“Sale ends tonight. Don’t miss out.” is one of the most reliable subject lines in retail email marketing. It is also, when the sale does not actually end tonight, the subject line sitting at the center of approximately 115 class action lawsuits filed in the past twelve months.
The litigation wave targeting misleading email subject lines is the most consequential development in email marketing compliance in years. Two rulings in 2025 and 2026 have closed what many legal teams assumed was a federal preemption escape hatch. Retailers, e-commerce brands, and any sender using urgency-driven subject lines should understand exactly what changed and what the exposure looks like.
What Is CEMA and Why Does It Matter Now?
Washington State’s Commercial Electronic Mail Act (CEMA) has existed since 2003. For most of its history it was treated as a low-priority footnote by national email marketers focused on federal CAN-SPAM compliance.
That changed in April 2025.
Following a certified question from a federal district court, the Washington Supreme Court issued a ruling in Brown v. Old Navy, LLC that expanded CEMA’s reach significantly. The court held that CEMA does not merely prohibit false claims about whether an email is commercial. It prohibits any false or misleading information in the subject line, full stop.
That single interpretation opened the door to class action litigation against retailers who routinely use fabricated urgency in email marketing: countdown timers tied to no real deadline, one-day sales that run for a week, exclusive offers sent to an entire list, and discount percentages that are simply always-on pricing. Approximately 115 cases have been filed since the ruling.
The CAN-SPAM Preemption Defense Is Gone
The first line of defense for defendants in CEMA cases was federal preemption: the argument that the CAN-SPAM Act supersedes state anti-spam legislation and that CEMA is simply unenforceable against out-of-state commercial senders.
On January 14, 2026, Judge James Robart of the United States District Court for the Western District of Washington rejected that argument in a decision that reverberated through retail legal departments nationwide.
Judge Robart found that CAN-SPAM explicitly carves out state laws that “prohibit falsity or deception in any portion of a commercial electronic message.” CEMA’s prohibition on misleading subject lines falls squarely within that carve-out. The federal government did not occupy the field of deceptive subject line regulation. It expressly left room for states to act.
With the preemption argument off the table, any retailer sending campaigns to Washington-based recipients under a demonstrably false subject line is exposed under state law with no federal ceiling to appeal to.
What HB 2274 Changes and What It Does Not
The Washington legislature responded to the litigation surge. On March 23, 2026, Governor Bob Ferguson signed House Bill 2274, making two important amendments to CEMA that take effect on June 11, 2026.
First, the statutory damages cap drops from $500 per violation to $100 per violation. With a mailing list of 100,000 addresses, a single campaign under a misleading subject line still carries theoretical liability in the millions of dollars, but the reduction is meaningful.
Second, the statute now requires that the false or misleading subject line exist “based on the person’s actual knowledge or knowledge fairly implied on the basis of objective circumstances.” A documented, good-faith error is now more defensible than it was under the previous strict standard.
The critical caveat: HB 2274 governs violations after June 11, 2026. The roughly 115 pending cases were filed under the original $500-per-violation standard and are not retroactively capped by the new law.
What Counts as a Misleading Subject Line
The practical question for marketing teams is where the line sits. The litigation filed so far clusters around a specific pattern: urgency claims that are objectively false at the time of sending.
The clearest examples from existing complaints:
- “Sale ends tonight” when the same promotion continues for days afterward
- “Only 3 left in stock” when inventory is not actually constrained
- “Your exclusive offer expires in 24 hours” when the offer is sent to the full list and resets daily
- “Flash sale: 6 hours only” when the promotion runs for the rest of the week
The common thread is a factual claim about time or scarcity that is demonstrably untrue. Subject lines expressing enthusiasm (“Our biggest sale yet”), category descriptions (“New arrivals this week”), or subjective value (“Deals worth opening”) are not the primary targets of existing litigation. Fabricated deadlines are.
What Email Marketers Should Do Right Now
The litigation risk is real and geographically specific, but not geographically contained. Class actions aggregating Washington-based recipients from nationwide campaigns are viable. Other states have anti-spam statutes with similar language: California’s Business and Professions Code 17529 et seq. is one. Maryland and Texas have statutes being scrutinized in the wake of the Washington litigation. Legal observers are watching CEMA as a template for what comes next.
Audit your active templates. Review high-volume subject line formulas for factual urgency claims. If a deadline claim is false for any recipient in any circumstance, revise or retire it.
Align marketing and legal review. Urgency is a proven conversion tactic rooted in behavioral psychology. Legal review of email copy has historically been minimal. That balance needs to shift.
Document your promotion schedules. If a sale genuinely ends at midnight, document the end time. If it is a rolling promotion with a daily discount, describe it accurately in the subject line.
Monitor other state legislatures. The next session in California, Maryland, or New York could extend CEMA-style restrictions to new jurisdictions. A nationwide false-urgency audit is a better investment than a state-by-state emergency response.
The Authentication Connection
Subject line compliance and email authentication may seem like separate organizational problems. They are not.
DMARC, SPF, and DKIM authentication tell receiving mail servers that your message is legitimate and comes from you. That authentication is the foundation of deliverability. But it is the floor, not the ceiling, of a trusted email program.
Mailbox providers evaluate sender reputation across the full send. Authentication signals matter. So do engagement rates, unsubscribe rates, and spam complaint rates. A sender who achieves p=reject and then deploys misleading urgency tactics is building a compliance contradiction: the infrastructure says “trust this sender” while the content gives recipients reasons not to.
Spam complaints triggered by false subject lines feed directly back into the reputation signals that determine inbox placement. The short-term open rate lift from a fabricated deadline comes at the cost of the reputation that determines whether the next send reaches the inbox at all. Trusted email programs are consistent throughout: authenticated at the infrastructure level, honest at the content level.
Building a compliant, high-deliverability email program from authentication through content strategy? Excello Mail combines technical email authentication management with deliverability monitoring so you can grow your program on a foundation that holds up to scrutiny. Start your free trial at excello.email →