Email Compliance: CAN-SPAM, GDPR, and CASL Explained

CAN-SPAM (United States)

Required: physical address in every email, working unsubscribe link, honor unsubscribe within 10 days. Penalties up to $46,000 per email.

GDPR (European Union)

Requires express consent before sending marketing emails. Data subject rights: access, deletion (within 30 days), portability. Breach notification within 72 hours. Fines up to 4% of annual revenue.

CASL (Canada)

Express consent required for commercial emails. Implied consent expires after 2 years. Penalties up to $10 million CAD.

How SendMesh Helps

SendMesh has built-in compliance for 12 jurisdictions. Automatic unsubscribe handling, consent tracking, suppression lists, and data export/deletion APIs for GDPR compliance.