Spam Act Australia and email marketing rules for SMEs

Email marketing rules for SMEs

Email and electronic messaging with customers are significant marketing tools for many Australian SMEs. If your business uses email or text messages to communicate with customers, it’s vital to understand the Spam Act 2003 (Cth) (Spam Act Australia) and the Spam Regulations 2021 (2021 Regulations). With new federal amendments now in effect, now’s the time to make sure you know what is and isn’t okay when it comes to email communications.

What is the Spam Act Australia and the 2021 Regulations?

The Spam Act Australia prohibits the sending of electronic messages including email, SMS and multimedia without the consent of the recipient. The 2021 Regulations were created to repeal and remake the regulations from 2004 to reflect the contemporary nature and scope of electronic communications. Complying with these regulations will not only avoid angry subscribers, but costly fines such as those recently issued to Woolworths and Kogan Australia.

Kogan breaches the Spam Act by making unsubscribing difficult

In January 2021, the Australia Communications and Media Authority (ACMA) issued online retailer Kogan with a $310,800 infringement notice. ACMA found Kogan had sent 42 million subscriber emails from which subscribers could not easily unsubscribe.

Woolworths Australia pays record fine for failing to action consumer unsubscribe requests

In July 2020 ACMA penalised Woolworths to the tune of $1,003,800. The supermarket giant was found to have breached the Spam Act Australia more than five million times when they sent marketing emails to consumers who had already chosen to unsubscribe from their lists.

Anti-spam rules for SMEs

If you’re sending electronic marketing communications you need to comply with the following rules and regulations:

You must have permission

You must have permission from the person receiving your email or SMS. According to ACMA there are two types of permission:

  • Express permission: when someone knows and consents to receive email marketing from you. This can be via a form, on the phone, face to face or a tick box on your website.
  • Inferred permission: when you have a provable, ongoing relationship with a customer and it’s reasonable to believe they would expect relevant marketing materials from you. The marketing sent must directly relate to the ongoing relationship.

Email addresses from singular or occasional purchases from your business cannot be harvested for email marketing communications. This is the same for email addresses provided during COVID-19 check-ins at your business. Neither of these scenarios give express or inferred permission.

You must identify yourself or your business

Your email must identify your name or business name and include accurate business contact details. These details must remain the same for 30 days following the communication.

You must provide a concise, straightforward unsubscribe option

The 2021 Regulations respond to consumer frustration around difficult unsubscribe options. Under the new regulations, companies cannot request personal information (except for the provided email address) or request a recipient to login or create an account to unsubscribe. The unsubscribe process must be quick and easy to navigate for the recipient.

You must be wary of purchasing digital subscriber lists

If your business purchases subscriber lists, under the new Spam Act Australia and 2021 Regulations, your business will be held accountable for the permissions of the contacts on those lists.

You must avoid email harvesting

The use of address-harvesting software is now officially off-limits. Such software is specifically designed to search the Internet for electronic addresses and then compile them into a harvested list for email marketing purposes.

Are your SME email communications compliant?

From January to March 2021 ACMA issued 1,089 compliance alerts to Australian businesses. In the past two years alone companies have paid more than $2,194,500 in penalties.

According to ACMA the main compliance breaches are:

  • failure to provide an unsubscribe function
  • failure to action ‘stop’ or unsubscribe messages from consumers.

At PTW we believe that compliance is a bare minimum. We advise our clients to prioritise respect for their customers and to design their electronic communications accordingly. With the Spam Act Australia and 2021 Regulations now in effect, it’s timely to have a legal professional review your electronic marketing compliance.


Any decision that affects your business has legal implications. Contact us today to help secure your business for whatever tomorrow brings.

Hello, how may I help you?