The Canadian Radio-television and Telecommunications Commission (CRTC) has just issued its largest ever fine for a violation of CASL to an individual for sending messages without having a recipient express consent or implied consent to send messages. The CRTC said in a press release that between December 2015 and May 2018, Scott William Brewer allegedly sent over 670,000 emails without the recipient’s consent and has been handed a $75,000 fine as a result. The spam campaigns focused on affiliate and web marketing, including promoting four online casinos that “would compensate him through their affiliate programs for new customers.”

The commission said during the investigation there was no evidence that Brewer sought consent from people for sending the emails. A requirement of  Canada’s anti-spam legislation to achieve CASL compliance.

“The CRTC’s investigation confirmed that Mr. Brewer sent out a very high volume of commercial electronic messages over a short time span before Real-time Blocklists (RBLs) could respond and block the messages. This spamming technique to send a high volume of bulk email is known as a “hailstorm campaign.” They are often created in relation to the Affiliate Marketing campaign, In hailstorm spam campaigns, email messages are sent out in a very high volume over a short time span and may end before the fastest traditional anti-spam defenses can update in response.

Steven Harroun, chief compliance and enforcement officer at the CRTC, said in the release that Brewer’s actions were disruptive to Canadians and “undermine their confidence in electronic commerce.”

“Obtaining consent is a fundamental principle of Canada’s anti-spam legislation,” he said. “The penalty issued today demonstrates that individuals are just as accountable as businesses and must respect this principle.”

The scope of the investigation focused on three unique spam campaigns where over 600k records in the Spam Reporting Centre (SRC) contained information attributable to Brewer, including phone numbers, mailing addresses, domains, email addresses, computer programs, text messages, and IP addresses. Evidence was gathered from a variety of sources, in Canada and abroad, which support the conclusion that Brewer was responsible for sending or causing or permitting the non-compliant commercial email to be sent.

All of the spam campaigns were sent using alias email addresses from major email service providers or email marketing services, which investigators were able to attribute contact information to Brewer.

The evidence reviewed during the investigation demonstrated that Brewer registered and hosted the domains which were being promoted in the spam campaigns. Investigators also identified other indicators of non-compliance, including several mailing lists and millions of records of failed email delivery attempts (bounced messages). Conversely, no exculpatory evidence, such as records of consent, was found.

This is the first fine of 2021 to be issued under the CASL legislation, since it came into force on July 1 2017, enforcement efforts have resulted in nearly $1.4 million of payable fines for sending unsolicited messages or commercial electronic messages (CEMS) without consent.

Other administrative monetary penalties issued under the CASL spam act…

  • March 2015, the first-ever CASL fine was issued to Compu.Finder at $1.1M. It was appealed after notice of violation and refunded to $200k.
  • December 2016, nCrowd, Inc was fined $100k
  • July 2018, Datablocks, Inc was fined $150k with the Canada anti-spam law.
  • December 2019, Orcus Technologies were fined $115k for failing to comply with CASL.

Source: crtc.gc.ca