New Canadian Anti-Spam law taking effect July 1st

Canada has passed a new, strict anti-spam law named the Canadian Anti-Spam Law (CASL) which takes effect July 1, 2014. What does this mean for you? Even if you’re not a Canadian company violation of the law may draw fines of up to $10 million as well as possible criminal sanctions. In addition, the company’s officers, directors, agents and mandataries can be found personally liable.

If you possibly have Canadian subscribers to your list you’ll need to pay attention. Not sure if you have any? Check out our list segmentation tool to find out.

The main point to confirm is that you have permission from your customers to send them email. There are two types of permission:

Express Consent – if your subscribers opted-in to your list via a ReachMail sign-up form or a sign-up form on your website, you’re covered. This type of consent does not expire.

Implied consent – this is a grey area and we urge you to be cautious. Implied consent is often derived from an existing customer relationship, e.g. someone purchased a product from you but did not expressly opt-in to receive emails. In this case you can infer they gave consent when they completed their purchase. This consent DOES expire – experts agree that in the context of CASL this consent would expire after one year. So someone who bought a product one time from you in 2011 is someone who you should no longer send to.

What should you do? If you have any doubts about whether you have the appropriate permission we recommend that you run the list segmentation tool to isolate the subscribers you’re not sure about. Then create a specific campaign for those subscribers and ask them to opt-in to your email list via a confirmation link included in the message. In future – only send to those who’ve expressly signed up.

There are two other requirements and we have you covered. ReachMail includes these as part of our service so no action is required on your part.

1. Identification Information – Identify yourself and anyone you represent in the message by providing contact information which includes your business name, postal address and either a telephone number or e-mail address. This information must be accurate and valid for a minimum of 60 days after the message has been sent.

2. Unsubscribe Mechanism – A quick, easy and visible way for the user to opt-out of an organization’s electronic messaging.

Any questions? Contact us at

Do you send ReachMail campaigns from …

Do you send ReachMail campaigns from …

If you do then you need to know that Yahoo has made some major technical changes that will affect your campaign performances. If you do not send your ReachMail mailings from a Yahoo address, you are not affected by this change.

Over the weekend Yahoo changed it’s DMARC (email routing/authentication) policy from NONE to REJECT.  What does that mean? In short, it means that any mail sent from a address but not routed through Yahoo’s SMTP servers was rejected by receivers who respect DMARC.

In short – you’ll have to use a different from email address than from now on. ReachMail recommends that you register a domain for use when sending mail. If you already have a website, consider using that domain when sending. As a reminder, you will be prompted to change your From address when editing a message using a address

How does this affect me?
If you try to send your ReachMail mailings from a address your mail will be rejected (bounced). Mailings sent through an ESP such as ReachMail will flow out through that’s ESPs domains and IP address. This change is affecting all ESPs, not just ReachMail. Though we authenticate your messages as being part of our mail network, we cannot authenticate them as part of Yahoo’s mail network.

Why did Yahoo do this?
There’s no official word at this time but it appears to be related to a large on-going attack on Yahoo users attempting to compromise their accounts and use them for sending spam.

Will Yahoo change their policy?
It’s unclear if Yahoo will restore their old policy.

What is DMARC?
The full technical specifications of Domain-based Message Authentication, Reporting and Conformance (DMARC) are too complex to cover in this article but the DMARC goal is to provide another layer of anti-spam / -phishing technology by allowing domain owners to publish a policy for handling mail from their domain that doesn’t match their SPF and DKIM records. In other words, the owner of can publish a policy telling mailbox providers to reject all mail in which the from domain doesn’t match the domain value DKIM signature of the message and / or the SPF domain does not match. DMARC seeks to establish the relationship between the domain in the From header of the message and the message authentication.

DMARC is primarily intended as a tool for sender’s whose domains are frequently forged by phishers / spammers such as PayPal, Ebay, banks, etc.

We understand that this can be a confusing topic, please contact if you have any questions.