses

Understand Canada's anti-spam law (CASL) for email marketing — express vs implied consent, unsubscribe rules, and penalties for Ontario businesses.

Corporate5 min readTSLBy the Treadstone Law team · OntarioUpdated 2026-06
All articles
Key takeaways
  • CASL applies to commercial electronic messages (CEMs).
  • Consent Before sending a CEM, you must have the recipient's consent.
  • If you are starting an email list today: 1.

Canada's anti-spam law — commonly called CASL (the Canada's Anti-Spam Legislation) — is one of the strictest email-marketing laws in the world. Ontario businesses that send commercial electronic messages without following its rules face significant penalties. The good news: compliance is straightforward once you understand the three core requirements. This guide walks you through them.

What Is a Commercial Electronic Message?

CASL applies to commercial electronic messages (CEMs). A CEM is any electronic message (email, text, social media direct message) that encourages participation in a commercial activity — which is a broad standard. If the primary purpose or even one purpose of your message is commercial, CASL applies.

Examples of CEMs:

Not CEMs (generally exempt):

The Three Requirements Every CEM Must Meet

1. Consent

Before sending a CEM, you must have the recipient's consent. CASL recognizes two types:

Express consent is the gold standard. The person explicitly agreed to receive your messages — by checking a box, completing a sign-up form, or verbally agreeing in a recorded call. Critically, the consent request must be clearly worded; a pre-ticked checkbox does not count.

Implied consent exists in certain defined circumstances:

Implied consent has expiry windows (two years or six months, as described above — verify current rules). Once expired, you need express consent to keep emailing.

2. Identification

Every CEM must clearly identify:

If you are sending on behalf of another organization, both your name and the organization's name must appear.

3. An Unsubscribe Mechanism

Every CEM must include a working, cost-free mechanism for the recipient to unsubscribe. Requirements include:

Building a CASL-Compliant List from Scratch

If you are starting an email list today:

  1. Use double opt-in. Send a confirmation email after signup. It creates an audit trail of express consent.
  2. Record consent. Log the date, time, method of consent, and the specific wording shown to the user at sign-up. If CRTC (the Canadian Radio-television and Telecommunications Commission, which enforces CASL) investigates, you must prove consent. Your email platform should store this.
  3. Timestamp your existing relationships. If you are migrating a legacy list, document when you last had a transaction or inquiry with each contact to establish implied consent windows.
  4. Purge lapsed contacts. When implied consent expires and you have no express consent on file, remove the contact before their window closes — or send a re-consent campaign before it does.

Common Mistakes Ontario Businesses Make

Assuming a business card = consent. Receiving someone's card at a networking event is not CASL consent to add them to your marketing list. A polite follow-up about the conversation you had that day may be fine; adding them to your newsletter automatically is not.

Forgetting to suppress unsubscribes promptly. Ten business days is the legal maximum, but your email platform can typically do this in seconds. Sending one more message to someone who unsubscribed is a violation.

Relying on stale implied consent. A customer who bought from you three years ago is outside the two-year window. Unless they have done something since that refreshes consent, you need to have obtained express consent before continuing to email them.

Combining unrelated messages. If you obtained consent for one type of content (e.g., service reminders) and start sending promotional offers, that is outside the scope of the consent given.

Penalties for CASL Violations

CASL penalties can reach $1 million per violation for individuals and $10 million per violation for organizations (as of writing — verify current maximums). The CRTC has issued multi-million-dollar fines against Canadian businesses. CASL also contains a private right of action provision (not yet in force as of writing) that could allow individuals to sue — check whether this has changed.

These are not theoretical risks. Invest in compliance now.

Frequently asked questions

Does CASL apply if I email people in the US or EU?

CASL applies to CEMs sent from Canada or accessed by a computer in Canada, regardless of where the recipient is. If your servers are in Canada, CASL likely applies. US and EU contacts may also trigger CAN-SPAM and GDPR obligations separately — get advice if you market internationally.

I run a B2B company. Do I still need consent?

Yes. CASL applies to business-to-business messages. The implied consent rules for published email addresses and existing business relationships may help, but you still need to track consent and include an unsubscribe mechanism.

Can I text message customers without CASL compliance?

Text messages are electronic messages and CEMs if they have a commercial purpose. All three CASL requirements apply to commercial texts.

What records should I keep?

Keep records of how, when, and what you communicated at the point of consent for at least three years beyond the last use of the consent (as of writing — verify). Your email platform's export function is your friend.

This article is general information, not legal advice. Reading it does not create a lawyer-client relationship. Ontario laws, tax rates, and government programs change, and how the law applies depends on your specific facts. For advice about your situation, speak with a licensed Ontario lawyer. Treadstone Law is licensed by the Law Society of Ontario — reach us at 1-844-900-1070 or start a file online.

This is a corporate question

Start a file online — flat, published fees, reviewed by a licensed Ontario lawyer before a dollar is owed.

ContactStart a File →