Email marketing can be one of the most powerful ways to grow your business – boosting brand visibility, building trust, and increasing conversions. But it’s easy to cross legal boundaries if you’re not careful.
Australia has strict rules around electronic communication and unsolicited emails. If your marketing campaigns breach the Spam Act 2003 (Cth) or Privacy Act 1988 (Cth), you could face serious legal and financial consequences.
In this article, our eCommerce lawyers break down everything Australian businesses need to know to ensure their email marketing complies with the law.
Key Takeaways
Businesses must include a functional unsubscribe feature in all marketing emails
Customers can still receive service-related emails after unsubscribing from marketing
You must have express or implied consent before sending marketing emails
The Spam Act carries harsh penalties, including fines up to $2.22 million per day
Speak to an eCommerce lawyer if you’re unsure about your email compliance
What is considered email Spam?
“Spam” refers to unsolicited commercial electronic messages, such as emails, texts, or messages sent without the recipient’s consent. These messages typically promote products, services, or commercial interests.
Under the Spam Act 2003 (Cth) (Spam Act), a message is regulated if it:
Has an Australian link (e.g. sent from Australia or accessed in Australia)
Has a commercial purpose (e.g. advertising, promoting services)
What is an ‘Australian Link’?
An email has an “Australian link” if:
It originated in Australia
The sender is located or managed from Australia
It’s accessed using a device located in Australia
The recipient is physically present in Australia when accessing it
The business operates in Australia
What counts as a 'Commercial Message'?
A commercial electronic message includes messages that:
Offer or advertise goods or services
Promote business opportunities
Encourage the recipient to engage in commercial transactions
Even if the main purpose isn’t commercial, partial promotion still falls under the Spam Act.
The Golden Rules of Email Marketing in Australia
The Spam Act works hand in glove with the Privacy Act 1988 (Cth) (Privacy Act) which deals with the collection and use of personal information. That is why, if you are an email marketer, you must be aware of the 3 legal rules for email marketing.
To legally send marketing emails in Australia, your message must:
Have consent (express or implied)
Identify the sender
Include a functional unsubscribe mechanism
Let’s explore each rule in detail.
1. Get consent before sending emails
You must have consent to send marketing emails. This can be:
Express Consent
The recipient clearly agrees – e.g., by ticking a box or signing up via a form that states they’ll receive promotional emails.
OR
Implied Consent
Consent may be inferred based on a business relationship. For example:
A gym member may expect to receive updates and promotions.
A recent customer may reasonably expect to hear about related products.
Best Practice for Consent
Use clear, simple language when asking for consent: Explain the nature of the communication recipients opt for and specify how often they can expect to receive messages.
Avoid pre-checked boxes or vague opt-in mechanisms: Make the process of opting in deliberate and explicit. Recipients should actively and consciously choose to opt in to receive communications.
Use a double opt-in system for added security: For example, after the initial opt-in, send a confirmation email asking recipients to verify their intent to subscribe. This additional step ensures that the recipient genuinely wishes to receive communications, enhancing the validity of consent.
Tip: Always keep a record of how and when you received consent.
2. Clearly identify yourself as the sender
Every commercial message must:
Include your business name or trading name
Include contact details (email, phone, address)
Be clearly visible, accurate, and functional for at least 30 days
If a marketing agency sends emails on your behalf, make sure your business is identified as the sender.
3. Provide a clear and functional unsubscribe option
Every marketing message must include an easy, free, and functional unsubscribe mechanism.
The mandatory unsubscribe rules are:
- The unsubscribe link must be clearly visible and operational
- It must remain functional for at least 30 days
- You must process unsubscribe requests within 5 business days
- You cannot charge a fee for opting out
Failing to comply will likely result in a Spam Act breach.
Processing Unsubscribe Requests
Under the Spam Act, businesses must promptly action any unsubscribe request received through a commercial electronic message.
You must:
- Action the request within 5 business days of receiving it
- Remove the recipient’s contact details from any system or mailing list used for sending commercial messages
You must not:
- Require recipients to log in or provide unnecessary information to unsubscribe
- Continue sending promotional emails after they’ve unsubscribed (even by mistake)
- Ignore unsubscribe links that are broken or misdirected
Tip: Use automated email software that tracks unsubscribe requests and removes recipients immediately from future campaigns. This helps demonstrate good faith and reduces compliance risk.
Prohibited Practices: What Businesses Must Avoid
Use of address harvesting software
It’s illegal to:
Use software to automatically collect email addresses
Buy email lists created by harvesting tools
Encourage others to send spam on your behalf
This email marketing rule extends to helping someone else or encouraging someone else to do this.
Send Messages Without Consent
For the reasons above, sending promotional emails without consent can result in serious penalties.
Breaching the Spam Act
If your recipients continue receiving emails after unsubscribing, they may make a formal complaint to the Australia Communications and Media Authority (ACMA). ACMA is the regulator responsible for monitoring and enforcing the Spam Act 2003 (Cth).
If you breach the Spam Act, the Australian Communications and Media Authority (ACMA) may:
Issue formal warnings
Serve infringement notices
Apply to the Federal Court for injunctions or penalties
Accept court-enforceable undertakings
Penalties of up to $222,000 per day for businesses apply, and may be even higher for repeat or intentional violations.
Exceptions to the Spam Act
Not all emails are subject to full Spam Act requirements, these include:
1. Factual emails that are not promoting goods or services
Completely factual emails that do not contain any commercial material do not require meeting the consent and unsubscribing requirements under the Spam Act. Such emails include messages that:
- advise the recipient and are not commercial
- offer a price/quote to the customer
- provide a product or service update to the customer
- are sent for the genuine safety of the recipient
2. Emails sent by "permitted organisations"
Emails from permitted bodies that are exempt from the Spam Act. These organisations may include educational institutions, registered charities, government bodies, or registered political parties.
Frequently Asked Questions
Is it illegal to send marketing emails?
No, but you must follow the Spam Act’s consent, identification, and unsubscribe requirements.
What should I do if I receive spam?
If you get a spam message, you should first contact the sender or unsubscribe. You may wish to report the matter to the ACMA. They will check and verify the sender if they broke the Spam Act.
Is there a difference between commercial and non-commercial messages under the Spam Act?
Yes, the Spam Act specifically targets commercial electronic messages. Non-commercial messages, such as those for charitable or educational purposes, may not be subject to the same requirements.
How should I record that I have received consent?
Keep Records of Consent:
Include date, method, and content of consent
Store in an accessible and secure format
Ensure data is protected under Privacy Act obligations
Accurate records can help defend against complaints or investigations.
Can I send emails to overseas customers?
Yes, but consider local anti-spam laws (e.g., GDPR, CAN-SPAM). Your emails must comply with laws in both Australia and the recipient’s country.
