CAN-SPAM and CASL Email Compliance for Spiritual Businesses: 2026 Guide
CAN-SPAM: $53,088 per email. CASL: CAD $10M per violation. What astrologers and spiritual creators must include in every marketing email. 2026.
The fine for a single non-compliant marketing email under CAN-SPAM is $53,088 (the 2026 FTC-adjusted figure, up from $51,744 previously). Under CASL, the ceiling is CAD $10,000,000 per violation for organizations, and CAD $1,000,000 for individuals. These numbers exist in a world where most spiritual practitioners run their newsletters without ever reading either law.
The good news: compliance is not complicated. The legal requirements are specific and mechanical. This guide covers what every marketing email must contain, how CAN-SPAM and CASL differ in their consent models, what the 2024 Google/Yahoo bulk-sender rule adds to the picture in 2026, and a practical checklist for making every newsletter compliant from the next send.
CAN-SPAM vs. CASL: Two Different Starting Points
The most important difference between CAN-SPAM and CASL is not the fine amounts - it is the consent model.
CAN-SPAM (US law) operates on an opt-out model. Commercial email is permitted until the recipient unsubscribes. You do not need prior consent to send someone a marketing email. You need to make it easy for them to stop receiving emails, and you need to honor that request promptly.
CASL (Canadian Anti-Spam Legislation) operates on a consent-first model. You must have either express or implied consent before sending a commercial electronic message to a Canadian recipient. Sending without documented consent is the violation - the recipient does not need to complain first.
This means a spiritual practitioner sending newsletters to a mixed US-Canada list faces two different compliance regimes simultaneously. For US subscribers: make unsubscribing easy and honor it within 10 business days. For Canadian subscribers: document how and when consent was obtained, and know when implied consent expires.
Source: hustlermarketing.com "Email Marketing Compliance 2026: GDPR, CAN-SPAM & Privacy Laws"; dailystory.com "Email marketing compliance: CAN-SPAM, CASL, and GDPR".
CAN-SPAM Requirements: What Every Email Must Contain
These requirements apply to commercial email accessible to US recipients. If you send a newsletter at all, assume it reaches US inboxes.
Requirement | Specifics |
|---|---|
Non-deceptive subject line | Must reflect actual email content; no false urgency or misleading claims |
Non-deceptive "From" name | Sender identity must be clear; cannot impersonate another person or brand |
Physical postal address in footer | Street address OR PO box OR private mailbox - all three are accepted |
Functioning unsubscribe mechanism | Must be in every email; cannot require payment or information beyond email address |
Unsubscribe honored within 10 business days | Legal floor; 48 hours is deliverability best practice |
The physical address requirement trips up more practitioners than any other. A home address makes many solo practitioners uncomfortable. The accepted alternatives: a PO box (available from USPS for $50-100/year depending on size and location) or a private mailbox from a service like The UPS Store or Anytime Mailbox.
Source: ftc.gov "CAN-SPAM Act: A Compliance Guide for Business" (official FTC); prospeo.io "CAN-SPAM Act Unsubscribe Rules 2026 Compliance Guide".
The 2024 Google/Yahoo Bulk-Sender Rule (Still Governing 2026)
In February 2024, Google and Yahoo mandated new requirements for anyone sending 5,000+ messages per day to Gmail or Yahoo addresses. These requirements remain in effect in 2026 and operate alongside CAN-SPAM, not instead of it.
For bulk senders above that threshold:
- A functioning `List-Unsubscribe` header must be present in every email
- One-click unsubscribe must appear in the email body (not buried in fine print)
- DMARC record must be configured for the sending domain
- DKIM and SPF authentication required
Practitioners below 5,000/day: the bulk-sender rule does not technically apply, but non-compliance degrades deliverability for everyone. Gmail's spam filters use similar signals regardless of volume. Practical recommendation: implement list-unsubscribe headers whether or not you hit the threshold.
Kit (ConvertKit), Mailerlite, and Brevo handle list-unsubscribe headers automatically. Practitioners using those platforms are covered on the technical side. The manual requirement - adding your physical address to the email footer - still falls on you.
Source: tomba.io "Email Compliance and Unsubscribe 2026 Sender Guide"; prospeo.io "Email Unsubscribe Requirements 2026".
CASL Consent: Express vs. Implied
For Canadian subscribers or if you are based in Canada, CASL consent documentation is required. Two types of consent exist.
Express consent: The subscriber actively opted in. A checkbox on a landing page (pre-unchecked), a verbal request with confirmation, or a sign-up form. The consent must be logged with timestamp and IP address. This consent does not expire.
Implied consent: A business relationship exists without explicit opt-in. Two timeframes apply:
- Customer who purchased from you: implied consent lasts 24 months from the purchase date
- Person who made an inquiry (without purchase): implied consent lasts 6 months from the inquiry
After those periods, implied consent expires. Continuing to email someone whose implied consent has expired is a CASL violation - even if they never complained and never unsubscribed.
CASL applies if: the sender is in Canada, OR the recipient is in Canada, OR the message routes through Canadian servers. The third condition is effectively impossible to track in practice; treat any Canadian subscriber as CASL-covered.
Unsubscribing under CASL: same 10-business-day honor window as CAN-SPAM.
Source: sendcheckit.com "CASL Compliance: The Complete Guide for Canadian Email Marketing 2026"; mailchimp.com "About the Canada Anti-Spam Law (CASL)".
Penalties: What the Numbers Mean in Practice
Law | Penalty maximum | Notes |
|---|---|---|
CAN-SPAM | $53,088 per non-compliant email | FTC-adjusted 2026 figure; applies to each individual email |
CASL | CAD $10,000,000/violation (organizations); CAD $1,000,000 (individuals) | Per violation, not per email |
GDPR | EUR 20,000,000 or 4% of global annual revenue (whichever higher) | For EU recipients; separate from CAN-SPAM/CASL |
The CAN-SPAM figure is per email. Sending a non-compliant newsletter to 2,000 subscribers is technically 2,000 violations at $53,088 each - though enforcement at that scale against a solo practitioner is extremely unlikely. FTC enforcement focuses on large-scale senders and repeat violators. The practical risk for a spiritual practitioner is not a $100M fine; it is account suspension by their email platform and damage to sender reputation.
CASL enforcement has been more active at the small-business level than CAN-SPAM - the Canadian Radio-television and Telecommunications Commission (CRTC) has issued fines to individual online sellers.
Source: hustlermarketing.com "Email Marketing Compliance 2026"; outreachbloom.com "Cold Email Compliance 101: CAN-SPAM, GDPR, and CASL Requirements 2026".
Platform Notes: What Your ESP Handles vs. What You Still Must Do
Email platform | List-unsubscribe header | One-click unsubscribe | Physical address | CASL consent logging |
|---|---|---|---|---|
Kit (ConvertKit) | Automatic | Automatic | Manual (you add to footer) | Manual (log form submissions) |
Mailerlite | Automatic | Automatic | Manual | Manual |
Brevo | Automatic | Automatic | Manual | Manual |
Flodesk | Automatic [VERIFY] | Automatic [VERIFY] | Built-in footer block (must activate) | Manual |
No email platform logs CASL consent for you. The timestamp, IP address, and form context of each subscriber's opt-in are your records to keep. Most platforms provide subscriber join date in list export - use that as a proxy for consent timestamp, and keep a note of the signup form URL for context.
Source: campaigncleaner.com "Email Compliance Guide 2026".
7-Step Compliance Checklist
Checklist for making your next newsletter send compliant:
1. Add your physical postal address to every email footer - PO box or private mailbox acceptable under CAN-SPAM
2. Confirm your email platform inserts a functioning list-unsubscribe header automatically
3. Include a clearly visible unsubscribe link in every email body - not only in the footer, not requiring login
4. Write subject lines that accurately reflect email content - no "Re:" tricks, no fabricated urgency
5. Honor unsubscribe requests within 10 business days (legal minimum); 48 hours is best practice
6. For Canadian subscribers: log consent timestamp, IP, and signup source; remove implied-consent subscribers after 24 months (post-purchase) or 6 months (post-inquiry)
7. If sending over 5,000 emails/day to Gmail/Yahoo: confirm DMARC, DKIM, SPF are configured on your sending domain
For the email sequence itself and deliverability mechanics, see the email deliverability guide for practitioners and the email welcome sequence guide.
Frequently Asked Questions
Does CAN-SPAM apply to non-US businesses sending to US subscribers?
Yes. CAN-SPAM applies to commercial email sent to US recipients, regardless of where the sender is located. An astrologer in Australia or Brazil sending newsletters to US clients is subject to CAN-SPAM's requirements for those emails. The FTC's enforcement reach is focused on US commerce - the practical risk for a non-US solo practitioner is low, but the legal obligation exists.
Can I use a PO box address to satisfy CAN-SPAM's physical address requirement?
Yes. CAN-SPAM specifically allows a PO box OR a private mailbox from a commercial mail receiving agency (CMRA, such as The UPS Store or a virtual mailbox service). All three are valid alternatives to a home street address. The address must be accurate and functional - mail sent to that address should be retrievable.
What counts as express consent under CASL for a quiz funnel or lead magnet opt-in?
A quiz or lead magnet landing page with an email input field and a visible statement such as "By submitting your email, you agree to receive newsletters and marketing emails from [Your Name]" constitutes express consent under CASL - provided the checkbox is not pre-checked and the statement is present before submission. Log the subscriber's IP address and the submission timestamp. A pre-checked consent checkbox does not satisfy express consent.
If a subscriber never clicks unsubscribe, can I keep emailing them indefinitely under CASL?
Not if they consented through implied consent only. Implied consent (a purchase or inquiry without explicit opt-in) expires: 24 months post-purchase, or 6 months post-inquiry. If someone inquired in January 2024 and you are still emailing them in August 2024 without a subsequent purchase or explicit opt-in, their CASL implied consent has expired. The safe approach: send a re-consent email before implied consent expires, and stop emailing those who do not respond. For re-engagement sequences, see the email reengagement guide.
Does GDPR apply on top of CAN-SPAM and CASL for EU subscribers?
Yes. GDPR is a separate framework covering EU residents. Sending marketing email to EU subscribers requires its own consent and data processing compliance - broadly similar to CASL in requiring explicit consent, but with additional data subject rights (access, erasure, portability). The three laws can apply simultaneously to a single newsletter list if it contains US, Canadian, and EU subscribers. A consent-first approach - treating all subscribers as requiring explicit opt-in - is the simplest way to satisfy all three regimes simultaneously, at the cost of a slightly lower initial list size.
