Is your marketing breaking spam laws?

Business name
Business Victoria
Last updated date
4 May 2023

Every day, Victorians just like you receive millions of emails, and a lot of those emails are spam.

This probably isn’t news to you. What may be news is that your business could be unknowingly sending emails or text messages that don’t comply with the Spam Act 2003 and the Spam Regulations 2021.

Even if you’re not deliberately sending spam, there are steep fines for businesses and individuals that break the law. In addition to risking financial penalties, sending spam can annoy current and potential customers, and damage your reputation.

So, how do you make sure your business isn’t sending spam?

A woman with dark hair and wearing a yellow jumper types an email. Her laptop sits on a small, round wooden table along with her phone and a pen which both sit on top of a red notebook.

1. Get consent

Before your business sends anyone a commercial electronic message via email, SMS or instant messaging, you must have their permission. This is also known as consent or opting in.

As well as gaining consent, you also need to prove consent was given. Getting that permission can also be navigating a minefield, as sending a message asking someone for consent counts as a commercial electronic message!

There are two different types of consent set out by the Spam Act: express consent and implied consent. So, what is the difference?

Express consent

We’ve all been prompted on a website to subscribe to a newsletter. It’s one of the most common examples of seeking express consent to send electronic communication.

Common ways to get consent include:

  • filling out a form
  • ticking a checkbox
  • written consent.

The more a customer must do to sign up to your contact list, the stronger your explicit consent records and requirements will be.

For example, your signup process could ask people to:

  • click a ‘sign up’ button
  • complete a CAPTCHA test
  • type their email address into an empty field
  • tick a checkbox with a clear acknowledgment such as ‘I consent to …’.

Inferred consent

Businesses are allowed to infer permission to send emails to customers or clients. However, the definition of inferred permission is less clear. Under the Spam Act, you can send people messages only if:

  • your business has established an ongoing relationship with the customer
  • the messages are directly related to the relationship.

The Spam Act doesn’t outline what is considered an ongoing relationship, but in most cases, this includes a membership, opening an account, or a subscription.

As an example, let’s say a customer purchases a 12-month subscription from you for a different coffee to be delivered every month. In that case, you have inferred permission to communicate with that customer about that subscription. You might want to tell your customer what type of coffee they will get each month and let them know when it is being shipped. It is reasonable based on the relationship you have formed with the customer that you can provide information about their purchase.

However, if that customer buys some coffee as a one-off purchase, your business does not have inferred consent to continue marketing to them. It is not reasonable to assume based on an individual purchase that the customer wants to hear about other products or be added to a general mailing list.

Inferred consent does not include:

  • messaging a customer after they have bought a product or service, even if the message is about the same or similar product or service
  • using a customer’s lack of response or not opting out as inferred or express permission.

If your business wants the opportunity to continue to market to a customer, you might include the details of where they can opt-in to your mailing list on your web site or in communications that confirm their purchase. In that case, they can provide consent and give you permission to continue to update them about your products or services.

2. Always identify your business

Just as you include your business details on your letterhead when sending a letter or invoice to a customer, you should include your details when sending electronic messages.

As part of the Spam Act, any message you wish to send to your customers must include:

  • your Australian business number (ABN)
  • contact details including your phone number, physical address, email and website
  • the correct legal name of your business.

Your contact details must also be ‘reasonably likely to be valid for at least 30 days’. If someone else is sending messages on your behalf, your messages still need to contain your details as the business that approved the message.

Many email marketing software platforms offer templates that follow Australian spam laws. These templates provide fields where you can include your business details and provide an unsubscribe button.

3. Make it easy to unsubscribe

Have you ever received an email or SMS that didn’t include an option to unsubscribe or stop receiving messages?

All electronic messages must include an option to unsubscribe that:

  • has clear instructions
  • is easy to use
  • will be actioned within 5 working days.

The unsubscribing process has specific requirements, including that you cannot:

  • charge a fee to unsubscribe
  • charge more than usual for the messaging service (for example, standard text charges)
  • require the person to give extra personal information, or log in or create an account to unsubscribe.

These are correct examples of unsubscribe options for email and text message marketing.

  • If you no longer wish to receive these messages, please click the ‘unsubscribe’ button below.
  • To stop receiving messages from us, reply to this email with ‘unsubscribe’ in the subject line.
  • Reply STOP to [phone number]
  • If you don’t want to receive these emails in the future, please unsubscribe here.

In the last example, the words ‘unsubscribe here’ could be a link that takes you to a webpage to confirm you wish to unsubscribe.

4. Use a good contact list

A common mistake businesses make is to add any email address they have to their own email marketing list. This can include emails from customers who have only made enquiries, emails from purchased lists, or emails from other companies.

Just because you have an email address, doesn’t mean you have permission to use it for marketing.

Creating a contact list is a big part of digital marketing. It is often done slowly, over months, or even years. One shortcut for generating a contact list is to purchase one with hundreds and sometimes thousands of contacts. In most cases, this is against the Spam Act, as these contact details have commonly been sourced illegally, such as harvesting email addresses from the internet. It is illegal to use address-harvesting software or to purchase an email list that used harvesting software.

Growing a healthy contact list for your email and SMS marketing can be a great way of building a relationship with loyal customers, creating an affinity with your brand, and driving repeat business. That’s why it pays to do it right. Building a good contact list might take time but staying on the right side of the law isn’t hard. Make sure you have the consent of your customers, send relevant information, and make it easy to opt-out. Follow these basic rules, and your electronic marketing efforts will help build your brand and result in repeat sales long into the future.