Spam Regulations

There are a number of laws that regulate senders of electronic communications, including email, push notifications and SMS. You should always be aware of local regulations that may affect you or your users. PUSHTech is providing relevant information based on our own research, but you should also refer to the full text of these laws for complete and up-to-date details.

The CAN-SPAM Act of 2003 regulates email senders in the U.S. sending «any electronic mail message, the primary purpose of which is the commerical advertisment or promotion of a commercial product or service.» You can read more details on the FTC site.

There are 7 key requirements for CAN-SPAM:

Don’t use false or misleading header information (ie, «From», «To» and «Reply-To»)
Don’t use deceptive subject lines
Identify the message as an ad
Tell recipients where you’re located (ie, physical address)
Tell recipients how to opt out of receiving future email from you
Honor opt-out requests promptly
Monitor what others are doing on your behalf
Transactional emails are exempt from these rules with the exception of #1.

Canadian Anti-Spam Law (CASL)
On July 1, 2014, the Canadian Anti-Spam Law (CASL) goes into effect for emails sent to Canadian residents. You can read the full text of the law here. The law essentially says that Canadian recipients of both email and push notifications need to provide «expressed or implied» consent to your communication with them.

There are a couple key differences between CASL and CAN-SPAM, most notably:

CASL applies to where the message is received, so senders outside of Canada are affected
Message recipients must up opt-in, instead of opt-out
While CASL has a three-year transition period, ending July 1, 2017, the Canadian Radio-Television and Telecommunications Commission (CRTC), the Competition Bureau and the Office of the Privacy Commissioner of Canada may begin investigation and litigation during this period. At the end of the transition period, individuals may also litigate against entities they believe to be sending spam.

The following types of messages are exempt from the requirements of CASL:

  • Messages opened outside of Canada
  • Messages to family members or other personal relations
  • Messages to individuals associated with your business, including employees or contractors
  • Messages providing warranty information, product recall information or safety or security information about a product or service the recipient has used or purchased
  • Messages providing notification of factual information about subscription, membership or account
  • Messages delivering a product or service, including product updates or upgrades

Note: This is not the complete list of exemptions. Please view the full text of the law for more details.

Messages that do not fall under one of the exemptions require «expressed or implied» consent from the message recipient.

Implied Consent

Implied consent is based on previous activity with a user through an existing business or non-business relationship. Messages can be sent based on implied consent during the transition period. After July 1, 2017, express consent is required, unless the implied consent is still valid (ie, the 2 years after a purchase was made).

  • The recipient of a message has purchased or leased a product, good, service or completed other business with your organization in the last 2 years
  • The electronic address has been published and does not explicitly forbid unsolicited emails

Implied consent is only valid for 6 months if the recipient does not become a customer.

Express Consent

Express consent is written or oral confirmation from the message recipient and only valid if the message includes a clear and simple description of:

  • Why consent is being sought
  • The person or organization seeking consent


The quality of your email list is especially important. A handful of bad emails on your list can ruin your delivery for a million good users. Collecting a list of bad emails generates bounces, blacklisting, spam trap hits, and tanks your response rates. Culling emails that have no activity on a regular basis, and removing obvious bounces are the first step. Whether you implement a opt-in (check the box), opt-out (uncheck the box), confirm opt-in (an email that says thanks for signing up, and gives an unsubscribe link), or double opt-in (an email that that requires a click to confirm), what you want to think about is list quality.


In iOS, your users have always been asked to opt-in to push notifications. The iOS dialog boxed simply pops up on entry to the app and asks the user to opt-in for notifications to your app. The app user sees the same message pop-up the moment they open an app for the first time, so everyone who is on your iOS list for push notifications has, by definition, opted-in.


In Android, your users can assume to be opted-in by the implied opt-in that is stated in your privacy policy or end user license agreement. You may want to implement an expressed opt-in process perhaps in an initial screen just as the user starts the app for the first time. Follow PUSHTech Push Best Practices page for more details. You can also orient the user as to what types of push notifications they will receive, thereby increasing the opt-in rate.



Leave A Comment?