Section 230 Doesn’t Apply to “Refer-a-Friend” Text Message–Jensen v. Capital One

Capital One has a “refer-a-friend” program for its customers. Capital One provides its customers with promotional content and a customer-specific referral URL. Customers can edit the content as they see fit, then send it to their friends (or their enemies or strangers–it’s all the same to Capital One). If the recipient takes the desired action at the referral URL, the promoting customer gets a bonus. The plaintiff in this case received a text message from their “friend” that incorporated the Capital One-supplied promotional content verbatim. The plaintiff brought a putative class action lawsuit against Capital One based on Washington’s anti-spam law and related claims.

Capital One defended on Section 230 grounds (among others). Capital One argued that the plaintiff is trying to hold Capital One liable for the text message sent by its customer to the customer’s “friend.” The plaintiff pointed out that Capital One authored and provided its customer with the exact content that the customer sent, so the content at issue wasn’t third-party content to Capital One. The district court agrees with the plaintiff.

It doesn’t change the 230 analysis that the promoting customer could have edited the content, because that didn’t happen in this situation. “Because Jensen alleges that Capital One is the sole author of the content of the text that she received, Capital One is not alleged to be merely the passive conduit of content created by others.” Groan. As I’ve discussed ad naseum on the blog, the “passive conduit” phrase is conceptually incoherent, and it’s inconsistent with Section 230’s protection for editorial decisions regarding third-party content.

The court adds: “the purpose of Section 230 immunity—to encourage Internet service providers to voluntarily monitor and edit user-generated speech in internet traffic—would not be served by protecting Capital One from liability in this case.” I disagree with the court’s characterization of Section 230’s goals, but I can see why the 230 defense vexed the court. Capital One isn’t hosting or distributing content authored by others; Capital One is trying to avoid liability for ad copy it prepared with the intent of profiting from securing new customers.

Still, the opinion sidesteps a key conceptual problem with this case. The court could have said that Capital One’s ad copy didn’t cause the legal violation asserted by the plaintiff. Capital One isn’t liable merely for providing promotional content to its customers; the customer could have been equally liable for violating the anti-spam law if they had written their own ad copy and sent it to their “friend”; and the promotional content wouldn’t have created liability if the sender had otherwise complied with the prerequisites of Washington’s anti-spam law. In other words, any anti-spam liability turns solely on the sender’s compliance efforts (or lack thereof), something Capital One can’t directly control. Viewed this way, the plaintiff seeks to hold Capital One liable for third-party “content,” i.e., its customers’ incomplete legal compliance when disseminating messages the senders had sole editorial control over.

Similar allocation-of-liability issues arose during the adware and affiliate program wars of the 2000s. See this roundup. Section 230 wasn’t a main issue in most of those litigation battles, and it doesn’t work here. Capital One may have tenable defenses on other grounds.

You may have noticed that I sometimes put the term “friends” in quotes. True friends don’t spam each other. That rule doesn’t change just because a marketing team labels its affiliate program “refer-a-friend.”

Case Citation: Jensen v. Capital One Financial Corp., 2025 WL 606194 (W.D. Wash. Feb. 25, 2025)