Best Practices CRTC to Enforce Web Host Compliance with Anti-Spam Rules By Desmond Liao | 2 minute read Canada’s broadcasting regulator sees web hosting providers as critical in safeguarding national cybersecurity. The Canadian Radio-television and Telecommunications Commission (CRTC) has notified the web hosting service industry that it will be enforcing compliance with Canada’s anti-spam legislation (CASL) in the country’s web hosting space. Web hosting providers are being targeted because data shows that Canadian web hosting infrastructure is being used to distribute malware. The regulator views fighting spam at the network infrastructure level as critical to protecting Canada’s internet security. While hosting providers may not be directly aware of violations to the anti-spam rules committed by their clients, they are uniquely positioned to detect, prevent, and stop spammers on their networks. Legal liability and due diligence Under Canada’s anti-spam legislation, a web host could be found liable for distributing spam by (knowingly or unknowingly) aiding spammers in delivering unsolicited emails or installing malware — even though the web host may not be directly responsible for the spam. Web hosting providers have a legal obligation to follow the rules. This means you cannot behave in any way that aids, induces, procures or causes to be procured acts prohibited by sections 6 to 8 of Canada’s anti-spam legislation. You can avoid liability through due diligence, including prevention strategies and other safeguards aimed at eliminating or reducing your potential role in helping spammers. The CRTC recommends developing and implementing a written compliance program that includes safeguards to prevent, detect, and respond to compliance issues discovered internally or via external alerts. Once you become aware of infected infrastructure, compliance depends on swift remediation. This includes both an incident-handling plan and an appropriately resourced incident response team. Read the full CRTC advisory for web hosts for more information, and links to content that outlines compliance best practices.