# We made overclaiming a build error

> How the Email Fast website checks its own copy against a claims ledger at build time, so an overstated feature or a borrowed badge fails the build.

Canonical: https://emailfast.dev/blog/overclaiming-build-error

Marketing copy has a physics problem: it is written once, in a season of enthusiasm, and the product underneath it never stops moving. Features get cut. Numbers age. A cautious "up to" gets trimmed in an edit. Nobody decides to lie — drift is what happens when true-at-the-time sentences outlive their facts, and on most sites there is no force pushing back.

We write software for a living, and software has a name for this problem, and a fix. When code depends on a fact — this function exists, with this signature — the dependency is checked mechanically, and when the fact changes, the build breaks. So we built our marketing site the same way. On this site, overclaiming is a build error.

## The ledger

Every load-bearing factual claim in our copy — every number, every architectural assertion, every statement about a competitor — exists in exactly one place: a claims ledger, in version control, where each claim has an id, vetted wording, and a pointer to its evidence in the repository. Pages do not state facts. They reference them:

```markdown
When you need an answer about deliverability, there is no
upstream provider to blame: Email Fast runs its own mail transfer agent, warmup engine, reputation breaker, and per-tenant fair queue — the pipes are ours, not resold.
```

At build time the reference resolves to the ledger's exact wording. The page cannot paraphrase a claim upward, because the page never contains the claim's words at all — the ledger's wording is substituted in. And a reference to a claim that does not exist stops the deploy:

```
$ npm run site:build
site/content/pricing.md
  ✗ unknown claim id "uptime-guarantee" — not in claims.ts
site/content/enterprise.md
  ✗ claim "live-sending" is post-arm; site state is day-one
site/content/about.md
  ✗ banned phrase "trusted by" — social proof with no customers
build failed: 3 content errors
```

## The lint

The second mechanism is a banned-phrase lint over the emitted prose. It is a list of things companies our age tend to say and should not: names of compliance certifications we do not hold, uptime and delivery percentages we have no live history to back, "trusted by" formulations with no customers behind them. If a phrase on the list appears anywhere in the rendered site, the build fails with the file and the reason.

A page can allowlist a phrase for exactly one purpose: to deny it honestly. Our security page is permitted to contain the words "SOC 2" because what it says is that we do not have it.

## The state gate

The third mechanism knows what day it is. Claims carry a state, and so does the site. Today the site is in its day-one state: the platform is feature-complete, the sandbox is live, and outbound delivery opens at launch. Some entries in the ledger — "sending is live," warmup behavior measured on real traffic — are marked post-arm, and the build refuses to emit them until the site's state advances. Copy that implies you can deliver live mail today is not a style violation here; it is a compile error until the day it becomes true. When launch arms the infrastructure, we flip one value, and sentences that were errors become publishable. The site cannot run ahead of the product, even when a copywriter is having a good week.

## What this does not do

A post about honesty machinery had better end with the honest part: none of this makes the copy true. Humans write the ledger. A false claim, entered with vetted-sounding wording and a plausible evidence pointer, would resolve just fine. The build cannot smell a lie.

What the machinery changes is the failure mode. Untruth on this site can no longer happen by drift — a stale number here, an inherited superlative there, each edit locally innocent. Every factual assertion is a named object with one wording, one evidence pointer, and a review trail. Changing what the site claims means editing the ledger, in a diff, with a reviewer watching. Casual overclaiming became impossible; deliberate overclaiming became auditable.

That is a smaller promise than "we cannot lie to you," and it is the one we can actually keep. If this site ever overstates what the product does, it will be because a person chose to write that down in the one file built to make such choices conspicuous — not because nobody noticed. Drift is silent everywhere else. Here, it is loud.
