Report as Spam? A New Wave of California Anti-Spam Class Actions Raises Significant Risks for Email Marketers

A new series of lawsuits have been filed in California courts alleging violations of the state’s Business and Professions Code § 17529.5 (the “Anti-Spam Law”). These cases target companies that send marketing and promotional emails to California residents, and they could present serious legal and financial risks for businesses engaged in email marketing.

Key Allegations in the Complaints

Crowell has reviewed over 20 complaints filed in the last 15 months against various retailers and services providers (i.e., loan services, tax support, and insurance providers)based on the Anti-Spam Law. Each includes these allegations:

• Misleading Email Messages: The complaints assert that defendants falsified, misrepresented, or utilized untraceable or phony email header information (sender names, domain names, etc.); used third-party domain names without permission; used irrelevant and misleading subject lines; and/or sent emails without valid opt-in and/or opt-out mechanisms.
• Strict Liability Standard: Plaintiffs allege that the Anti-Spam Law imposes strict liability on advertisers. If correct, this would mean that plaintiffs do not need to prove actual harm or damages and that any company that benefits from a spam email can be held liable, regardless of whether the company directly sent or initiated the email.
• Significant Statutory Damages: The complaints assert that the statute provides for $1,000 in damages per class member, per spam email received. For companies with large email marketing lists, this could quickly escalate to millions of dollars in potential exposure before one even considers attorneys’ fees and costs and the implications of injunctive relief.
• Putative Class Actions: The cases are being brought as class actions, which further increases the stakes and the potential for high-value settlements or judgments.

Who is at Risk?

• Any company that sends commercial emails to California residents is potentially at risk, even if it uses third-party vendors or affiliates for email distribution.
• Advertisers and brands that benefit from email campaigns—regardless of who actually sends the email—may be named as defendants.

Implications for Companies

• Expansive Liability: The plaintiffs’ strict liability theory, if accepted by courts, could dramatically expand liability for companies. Traditional defenses—such as lack of intent or lack of direct involvement in the sending of the emails—may not be sufficient if strict liability is accepted.
• Cost of Litigation: Even if the claims have weaknesses, defending against class actions under the Anti-Spam Law can be costly and time-consuming.

Mitigating Risk: Proactive Compliance Measures

Fortunately, the Anti-Spam Law provides a defense that can substantially reduce potential damages. Under the statute, damages may be capped at $100 per violation (rather than $1,000) if the defendant can demonstrate that it “established and implemented, with due care, practices and procedures reasonably designed to effectively prevent unsolicited commercial e-mail advertisements that are in violation of this section.”

Every company’s website marketing profile is different. But these steps should be considered by all companies to limit risk moving forward:

• Review and Update Email Marketing Policies: Ensure that your company’s policies comply with California’s Anti-Spam Law as well as other applicable regulations, such as the federal CAN-SPAM Act^[1].
• Implement Robust Compliance Procedures: Adopt technical and administrative controls to prevent the sending of unlawful emails, including transparent opt-in mechanisms, easy to use opt-out mechanisms, accurate subject lines, and truthful sender information. Establish regular review of such procedures as well.
• Monitor Third-Party Vendors: If you use outside vendors, affiliates, or marketing partners, require contractual commitments to comply with anti-spam laws and implement oversight mechanisms. Also consider a careful review of indemnification provisions in these contracts.
• Maintain Documentation: Keep records of compliance efforts, including training, audits, and technical safeguards, to demonstrate due care if challenged in litigation.

Next Steps

Companies should immediately review their email marketing practices, consult with legal counsel regarding compliance with California’s Anti-Spam Law, and take steps to strengthen their anti-spam policies and procedures. Early action is critical to mitigate risk and limit potential exposure in the event of litigation.