Want to add your Free Listing?
Click here to register

Canada’s new law restricts “spam haven”

Canada’s new law restricts “spam haven”

Canada's New Law Restricts Spam Haven

As you may or may not know, Canada is the only G8 country that does NOT have anti-spam legislation. So you’re probably asking yourself “why do I need to get permission to email someone in that country?” Keep in mind Canada does have opt-in provisions within their privacy legislation called the Personal Information Protection and Electronic Documents Act (“PIPEDA” – pronounced pip’ee-da) that requires opt-in options. But while they do have this legislation in place, the repercussions aren’t nearly as strong as other countries, so spammers continue to fill Canadian’s inboxes with junk.

Some maintain that Canada is a spam haven and it’s considered to be the 9th largest producer of spam (Spamhaus). This is just one of the many reasons it’s important for the C-28 bill to pass. It will deter those who send the most damaging and deceptive marketing campaigns, unwanted commercial email, spyware and phishing campaigns.

As of June 17, 2010, the House of Commons broke for summer holiday and has left the Fighting Internet and Wireless Spam Act (C-28) on the shelf until the Fall. It’s been noted by many that last year’s bill (C-27) will be carried over and given a second reading once the House is back in Ottawa later this Fall.

What do you need to know?

  • C-28 essentially defines spam as a commercial message sent via email, IM, social, or phone
  • You cannot send email unless the recipient has consented
  • The email must contain certain things like identifying the sender and how to unsubscribe which needs to be done in no more than ten (10) days
  • The postal address of the sender must be included
  • Have a way for the receiver to contact the person responsible for the message for at least sixty (60) days
  • You cannot alter the transmission of the data
  • You cannot use false or misleading information like in the headers
  • You cannot perform address harvesting or dictionary attacks to collect data

Exemptions do apply

  • Family or personal email
  • Existing business relationship or if someone inquires to a business for information
    • Asking for a quote
    • Warranty or safety information
    • Information about ongoing subscriptions/membership
    • Anything related to employment relationships, like benefit plans

Monetary penalties are significant ($1 million for individuals, $10 million for businesses) but it unfortunately doesn’t apply to international senders who send to Canadian’s or “computer systems” located in Canada. However, for those who do make honest mistakes, there are protections in place.

In my eyes, this is not a bill to fear, but one to embrace. And keep in mind that most International laws already require adherence to guidelines called for by C-28.

Takeaway: Make sure your company talks to your Email Service Provider and that your marketing departments know about this. If you’re already doing business in Europe these requirements shouldn’t be anything new or tough to handle. Otherwise, plan for the changes now so that you are NOT caught off guard later.

Dennis Dayman

Dennis Dayman has more than 17 years of experience combating spam, security issues, and improving email delivery through industry policy, ISP relations and technical solutions. As Eloqua’s Chief Privacy Officer, Dayman leverages his experience and industry connections to help Eloqua’s customer maximize their delivery rates and compliance. Previously, Dayman worked for StrongMail Systems as Director of Deliverability, Privacy, and Standards, served in the Internet Security and Legal compliance division for Verizon Online, as a senior consultant at Mail Abuse Prevention Systems (MAPS), and started his career as Director of Policy and Legal External Affairs for Southwestern Bell Global, now AT&T.

As a longstanding member of several boards within the messaging industry, including serving on the Board of Director’s and the Sender SIG for the Messaging Anti-Abuse Working Group (MAAWG), Secretary/Treasurer for Coalition Against Unsolicited Commercial Email (CAUCE), Certified Information Privacy Professional (CIPP) Advisory Board, Dayman is actively involved in creating current Internet and telephony regulations, privacy policies and anti-spam legislation laws for state and federal governments.

  • Profile:  Jeff Ginsberg has 17+ years’ experience and is an industry known authority on email marketing who gets in the trenches with clients and helps them fulfill their marketing objectives, increase revenue and brand engagement. Clients rely on him and his team at The eMail Company to provide them with expertise from strategy to technology and from campaign management to channel integration. Jeff has worked with clients across all spectrums in the financial, automotive, retail and consumer packaged goods space. His experience covers both B2B and B2C markets. He has a strong background in educating and training agencies and clients about email best practices and is a wealth of knowledge when it comes to marketing tools and vendor selection. While Jeff’s team may be small, they know how to solve BIG email marketing problems. Looking for help with your next campaign? Don’t be afraid to give him a call – Jeff and his team ready to help you today. Give me a call: Toll Free: 877-We-eMail (877-933-6245) Local: 416-225-7711 eMail: jeff@theemailcompany.com
  • Website:  http://www.theemailguide.com
  • Twitter:   http://www.twitter.com/theemailguide
  • LinkedIn:   http://ca.linkedin.com/in/chiefemailofficer
Other post by this Author
Your thoughts here
  1. Does it apply to situations where Canadians are sending marketing emails from Canada to businesses in the USA? I ask because by going over the legislation, it doesn’t seem to allow that. Any insight is appreciated!

  2. How about opt out in Canada? If I email someone back and ask to be removed from their email list … don’t they have to comply?

    • Jason,

      Can you tell me where the email originated?

      Responsible email marketers who follow best practices use the current US legislation known as CAN-SPAM as the foundation for their best practices. CAN-SPAM stipulates that you must provide an unsubscribe link or address which works and remove someone at their request within in ten business days. You must also provide a physical address and contact information. Canada’s FISA bill will hopefully be law soon and has the same basic stipulations. Reputable email marketers operate under strict self imposed guidelines of best practices to ensure that only those who have given their permission to be emailed are.

      I should also add that as a rule of thumb I never reply to spam email – email which I have not specifically opted in to receive. This is because replying to the sender address or even clicking the unsub link (which might even be a link to a malicious page) tells the spammer that the address is active and may just result in more spam. In my case, I simply add the sender to my junkmail list. You can also use the “spam” button — that option depends on what email software you are using. Can you tell me what client and version you use for email?

      If you need help with this I would be happy to. Just let me know and I’ll drop you an email.


      Jim Ducharme
  3. So it’s basically the Can-Spam Act, but with an opt-in provision instead of opt-out?

    • Sorry for late reply. I was on vacation last week.

      FISA vs. CAN-SPAM: Similarities
      1) Requirement to accurately identify sender
      2) Prohibition false and misleading transmission data/subject lines
      3) Requirement for unsubscribe mechanism
      4) Liability for brands who knowingly allow spam to be sent on their behalf

      FISA vs. CAN-SPAM: Key Differences

      1) Addresses broad range of Internet issues (spam, spyware, pharming, etc.)
      2) Applies to all forms of electronic messaging (email, SMS, IM, etc.)
      3) Primarily opt-in; permission based
      4) PRA available to anyone (individuals, businesses, etc.)

      1) Addresses spam only
      2) Applies only to email
      3) Opt-out; you can technically mail any person at least once
      4) PRA available only to ISPs

      Dennis Dayman
      • Fantastic summary, Dennis. One more key difference to note is CAN-SPAM requires an unsubscribe to remain active for 30 days after an email is sent. C-28 extends this to to 60 days for an unsubscribe mechanism or contact mechanism to remain active.

  4. Thanks for making this painless Dennis! What about implied consent? As I recall the marketers could send to anyone they had a business relationship with in the past 16 months or something along those lines — getting them to then opt in. I’ll be asking about that one on today’s eMail Radio show.



    Jim Ducharme
    • No true implied consent

      Consent is deemed in a number of circumstances:
      1) Existing business relationship
      2) Existing non-business relationship
      3) Conspicuous publication of electronic address
      4) Recipient has provided electronic address to the sender

      No implied consent for referrals
      In most cases implied consent last for 2 years – so a window of opportunity to obtain express consent exists.

      No consent needed for:

      1) Quotes or estimates, if requested
      2) Facilitates commercial transaction
      3) Warranty or safety information
      4) Information about ongoing subscription, membership, etc.
      5) Information related to employment relationship or benefit plan
      6) Delivers good or service

      Dennis Dayman
Leave a Reply