Comment by iamacyborg
13 hours ago
This fails under CASL (Canadian Anti Spam Law) where transactional mail is required to provide an unsub mechanism. A lot of senders likely don’t bother personalising those emails based on recipient country.
13 hours ago
This fails under CASL (Canadian Anti Spam Law) where transactional mail is required to provide an unsub mechanism. A lot of senders likely don’t bother personalising those emails based on recipient country.
There must be some nuance to this - e.g. I just double-checked a bank 2FA email from a bank that only has Canadian operations, and it doesn't have an unsub mechanism. I don't know how an unsubscribe mechanism for a 2FA email that you get after entering a correct password would even function.
The unsub would only be for marketing emails, not for transactional ones, even if included in the transactional email.
Maybe it’s ok to email a person after they click a button that says “mail me my 2fa” code? Not a lawyer but it feels right that if I say it’s ok to send me a one off email explicitly, it can omit an unsubscribe
I don't think I've ever seen a button that says "mail me my 2fa code". The workflow basically always goes like this:
1. I enter username/password and click "sign in". 2. Agorithms run on the server. 3. If the algorithms think "suspicious" I'm redirected to an "enter your emailed code" page and automatically send me an email.
In any case, the top of this thread was specifically referring to this type of transactional email.
Taking a quick look at my email history, I have a whole pile of transactional mail (from Canadian entities) with no unsubscribe links: a bank email notifying reception of a complaint, a bank email about my paycheque saying "You received this mandatory email alert to update you on transaction details", various order confirmation emails for things I purchased online, etc.
1 reply →