What is the difference between email spoofing and legitimate ESP routing under Section 17529.5?

Legitimate ESP routing occurs when a sender uses a service like Mailchimp or SendGrid to deliver email. The 'From:' field shows the sender's domain while routing headers show the ESP's infrastructure. This is standard email architecture, not spoofing. True spoofing involves falsifying headers to disguise the actual origin of an email. If SPF records authorize the ESP to send on behalf of the domain, DKIM signatures validate, and DMARC aligns, the email infrastructure is functioning exactly as designed.

Who has standing to sue under California B&P Section 17529.5?

Standing is limited to electronic mail service providers (ISPs) and actual recipients of the email. Courts have scrutinized standing claims, particularly from professional plaintiffs who create email addresses specifically to receive marketing emails in order to generate litigation. Key cases include Balsam v. Tucows and Kleffman v. Vonage, which analyze standing requirements.

What is the statute of limitations for a Section 17529.5 claim?

The statute of limitations is four years under California Code of Civil Procedure Section 340. The clock typically starts running from the date the email was received.

What damages are available under Section 17529.5?

The statute provides for liquidated damages of $1,000 per unsolicited commercial email advertisement sent in violation of the statute, or actual damages, whichever is greater. For high-volume senders, this can result in significant aggregate exposure.

Does CAN-SPAM preempt California's Section 17529.5?

CAN-SPAM (15 U.S.C. Section 7707(b)) generally preempts state laws that regulate commercial email, but it contains a narrow exception for state laws that prohibit falsity or deception. Because Section 17529.5 specifically targets falsified, misrepresented, or forged headers rather than regulating commercial email generally, California courts have held it falls within the fraud exception and survives preemption.

How do SPF, DKIM, and DMARC records help defend against a Section 17529.5 claim?

SPF records authorize specific servers (including ESPs) to send email on behalf of a domain. DKIM provides cryptographic proof that the email was not altered in transit. DMARC confirms that SPF and DKIM are aligned with the 'From:' domain. If all three pass, it demonstrates the email infrastructure is working as designed and the headers are not forged or falsified, directly rebutting the core allegation of Section 17529.5.

Can a corporation defend itself pro per in a Section 17529.5 lawsuit?

No. In California unlimited civil cases, a corporation cannot appear in propria persona (without an attorney). CCP Section 116.540, which allows limited self-representation in small claims, does not apply to unlimited civil actions. A corporate defendant must retain licensed counsel to appear and defend.

What is the deadline to respond to a Section 17529.5 complaint filed in LASC?

The defendant has 30 days from service to file a responsive pleading (answer or demurrer). A one-time 30-day extension is available by stipulation under LASC Local Rule (CIV 229 form). An anti-SLAPP motion must be filed within 60 days of service. CCP Section 128.7 sanctions require serving the motion with a 21-day safe harbor period before filing with the court.

How should a defendant handle discovery in a Section 17529.5 case?

Defendants should propound discovery immediately to preserve ESP data before accounts are modified or closed. Key discovery includes the plaintiff's litigation history to identify serial filers, the plaintiff's email account setup and usage patterns, the actual email headers at issue, and any authentication records (SPF, DKIM, DMARC) that were in place when the email was sent.

Statutory Deep Dive

California B&P Code § 17529.5 Defense

Q: What does California B&P Code Section 17529.5 prohibit?

Section 17529.5 prohibits sending commercial email advertisements from California or to a California email address that contain falsified, misrepresented, or forged header information; a subject line that would mislead a reasonable recipient about the contents; or email initiated via a third-party domain without authorization. Unlike CAN-SPAM, this statute targets deception in email headers and routing, not merely unsolicited commercial email.

By Sergei Tokmakov, Esq. - California attorney, CA Bar #279869, founder of Terms.Law.

Element-by-element analysis of the email anti-spam statute, burden of proof, and defense strategies

2004

Enacted

$1,000

Per Email ?

4 yr

SOL (CCP § 340) ?

🤖 AI Legal Analyst

Ask my AI Legal Analyst about your § 17529.5 matter

Scopes your matter and points you to the right path: the $575 attorney demand or response letter, the $1,200 letter plus a court-ready draft complaint, or the $1,500 pre-litigation negotiation phase. A full review of your facts or documents is the $240 Written Attorney Consultation, not this chat. AI-generated legal information, not legal advice.

This is a page-aware service-routing workflow built on my actual § 17529.5 defense playbook and flat-fee packages, not a generic chatbot. Pricing and scope questions below answer instantly and free; the AI is for matching your situation to the right engagement.

Pricing & scope free · instant · no email

One attorney letter on firm letterhead, USPS certified mail (signature requested) plus email, up to two client revision rounds before sending, review of the other side's first substantive response with a short next-step recommendation, and a narrow counter-response if strategically appropriate. Multi-round negotiation is the $1,500 Pre-Litigation Negotiation Phase.

Request the $575 letter

Everything in the $575 letter plus a court-ready draft complaint or arbitration demand prepared in parallel and attached as settlement leverage (it is not filed automatically). Up to two revision rounds; first-response review included.

Request the $1,200 package

Triggered when the matter enters multi-round negotiation after the included first-response review: additional counter-letters, written settlement negotiations through settlement or impasse, and one settlement-agreement or mutual-release review.

Email me to start the phase

A first draft is usually 3 to 5 business days after I receive the documents. Rush 24 to 48 hour turnaround may be available for an added fee.

The agreement or contract, invoices or proof of what is owed, prior correspondence with the other side, and any notice or demand already exchanged. For a § 17529.5 matter, also include the demand letter or complaint you received and the emails at issue (with full headers if you have them). Upload them in the chat or email them.

Ask the AI about your dispute

Attorney-supervised AI · general information, not legal advice. A full review of your facts or documents is the paid $240 Written Attorney Consultation. Sergei Tokmakov, Esq., CA Bar #279869.

← Back to Email Anti-Spam Hub

Elements Plaintiff Must Prove

Key Distinction: Unlike CAN-SPAM, which broadly regulates unsolicited commercial email, California B&P § 17529.5 specifically targets deception in email headers and routing. A perfectly honest commercial email, even if unsolicited, does not violate this statute.

Element 1: California Nexus (§ 17529.5(a)(2))

The plaintiff must establish that the email was either:

Sent FROM California — the email originated from a server, person, or entity located in California; OR
Sent TO a California email address — the recipient's email address is registered by or associated with a California resident or California-based service provider.

Defense Angle: Challenge the California nexus. If the sender is out-of-state and the email was sent to a non-California address, the statute does not apply. Examine whether the plaintiff's email account is actually hosted by a California-based ISP or whether the plaintiff resides in California.

Element 2: Prohibited Content (§ 17529.5(a)(2)(A)-(C))

In addition to the California nexus, the plaintiff must prove the email falls into at least one of three prohibited categories:

(A) Falsified, Misrepresented, or Forged Header Information

This is the most commonly alleged violation. The plaintiff must show that the email contained header information that was:

Falsified: Header fields contain information that is objectively untrue
Misrepresented: Header fields create a false impression of the sender's identity or the email's origin
Forged: Header fields were deliberately altered to disguise the true origin of the email

What are "headers"? Email headers include all the technical routing information: the From: field, Reply-To: field, Return-Path:, Received: chain, Message-ID:, and other fields that trace the email's path from sender to recipient. The statute covers all header information, not just what the recipient sees.

(B) Misleading Subject Line

The email contains a subject line that would mislead a reasonable recipient about the contents or subject matter of the message. This is an objective test:

Would a reasonable person be misled? (not a sophisticated technologist)
The subject line must actually be deceptive about the contents of the email
Puffery or marketing language alone is not sufficient — there must be an actual disconnect between the subject and the content

Example	Likely Misleading?	Analysis
"RE: Your Account" (no prior conversation)	Yes	Implies a reply to prior correspondence that does not exist
"Urgent: Action Required" (marketing email)	Likely	Implies urgency regarding an account or obligation that doesn't exist
"50% Off Summer Sale" (actual sale email)	No	Subject accurately describes the content of the email
"Newsletter: Weekly Product Roundup"	No	Accurately identifies the email as a newsletter

(C) Third-Party Domain Without Authorization

The email was initiated by use of an email address, domain name, or IP address of a third party without permission of the third party. Key considerations:

Authorization must be absent: If the third party consented to the use, this element fails
ESP usage is NOT this: Sending through Mailchimp, SendGrid, or other ESPs is done with the ESP's explicit authorization — you are their customer
True violations: Hijacking another company's domain in headers, using a compromised third-party server, or inserting someone else's domain in the From: field without permission

Defense Takeaway: If you can demonstrate authorization for every domain and IP address involved in sending the email — through ESP service agreements, SPF records, and DKIM configurations — subsection (C) fails as a matter of law.

Element 3: Commercial Email Advertisement

The email must be a "commercial email advertisement" as defined under the statute. This generally means:

The primary purpose is the commercial advertisement or promotion of a product, service, or business
Transactional or relationship emails (order confirmations, account updates, shipping notices) are generally excluded
Mixed-content emails are evaluated based on the "primary purpose" test

Burden of Proof Summary

Element	Plaintiff Must Prove	Common Defense
California Nexus	Sent from CA or to a CA email address	Challenge residency/ISP location
Falsified Headers	Specific header fields were falsified or forged	SPF/DKIM/DMARC passing proves authenticity
Misleading Subject	Reasonable recipient would be deceived	Subject accurately describes email content
Unauthorized Domain	Third-party domain used without permission	ESP service agreement = authorization
Commercial Email	Primary purpose is commercial promotion	Transactional/relationship email defense

Spoofing vs. Legitimate ESP Routing

This Is the Central Defense Question: Plaintiffs routinely allege "forged headers" when the email was simply routed through a standard Email Service Provider (ESP). Understanding the distinction between actual spoofing and standard email infrastructure is the key to defeating most § 17529.5 claims.

Definition Under the Statute

§ 17529.5(a)(2)(A) targets email that contains "falsified, misrepresented, or forged header information." But the statute does not define these terms with technical precision, which creates the critical battleground for defense.

The defense position: standard ESP email routing is not, and has never been, "spoofing." It is how email works.

How Email Actually Works: ESP Routing

When a business sends email through a legitimate ESP, the email infrastructure works like this:

// What the RECIPIENT sees:
From: marketing@yourbrand.com ← Your brand's domain
Reply-To: marketing@yourbrand.com ← Replies go to YOU
Subject: Summer Collection Now Available

// What the ROUTING HEADERS show:
Return-Path: bounce-id@esp-server.com ← ESP's bounce handler
Received: from esp-mta-04.esp-server.com ← ESP's mail server
DKIM-Signature: d=yourbrand.com; s=esp-key; ← Cryptographic proof
Authentication-Results:
  spf=pass ← yourbrand.com authorized this server
  dkim=pass ← Email verified as unaltered
  dmarc=pass ← SPF and DKIM both align

This is exactly how every major email platform operates. Mailchimp, SendGrid, Hive.co, Constant Contact, HubSpot, Klaviyo, and every other legitimate ESP route email in this manner. The visible From: field shows the sender's domain. The routing infrastructure reflects the ESP. This is not deception — it is standard architecture.

Why ESP Routing Is NOT Spoofing

1. SPF Records Explicitly Authorize the ESP

When a domain owner publishes an SPF record, they are telling the world: "These servers are authorized to send email on my behalf." This is a deliberate, affirmative act of authorization:

yourbrand.com TXT record:
v=spf1 include:espserver.com ~all

// Translation: "espserver.com is authorized to send email for yourbrand.com"

If the receiving mail server checks SPF and it passes, the sending server was authorized to deliver that email. There is no "forgery" — the domain owner explicitly blessed this routing.

2. DKIM Provides Cryptographic Verification

DomainKeys Identified Mail (DKIM) adds a digital signature to each email. The signature can be verified against a public key published in the sender's DNS:

The sender's domain publishes a DKIM public key in DNS
The ESP signs each outgoing email with the corresponding private key
The recipient's mail server verifies the signature against the public key
If DKIM passes, the email content has not been altered in transit and the sending domain authorized it

Key Argument: A DKIM-passing email is the opposite of forgery. The sender's domain has cryptographically signed the email. This is the email equivalent of a notarized document — it proves authenticity, not deception.

3. DMARC Alignment Confirms Everything

Domain-based Message Authentication, Reporting & Conformance (DMARC) ties SPF and DKIM together, ensuring alignment with the visible From: domain:

SPF alignment: The domain in the Return-Path aligns with the From: domain
DKIM alignment: The DKIM signing domain (d=) matches the From: domain
DMARC pass: At least one alignment check passes — confirming the email is legitimate

What Actual Spoofing Looks Like

For contrast, here is what genuine email spoofing looks like — the scenario § 17529.5 was designed to address:

// SPOOFED email (what the statute actually targets):
From: support@legitimatebank.com ← FAKE - sender has no connection to this domain
Reply-To: reply-xz29@throwaway.xyz ← Throwaway domain
Return-Path: bounce@random-server.ru ← Completely unrelated server
Authentication-Results:
  spf=fail ← Server NOT authorized by legitimatebank.com
  dkim=none ← No valid signature
  dmarc=fail ← Nothing aligns

Actual Spoofing (Violates Statute)

Using a domain you do not own in the From: field
SPF fails because the sending server is not authorized
No DKIM signature or DKIM fails validation
DMARC fails alignment
Headers are designed to deceive about the sender's identity

Legitimate ESP Routing (Does NOT Violate)

Using your own domain in the From: field
SPF passes because you authorized the ESP in DNS
DKIM passes with your domain's key
DMARC aligns with your domain
Routing headers transparently show ESP infrastructure

Case Law Analysis

Balsam v. Trancos (2012)

The court analyzed what constitutes "falsified" headers under § 17529.5. Key holdings:

Headers must be actually falsified, not merely routed through a third party
The fact that routing headers show an intermediary server does not make them "forged"
The court distinguished between deceptive header manipulation and standard email infrastructure

Hypertouch v. ValueClick (2011)

Addressed misleading header analysis in the context of affiliate marketing email:

Court examined whether headers "misrepresented" the sender's identity
Analyzed the relationship between the advertiser, the affiliate, and the email sender
Headers that accurately reflect the sending infrastructure, even through intermediaries, are not inherently "misrepresented"

Asis Internet Services v. Optin Global (N.D. Cal.)

Federal court addressed authentication records as evidence in a § 17529.5 context:

Authentication records (SPF, DKIM) are relevant evidence of whether headers were falsified
Passing authentication tests supports the defense position that headers are legitimate
The court recognized that modern email authentication standards are probative on the question of header integrity

Bottom Line: If SPF passes and DKIM validates, the email infrastructure is working exactly as designed. The sender's domain has explicitly authorized the sending server, and the email's integrity has been cryptographically verified. There is no "forgery" — there is a functioning, transparent, standards-compliant email delivery system.

Standing & Venue Requirements

Standing Is Often Dispositive: Many § 17529.5 cases can be challenged at the threshold by attacking the plaintiff's standing to sue. The statute limits who can bring a claim, and not every person who receives a marketing email qualifies.

Who Can Sue Under § 17529.5

The statute creates a private right of action for two categories of plaintiffs:

1. Electronic Mail Service Providers (ISPs)

Definition: An entity that provides email services to end users — hosting email accounts, processing inbound/outbound email
Injury theory: The ISP's infrastructure was burdened by processing spam emails
Examples: Companies operating mail servers (e.g., hosting providers with email services)
Challenge: Verify the plaintiff actually operates as an ISP and was injured in that capacity

2. Actual Recipients

Definition: The person who actually received the email at their email address
Key requirement: The plaintiff must be the actual recipient, not a downstream party
Challenge: Verify the email address actually belongs to the named plaintiff

Standing Challenges: Professional Plaintiffs

Common Pattern: Some serial litigants create email addresses specifically to receive marketing emails, subscribe to lists, then sue when they receive the very emails they solicited. This creates powerful standing and credibility challenges.

Indicators of Professional Plaintiffs

Multiple lawsuits: The plaintiff has filed numerous § 17529.5 cases against different defendants
Purpose-built email addresses: Email accounts created with no purpose other than receiving marketing email
Deliberate subscription: Evidence the plaintiff affirmatively signed up for email lists or used catch-all domains
No actual harm: Plaintiff cannot articulate any concrete injury beyond "receiving an email"
Boilerplate complaints: Identical or nearly identical complaint language across multiple cases

Key Standing Case Law

Case	Holding	Defense Application
Balsam v. Tucows	Analyzed standing requirements for § 17529.5 plaintiffs; scrutinized whether plaintiff qualified as an ISP or actual recipient	Challenge plaintiff's characterization of their role; demand proof of ISP operations or actual receipt
Kleffman v. Vonage	Examined recipient standing; addressed whether the plaintiff's use of the email address established standing	Probe plaintiff's actual use of the email account; look for manufactured standing

Discovery Into Standing

Defendants should serve early discovery targeting standing issues:

Email account history: When was the account created? What was its purpose? How often is it used?
Subscription records: Did the plaintiff subscribe to email lists? Did they use the address on web forms?
Litigation history: How many § 17529.5 cases has the plaintiff filed? Against how many defendants?
ISP status proof: If claiming ISP standing, what email services do they provide? To how many users?
Actual damages: What concrete injury did the plaintiff suffer from receiving this email?

Venue

Where These Cases Are Filed

LASC (Los Angeles Superior Court): If the defendant is in Los Angeles County or the email was sent to an LA-based address
Other California Superior Courts: Based on defendant's location or where the email was received
Federal Court: If diversity jurisdiction exists (different states, amount in controversy exceeds $75,000) or if federal question jurisdiction is invoked alongside CAN-SPAM claims

Venue Challenge: If the defendant has no connection to the filing county and the email was not sent to an address in that county, file a motion to transfer venue under CCP § 397.

Corporate Defendants: Counsel Required

Critical Rule: A corporation, LLC, or other business entity cannot appear in propria persona (without an attorney) in California unlimited civil court. CCP § 116.540, which permits limited self-representation in small claims court, does not apply to unlimited civil actions.

What This Means

If the defendant is a business entity, it must retain a licensed California attorney
An officer, director, or owner cannot file an answer or demurrer on behalf of the entity without counsel
Failure to appear through counsel can result in a default judgment
If the entity cannot afford counsel, it may still face default — inability to pay for a lawyer is not a defense to the requirement

Practical Considerations

Entity Type	Can Self-Represent?	Notes
Individual / Sole Proprietor	Yes	Can appear in pro per in unlimited civil
Corporation	No	Must have licensed counsel
LLC	No	Must have licensed counsel
Partnership	No	Must have licensed counsel

Defense Strategies

Defense Roadmap: The following strategies are presented in order of typical priority. The strongest defenses — ESP authentication and CAN-SPAM preemption — should be evaluated first. Procedural motions (sanctions, anti-SLAPP, demurrer) can be deployed in parallel.

ESP Authentication Defense

The most powerful defense against § 17529.5(a)(2)(A) "forged header" allegations. If your email was sent through a legitimate ESP with proper authentication, the headers are not forged — they are working exactly as intended.

What you need:

SPF records showing the ESP was authorized to send on your domain's behalf
DKIM records confirming the email was cryptographically signed by your domain
DMARC records showing SPF/DKIM alignment with your From: domain
ESP service agreement proving authorization to use their infrastructure
Historical DNS records (use archive services) to prove authentication was in place at the time the email was sent

Full ESP Authentication Defense Guide →

CAN-SPAM Preemption

Federal CAN-SPAM (15 U.S.C. § 7707(b)) preempts state laws that regulate commercial email. California § 17529.5 survives preemption only through the narrow fraud exception — meaning the statute applies only to falsity and deception, not to regulation of commercial email generally.

Preemption argument structure:

CAN-SPAM expressly preempts state laws that regulate "the use of electronic mail to send commercial messages"
The fraud exception allows state laws that prohibit "falsity or deception" in email
If the plaintiff's claim is really about receiving unsolicited email (not about actual deception), it is preempted
Scrutinize the complaint: does it allege actual falsity in headers, or just that the email was unwanted?

Full CAN-SPAM Preemption Analysis →

CCP § 128.7 Sanctions Motion

If the complaint lacks factual basis — no actual header analysis, boilerplate allegations, no identification of which specific header was forged — a sanctions motion can be an effective tool to force withdrawal or dismissal.

Requirements:

Frivolous allegations: The complaint asserts "forged headers" without analyzing the actual email headers or authentication records
No factual investigation: Plaintiff's counsel filed without reviewing SPF/DKIM/DMARC results
Safe harbor procedure: You must serve the sanctions motion on opposing counsel and provide a 21-day withdrawal period before filing with the court
If plaintiff withdraws: The case goes away without further expense
If plaintiff does not withdraw: File the motion with the court and seek fees and costs

Procedural Note: The 21-day safe harbor is mandatory. If you file the sanctions motion with the court without first serving it on opposing counsel and waiting 21 days, the motion will be denied on procedural grounds regardless of merit.

Anti-SLAPP Motion (CCP § 425.16)

If the email at issue relates to protected speech — political communications, public interest matters, or speech connected to a public issue — an anti-SLAPP motion can result in early dismissal with a fee award to the defendant.

Applicability:

Political campaign emails: Speech in connection with a political campaign or ballot measure
Public interest emails: Communications about issues of public concern (health, safety, environment)
Nonprofit advocacy: Emails from advocacy organizations about their mission

Procedure:

Must be filed within 60 days of service of the complaint
Automatic discovery stay while the motion is pending
Two-part test: (1) defendant shows claim arises from protected activity; (2) burden shifts to plaintiff to show probability of prevailing
If granted, defendant recovers attorney fees and costs

Limitation: Anti-SLAPP is generally not available for standard commercial marketing emails. Courts distinguish between commercial speech and speech on matters of public concern. Use this defense only when the email genuinely involves protected speech.

Failure to State a Claim (Demurrer)

If the complaint does not specifically identify which header was "forged" or how it was falsified, the complaint may be subject to demurrer for failure to state facts sufficient to constitute a cause of action.

Grounds for demurrer:

Complaint uses only conclusory language ("headers were falsified") without identifying specific headers
No allegation of which header field was forged, misrepresented, or falsified
No allegation of how the header was deceptive (what was false about it?)
Failure to allege the email was a "commercial email advertisement"
Failure to allege the California nexus (sent from CA or to a CA address)

Timing: A demurrer must be filed within the same deadline as the responsive pleading (30 days from service). If you demur, you do not also file an answer — the demurrer is the responsive pleading. If the demurrer is overruled, you will have a new deadline to answer.

Discovery Into Plaintiff's Filing History

High-volume filers may have credibility issues that undermine their claims. Discovery into the plaintiff's litigation history can reveal patterns that support defense arguments about manufactured standing, lack of genuine injury, and boilerplate litigation tactics.

Discovery targets:

Number of § 17529.5 cases filed in the past 5 years
Number of different email addresses used to receive marketing emails
Whether plaintiff subscribed to email lists voluntarily
Prior case outcomes — voluntary dismissals, settlements, sanctions
Whether plaintiff uses catch-all email domains or purpose-built addresses

Full Serial Plaintiff Defense Guide →

Defense Strategy Matrix

Defense	Best For	Timing	Result if Successful
ESP Authentication	Any "forged header" claim	Throughout case	Judgment / Summary judgment
CAN-SPAM Preemption	Claims really about unsolicited email	Demurrer / MSJ	Dismissal
§ 128.7 Sanctions	Boilerplate, uninvestigated complaints	Early (after safe harbor)	Withdrawal + fees
Anti-SLAPP	Political / public interest emails	Within 60 days of service	Dismissal + fees
Demurrer	Deficient complaints	Within 30 days of service	Dismissal (with or without leave)
Serial Plaintiff Discovery	High-volume filers	After answer filed	Credibility damage / sanctions

Timeline & Deadlines

Missing a deadline can result in default judgment. If you are a business entity, you must retain counsel immediately upon service. Do not wait until the response deadline approaches — counsel needs time to evaluate the case and prepare the responsive pleading.

Response Deadlines

Day 0: Service of Complaint

Clock starts running

Personal service on the defendant (or substitute service, which adds additional days). Verify the proof of service for proper service under CCP § 415.10-415.50. Defective service can be challenged by motion to quash.

Day 30: Response Deadline

Answer or demurrer due

The defendant must file either an answer (responding to all allegations) or a demurrer (challenging the legal sufficiency of the complaint) within 30 days of service. If served by substitute service, add 10 days. If served by mail, add additional time per CCP § 1013.

Day 30: Extension by Stipulation

LASC CIV 229 stipulation

One 30-day extension is available by stipulation between the parties using LASC form CIV 229 (or equivalent local form in other counties). This extends the response deadline to Day 60. No court order is required for the first extension — just a signed stipulation filed with the court.

Day 60: Extended Response Deadline

Answer or demurrer due (if stipulated)

If you obtained the CIV 229 stipulation, your responsive pleading is now due on Day 60. Additional extensions require a court order and good cause — they are not guaranteed.

Special Motion Deadlines

Within 60 Days of Service

Anti-SLAPP Motion (CCP § 425.16)

Must be filed within 60 days of service of the complaint. The court may grant an extension for good cause, but do not count on it. Filing triggers an automatic discovery stay. If the motion is granted, the defendant recovers attorney fees and costs.

Within Response Deadline

Demurrer

A demurrer must be filed within the same deadline as the answer (30 days, or 60 if extended by stipulation). The demurrer replaces the answer as the responsive pleading. Must meet and confer with opposing counsel before filing (CCP § 430.41).

Serve + 21-Day Safe Harbor

CCP § 128.7 Sanctions Motion

Serve the sanctions motion on opposing counsel. Wait the mandatory 21-day safe harbor period. If plaintiff does not withdraw the offending pleading within 21 days, file the motion with the court. The safe harbor cannot be shortened — it is mandatory.

Discovery Timeline

Preserve ESP Data Immediately: ESP account data, sending logs, and authentication records may be deleted or become inaccessible if accounts are closed or data retention policies expire. Propound discovery as soon as the answer is filed, and send preservation letters to ESPs even before filing the answer.

Immediately Upon Service

Send preservation letters

Send litigation hold / preservation letters to your ESP, DNS provider, and any third-party email infrastructure providers. Request they preserve all sending logs, authentication records, SPF/DKIM/DMARC configurations, and account settings as of the date the emails at issue were sent.

After Answer Filed

Propound discovery

Serve discovery requests targeting: (1) plaintiff's litigation history, (2) plaintiff's email account setup and usage, (3) how plaintiff obtained the email that is the subject of the complaint, (4) plaintiff's actual damages, and (5) whether plaintiff voluntarily subscribed to email lists.

30 Days After Propounding

Discovery responses due

Opposing party must serve responses within 30 days (or 35 days if served by mail). If responses are deficient, meet and confer before filing a motion to compel.

45 Days After Deficient Response

Motion to compel deadline

A motion to compel further responses must be filed within 45 days of receiving deficient responses (CCP § 2030.300, § 2031.310). Missing this deadline waives the right to compel.

Trial Setting

Milestone	Typical Timing	Notes
Case Management Conference	90-120 days after filing	Court sets trial date and discovery cutoffs. File a CMC statement before the hearing.
Discovery Cutoff	30 days before trial	All discovery must be completed by this date. Expert discovery may have an earlier cutoff.
Motion Cutoff	Varies by court	Summary judgment motions typically must be heard at least 30 days before trial (CCP § 437c requires 75-day notice).
Mandatory Settlement Conference	30-60 days before trial	Court-ordered settlement conference. Attend with settlement authority.
Trial	12-18 months after filing	LASC unlimited civil. Bench trial unless jury is demanded (and jury fees posted).

Deadline Summary Quick Reference

Action	Deadline	Authority
Answer or demurrer	30 days from service	CCP § 412.20, 430.40
Stipulated extension	30 additional days (one time)	LASC CIV 229
Anti-SLAPP motion	60 days from service	CCP § 425.16(f)
128.7 sanctions (serve)	Any time	CCP § 128.7(c)(1)
128.7 safe harbor	21 days after service	CCP § 128.7(c)(1)
Discovery responses	30 days from service	CCP § 2030.260
Motion to compel	45 days from deficient response	CCP § 2030.300
Summary judgment notice	75 days before hearing	CCP § 437c(a)
Statute of limitations	4 years	CCP § 340

Need Help Meeting These Deadlines?

Schedule a consultation to discuss your § 17529.5 defense. I can evaluate your case, identify the strongest defenses, and confirm the applicable deadlines.

$575 flat fee: demand letter drafted, signed, and mailed

Or get a $240 Written Attorney Consultation: send me your matter and documents, I reply by email within 2 business days.

Contact: owner@terms.law

California Bar #279869

AI Legal Analyst Attorney-built Curated by Sergei Tokmakov, Esq.

Jump straight to my page-aware analyst with a starter question. It scopes your § 17529.5 matter and points you to the right flat-fee path.

Ask about your matter

Opens the cockpit above. Attorney-supervised AI · general information, not legal advice. A full review of your facts or documents is the paid $240 consultation.

Get attorney help

Request a defense response — $575 $240 Written Attorney Consultation

California B&P Code § 17529.5 Defense

Ask my AI Legal Analyst about your § 17529.5 matter

Elements Plaintiff Must Prove

Element 1: California Nexus (§ 17529.5(a)(2))

Element 2: Prohibited Content (§ 17529.5(a)(2)(A)-(C))

(A) Falsified, Misrepresented, or Forged Header Information

(B) Misleading Subject Line

(C) Third-Party Domain Without Authorization

Element 3: Commercial Email Advertisement

Burden of Proof Summary

Spoofing vs. Legitimate ESP Routing

Definition Under the Statute

How Email Actually Works: ESP Routing

Why ESP Routing Is NOT Spoofing

1. SPF Records Explicitly Authorize the ESP

2. DKIM Provides Cryptographic Verification

3. DMARC Alignment Confirms Everything

What Actual Spoofing Looks Like

Actual Spoofing (Violates Statute)

Legitimate ESP Routing (Does NOT Violate)

Case Law Analysis

Balsam v. Trancos (2012)

Hypertouch v. ValueClick (2011)

Asis Internet Services v. Optin Global (N.D. Cal.)

Standing & Venue Requirements

Who Can Sue Under § 17529.5

1. Electronic Mail Service Providers (ISPs)

2. Actual Recipients

Standing Challenges: Professional Plaintiffs

Indicators of Professional Plaintiffs

Key Standing Case Law

Discovery Into Standing

Venue

Where These Cases Are Filed

Corporate Defendants: Counsel Required

What This Means

Practical Considerations

Defense Strategies

ESP Authentication Defense

CAN-SPAM Preemption

CCP § 128.7 Sanctions Motion

Anti-SLAPP Motion (CCP § 425.16)

Failure to State a Claim (Demurrer)

Discovery Into Plaintiff's Filing History

Defense Strategy Matrix

Timeline & Deadlines

Response Deadlines

Special Motion Deadlines

Discovery Timeline

Trial Setting

Deadline Summary Quick Reference

Need Help Meeting These Deadlines?

Related Resources