Email Law


The CAN-SPAM Act of 2003 is the federal statute regulating unsolicited commercial email (UCE).  The CAN-SPAM Act covers any commercial email for which the purpose is advertisement or promotion, and not just bulk messaging.  Each email that violates the CAN-SPAM Act may be subjected to a separate monetary penalty, so it can be very costly to fail to comply with the law.  As a business, there are guidelines you can follow to stay on the right side of the law.  These include not using false or misleading information in headers, not using deceptive subject lines, identifying your messages as advertisements, informing recipients where you are located, advising recipients how to opt-out of receiving future emails and complying promptly with opt-out requests.

California Anti-SPAM Law

It is unlawful to send an email advertisement from California or to a California email address that contains a false or misrepresented header or a misleading subject line.  Legal action for violations of this law may be brought by the Attorney General, an electronic mail service provider or the recipient of an unsolicited commercial email advertisement.  The prevailing party may be awarded actual damages and/or liquidated damages as well as attorneys’ fees and costs.  Violations of the law may result in a fine and or jail; however, electronic mail service providers are not liable where they are only involved in the routine transmission of the email advertisement over their computer networks.

In a recent California case, an appeals court held that commercial email sent using a domain name that did not adequately identify the sender and that was not readily traceable to the sender through an online database, violated California’s anti-SPAM law.

Email Spoofing

Email spoofing occurs where an email sender creates a false header to imply that he or she is another person or entity.  This misleads the recipient into engaging in communications and/or transactions with the sender in which he or she would otherwise not have engaged.  The CAN-SPAM Act prohibits email spoofing.


Phishing is an attempt to scam a user into divulging private information that will be used, or sold, for identity theft purposes.  The email instructs the user to visit another Web site where they are prompted to update personal information such as bank account numbers, passwords, and credit card information.

Electronic Communications Privacy Act

The Electronic Communications Privacy Act is a federal statute that prohibits providers of electronic communication services from disclosing the content of users’ communications.  The statute covers email and Internet communications and cell phone conversations.

Privacy at Work

Employers have access to all of the emails on an employee’s work provided computer or work based email account, as well as to correspondence sent and received on a work provided smart phone, laptop or other electronic device.  Some companies have technologies that track and monitor individual employee behavior based on electronic activity in the workplace.  Employers are motivated to monitor employee conduct due to concerns over litigation and the increasing role electronic evidence plays in lawsuits and government investigations.

If you are an employee, you must make sure your conduct on and off the job is in compliance with your employer’s standards and practices, but that your freedom is not unduly restricted.  If you are an employer, you must keep a watchful eye on your employees to ensure they are maintaining your business and client confidentiality, not making false claims or misrepresentations about the company to potential clients and maintaining a positive company image.

Whether you are an employee or an employer, you should be advised on the limits of your protected activities.