Ensuring CASL Compliance with MailChimp

Recorded on 2014-06-19

This post first appeared on PumpInteractive.ca

A helpful primer on CASL and staying compliant using MailChimp

July 1st, 2014 is a big day. Not only is it Canada Day, but the new Canadian Anti-Spam Legislation (CASL) is also coming into effect. CASL is widely regarded as one of the strictest anti-spam laws in the world. This new law is great for consumers who are tired of receiving spam emails in their inbox, but it’s turning into a cause for concern for many businesses who don’t understand all of the implications and how they relate to their email practices.

Understandably, we have had many conversations with clients who are worried about what all of this means for their email newsletter practices. Fines are substantial and the details surrounding many aspects of the law are vague. Our clients are all wonderful people who don’t engage in spammy practices, but we have been spending time these past few months helping them ensure their practices are on the right side of the law to mitigate their concerns.

We want to help you as well. Here’s how you can use  MailChimp to ensure that you are collecting and sending emails properly so you aren’t bit by the new laws.

Disclaimer: Although we have been in close contact with lawyers who are very familiar with the upcoming laws and their implications, we are not lawyers and nothing in this post should be considered as legal advice. If you have concerns about these new regulations, make sure you get proper legal advice before implementing an email campaign or changes to an existing email campaign related to the new anti-spam laws.

CASL Requirements

First, a bit about the CASL requirements. The CASL applies to commercial electronic messages (CEMs), which are messages sent to an electronic address (such as an email address, a direct message sent through social media or chat, or a similar account).

There are three main requirements for sending a CEM:

  1. You need consent to send the CEM,
  2. you need to provide identification information, and
  3. you need to provide an unsubscribe mechanism for your CEMs.


Consent can be implied or expressly given. Express consent is the preferred type of consent and ensures that you are acting within the new laws. Luckily, it’s very easy to obtain and later prove this consent using MailChimp.

MailChimp already requires the preferred form of opt-in consent from your subscribers which makes it easy for you to later prove this consent. MailChimp’s “double opt-in” signup process means that two steps need to be taken by the subscriber before they are added to the list.

  1. The subscriber provides their contact information on a form or newsletter sign up page.
  2. After submitting their information, they receive an email asking them to click a link to confirm their subscription.

Only after clicking the confirmation link are they considered a subscriber and able to be emailed as part of your campaigns. This double opt-in process has many benefits over simply adding the email addresses of all of your clients to a list and starting to send them newsletters.

  • Your campaign’s unsubscribe rates are more likely to stay low. MailChimp works to protect their business model by ensuring their servers don’t get flagged for spam, so they review accounts with high unsubscribe or complaint rates, and will potentially suspend accounts if they feel these metrics are too high.
  • It’s possible that someone’s email address can end up on your list without their knowledge. With double opt-in each subscriber receives a confirmation message before you can send to them, so it’s unlikely that people will be surprised to find out they are on your list.
  • When a new subscriber clicks on the link in the confirmation email they receive as part of step two of the opt-in process, MailChimp logs the date and time that the subscriber opted-in to your list, as well as the IP address of the device they used to confirm their subscription. If needed, you are always able to export this information at a later date to prove that you received express consent.

** NOTE: CASL states that subscribing to receive messages must be done on an opt-in basis, rather than an opt-out basis. The subscriber must take a positive action to be added to your list. For example, a pre-checked box on an account signup form saying, “Yes! Please sign me up for the mailing list” would go against the new anti-spam laws. The same form design would be fine, as long as they have to click the box to be signed up, rather than click the box to avoid being signed-up.

UPDATE: We’ve written a follow-up post detailing more about each type of consent and how they may be used. Read Clearing up the Consent Confusion.

Identification Information

You need to provide identification information in your CEMs. To be completely safe, ensure that all of this information is included in each message you send:

  • Your business name,
  • a mailing address that will be valid for at least 60 days after sending your message, and
  • your website URL.

An email address or telephone number can be helpful as well, if this information is not readily available on your website. Basically, if a recipient of your message has any desire to contact you, they need to be able to do that without too much investigative work.

This basic contact information is already required by MailChimp for each list you create. Make sure that the contact information you provide is always valid for at least 60 days from the date you send a mailout, and make sure it is included in your message template. MailChimp allows you to quickly enter this information in your messages using merge tags such as *|LIST:ADDRESS|*. Pop that tag in the footer of your template or message design and MailChimp will replace that tag with your list’s address automatically.

MailChimp Merge Tags in Action

Unsubscribe Mechanism

The last requirement is that you provide recipients with a straightforward way of unsubscribing from your messages. It has to be free of charge and requests to be unsubscribed must be taken care of right away (within 10 business days).

Unsubscribing is a simple process with MailChimp. MailChimp manages all aspects of the unsubscribe process quickly, so you don’t need to worry about managing this aspect of your campaign. Just make sure you include the *|UNSUB|* merge tag in a link somewhere in your email (usually the footer, along with your contact information and website links). Like the address merge tag, this tag will be replaced with a link that allows subscribers to unsubscribe from your list with one click, and state the reason why they are unsubscribing. This can be helpful to determine why people no longer want to hear from you and allow you to strategize ways to provide them more value.

Don’t make it a chore for people to unsubscribe. Make sure the link is not hidden, buried within other content, or so small that it can’t be read. This has always been a best practice, and people who want out but can’t figure out how to are not valuable subscribers, anyway. Holding people hostage to your email list is just not nice, and on July 1, 2014, it will become illegal.

Breathe… We’ll be okay

The purpose of this law is to combat spammy marketing practices, and we think it’s unlikely that a company sending out updates via their own newsletter will be targeted by the CRTC for contravening CASL. Nothing in CASL is entirely new, either. Just about everything prescribed by the new Canadian laws is already considered best practice for sending out newsletters, which we have always strived to work within for ourselves and for our clients.

We hope that this article is useful to you in the coming months, but we know that every scenario and application of a newsletter differs slightly. Using a combination of design and custom applications we are making sure our existing clients are compliant with these new laws, and we’d be happy to help you as well.  Please get in touch with us if you’d like to discuss how we can help you navigate these new laws.

You can also learn more about CASL and read frequently-asked questions at the Government of Canada’s website: http://fightspam.gc.ca/