The Web For Blog

Internet marketing observations, perspectives, tips and tricks for your education and enlightenment.

High Flying Spammers

Mark Kawabe - Tuesday, June 30, 2015

It's been nearly a year since the full implementation of CASL. Canadian companies have had a long time to get used to the new rules, and while they seem simple to follow, apparently they're not.

Porter Airlines is the latest company to face a hefty fine under CASL for violations of the Canadian Anti Spam Legislation. $150,000 is not a small amount of money. What were their transgressions?

  • Sending emails with no unsubscribe mechanism.
  • Sending emails with obscure unsubscribe mechanisms.
  • Not providing complete contact information in their emails.
  • Taking longer than 10 days to process unsubscribe requests.
  • Not being able to prove consent had been granted for each electronic address they sent email to.

Compliance with CASL is relatively easy, but also challenging. Entrepreneurs are especially vulnerable to falling afoul of CASL because they will not necessarily be able to prove consent was granted for every email address on their list. When you meet someone at a networking function and exchange business cards, if you want to add them to your CASL-compliant mailing list you are supposed to have some form of consent on record. Asking for consent is allowed, but technically, the response needs to be recorded. Ouch.

It is my opinion that larger companies will continue to be nailed for CASL violations while small businesses and entrepreneurs will likely continue to operate under the CASL radar for the forseeable future. That being said, CASL is the law of the land, so ensuring you've done what you can to be compliant is in your best interest.

Photo Credit: Porter Airlines.Dash-8.YUL.2009" by abdallahh - originally posted to Flickr as YUL - Montréal-P-E-Trudeau. Licensed under CC BY 2.0 via Wikimedia Commons.

Spam, Spam, Spam, Spam

Mark Kawabe - Friday, May 15, 2015

The Canadian Anti-Spam Law (CASL) was implemented on July 1, 2014. CASL is designed to reduce spam messages received by Canadians. It has been effective - in a surprising way.

Cloudmark is a San Franciso-based email security company. They released a Security Threat Report for the first quarter of 2015 and their numbers demonstrate that CASL's been effective. Canadian spam that was directed toward American recipients dropped by 37 percent post-CASL. Email to Canadians dropped by 29 percent overall. What was surprising though was that the change in the amount of spam email received by Canadians was not significant.

One explanation is that most spam that originates in Canada is sent to American recipients while most spam Canadians receive originates in the United States. While email Canadians receive has dropped by 29 percent, that seems to be due to a decline in legitimate email messages being sent. As an overall percentage, spam has increased for Canadians from 16.5 to 16.6 percent.

As expected, spammers from outside Canada are ignoring CASL. However, email senders who are within CASL's jurisdiction are paying attention. The first major fine against a Canadian company was against Compu-Finder, a Quebec company that received a $1.1 million penalty in March of 2015 for four violations of the act. The second fine was levied against the company that runs the Plenty Of Fish dating site. Their penalty was $48,000, largely surmised to be because they took immediate action to comply with CASL while Compu-Finder did not.

So for Canadians, we're still getting spammed under CASL. That's no surprise. At The Web For, we are constantly looking at ways to reduce the spam that reaches our servers. Our spam filtering services are updated daily with new filters but stuff still makes it though. Ensuring your own email software's spam filtering is turned on is still a good idea to reduce spam even further.

Hopefully the war on spam will eventually be won. In the meantime, please be vigilant. Here are a few tips on how to avoid getting "phished".

  • Avoid clicking on suspicious links in email messages.
  • It's generally safe to ignore email messages purportedly sent by your bank, PayPal or Apple.
  • Resist opening attachments you weren't expecting unless you know and trust the source - and even then, it's safer to ask.
  • Watch our video on how to avoid phishing scams

As always, if you have any questions on spam or suspicious emails, please contact me and I can help you spot the frauds that arrive in your inbox.

The first business day under CASL

Mark Kawabe - Wednesday, July 02, 2014

Welcome to life under CASL!

Has it changed much for you? I'm betting not.

CASL went into effect July 1st and on that very same day, I received several CEM from local businesses that were not compliant.

Perhaps it's just me, but I have heard about CASL so much in the previous two months that I am a tad surprised there are still those who haven't. It's a reminder that just because a new law is introduced doesn't mean there will be those who don't know a thing about it. So, what to do?

From my perspective, it means you'll still be seeing the occasional notice about CASL in my blog, social media feeds and newsletter. I spend much of my time educating people about what can be done online and how to do it. In that regard, nothing has changed.

Here is what you need to know now that CASL is in place.

  1. If you have not obtained express consent for your lists, life is not over. You can still send under "implied consent" for the next couple of years although you probably want to obtain express consent from your subscribers ASAP.

  2. All CEM must identify the sender, contain a physical address that is valid for 60 days after the CEM is sent as well as an unsubscribe mechanism. This applies to email messages and all other forms of CEM including texts and social media.

  3. Unsubscribe requests must be processed within 10 days.

  4. From my perspective, messages you send should also have a mechanism for your recipient to indicate they provide express consent to continue to receive your messages. This can be as simple as asking the recipient to respond with "Agree" or "Yes" in the subject line of an email. I checked that method with a lawyer knowledgeable about CASL and she said this would be sufficient.

The sky hasn't fallen, but we're now in new legal territory when it comes to sending CEM. While there's a transition period, it will be over before you know it. Work on gaining express consent now and spare the future headache.

What does a lawyer have to say about @ss backwards CASL requests?

Mark Kawabe - Thursday, June 26, 2014

CASL Anti Spam LawCASL compliance season is upon us!

There has been a flurry of email activity as companies rush to be compliant with the new Canadian Anti Spam Law (CASL) which comes into effect July 1, 2014.

Some companies are apparently in such a rush that they're not paying attention to what the law says about getting express consent.

I've received a number of emails telling me that if I don't unsubscribe right then and there that I will be deemed to have provided express consent to receive more mailings.

This is backwards and it is specifically what CASL is designed to avoid.


I had a chat with a lawyer at Mills & Mills, LLP in Toronto who has fielded a flood of inquiries prompted by the introduction of CASL. She confirmed that companies who use negative opt-in methods are not getting express consent.

For those who are doing it "right" (which means by requiring your potential recipients to take a positive action like a click to confirm they are opting-in), my congratulations to you.

To the rest of you, please read this or our very own CASL presentation.

CASL - Implied Consent

Mark Kawabe - Friday, June 13, 2014

CASL Anti Spam LawThe sky may or may not fall on July 1, 2014 when CASL (the Canadian Anti Spam Law) comes into effect. Personally, I don't think there will be many changes with respect to B2B communications right away. Here's why.

CASL requires businesses to demonstrate they have either express or implied consent when sending Commercial Electronic Messages (CEM). Few businesses have obtained express consent to send CEM to everyone on their list, so it's likely your business will be sending to your list based on implied consent.

I'd like to talk about the notion of implied consent because I think there's a major exception in CASL that will allow most businesses the ability to continue operating "as is" without running afoul of the law. This major exception revolves around whether a recipient has "conspicuously published" or "disclosed" his or her electronic address. For the purpose of this discussion, we'll use an email address as the example electronic address.

What does it mean to have "conspicuously published" an email address? I think there are several possibilities.

  1. It's visible on your company website
  2. It's visible on social media sites
  3. It's visible on newspaper ads, billboards, flyers, brochures or vehicle advertising

If you have "disclosed" your email address, you may have done one of the following things:

  1. Printed it on your business cards,
  2. Included it as part of an email signature,
  3. Told someone your address verbally or over the phone.

If you have "conspicuously published" or "disclosed" your email address, you may be giving implied consent that you wish to be contacted for business purposes via email. If you did not indicate in any way that you do not wish to receive unsolicited CEMs via your email address, this may be enough to establish you are providing implied consent to received CEMs.

This has been referred to as the "business card exception". At networking events, you will often give people your business card which may have your email address on it. Unless you tell the recipient of your card not to send you CEMs, they can assume you have provided implied consent to receive messages from them. When that person's email newsletter hits your inbox the next day, you don't really have grounds for complaining. Thankfully, under CASL, you can simply unsubscribe from a mailing and the sender has to remove you from their list within 10 days.

Of course, the CEM you were sent had to have been relevant to your business, role, functions or duties in a business or official capacity and met the contact information requirements for it not to have been considered spam.

Many people I've spoken to are working on becoming compliant with CASL. I encourage everyone to do so. You will still be able to send relevant CEMs after July 1, 2014. You have three years to become fully compliant, so while you're sending messages based on implied consent, do your best to gain express consent from the recipients of your messages so you'll be in a good place come July 1, 2017.

Canadian Anti-Spam Regulations Published

Mark Kawabe - Tuesday, January 08, 2013

For those of you who haven't thought about Canada's anti-spam legislation, here's a suggestion: start thinking about them.

The latest regulations were published on January 4, 2013. While enforcement of the law probably won't start until the end of the year, if you are a business that sends email messages to Canadians, you will be impacted by this legislation.

Here are the regulations, posted in the Canada Gazette.