May 06, 2009

Canada’s Anti-Spam Bill: 5 Key Differences from CAN SPAM

SUMMARY: A new anti-spam bill in Canada has that nation poised to establish rules for commercial email communications -- and penalties for violations. Marketers need to prepare themselves for any changes in their practices should this bill become law.

This article highlights five key differences between the Canadian bill and the CAN SPAM act. It also offers tips on how to check your database for Canadian addresses, and to check whether your existing procedures meet the more stringent rules of the proposed regulation.
On April 29, the Canadian government introduced a bill that would serve as that country’s counterpart to the CAN SPAM Act. Like CAN SPAM, Canada’s Electronic Commerce Protection Act would establish new legislation around commercial email communications, including rules for opt-in and opt-out procedures, sender identification, and consumer privacy. But the bill also features important differences from CAN SPAM, which will impact email marketers if the bill becomes law.

In many cases, the rules proposed in the ECPA are stricter than those contained in CAN SPAM. In other cases, the exact meaning of the legislation is still vague. That means email marketers will have to study the bill carefully and prepare to make appropriate changes to their messages to Canadian customers. (See Useful Links section, below, to download a copy of the bill.)

To give you a head start, we spoke with several email marketing experts who’ve examined the bill to highlight five key elements that make the ECPA different from the CAN SPAM rules you’re used to. We aren’t lawyers (and this isn’t even a law yet), so be sure to check with your own legal team for the final word on compliance if the Canadian government passes the bill.

“If it does become law, the length of time to implement it will be fairly short,” says Ted Roberts, Director, Deliverability and ISP Relations, Silverpop. “It’s better to be prepared and have it not go into effect, than to have it pass and be caught.”

Difference #1. Advanced permission is required

Unlike CAN SPAM, the Canadian ECPA expressly forbids sending commercial email without prior permission from the recipient. This shouldn’t be a significant challenge for most email marketers, since obtaining opt-in permission is a best practice.

(If you do have non opt-in names in your database, or you aren’t sure about the source of some addresses, you’ll either have to purge those names from your list, or embark on a re-permissioning campaign.)

However, the ECPA also allows for messages to be sent under implied consent, provided there is an existing business or non-business relationship (i.e., club membership, volunteer status, donation to a charitable organization) between the sender and the recipient during the 18 months prior to the message send.

What counts as consent within those relationships is likely to be debated and tested should the bill become law, so it’s safest to follow the practice of getting consent from all your subscribers, says Justin B. Weiss, Associate Counsel, Email Sender and Provider Coalition.

“It’s a pretty challenging analysis to undertake to figure out what kind of consent you need.”

Now is also a good time to determine whether you are emailing to Canadian addresses. Here are three ways find them in your database:

- Email extension

Some Canadian-based domains end in .ca, so you can create a segment of your database for addresses with that extension.

- Geographic location field

If you collect geographic location during opt-in, or have shipping addresses on file for existing customers, you can isolate subscribers who have indicated a Canadian address.

- IP address

If you collect an IP address as part of an opt-in or site visit, you can use it to find the subscribers’ geographic location. Sites such as will provide a subscriber’s exact geographic location, including city, state, zip and area code, as well as
the ISP used to access the Internet.

Difference #2. Permission is required for SMS messages

The scope of ECPA isn’t limited to email messages. It also covers unauthorized software downloads (malware), and -- most important to marketers -- defines “electronic message” broadly to include SMS and other text messages.

If you’re engaging in SMS marketing, now is a good time to double check how you’re obtaining your subscription lists. Are you using a clear opt-in procedure for SMS messaging when collecting phone numbers?

Difference #3. Unsubscribe links must stay active for 60 days

The ECPA calls for messages to contain an email address or hyperlink to allow recipients to unsubscribe. It also specifies that those links must stay active for 60 days after the email is sent. By contrast, CAN SPAM requires unsubscribe links to stay active for 30 days.

Maintaining unsubscribe links for 60 days shouldn’t be a problem for large organizations, or marketers who work with an ESP. But you should check with your ESP or your in-house technical team to make sure those links stay active for at least that long.

If you are a smaller organization that handles unsubscribes in-house, make sure you have the resources to maintain those links for the required 60 days.

Difference #4. Unsubscribe requests must be honored within 10 days

Senders who receive an opt-out request must comply within 10 days, according to the bill.

That’s similar to the timeframe outlined in CAN SPAM, but with a nuance: CAN SPAM specifies 10 business days, while the ECPA does not. That may give you less time to comply with requests than you’re used to.

Make sure your current unsubscribe management process is fast enough to process unsubscribe requests in less than 10 days. Again, that shouldn’t be a problem for larger organizations or anyone working with an ESP, but check on it and make sure you’re not playing the CAN SPAM deadline to the limit.

Smaller organizations that handle unsubscribes in-house, or manually, should develop new procedures to meet the potential shortened deadline.

Difference #5. Individuals have the right to sue spammers

The ECPA contains a private right of action provision that allows individuals to sue spammers. CAN SPAM also contains a private right of action provision, but only for ISPs, but not for individuals.

That means individuals in Canada may be able to sue alleged spammers. However, the legislation limits compensation to $200 per item -- a number low enough to prevent individuals from hauling senders to court one-by-one, says Weiss. However, there would be a risk for class-action suits in Canada.

Likewise, the bill also gives the Canadian Radio-television and Telecommunications Commission the authority to impose fines on senders who violate the regulations -- up to $10 million for organizations. That’s even more incentive to adhere to best practices for subscriber management.

Useful links related to this article:

The Electronic Commerce Protection Act

EmailKarma’s blog post on the bill:

Attorney Andy Kaplan-Myrth’s blog post on the bill:


The Email Sender and Provider Coalition

Improve Your Marketing

Join our thousands of weekly case study readers.

Enter your email below to receive MarketingSherpa news, updates, and promotions:

Note: Already a subscriber? Want to add a subscription?
Click Here to Manage Subscriptions