Dissecting CASL: part 3

CASL and cold messages

opt-in is not as necessary as you think it is
Cold penguin

Whenever I hear “with CASL in effect, all the marketing methods should basically remain the same” I imagine a surgeon saying “Well, buddy, your life will remain basically the same” while washing his hands to amputate your both legs.

It will not.

CASL took the anti-spam regulations to the whole new level of “insane”. It created a so-called "chilling effect", and, in fact, clippled the entire Canadian email and SMS marketing". Chilling effect is when you avoid doing what you are legally allowed to do because you are afraid of being punished.

If you are evil (and also optimistic), there is a bright side, too. Right now may be the best moment to go for email and/or SMS marketing, because most businesses are paralized by CASL-phobia, and you have much less (if any) competition than you normally would.

Before we continue. None of what I'm about to say is going to matter unless you include proper contact information and valid unsubscribe mechanism in your every message. All about it here.

One big "no-no"

Under no circumstances, never-ever, message somebody who specifically told you not to.

This includes, but is not limited to:
- unsubscribing,
- “No unsolicited email” line on their website, and
- “Go f..k yourself, damn spammer” written, said, whispered or broadcasted to you.

Aside from the direct CASL violation, it increases your chances to get reported. You are fairly unlikely to get investigated at all unless somebody reports you.

In terms of being reported, there are 2 groups of people potentially dangerous to you: "most people" and "anti-spam enthusiasts".

"Most people" are very unlikely to take any action against you.

If you think about it, people ignore most of the marketing emails. They do so not because they hate you, but simply because they don't care. Clicking a link in your ad takes some effort (minimal, but still), and a good portion of people never do that just because they don’t care enough. If you, however, motivate and/or intrigue them enough, they (sometimes) will.

Same with spam. It takes a bit of effort to go to, fill out the form, blah, blah, and most people just won’t care enough to report you, unless you sufficiently piss them off.

Out of pure scientific curiosity, I once reported spam myself.

Victim. The guy who’s been sending me daily emails with this irresistible offer to hook me up with the “finest Russian ladies who want me right now” regardless of my attempts to unsubscribe and/or to convince him that I’m a woman and have zero interest in ladies who want me, unless they are Johnny Depp.

Findings. Well, it does take some effort - like 5-10 minutes. You have to find where to report spam (, you have to fill out a form (who I am, where I live, what kind of cereal I prefer for dinner), etc, etc.

Was it worth it? Absolutely not (other than I satisfied my curiosity what it takes to report spam, but it was a one-time kind of joy).

Would I ever do that again? Nah, highly unlikely.

Did the guy stop emailing me? Ha-ha. No, he didn’t.

Unfortunately, there is another group of people - "anti-spam enthusiasts". They just take some kind of sadistic pleasure in clicking this “report spam” button. What’s even worse, they have their own understanding of how CASL works. “I never opted in? I don’t give a f..k that you may have had my implied consent! Burn in hell, damn spammer! Report spam!” I really don’t know why they do that, they get absolutely nothing out of it. My best guess would be that it’s their way to exercise power they don’t normally have.

Which brings me to...
(it doesn't really, I just like how important it makes me sound)

To send a cold email and stay CASL compliant you need some sort of consent from the recepient. Which sounds kinda insane because...

How the f..k am I supposed to get an opt-in from a complete stranger?

You don't have to. Yes, you heard me right. You don't need an opt-in to send a cold message. Yes, from Canada. Yes, to Canada.

Every CASL guide starts with "you need the recepient's consent", which freaks the hell out of anybody who ever approaches CASL closer than 2 metres.

Good news. Fortunately, every CASL guide has a middle, and this middle clearly says that cold messaging is still perfectly legit.

Bad news. Since there's still a shitload of anti-spam enthusiasts out there, you'll have to keep some records to prove you are not an idiot. Unless your telepathic abilities are awesome enough to predict how the recepient's going to act.

Let's start with what you can do even with CASL in effect.

You can send a cold message in 3 situations:

The lead's information is publicly available

For example, their email is published in their blog. Or their phone number can be easily found in Yellow Pages.

You have to watch for a couple of things though:

1. There should be no statement that they don't want to be contacted


Consp publication yes


Consp publication no

2. Your message should be related to their work


"Dear Elon Musk!
I invented a flux capacitor that will work great with your Tesla, I’ll be pleased to sell it to you."


"Dear Elon Musk!
I’m your biggest fan, would you be interested in buying some pictures of me holding a fish I just caught?"

What to keep as a proof of implied consent:

A screenshot of the page where lead's contact information is published. It should include date, lead's email/phone, and URL. Like this:

Proof of implied screenshot

To prove all this is not a fruit of my sick imagination, here's some references:

"If people conspicuously publish their address or give it to you, then you have implied consent to send them messages related to their work. These are valuable forms of implied consent for business-to-business marketing since they allow cold calling, but only if the address was acquired legitimately and the message is relevant to the recipient."

Source: Canada's Anti-Spam Legislation -
To find this exact quote: go here and search for "What is implied consent?"

Casl infograph public contact highlighted

Source: Canadian Radio-television and Telecommunications Commission -
To find this exact image: go here and search for "Express Consent Versus Implied Consent"

" prove there were no statements against receiving CEMs a company could record screenshots or have a contemporaneous record of the publication where the address was listed, including information such as the date, email address and URL"

Source: Canadian Radio-television and Telecommunications Commission -
To find this exact quote: go here and search for "How can I prove I have consent?"

You have a referral

Somebody finally replied to you cold emails with this precious
"Go f..k youself, I don't know, ask this guy: < the guy's email>".

This guy's contact information is not publicly available, but we now have a referral!

1. You have to include the referrer's full name


"Dear Sergey Brin!
Elon Musk suggested that you may be interested in buying my flux capacitor"


"Dear Sergey Brin!
Please, please, buy my flux capacitor. Or I'll starve to death and sue you"

2. You can only message them once


"Dear Sergey Brin!
Elon Musk suggested that you may be interested in buying my flux capacitor. I'll be delighted to discuss the details with you.
How does last week sound?"


"Dear Sergey Brin!
Please, buy my flux capacitor"

"Dear Sergey Brin!
I also have a wide selection of pictures of myself hugging puppies available for sale or rent.

What to keep as a proof of implied consent:

A copy of the email where the referral was given. It should include referrer's full name, date, and your new lead's phone or email.

Proof of implied referral

I did not invent CASL, so some references:

"If you receive a referral, you may send one CEM to the prospective client. The CEM must include the full name of the individual who made the referral"

Source: Canada's Anti-Spam Legislation -
To find this exact quote: go here and search for "Special Cases – Third Party Referrals"

The lead gave you their business card

It is pretty much the same as with conspisious publication, except... how do you prove they actually gave you their business card?

Send them a message right away. Reference date and circumstances under which they gave you the card. And keep a copy, obviosly.


"Dear Elon Musk!
It was pleasure meeting you at the Cleopatra's dinner on January 5, 54 BC!

As we discussed, I will send you the details about my flux capacitor shortly.

Your business card's exceptional design impresses me deeply, I've never seen a piece of paper capable of flying to space.


"Heya buddy! Wanna grab a beer?"

As always, sources:

"...send the person an email referencing the conversation and date where the disclosure was made, and then keep this email (and any response) in their records. Keep in mind that the confirmation email sent may be considered a CEM. As a result, the company must ensure that proper identification information and an unsubscribe mechanism are included in the message."

Source: Canadian Radio-television and Telecommunications Commission -
To find this exact quote: go here and search for "How can I prove I have consent?"

Now what you can't do because of CASL in effect.

1. Buying a list of leads

It's one thing if you buy the entire business - all the leads/customers get transferred to you, and you can message them all you want. Buying just a list of leads doesn't count.

"Selling only the list of email addresses for which consent has been obtained does not constitute the sale of a business, and in such case the new owner of the list could not rely on those express consents. Therefore the selling of a recipient list, except as a business asset described above, may not be compliant with CASL."

Source: Canadian Radio-television and Telecommunications Commission -
To find this exact quote: go here and search for "What happens to consent if my business is sold?

2. Using a script for finding emails online

Because you won't be able to reliably code a check for "no unsolicited mail". Plus you now have to keep the screenshots.

3. Buying a particular lead's contact information

Because good luck proving you had their implied consent

4. Ignoring when they unsubscribe

Well, we talked about it already

5. Stealing people's business cards

Although, I agree, it is a highly enjouable activity

By Jane Vern