Spam: Are Your Emails Breaking the Law?

Colourful cut out of the word Spam

All Australian small businesses need to know & comply with the Spam Act. But what is it & how do you comply? This post covers what you need to know.

In the race to get their business up and their content marketing out in front of people, many Australian small business owners don’t realise they are breaking a long-standing piece of law – the Spam Act of 2003.

The Spam Act is piece of legislation that has become like a distant uncool relative: The one who only gets remembered when they turn up uninvited at a party and demands to know where their invitation is. Unfortunately, it is routinely forgotten when training start-ups and new businesses about their roles and responsibilities.

So what is it and why should you care?

Talk Legal To Me

The Spam Act is a piece of Australian legislation that bans sending unsolicited commercial electronic messages. It is currently administered by the ACMA – a government body.

Other countries have their own versions of this legislation, so if you do business internationally, you need to know the legislation of the jurisdiction you are working within.

In Australia, the Spam Act covers any message that has a marketing or commercial element:

  • Emails & newsletters
  • SMS messages
  • MMS messages
  • Instant messages
  • Other electronic messaging (e.g.: LinkedIn, Facebook etc. messages)

If you communicate with people using any of these means, you need to comply with the Spam Act.

Telemarketing calls and faxes are covered under the Do Not Call Register.

What is a Commercial Message?

question iconAccording to the ACMA, the Spam Act defines a commercial electronic message as:

  • offers, advertises or promotes the supply of goods, services, land or business or investment opportunities
  • advertises or promotes a supplier of goods, services, land or a provider of business or investment opportunities
  • helps a person dishonestly obtain property, commercial advantage or other gain from another person.

The Act classifies an electronic message as ‘commercial’ by considering:

  • the content of the message
  • the way the message is presented
  • any links, phone numbers or contact information in the message that leads to content with a commercial purpose—as these may also lead the message to be defined as ‘commercial’ in nature.

In other words, if you send out any marketing promotion, email, or newsletter advertising or promoting your business, you are covered and you need to comply with the Spam Act. 

What Do I Need To Do To Comply?

There are 3 key rules you need to follow with in order to comply with the Spam Act.


1. Consent


2. Identification


3. Unsubscribe facilities

A Word About Purchased Lists & Consent

exclamation iconIf you have bought a mailing list to market to, you carry the onus of proof that each person you are mailing to has given their consent to hear from third parties.

Before you buy any list, you need to know: how the information on the list was gathered, what exactly did the people on the list consent to, and when did they consent?

If the list was gathered by electronic harvesting software or bots, then run like the wind!

Don’t just take the list vendors word for it that everything is cool, and the person really won’t mind hearing from you. If you buy a bad list, then your business reputation is on the line, so do your due diligence to make sure that the risks are minimised.

A Word About Your Own Customer Lists & Consent

Many small businesses take a while to buy electronic newsletter systems, and manually collect their customer’s and supplier’s details in their Outlook or other email system. When they finally subscribe to a system, they think they can simply export the details and then import them into the system.

Wrong. They bump up against all of the same issues that purchased lists have.

How were the email addresses gathered? Did the people know at the time they gave you their details that they would be joining your mailing list – generally the answer to this is no.

How current is your list? Unless they regularly hear from you, people forget about you. Unless people gave you their information AND consented to hear from you less than 3 months ago, then you need to start the whole process of getting consent once again before you can add them to your electronic system.

Remember also that you can’t email someone just to ask for their consent to add them to your new system or marketing list – which makes getting people onto your list a bit challenging.

There are some ways you can use your exported list in remarketing via social media, but in many cases you need to start from scratch and either phone each person, post a traditional letter to someone, or simply write off the old contacts as not being able to be imported into your system.

That’s why it’s important to get a newsletter/autoresponder system earlier rather than later in your small business – so you don’t throw away all your hard work!


Aside from the issue of consent, every commercial message is required to have clear identification of who sent it or authorised it to be sent.

Clear identification includes the correct business or legal trading name of the business or individual, and how the business can be contacted – address or phone number or email.  The ACMA also recommends including your ABN or ACN.

Unsubscribe Facility

cross iconIf you send out a commercial message, you need to also include a functional and legitimate unsubscribe facility. This is an electronic address that the user can use to tell you that they don’t want to hear from you.

There are a few rules around the unsubscribe facility:

  • This address must remain functional for 30 days after the original message.
  • It must give clear instructions on how to unsubscribe.
  • It must be easy to use.
  • All requests to unsubscribe must be honoured within 5 working days.
  • All requests must be at no or low cost to the user.

Think of this as the person wants to tell you no. You need to make it easy for them to say no, and you must honour their “no means no” request. 

Read more about unsubscribing and updating details.

Who Is Exempt From the Spam Act?

The Act does make a number of exemptions to the Act, which means these groups or individuals don’t have to comply with the legislation.

These groups don’t need to comply with the consent and subscribe/unsubscribe requirements, provided the information they are sending relates to goods and services that their organisation supplies.

  • Registered political parties
  • Registered charities
  • Educational institutions (for messages sent to current and former students)

Purely factual messages also fall outside of the scope of the Act. These are pieces of information with no marketing element and can include things like meeting minutes, safety recall notices and an email sent to a business requesting a quote or price list. However, sending a factual piece of information does NOT mean you can add their details to a mailing list or send them future marketing information!

You can also send an unsolicited resume if you are looking for a job, without falling foul of the Spam Act.

Let’s Talk Penalties

gavel iconNo business is too small or too big to escape a penalty if you breach the Spam Act. Penalties range from formal warnings through to infringement notices and Federal Court cases.

Fines can quickly rack up as they are based on single unsolicited emails. If you send out bulk emails, then the numbers quickly can hit maximum penalties.

According to the ACMA, “the penalty units referred to in the Spam Act are currently equal to $180 each. For example, the penalty under section 25(5)(b) of the Spam Act for a company with a previous record of spamming and who sent two or more spam messages on a given day without consent is a maximum fine of 10,000 penalty units. This equates to a maximum penalty of $1,800,000 per day.”

Other penalties can include surrendering any financial benefit you gained as well as seizure of property.

Wrapping Up

Marketing to someone should be the start of a positive relationship. Relationships founded on forced consent rarely end up in a positive way.

If you are going to send an email or another electronic marketing message to someone, remember:

  • Get clear and explicit consent
  • Identify yourself
  • Let them say no through easy to use unsubscribe options.

If you do these three things, you will generally stay on the right side of the Spam Act.

Of course, there are a raft of other pieces of legislation you need to comply with in your marketing to stay on the right side of the law. If you need legal advice about this or any other legal issue, talk with your lawyer.

Want to know how to stop spammers using your contact form to send you spam? Check out our article.


About the Author

Ingrid Moyle

Ingrid Moyle (BA - Psych/Industrial Relations) is the Chief Web Wizard at Heart Harmony Communications. A self-confessed multipotentialite, Ingrid shamelessly blends her passions of human resources, psychology, web design and copywriting. When not hardwired to her computer, she quests for the perfect coffee while chasing virtual reality creatures across the backstreets of Brisbane.
Bowler hat with lightbulb.

Join Our Newsletter

Related Posts