If an email marketer uses its actual name in the header of its emails, there is a high chance that modern spam filters will prevent those emails from ever reaching their intended recipients. So, many email marketers use disguised header information to get their message through.
However, under the Federal CAN-SPAM Act, it is unlawful to send commercial promotional emails that contain header information that is “materially false or misleading.” (fn1) Header information includes the source, destination, and routing information attached to an email, including the originating domain name, email address, and any other information that appears to identify the sender. (fn2) State anti-spam laws also prohibit commercial promotional emails that contain false header information. (fn3)
But is disguised header information necessarily false or misleading? According to the recent decision in Kleffman v. Vonage (fn4), other court decisions and the text of the CAN-SPAM Act, the answer may be “no” -- depending on the nature of the disguise.
The Federal Trade Commission has stated that header information must “identify the person or business who initiated the message.” (fn5) However, CAN-SPAM Act doesn’t actually go this far.
The civil provisions of CAN-SPAM do not require commercial email to have any header information. Rather, they only say that: (i) header information cannot be “materially false or materially misleading” (fn6); (ii) heading information cannot have been obtained via fraud (fn7); and (iii) a “from” line that “accurately identifies the person who initiated the message shall not be considered materially false or misleading” (fn8) CAN-SPAM also says that commercial emails must contain a functioning return email address and a physical postal address for the sender. (fn9) However, this information does not have to be in the header, but can be placed in the body of the email.
The criminal provisions of CAN-SPAM effectively do require header information. According to these provisions, header information is considered materially false if it is “altered or concealed in a manner that would impair the ability of the recipient . . . to identify, locate, or respond” to the person who initiated the email. (fn10) However, this only means information must be provided in the header through which the recipient could find the sender, not that the header itself identify the sender. A commercial email marketer could satisfy this requirement by using a domain that was registered to it – but that did not facially identify it.
For example, a recent 9th Circuit case concerned an email marketer, Virtumundo, which used a ”from line” that consisted of two elements: (i) a “from” name which referenced the topic or subject matter of the advertisement, and (ii) a domain name. Examples of from lines included “Criminal Justice @ vm-mail.com”, “Public Safety Degrees @ vmadmin.com” and” Trade In@ vm-mail.com.” The Court found that neither element of these from lines violated CAN-SPAM.
The Court said that there was “nothing inherently deceptive” about the defendant’s use of “fanciful domain names” such as vmmail.com, vmdmin.com, vtarget.com and vlocal.com. Each of these domain names were properly registered to Virtumundo and would allow a recipient to identify and locate Virtumundo via the WHOIS directory. (fn11) The Court also stated that nothing in CAN-SPAM required an email marketer’s name to appear in the “from name” field. (fn12)
This decision was important for email marketers because many spam filters decide whether an email is spam based on the volume of emails that use the domain name in the email. So one strategy used by email marketers to get through such spam filtering is to register multiple domain names and spread an email campaign among these multiple names. This technique is termed "snowshoe spamming" because it “spreads the load.” (fn13)
The Kleffman case, which examined this practice, found that it did not violate California anti-spam laws which prohibit use of “falsified, misrepresented or forged” header information. (fn14)
Kleffman sued Vonage, which allegedly had sent him eleven unsolicited commercial email ads using “random”, “garbled” and “nonsensical” domain names such as (1) superhugeterm.com; (2) formycompanysite.com; (3) ursunrchcnter.com; (4) urgtquikz.com; (5) countryfolkgospel.com; (6) lowdirectsme.com; (7) yearnformore.com; (8) openwrldkidz.com; (9) ourgossipfrom.com; (10) specialdlvrguide.com; and (11) struggletailssite.com. (fn15) Each of these emails advertized telephone services from Vonage.
These domain names were even more fanciful than those in the Virtumundo case, which at least generally contained the initials “vm” (for Virtumundo). Kleffman claimed that the Vonage domain names constituted misrepresented header information because their sole purpose was to deceive and hence bypass spam filters.
The California Supreme Court disagreed. The Court noted that each of the domain names used in the Vonage emails “actually exist and are technically accurate, literally correct, and fully traceable to Vonage’s marketing agents.” (fn16) The Court then held that “a domain name in a single email that does not identify the sender, the merchant-advertiser, or any other person or entity simply does not make any “misrepresentation” regarding the email’s source, either express or implied, within the common understanding of that term, so it cannot be said to constitute “misrepresented” information” within the meaning of the California anti-spam laws.” (fn17)
The Court added that “an email with an accurate and traceable domain name makes no affirmative representation or statement of fact that is false." (fn18) The Court also found that “determining whether a domain name is sensible, nonsensical, random, or non-random is so subjective as to make the inquiry meaningless." (fn19)
Or course, the Kleffman and Virtumundo rulings don’t mean that there are no limits on the content of header information. Courts have been willing to find “from line” information deceptive where it falsely indicated that it came from a person other than the actual sender. For example, one court found that emails sent by a union to Verizon employees violated CAN-SPAM where the emails used, without permission, the names of Verizon managers as “from names.” (fn20) Another found that emails with “from names” which identified themselves as coming from the recipient, and domain names that were not registered to the sender -- such as “dell.com,” “sun.com”, “microsoft.com,” or “google.com” – could be classified as false under California anti-spam laws. (fn21)
One of the stated reasons for the enactment of CAN-SPAM was that “[m]any senders of unsolicited commercial electronic mail purposefully disguise the source of such mail.” (fn22) However, at least in the 9th Circuit and California courts, if a commercial emailer uses a creative nom de plume which is easily traceable to itself, and does not assume someone else’s identity, its disguise may well still be legal.