How one court decision could change email forever

A few weeks ago, the Californian court made a new ruling about email sender identification that now has people everywhere scratching their heads on how to modify their campaigns to stay out of the legal fire.

This new law is all about discouraging the sending of promotional emails that contain false or misrepresenting header information. It mainly demands that commercial email advertisements (in other words, email sent specifically to sell a product or advertise a service) must include a domain name which is registered to the sender in the ‘from’ line of the email, or the name of the sender or marketer on whose behalf the email was sent.

How do I know if I have to worry about the spam law?

First and foremost, Californian spam law applies to any company sending email to consumers within California.

The ‘Golden State’ has one of the most important anti-spam statutes in America, simply because historically it’s been an area where consumers and the government have been highly active in enforcing the law.

If you are sending email even to a single person living in California (whether you know they’re located there or not) you may already be at risk.

Key differences between the federal CAN-Spam law and California spam law

Companies will really need to be careful about sending their email campaigns only if they’re compliant with both state law and federal law.

It takes a lot more than complying with the CAN-Spam act if you don’t want to be on the wrong side of the law. In fact, part of the reason why the federal CAN-Spam act was passed was to serve as a general standard and point of reference that’s enforceable on a country-wide scale, because of the variances in state laws.

Which law rules then?

Whenever spam complaints make it to court, the burden is on the sender of the email to show that everything they did was correct, in this case demonstrating not only compliance with Californian law, but US federal law as well.

California is renowned for enacting statutes that are stricter, more limiting and more detailed than the CAN-Spam national standard.

One of the major general differences is that CAN-Spam requires there to be an opt-out mechanism in every email and that the advertiser comply with opt-out requests within 10 business days. But in California, there is no demand for an opt-out mechanism, nor is there any rule that the recipient must actually opt-out.

This means that if somebody receives a commercial email that they didn’t sign up for, they don’t have to request to be removed from the sender’s list. In fact, the recipient is free to wait and collect loads of emails, and then later sue the sender for a tidy sum of US$1 000 per email.

If you’re sending out a lot of emails, these penalties can add up quickly.

While most business people may think that as long as they have an opt-out they’re safe, in California that’s not true. Even if the advertiser can prove that they have mechanisms and procedures in place to prevent sending unsolicited emails and that the recipient was inboxed unintentionally or mistakenly, the penalty is still at least US$100 per message.

And that’s just the beginning of it; California also has other laws which apply to the body of the email. For example, if you are sending an email that says “you opted in” on date X, “using IP address” Y, and that information is incorrect; you’d be running afoul of the Consumers’ Legal Remedies Act.

Another problem that often occurs is when somebody signs up to a mailing list using an email address that doesn’t belong to them personally. And then, when the advertiser sends an eflyer to that email address, the individual who really owns it will actually not have opted in, and by Californian definition it will count as legally-punishable unsolicited commercial email.

Of course, if you operate your list subscriptions via a double op-tin mechanism where new sign-ups are emailed first to confirm their interest after submitting their contact details (which is not demanded by Can-Spam or Californian law), you’ll be able to dodge this bullet.

What is “header information”?

Back to the statute at hand though, here is some of the nitty-gritty of the new ruling.

The spam law mainly refers to the headers of the email; which means you cannot use false, misleading, or deceptive headers, including “from”, “to”, “reply to”, or even “subject lines.”

At the core of the court’s decision, emails have to directly identify some actual person they are sent by or on behalf of. However, one immediate issue is that the Californian statute does not go on to expressly define “header information” (for the time being), and so technically speaking, this can be argued to extend to all of the above fields and even the top portion of the email body.

The definition in the CAN-SPAM act, on the other hand, more clearly talks about header information as the readable parts of the “from line”, and does not deal with information in the actual body of an email itself.

It’s this definition disparity that’s creating a real compliance conundrum for the average business person.

There is a solution:

For starters, to play it safe across the legislative board, make sure you’re clearly identified in the ‘from line’ of every send. You can do this by using a name or title for your website that recipients can look up on a public domain directory such as
One way to look at the law is:

Brand is ok
Random is ok
Random is ok
Random is NOT ok

So from addresses such as “info@”, “no-reply@” and “marketing@” are all still fine, ideally as long as they’re attached to a domain name such as “”, which should also be registered in the name of the business owner, and not by a proxy or a private server.

  • To help you know who your recipients are, send out a mailer asking your subscribers what state they live in, and use that feedback to create a geo-location list segment that identifies Californian residents. Pay careful attention to how you identify yourself to this segment and maybe even think about creative ways of including your domain name in your subject line to make extra sure that you’re protected.

What if you’re using a Freemail address?

This is the next biggest spanner that’s been thrown into the works.

Since a lot of marketers are using free email providers like Gmail, Hotmail or Yahoo, they’ll need to take additional steps to ensure that their emails are legal, unless they’re willing to shift to sending emails from their own web domain exclusively.

Fortunately though, since California’s legal definitions are a little vague right now about what header information actually is, there is still some room to manoeuver for”Freemailers”.

No matter what, you’d still need to identify yourself by including a direct reference as your ‘from address’ (such as “info@tomsflowers .com”) but if you strongly prefer to keep using a Freemail address that’s obviously not possible.

What you need to do in this case is:

  • Use your domain name as a sending name (i.e. “”) and…
  • Include a few words explicitly identifying yourself and your business as high up in the body content of each email sent as possible. For example, if you’re trying to drive subscribers to visit your website “”, the best thing to do would be to place that web address in or on top of the email headline area, or as a part of your sub-heading.

What this law is really all about

Overall, the intention behind this significant new statute is to make commercial emails more traceable and transparent, and to help reduce some of the misrepresentation which has become commonplace in digital communications today.

People can no longer send promotional email that contains both a generic ‘from line’ and that references a proxy/privately registered domain name that doesn’t identify them directly.

Shaun Swanepoel, Systems Administrator of a major international email service provider says: “Most ESP’s are already complying with CAN-Spam by enforcing the inclusion of headers and footers that directly identify marketers with every email sent. With the new Californian law coming into play, we are also strongly considering taking steps to expand our own vetting process to include strict ‘from address’ and ‘from name’ examination, which will ensure that all our clients are operating from a publically registered domain, and in doing so, be compliant with the new statute by default.”



Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.