CRTC Releases Updated CASL Regs

The CRTC has published its regulations under CASL.¹

These look less onerous than the ones published last year. For instance, the “within 2 clicks” part for unsubscriptions is now gone and replaced by “readily performed”. That’s going to be wildly squishy, and so most senders should probably go ahead and default to following CAN-SPAM’s still-a-bit-squishy, but slightly clearer “single web page” requirement.

Footnotes

Electronic Commerce Protection Regulations (CRTC), SOR/2012-36 (Can.), https://laws-lois.justice.gc.ca/eng/regulations/SOR-2012-36/index.html. ↩︎

About the Author

Mickey Chandler is a Consultant & Attorney with over 28 years of experience in Email Deliverability & Privacy Law. He has a strong background in email authentication infrastructure (SPF, DKIM, DMARC), ISP and mailbox provider relations, anti-spam policy and compliance, CAN-SPAM and state anti-spam law gained through overseeing the Abuse & Compliance team at Salesforce Marketing Cloud, originating the ISP relations role at Informz (now part of Higher Logic), and working in the fight against spam since 1997. He holds a B.A. in Government, a B.S. in Computer Information Systems, and a J.D. from the University of Houston Law Center. He is a certified CIPP/US professional and a certified CIPM professional.

CAN-SPAM is the floor, but it’s only one floor

26 May 2026

CAN-SPAM compliance and international compliance are not mutually exclusive. CAN-SPAM sets a floor. And so does every other jurisdiction. Where

flags in european parliament building in strasbourg france

Your US Email Compliance Assumptions Are Wrong Outside the US

19 May 2026

The United States treats commercial email as opt-out by default, an approach that puts it at odds with email marketing

crime scene investigator holding a transparent bag with evidence

Authenticating Email Evidence Gets Harder to Contest

13 May 2026

Authenticating email evidence often presents a problem that most counsel underestimate if the opposing party refuses to agree to authenticity.

Basic Operations

These cookies are necessary for the website to function and cannot be switched off. They are usually set in response to actions made by you such as setting your privacy preferences, logging in, or filling in forms.

Always active

7 cookies in this category

Name	Owner	Duration	Purpose
`comment_author_*`	WordPress	347 days	Saves your name, email address, and website URL when you post a comment so you do not have to re-enter them next time.
`wcc_consent`	WP Cookie Consent	30 days	Stores your cookie consent preferences so you are not asked again on every page visit. Contains only a random identifier — no personal information.
`wordpress_*`	WordPress	Session	Used by WordPress to authenticate logged-in visitors, remember authentication details, and to provide other essential security features.
`wordpress_logged_in_*`	WordPress	Session	Tells WordPress whether you are logged in to the site. WordPress uses this to show you the correct version of the site.
`wordpress_test_cookie`	WordPress	Session	Tests whether cookies are enabled in your browser. Deleted immediately after the test.
`wp-settings-*`	WordPress	1 year	Stores your personal WordPress dashboard and administration interface settings.
`wp_lang`	WordPress	1 year	Remembers your preferred language for the WordPress admin interface.

Content Personalization

These cookies allow the website to remember choices you make and provide enhanced, more personal features. They may also be used to provide services you have asked for.

2 cookies in this category

Name	Owner	Duration	Purpose
`aw_*`	AWeber	1 year	Set by AWeber when you sign up for an email list. Records your subscription status and preferences.
`jetpack*`	Jetpack by Automattic	1 year	Used by Jetpack to provide site statistics, security features, and related functionality.

Site Optimization

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. All information these cookies collect is aggregated and therefore anonymous.

6 cookies in this category

Name	Owner	Duration	Purpose
`_ga`	Google Analytics	2 years	The main Google Analytics cookie. Used to distinguish unique visitors by assigning a randomly generated number as a client identifier.
`_ga_*`	Google Analytics	2 years	Used by Google Analytics 4 to persist session state and measure site usage.
`_gac_*`	Google Analytics / Google Ads	90 days	Contains campaign-related information. Shared between Google Analytics and Google Ads.
`_gat`	Google Analytics	1 minute	Used by Google Analytics to throttle request rate. Expires after 1 minute.
`_gid`	Google Analytics	24 hours	Used by Google Analytics to identify a user session. A new value is assigned each day.
`metricool_visit_*`	Metricool	1 year	Used by Metricool to track page visits and measure website traffic statistics.

Ad Personalization

These cookies may be set through our site by our advertising partners. They may be used to build a profile of your interests and show you relevant adverts on other sites.

1 cookie in this category

Name	Owner	Duration	Purpose
`_gcl_*`	Google Ads	90 days	Used by Google Ads to measure the effectiveness of advertising campaigns and to track conversions.

CRTC Releases Updated CASL Regs

Footnotes

About the Author

Your US Email Compliance Assumptions Are Wrong Outside the US

Authenticating Email Evidence Gets Harder to Contest

Links

Brands

Connect